From e6def5b3f823fb661a25eff8cea3c056ad7ba205 Mon Sep 17 00:00:00 2001
From: Teemu Patja <tp@iki.fi>
Date: Mon, 6 Mar 2017 14:07:19 +0200
Subject: [PATCH] Fix crash when receiving a webhook POST for unknown repo

---
 src/clj/commiteth/routes/webhooks.clj | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/clj/commiteth/routes/webhooks.clj b/src/clj/commiteth/routes/webhooks.clj
index b7334fe..8074f8c 100644
--- a/src/clj/commiteth/routes/webhooks.clj
+++ b/src/clj/commiteth/routes/webhooks.clj
@@ -13,7 +13,8 @@
             [compojure.core :refer [defroutes POST]]
             [crypto.equality :as crypto]
             [ring.util.http-response :refer [ok forbidden]]
-            [commiteth.db.bounties :as bounties-db])
+            [commiteth.db.bounties :as bounties-db]
+            [clojure.string :as string])
   (:import java.lang.Integer))
 
 (defn find-issue-event
@@ -187,9 +188,10 @@
 (defn validate-secret [webhook-payload raw-payload github-signature]
   (let [full-name (get-in webhook-payload [:repository :full_name])
         repo (repos/get-repo full-name)
-        secret (:hook_secret repo)
-        signature (str "sha1=" (hex-hmac-sha1 secret raw-payload))]
-    (crypto/eq? signature github-signature)))
+        secret (:hook_secret repo)]
+    (and (not (string/blank? secret))
+         (crypto/eq? github-signature
+                     (str "sha1=" (hex-hmac-sha1 secret raw-payload))))))
 
 
 (defroutes webhook-routes