Commit f0c540f0 authored by Sean Madsen's avatar Sean Madsen

removing the need for a "secret" when publishing via /listen

parent 7df39701
......@@ -44,17 +44,7 @@ class PublishController extends Controller
*/
public function ListenAction(Request $request)
{
$secret = $this->getParameter('secret');
if(!$request->headers->has('x-hub-signature')){
throw new \Exception("Missing 'X-Hub-Signature' header.");
}
$signature = $request->headers->get('X-Hub-Signature');
list($algo, $hash) = explode('=', $signature, 2);
$body = $request->getContent();
$payloadHash = hash_hmac($algo, $body, $secret);
if ($hash !== $payloadHash) {
throw new \Exception("Bad secret.");
}
$event = $request->headers->get('X-GitHub-Event');
$payload = json_decode($body);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment