Commit f7da99ae authored by Robert Speicher's avatar Robert Speicher

Merge branch 'webhooks' into 'master'

Change all instances of "web hooks" to "webhooks"

See merge request !3169
parents e0b6ad8d 444c6295
...@@ -82,7 +82,7 @@ v 8.5.1 ...@@ -82,7 +82,7 @@ v 8.5.1
v 8.5.0 v 8.5.0
- Fix duplicate "me" in tooltip of the "thumbsup" awards Emoji (Stan Hu) - Fix duplicate "me" in tooltip of the "thumbsup" awards Emoji (Stan Hu)
- Cache various Repository methods to improve performance (Yorick Peterse) - Cache various Repository methods to improve performance (Yorick Peterse)
- Fix duplicated branch creation/deletion Web hooks/service notifications when using Web UI (Stan Hu) - Fix duplicated branch creation/deletion Webhooks/service notifications when using Web UI (Stan Hu)
- Ensure rake tasks that don't need a DB connection can be run without one - Ensure rake tasks that don't need a DB connection can be run without one
- Update New Relic gem to 3.14.1.311 (Stan Hu) - Update New Relic gem to 3.14.1.311 (Stan Hu)
- Add "visibility" flag to GET /projects api endpoint - Add "visibility" flag to GET /projects api endpoint
...@@ -215,7 +215,7 @@ v 8.4.0 ...@@ -215,7 +215,7 @@ v 8.4.0
- Add housekeeping function to project settings page - Add housekeeping function to project settings page
- The default GitLab logo now acts as a loading indicator - The default GitLab logo now acts as a loading indicator
- Fix caching issue where build status was not updating in project dashboard (Stan Hu) - Fix caching issue where build status was not updating in project dashboard (Stan Hu)
- Accept 2xx status codes for successful Web hook triggers (Stan Hu) - Accept 2xx status codes for successful Webhook triggers (Stan Hu)
- Fix missing date of month in network graph when commits span a month (Stan Hu) - Fix missing date of month in network graph when commits span a month (Stan Hu)
- Expire view caches when application settings change (e.g. Gravatar disabled) (Stan Hu) - Expire view caches when application settings change (e.g. Gravatar disabled) (Stan Hu)
- Don't notify users twice if they are both project watchers and subscribers (Stan Hu) - Don't notify users twice if they are both project watchers and subscribers (Stan Hu)
...@@ -315,7 +315,7 @@ v 8.3.0 ...@@ -315,7 +315,7 @@ v 8.3.0
- Fix broken group avatar upload under "New group" (Stan Hu) - Fix broken group avatar upload under "New group" (Stan Hu)
- Update project repositorize size and commit count during import:repos task (Stan Hu) - Update project repositorize size and commit count during import:repos task (Stan Hu)
- Fix API setting of 'public' attribute to false will make a project private (Stan Hu) - Fix API setting of 'public' attribute to false will make a project private (Stan Hu)
- Handle and report SSL errors in Web hook test (Stan Hu) - Handle and report SSL errors in Webhook test (Stan Hu)
- Bump Redis requirement to 2.8 for Sidekiq 4 (Stan Hu) - Bump Redis requirement to 2.8 for Sidekiq 4 (Stan Hu)
- Fix: Assignee selector is empty when 'Unassigned' is selected (Jose Corcuera) - Fix: Assignee selector is empty when 'Unassigned' is selected (Jose Corcuera)
- WIP identifier on merge requests no longer requires trailing space - WIP identifier on merge requests no longer requires trailing space
...@@ -535,7 +535,7 @@ v 8.1.0 ...@@ -535,7 +535,7 @@ v 8.1.0
- Ensure code blocks are properly highlighted after a note is updated - Ensure code blocks are properly highlighted after a note is updated
- Fix wrong access level badge on MR comments - Fix wrong access level badge on MR comments
- Hide password in the service settings form - Hide password in the service settings form
- Move CI web hooks page to project settings area - Move CI webhooks page to project settings area
- Fix User Identities API. It now allows you to properly create or update user's identities. - Fix User Identities API. It now allows you to properly create or update user's identities.
