srchub-old

Issue 53: [Feature] IFTTT support


Previous issue - Next issue

Reported by austin j, Jul, 1 2014 4:39:39 PM

I would like Srchub to be able to use IFTTT, an internet automation 
website.

For example, if I make a commit to a project, Srchub could use IFTTT 
to automatically post a new tweet to Twitter for me.

Comment 1 by austin j, Jul, 1 2014 4:39:49 PM

https://ifttt.com/

Comment 2 by Natalie Adams, Nov, 30 2014 9:34:04 PM

There is already this functionality provided by indefero.

Background info:
If you go to Project Management -> Source -> Webhook URL - 
basically this will allow you to call a web page to do something. I 
would be surprised if IFTTT doesn't support that - if not then it 
wouldn't be hard to write a page to call IFTTT with the right 
parameters.

However - I just did some testing and this seems broken. It did 
reveal another problem that the post-commit hooks weren't running 
because www-data was being blocked from running the at command.

I'll keep digging and update this ticket accordingly.
Status: Started

Comment 3 by Natalie Adams, Nov, 30 2014 11:31:31 PM

I track the issue down to a cron job I didn't install but that's the 
easy problem.

In Webhooks.php indefero is using fopen to send the web hook call. 
After some debugging the queuing system is getting stuck on that 
line - probably fopen is failing. I really don't know why they used 
fopen to make the HTTP call as curl is built into PHP. When I get 
some time I'll update it with curl calls.

Comment 4 by Natalie Adams, Dec, 10 2014 10:24:58 PM

Should be working now on a 5 minute check (at least for SVN - 
haven't tested git/hg...going to create new tickets to test those).

Some sample code/output (assuming the URL points to this script):
<?php
$json = json_decode(file_get_contents('php://input'), true);
file_put_contents("/tmp/out.txt", print_r($json, true));

This will output:
Array
(
    [project] => test-svn
    [rev] => 18
    [scm] => svn
    [summary] => test POST COMMIT HOOK!!!
    [fullmessage] =>
    [author] => nadams
    [creation_date] => 2014-12-11 04:09:43
)

Of course - you should verify the message by looking at the header 
X-Web-Hook-Hmac and checking it using hash_hmac. While this doesn't 
give you the URL for either the project page or commit view - you 
can extrapolate those yourself. If there is high demand for it - 
then I'll add it.

See this snippet from Webhook.php to give you an idea of how it's 
signed ($data being the json encoded data):
$sign = hash_hmac('md5', $data, $payload['authkey']);

Now this exposes another issue - using MD5 signing. We could argue 
about how insecure MD5 is - but the bottom line is 2 fold:

* This isn't a multi-billion dollar application that has highly 
sensitive information
* Potential breaking of if anyone is expecting this behavior

Sometime in the near future I will add another header with a sha512 
signing. And phase out the MD5 header several versions in the future.

Comment 5 by Natalie Adams, Dec, 10 2014 10:30:45 PM

Closing ticket.
Status: Fixed

Created: 10 years 5 months ago by austin j

Updated: 10 years 10 days ago

Status: Fixed

Followed by: 1 person

Labels:
Type:Defect
Priority:Medium

This issue is related to
63 - Add...er to webhook for sha512
64 - Rem...igned header for webooks

Page rendered in 0.03500s using 51 queries.