diff --git a/src/Service/GitHubRequestHandler.php b/src/Service/GitHubRequestHandler.php index ff5aaed..cfcecd7 100644 --- a/src/Service/GitHubRequestHandler.php +++ b/src/Service/GitHubRequestHandler.php @@ -46,11 +46,23 @@ public function handle(Request $request): array throw new PreconditionFailedHttpException(sprintf('Unsupported repository "%s".', $repositoryFullName)); } - if (!empty($repository->getSecret())) { + $secret = $repository->getSecret(); + if (is_string($secret) && '' !== trim($secret)) { if (!$request->headers->has('X-Hub-Signature')) { throw new AccessDeniedHttpException('The request is not secured.'); } - if (!$this->authenticate($request->headers->get('X-Hub-Signature'), $repository->getSecret(), $request->getContent())) { + + $content = $request->getContent(); + if (!is_string($content)) { + throw new BadRequestHttpException('Empty request body!'); + } + + $signature = $request->headers->get('X-Hub-Signature'); + if (!is_string($signature)) { + throw new BadRequestHttpException('Invalid signature!'); + } + + if (!$this->authenticate($signature, $secret, $content)) { throw new AccessDeniedHttpException('Invalid signature.'); } }