github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-12 10:39:38 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

Webhook for "Issue Comment" contains no secret #2208

New Issue
Closed
opened 2025-11-02 04:27:13 -06:00 by GiteaMirror · 3 comments
GiteaMirror commented 2025-11-02 04:27:13 -06:00
Owner
Copy Link

Originally created by @maltehol on GitHub (Aug 16, 2018).

  • Gitea version (or commit ref): 1.5
  • Git version: 2.1.4
  • Operating system: Raspbian
  • Database (use [x]):
    • PostgreSQL
    • MySQL (MariaDB)
    • MSSQL
    • SQLite
  • Can you reproduce the bug at https://try.gitea.io:
    • Yes (provide example URL)
    • No
    • Not relevant
  • Log gist:

Description

When setting up webhooks in gitea, I expect that every hook uses the secret one chooses.
But for issue_comment there is no secret field in the json which is send out.

The send json:

{
  "action": "created",
  "issue": {
    "id": 23,
    "url": "<url>",
    "number": 11,
    "user": {
      // User Object
    },
    "title": "123",
    "body": "",
    "labels": [],
    "milestone": null,
    "assignee": null,
    "assignees": null,
    "state": "open",
    "comments": 0,
    "created_at": "2018-08-13T08:39:29Z",
    "updated_at": "2018-08-16T16:44:36Z",
    "closed_at": null,
    "due_date": null,
    "pull_request": null
  },
  "comment": {
    "id": 42,
    "html_url": "<html_url>",
    "pull_request_url": "",
    "issue_url": "<issue_url>",
    "user": {
      // User object
    },
    "body": "No secret?",
    "created_at": "2018-08-16T16:44:36Z",
    "updated_at": "2018-08-16T16:44:36Z"
  },
  "repository": {
    "id": 6,
    "owner": {
      // User object
    },
    "name": "hook-test",
    "full_name": "mh/hook-test",
    "description": "",
    "empty": false,
    "private": true,
    "fork": false,
    "parent": null,
    "mirror": false,
    "size": 128,
    "html_url": "<html_url>",
    "ssh_url": "<ssh_url>",
    "clone_url": "<clone_url>",
    "website": "",
    "stars_count": 0,
    "forks_count": 0,
    "watchers_count": 1,
    "open_issues_count": 7,
    "default_branch": "master",
    "created_at": "2018-08-12T09:50:19Z",
    "updated_at": "2018-08-13T10:59:50Z",
    "permissions": {
      "admin": true,
      "push": true,
      "pull": true
    }
  },
  "sender": {
    // User object
  }
}

To reproduce:

  • Create a webhook in gitea, choose "Custom Events...." -> "Issue Comment"
  • Add a comment to a arbitrary issue in that repo
  • Edit the webhook and look at "Recent Deliveries"
Originally created by @maltehol on GitHub (Aug 16, 2018). <!-- 1. Please speak English, this is the language all of us can speak and write. 2. Please ask questions or configuration/deploy problems on our Discord server (https://discord.gg/NsatcWJ) or forum (https://discourse.gitea.io). 3. Please take a moment to check that your issue doesn't already exist. 4. Please give all relevant information below for bug reports, because incomplete details will be handled as an invalid report. --> - Gitea version (or commit ref): 1.5 - Git version: 2.1.4 - Operating system: Raspbian - Database (use `[x]`): - [ ] PostgreSQL - [x] MySQL (MariaDB) - [ ] MSSQL - [ ] SQLite - Can you reproduce the bug at https://try.gitea.io: - [ ] Yes (provide example URL) - [ ] No - [x] Not relevant - Log gist: ## Description When setting up webhooks in gitea, I expect that every hook uses the secret one chooses. But for `issue_comment` there is no `secret` field in the json which is send out. The send json: ```json { "action": "created", "issue": { "id": 23, "url": "<url>", "number": 11, "user": { // User Object }, "title": "123", "body": "", "labels": [], "milestone": null, "assignee": null, "assignees": null, "state": "open", "comments": 0, "created_at": "2018-08-13T08:39:29Z", "updated_at": "2018-08-16T16:44:36Z", "closed_at": null, "due_date": null, "pull_request": null }, "comment": { "id": 42, "html_url": "<html_url>", "pull_request_url": "", "issue_url": "<issue_url>", "user": { // User object }, "body": "No secret?", "created_at": "2018-08-16T16:44:36Z", "updated_at": "2018-08-16T16:44:36Z" }, "repository": { "id": 6, "owner": { // User object }, "name": "hook-test", "full_name": "mh/hook-test", "description": "", "empty": false, "private": true, "fork": false, "parent": null, "mirror": false, "size": 128, "html_url": "<html_url>", "ssh_url": "<ssh_url>", "clone_url": "<clone_url>", "website": "", "stars_count": 0, "forks_count": 0, "watchers_count": 1, "open_issues_count": 7, "default_branch": "master", "created_at": "2018-08-12T09:50:19Z", "updated_at": "2018-08-13T10:59:50Z", "permissions": { "admin": true, "push": true, "pull": true } }, "sender": { // User object } } ``` To reproduce: * Create a webhook in gitea, choose "Custom Events...." -> "Issue Comment" * Add a comment to a arbitrary issue in that repo * Edit the webhook and look at "Recent Deliveries"
GiteaMirror added the type/bug label 2025-11-02 04:27:13 -06:00
GiteaMirror commented 2025-11-02 04:27:14 -06:00
Author
Owner
Copy Link

@OvermindDL1 commented on GitHub (Sep 10, 2018):

Confirmed issue still exists as of commit bd1bf2a072.

@OvermindDL1 commented on GitHub (Sep 10, 2018): Confirmed issue still exists as of commit bd1bf2a0720b771cfe2fac3fef0fd9edd68f6317.
GiteaMirror commented 2025-11-02 04:27:15 -06:00
Author
Owner
Copy Link

@adelowo commented on GitHub (Sep 10, 2018):

Would take a look at this tomorrow

@adelowo commented on GitHub (Sep 10, 2018): Would take a look at this tomorrow
GiteaMirror commented 2025-11-02 04:27:15 -06:00
Author
Owner
Copy Link

@AuspeXeu commented on GitHub (Oct 25, 2018):

Similar to #5173

@AuspeXeu commented on GitHub (Oct 25, 2018): Similar to #5173
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label type/bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#2208
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?