webhook: provide useful response codes and messages

sopel-irc · Apr 12, 2019 · e013e67 · e013e67
1 parent 00ad08c
commit e013e67
Showing 1 changed file with 12 additions and 8 deletions.
diff --git a/sopel_modules/github/webhook.py b/sopel_modules/github/webhook.py
@@ -117,21 +117,22 @@ def debug_log_request(request_headers, request_body):
     LOGGER.debug('Request: {}'.format(request_body.decode('utf-8')))
 
 
-def abort_request(status_code=400):
+def abort_request(status_code=400, response_message=None):
     if sopel_instance.config.github.debug_mode:
         LOGGER.warning('`debug_mode = True`; allowing unverified request...')
         return None
-    return bottle.abort(status_code)
+    return bottle.abort(status_code, response_message)
 
 
 def verify_request():
     request_headers = bottle.request.headers
     request_body = bottle.request.body.read()
 
     if not request_headers.get('X-Hub-Signature'):
-        LOGGER.error('Request is missing a hash signature.')
+        msg = 'Request is missing a hash signature.'
+        LOGGER.error(msg)
         debug_log_request(request_headers, request_body)
-        return bottle.abort(400)  # 400 Bad Request; client doesn't need to know why.
+        return bottle.abort(400, msg)  # 400 Bad Request; missing required header
 
     digest_name, payload_signature = request_headers.get('X-Hub-Signature').split('=')
     # Currently, GitHub only uses 'SHA1'
@@ -142,17 +143,20 @@ def verify_request():
     try:
         digest_mod = getattr(hashlib, digest_name)
     except AttributeError:
-        LOGGER.error('Unsupported signature digest: {}'.format(digest_name))
+        # Specified digest is not available. Did GitHub start using new digests?
+        msg = 'Unsupported signature digest: {}'.format(digest_name)
+        LOGGER.error(msg)
         debug_log_request(request_headers, request_body)
-        return abort_request(400)  # 400 Bad Request; maybe GitHub added new digests?
+        return abort_request(501, msg)  # 501 Not Implemented; server does not support the functionality required to fulfill the request
 
     secret = sopel_instance.config.github.webhook_secret
     hash_ = hmac.new(secret.encode('utf-8') if secret else None, msg=request_body, digestmod=digest_mod)
     expected_signature = hash_.hexdigest()
     if payload_signature != expected_signature:
-        LOGGER.error('Request signature mismatch.')
+        msg = 'Request signature mismatch.'
+        LOGGER.error(msg)
         debug_log_request(request_headers, request_body)
-        return abort_request(400)  # 400 Bad Request; client doesn't need to know why.
+        return abort_request(401, msg)  # 401 Unauthorized;...? invalid "authentication token"
 
 
 @bottle.get("/webhook")