diff --git a/github_app_geo_project/views/webhook.py b/github_app_geo_project/views/webhook.py index 2d40a028f1c..e160b31c7f1 100644 --- a/github_app_geo_project/views/webhook.py +++ b/github_app_geo_project/views/webhook.py @@ -36,15 +36,18 @@ def webhook(request: pyramid.request.Request) -> dict[str, None]: if not dry_run: raise pyramid.httpexceptions.HTTPBadRequest("No signature in the request") - our_signature = hmac.new( - key=github_secret.encode("utf-8"), - msg=request.body, - digestmod=hashlib.sha256, - ).hexdigest() - if not hmac.compare_digest(our_signature, request.headers["X-Hub-Signature-256"].split("=", 1)[1]): - _LOGGER.error("Invalid signature in the request") - if not dry_run: - raise pyramid.httpexceptions.HTTPBadRequest("Invalid signature in the request") + else: + our_signature = hmac.new( + key=github_secret.encode("utf-8"), + msg=request.body, + digestmod=hashlib.sha256, + ).hexdigest() + if not hmac.compare_digest( + our_signature, request.headers["X-Hub-Signature-256"].split("=", 1)[-1] + ): + _LOGGER.error("Invalid signature in the request") + if not dry_run: + raise pyramid.httpexceptions.HTTPBadRequest("Invalid signature in the request") _LOGGER.debug( "Webhook received for %s on %s", request.headers.get("X-GitHub-Event", "undefined"), application