|
|
|
@ -20,6 +20,13 @@ module Webhooks |
|
|
|
|
class HooksController < ApplicationController |
|
|
|
|
accept_key_auth :handle_hook |
|
|
|
|
|
|
|
|
|
# Disable CSRF detection since we openly welcome POSTs here! |
|
|
|
|
skip_before_action :verify_authenticity_token |
|
|
|
|
|
|
|
|
|
# Wrap the JSON body as 'payload' param |
|
|
|
|
# making it available as params[:payload] |
|
|
|
|
wrap_parameters :payload |
|
|
|
|
|
|
|
|
|
def api_request? |
|
|
|
|
# OpenProject only allows API requests based on an Accept request header. |
|
|
|
|
# Webhooks (at least GitHub) don't send an Accept header as they're not interested |
|
|
|
@ -33,7 +40,7 @@ module Webhooks |
|
|
|
|
hook = OpenProject::Webhooks.find(params.require 'hook_name') |
|
|
|
|
|
|
|
|
|
if hook |
|
|
|
|
code = hook.handle(env, params, find_current_user) |
|
|
|
|
code = hook.handle(request, params, find_current_user) |
|
|
|
|
head code.is_a?(Integer) ? code : 200 |
|
|
|
|
else |
|
|
|
|
head :not_found |
|
|
|
|