- Add user preference to change layout width (Peter Göbel) - Add user preference to change layout width (Peter Göbel)
- Use commit status in merge request widget as preferred source of CI status - Use commit status in merge request widget as preferred source of CI status
...@@ -578,7 +578,7 @@ v 8.0.3 ...@@ -578,7 +578,7 @@ v 8.0.3
- Fix URL shown in Slack notifications - Fix URL shown in Slack notifications
- Fix bug where projects would appear to be stuck in the forked import state (Stan Hu) - Fix bug where projects would appear to be stuck in the forked import state (Stan Hu)
- Fix Error 500 in creating merge requests with > 1000 diffs (Stan Hu) - Fix Error 500 in creating merge requests with > 1000 diffs (Stan Hu)
- Add work_in_progress key to MR web hooks (Ben Boeckel) - Add work_in_progress key to MR webhooks (Ben Boeckel)
v 8.0.2 v 8.0.2
- Fix default avatar not rendering in network graph (Stan Hu) - Fix default avatar not rendering in network graph (Stan Hu)
...@@ -869,7 +869,7 @@ v 7.12.0 ...@@ -869,7 +869,7 @@ v 7.12.0
- Fix milestone "Browse Issues" button. - Fix milestone "Browse Issues" button.
- Set milestone on new issue when creating issue from index with milestone filter active. - Set milestone on new issue when creating issue from index with milestone filter active.
- Make namespace API available to all users (Stan Hu) - Make namespace API available to all users (Stan Hu)
- Add web hook support for note events (Stan Hu) - Add webhook support for note events (Stan Hu)
- Disable "New Issue" and "New Merge Request" buttons when features are disabled in project settings (Stan Hu) - Disable "New Issue" and "New Merge Request" buttons when features are disabled in project settings (Stan Hu)
- Remove Rack Attack monkey patches and bump to version 4.3.0 (Stan Hu) - Remove Rack Attack monkey patches and bump to version 4.3.0 (Stan Hu)
- Fix clone URL losing selection after a single click in Safari and Chrome (Stan Hu) - Fix clone URL losing selection after a single click in Safari and Chrome (Stan Hu)
...@@ -976,7 +976,7 @@ v 7.11.0 ...@@ -976,7 +976,7 @@ v 7.11.0
- Add "Create Merge Request" buttons to commits and branches pages and push event. - Add "Create Merge Request" buttons to commits and branches pages and push event.
- Show user roles by comments. - Show user roles by comments.
- Fix automatic blocking of auto-created users from Active Directory. - Fix automatic blocking of auto-created users from Active Directory.
- Call merge request web hook for each new commits (Arthur Gautier) - Call merge request webhook for each new commits (Arthur Gautier)
- Use SIGKILL by default in Sidekiq::MemoryKiller - Use SIGKILL by default in Sidekiq::MemoryKiller
- Fix mentioning of private groups. - Fix mentioning of private groups.
- Add style for <kbd> element in markdown - Add style for <kbd> element in markdown
...@@ -1150,7 +1150,7 @@ v 7.9.0 ...@@ -1150,7 +1150,7 @@ v 7.9.0
- Add brakeman (security scanner for Ruby on Rails) - Add brakeman (security scanner for Ruby on Rails)
- Slack username and channel options - Slack username and channel options
- Add grouped milestones from all projects to dashboard. - Add grouped milestones from all projects to dashboard.
- Web hook sends pusher email as well as commiter - Webhook sends pusher email as well as commiter
- Add Bitbucket omniauth provider. - Add Bitbucket omniauth provider.
- Add Bitbucket importer. - Add Bitbucket importer.
- Support referencing issues to a project whose name starts with a digit - Support referencing issues to a project whose name starts with a digit
...@@ -1273,7 +1273,7 @@ v 7.8.0 ...@@ -1273,7 +1273,7 @@ v 7.8.0
- Allow notification email to be set separately from primary email. - Allow notification email to be set separately from primary email.
- API: Add support for editing an existing project (Mika Mäenpää and Hannes Rosenögger) - API: Add support for editing an existing project (Mika Mäenpää and Hannes Rosenögger)
- Don't have Markdown preview fail for long comments/wiki pages. - Don't have Markdown preview fail for long comments/wiki pages.
- When test web hook - show error message instead of 500 error page if connection to hook url was reset - When test webhook - show error message instead of 500 error page if connection to hook url was reset
- Added support for firing system hooks on group create/destroy and adding/removing users to group (Boyan Tabakov) - Added support for firing system hooks on group create/destroy and adding/removing users to group (Boyan Tabakov)
- Added persistent collapse button for left side nav bar (Jason Blanchard) - Added persistent collapse button for left side nav bar (Jason Blanchard)
- Prevent losing unsaved comments by automatically restoring them when comment page is loaded again. - Prevent losing unsaved comments by automatically restoring them when comment page is loaded again.
