Internal server error caused by unset external_webhook_token and X-Hub-Signature
If mirroring is manually enabled, and then triggered via a manually configured GitHub webhook, an internal server error will occur.
@DouweM writes https://gitlab.com/gitlab-org/gitlab-ee/issues/6588#note_86460309:
The underlying issue is that
project.external_webhook_token
is not set. It is only set, andX-Hub-Signature
can only be used, if the GitHub webhook was automatically created by GitLab as part of the "CI/CD for external repo" flow. Otherwise, the endpoint only supports regular token authentication. I agree the error should not result in a 500 error, though!
Steps to reproduce
- Create a project from another project with pull mirroring enabled
- Using the GitLab pull mirroring API and a
X-Hub-Signature
header, trigger an update
curl -X POST -H "private-token: <token>" -H "X-Hub-Signature: sha1=57920710b7619b11df90c4ae237f0f53d77a8f54" https://gitlab.com/api/v4/projects/5118205/mirror/pull
What is the current bug behavior?
500 Internal Server Error
What is the expected correct behavior?
200
and the malformed header should be ignored.
Relevant logs and/or screenshots
https://sentry.gitlap.com/gitlab/gitlabcom/issues/225269/
Output of checks
This bug happens on GitLab.com