Skip to content

Instantly share code, notes, and snippets.

@khamidou

khamidou/verify_github.py

Created June 7, 2018 03:41
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save khamidou/63501b81b6647908117852c93e6e9ac5 to your computer and use it in GitHub Desktop.
Save khamidou/63501b81b6647908117852c93e6e9ac5 to your computer and use it in GitHub Desktop.
Download ZIP
How to verify github webhooks
Raw
verify_github.py
# Mostly cribbed from https://github.com/carlos-jenkins/python-github-webhooks/blob/759b67e3af8ed7334467b7d359cd00a10b0ac3c7/webhooks.py#L73
import hmac
def verify_github_webhook(secret, hub_signature_header, request_body):
sha_name, sha_value = hub_signature_header.split('=')
if sha_name != 'sha1':
raise ValueError('Unknown signature algorithm')
mac = hmac.new(secret.encode('utf-8'), msg=request_body, digestmod='sha1')
if not hmac.compare_digest(str(mac.hexdigest()), str(sha_value)):
print('Invalid signatures {}, {}', mac.hexdigest(), sha_value)
raise ValueError('Incorrect webhook signature')
return True
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment