net.sf.json.JSONException: JSONObject["secret"] not found.

[tkizm1]

NOW USE X-Gogs-Signature

[MindTwister]

I'm having the same issue

Gogs version: 0.10.1.0228 Go version 1.7.4 Jenkins version 2.48

I have attached the stack trace.

jenkins-stacktrace.txt

[mattddowney]

Experiencing this on gogs 0.10.1 as well, looks like the gogs update caused it, this commit specifically: https://github.com/gogits/gogs/commit/6ec859f2b0c1bade67d04f740ec4b9ac9ae0ec98

Downgrading gogs to 0.9.141 fixes the issue until the plugin can get updated.

[ghost]

Made a pull request, was going to request a review as I haven't done Java in awhile, but it looks like it's automatically required anyway.

[sanderv32]

Reviewing will be done by jenkins before I can push the merge button. Also i won't merge this pull as it only gets the header, but this value is a hexdigest which is not compared against the secret filled in Jenkins so this will definitely break the plugin!

[unknwon]

Hi...

1. Downgrade to 0.9.* can lead to unable to push because different mechanism of Git Hook.
2. This site (http://beautifytools.com/hmac-generator.php) produces same output (other sites just didn't handle line breaks correctly) from my test
3. Example:

Payload (no new line in the end, this is the exact payload):

{
  "ref": "refs/heads/master",
  "before": "337fb2355f43dd74cb8d77fcd083854092086e57",
  "after": "337fb2355f43dd74cb8d77fcd083854092086e57",
  "compare_url": "",
  "commits": [
    {
      "id": "337fb2355f43dd74cb8d77fcd083854092086e57",
      "message": "Initial commit\n",
      "url": "https://try.gogs.io/unknwon/hello/commit/337fb2355f43dd74cb8d77fcd083854092086e57",
      "author": {
        "name": "无闻",
        "email": "u@gogs.io",
        "username": "unknwon"
      },
      "committer": {
        "name": "Gogs",
        "email": "gogs@fake.local",
        "username": ""
      },
      "timestamp": "0001-01-01T00:00:00Z"
    }
  ],
  "repository": {
    "id": 8427,
    "owner": {
      "id": 1,
      "login": "unknwon",
      "full_name": "Unknwon",
      "email": "u@gogs.io",
      "avatar_url": "https://secure.gravatar.com/avatar/d8b2871cdac01b57bbda23716cc03b96",
      "username": "unknwon"
    },
    "name": "hello",
    "full_name": "unknwon/hello",
    "description": "",
    "private": false,
    "fork": false,
    "html_url": "https://try.gogs.io/unknwon/hello",
    "ssh_url": "git@try.gogs.io:unknwon/hello.git",
    "clone_url": "https://try.gogs.io/unknwon/hello.git",
    "website": "",
    "stars_count": 0,
    "forks_count": 0,
    "watchers_count": 1,
    "open_issues_count": 1,
    "default_branch": "master",
    "created_at": "2017-02-21T16:14:55Z",
    "updated_at": "2017-02-21T16:14:55Z"
  },
  "pusher": {
    "id": 1,
    "login": "unknwon",
    "full_name": "Unknwon",
    "email": "u@gogs.io",
    "avatar_url": "https://secure.gravatar.com/avatar/d8b2871cdac01b57bbda23716cc03b96",
    "username": "unknwon"
  },
  "sender": {
    "id": 1,
    "login": "unknwon",
    "full_name": "Unknwon",
    "email": "u@gogs.io",
    "avatar_url": "https://secure.gravatar.com/avatar/d8b2871cdac01b57bbda23716cc03b96",
    "username": "unknwon"
  }
}

Secret: 111111

Output: 9a1830da3d547ceb8bba2526a2e16f30a88974e58b6fbaac3f1d95dfec203e8d

It is not encryption/decryption.

Not tested, but I guess http://docs.aws.amazon.com/general/latest/gr/signature-v4-examples.html#signature-v4-examples-java could do it.

Another problem is how to back-support older versions, my thoughts are:

• if header is present, use the new technic
• if not present, go with the old way

[willemvd]

Another problem is how to back-support older versions, my thoughts are: if header is present, use the new technic if not present, go with the old way

Think this should be the case since we otherwise would break old versions and people using this plugin with Gitea (not sure if this is ported).

We should indeed:

• If the X-Gogs-Signature header is provided -> calculate the SHA256 HMAC value with the, in Jenkins, provided secret and compare this to the value in the X-Gogs-Signature header. If valid proceed.
• If the X-Gogs-Signature header is not provided -> do like we do now and check the secret against the value in the body

[tkizm1]

python gist java gist always get 746fe31104dcebeb07e47f3e2a6d79db0d5370c87574663a45a81cc6f602c8a9

[willemvd]

@tkisme what do you mean? What case? Please place your comment in context 😄

[mattddowney]

@Unknwon yes downgrading only fixes the problem with the webhook, but breaks the pre-receive hook when pushing. I see the migration here: https://github.com/gogits/gogs/blob/c4fdc26fa5d771effa7f86d832eb5e8e012f3b38/models/migrations/v15.go No easy way to migrate back, I take it?

[unknwon]

@mattddowney if you haven't used any custom Git hooks, remove all hooks directories for all your repositories, and go admin panel to regenerate all update hooks.

If you have, after done above steps, rename all custom_hooks to hooks.

Should be easy shell script, but I'm too bad at that... If you come up with one, please share!

[mattddowney]

@Unknwon thanks I was able to get things going again!

Not saying this will work for everyone, but this is what I did, so do so at your own risk:

1. Rollback to 0.9.141 (hopefully you installed via docker)
2. Navigate to your gog-repositories folder
3. Run the following:

   
   #!/bin/bash

for usr_dir in * do

make sure $usr_dir is a directory

if [[ -d "$usr_dir" && ! -L "$usr_dir" ]]
then
    cd "$usr_dir"

    for repo_dir in *
    do

        # make sure $repo_dir is a directory
        if [[ -d "$repo_dir" && ! -L "$repo_dir" ]]
        then
            cd "$repo_dir"
            rm -rf hooks
            cd ..
        fi

    done

    cd ..
fi

done

4. Go to admin panel and run "Rewrite all update hook of repositories (needed when custom config path is changed)"

For some reason, I was unable to restore our custom post-receive hooks by moving them over. Luckily, I do nightly backups so I have copies of all of these, and there are only a handful, so no biggie there.

[tkizm1]

find . -name custom_hooks -type d -print -delete

or

find . -name hooks -type d -print -exec rm -rf {} \;

rollback

find . -name "*.git" -exec sh -c 'cd {} && git init --bare' {} \;

[willemvd]

Is this still a request to fix here (as stated in my https://github.com/jenkinsci/gogs-webhook-plugin/issues/14#issuecomment-283645259 ) or is this now only a problem in Gogs?

[unknwon]

@willemvd I think you should ask Gitea devs if they have ported this feature from Gogs.

[tkizm1]

Tested in local.

[willemvd]

@Unknown It is not yet ported to Gitea

[sanderv32]

There is already a PR #16 and if this one is cleaned up and tested i can do the merge.

[tkizm1]

cleaned up but need more test

[sanderv32]

Merged PR #16. Release of this plugin in the official repo will be this week.

[waketj]

Caused by: net.sf.json.JSONException: JSONObject["secret"] not found

[waketj]

© 2017 Gogs 当前版本: 0.10.8.0307

[sanderv32]

@vpertj Can you please be more specific then you are now? :-)

[tkizm1]

@vpertj update plugin in jenkins,1.0.9 is working well