Webhooks and validate HMAC

Chamara Samaranayake April 20, 2023

Hello,

 

I'm trying to execute an AWS Lambda function using the Bitbucket webhooks. I've generated a function url from the Lambda function and configured it as the URL for the webhook. Also setup a secret in the webhook. 

 

I can successfully execute the Lambda function when I do any code pushes to the repository. I am trying to validate the HMAC using the x-hub-signature header. I'm using Python in my Lambda function. Every time when I compare the hash values they are different. 

 

Below is what I'm trying in Python. 

 

def checkSignature(signingSecret, signature, event):
signatureHash = signature.split('=')[1]
digest = hmac.new(signatureHash.encode('utf-8'), json.dumps(event).encode(), hashlib.sha256).hexdigest()

return hmac.compare_digest(digest, signatureHash)

 

Any help on what I am doing wrong would be really appreciated. 

 

Thank you

1 answer

0 votes
Brian Dannenmueller
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
October 30, 2023

Thanks for posting this Chamara. I am having the exact same issue. Wanted to follow up and see if you are still working on this problem. My code is practically identical. 

A few questions:
    1) How are you testing this? Do you copy-paste the body of the request from the admin console and put it in the body field of the Lambda test request? 

   2) Do you happen to know the version of Bitbucket Server that you are using?

   3) Is the event being given to your checkSignature function actually the event body? Or are you trying to recreate the HMAC signature from the entire event, including its headers?

Chamara Samaranayake November 13, 2023

Hi Brian,

 

Please find my answers below. 

1. I tried adding the request body into the test request. Also tried pushing changes to the repository few times so it triggers the Lambda function when the code has changed. 

2. It's version 8.9.5

3. I couldn't remember what I was passing there. After multiple tries I started looking for other alternative methods and found below. 

 

https://aws.amazon.com/blogs/devops/integrating-codepipeline-with-on-premises-bitbucket-server/

 

I've proceed with this method and it's working fine for me so far. 

 

Thank you

Like Sabine Mayer likes this

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events