Merge pull request #25 from lukepatrick/v3

Update bitbucket uuid check to allow a non-specified uuid, similar to…
go-playground · Feb 23, 2018 · c271ec3 · c271ec3
2 parents 3667088 + 0c4911f
commit c271ec3
Showing 1 changed file with 8 additions and 4 deletions.
diff --git a/bitbucket/bitbucket.go b/bitbucket/bitbucket.go
@@ -80,10 +80,14 @@ func (hook Webhook) ParsePayload(w http.ResponseWriter, r *http.Request) {
 	}
 	webhooks.DefaultLog.Debug(fmt.Sprintf("X-Hook-UUID:%s", uuid))
 
-	if uuid != hook.uuid {
-		webhooks.DefaultLog.Error(fmt.Sprintf("X-Hook-UUID does not match configured uuid of %s", hook.uuid))
-		http.Error(w, "403 Forbidden - X-Hook-UUID does not match", http.StatusForbidden)
-		return
+	if len(hook.uuid) > 0 {
+		if uuid != hook.uuid {
+			webhooks.DefaultLog.Error(fmt.Sprintf("X-Hook-UUID %s does not match configured uuid of %s", uuid, hook.uuid))
+			http.Error(w, "403 Forbidden - X-Hook-UUID does not match", http.StatusForbidden)
+			return
+		}
+	} else {
+		webhooks.DefaultLog.Debug("hook uuid not defined - recommend setting for improved security")
 	}
 
 	event := r.Header.Get("X-Event-Key")