Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Webhooks and validate HMAC

Chamara Samaranayake
Chamara Samaranayake
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
April 20, 2023

Hello,

 

I'm trying to execute an AWS Lambda function using the Bitbucket webhooks. I've generated a function url from the Lambda function and configured it as the URL for the webhook. Also setup a secret in the webhook. 

 

I can successfully execute the Lambda function when I do any code pushes to the repository. I am trying to validate the HMAC using the x-hub-signature header. I'm using Python in my Lambda function. Every time when I compare the hash values they are different. 

 

Below is what I'm trying in Python. 

 

def checkSignature(signingSecret, signature, event):
signatureHash = signature.split('=')[1]
digest = hmac.new(signatureHash.encode('utf-8'), json.dumps(event).encode(), hashlib.sha256).hexdigest()

return hmac.compare_digest(digest, signatureHash)

 

Any help on what I am doing wrong would be really appreciated. 

 

Thank you

Answer
Watch
Like Brian Dannenmueller likes this
681 views

2 answers

0 votes
frrusi
frrusi
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
July 19, 2024

Hello, the following Python code successfully compares HMAC

 

import hashlib
import hmac

from aiohttp.web_request import Request


class CompareError(Exception):
    def __init__(self) -> None:
        super().__init__("HMAC did not match")


def _generate_hmac(body: bytes, key: str, algorithm: hashlib) -> str:
    key = key.encode("utf-8")
    return hmac.new(key, body, algorithm).hexdigest()


async def calculate(request: Request, secret_key: str) -> None:
    body = await request.read()
    client_hmac = _generate_hmac(body, secret_key, hashlib.sha256)

    if not hmac.compare_digest(f"sha256={client_hmac}", request.headers["X-Hub-Signature"]):
        raise CompareError

My Stack:

  • Atlassian Bitbucket v7.17.3
  • aiohttp 3.8
  • Python 3.10.10
Reply
0 votes
Brian Dannenmueller
Brian Dannenmueller
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
October 30, 2023

Thanks for posting this Chamara. I am having the exact same issue. Wanted to follow up and see if you are still working on this problem. My code is practically identical. 

A few questions:
    1) How are you testing this? Do you copy-paste the body of the request from the admin console and put it in the body field of the Lambda test request? 

   2) Do you happen to know the version of Bitbucket Server that you are using?

   3) Is the event being given to your checkSignature function actually the event body? Or are you trying to recreate the HMAC signature from the entire event, including its headers?

View More Comments
Chamara Samaranayake
Chamara Samaranayake
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
November 13, 2023

Hi Brian,

 

Please find my answers below. 

1. I tried adding the request body into the test request. Also tried pushing changes to the repository few times so it triggers the Lambda function when the code has changed. 

2. It's version 8.9.5

3. I couldn't remember what I was passing there. After multiple tries I started looking for other alternative methods and found below. 

 

https://aws.amazon.com/blogs/devops/integrating-codepipeline-with-on-premises-bitbucket-server/

 

I've proceed with this method and it's working fine for me so far. 

 

Thank you

Like Sabine Mayer likes this
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events