...@@ -1290,7 +1290,7 @@ v 7.8.0 ...@@ -1290,7 +1290,7 @@ v 7.8.0
- Show projects user contributed to on user page. Show stars near project on user page. - Show projects user contributed to on user page. Show stars near project on user page.
- Improve database performance for GitLab - Improve database performance for GitLab
- Add Asana service (Jeremy Benoist) - Add Asana service (Jeremy Benoist)
- Improve project web hooks with extra data - Improve project webhooks with extra data
v 7.7.2 v 7.7.2
- Update GitLab Shell to version 2.4.2 that fixes a bug when developers can push to protected branch - Update GitLab Shell to version 2.4.2 that fixes a bug when developers can push to protected branch
...@@ -1775,7 +1775,7 @@ v 6.4.0 ...@@ -1775,7 +1775,7 @@ v 6.4.0
- Side-by-side diff view (Steven Thonus) - Side-by-side diff view (Steven Thonus)
- Internal projects (Jason Hollingsworth) - Internal projects (Jason Hollingsworth)
- Allow removal of avatar (Drew Blessing) - Allow removal of avatar (Drew Blessing)
- Project web hooks now support issues and merge request events - Project webhooks now support issues and merge request events
- Visiting project page while not logged in will redirect to sign-in instead of 404 (Jason Hollingsworth) - Visiting project page while not logged in will redirect to sign-in instead of 404 (Jason Hollingsworth)
- Expire event cache on avatar creation/removal (Drew Blessing) - Expire event cache on avatar creation/removal (Drew Blessing)
- Archiving old projects (Steven Thonus) - Archiving old projects (Steven Thonus)
...@@ -1845,7 +1845,7 @@ v 6.2.0 ...@@ -1845,7 +1845,7 @@ v 6.2.0
- Added search for projects by name to api (Izaak Alpert) - Added search for projects by name to api (Izaak Alpert)
- Make default user theme configurable (Izaak Alpert) - Make default user theme configurable (Izaak Alpert)
- Update logic for validates_merge_request for tree of MR (Andrew Kumanyaev) - Update logic for validates_merge_request for tree of MR (Andrew Kumanyaev)
- Rake tasks for web hooks management (Jonhnny Weslley) - Rake tasks for webhooks management (Jonhnny Weslley)
- Extended User API to expose admin and can_create_group for user creation/updating (Boyan Tabakov) - Extended User API to expose admin and can_create_group for user creation/updating (Boyan Tabakov)
- API: Remove group - API: Remove group
- API: Remove project - API: Remove project
...@@ -2048,7 +2048,7 @@ v 4.2.0 ...@@ -2048,7 +2048,7 @@ v 4.2.0
- Async gitolite calls - Async gitolite calls
- added satellites logs - added satellites logs
- can_create_group, can_create_team booleans for User - can_create_group, can_create_team booleans for User
- Process web hooks async - Process webhooks async
- GFM: Fix images escaped inside links - GFM: Fix images escaped inside links
- Network graph improved - Network graph improved
- Switchable branches for network graph - Switchable branches for network graph
...@@ -2082,7 +2082,7 @@ v 4.1.0 ...@@ -2082,7 +2082,7 @@ v 4.1.0
v 4.0.0 v 4.0.0
- Remove project code and path from API. Use id instead - Remove project code and path from API. Use id instead
- Return valid cloneable url to repo for web hook - Return valid cloneable url to repo for webhook
- Fixed backup issue - Fixed backup issue
- Reorganized settings - Reorganized settings
- Fixed commits compare - Fixed commits compare
......
...@@ -40,7 +40,7 @@ module SearchHelper ...@@ -40,7 +40,7 @@ module SearchHelper
{ label: "help: Rake Tasks Help", url: help_page_path("raketasks", "README") }, { label: "help: Rake Tasks Help", url: help_page_path("raketasks", "README") },
{ label: "help: SSH Keys Help", url: help_page_path("ssh", "README") }, { label: "help: SSH Keys Help", url: help_page_path("ssh", "README") },
{ label: "help: System Hooks Help", url: help_page_path("system_hooks", "system_hooks") }, { label: "help: System Hooks Help", url: help_page_path("system_hooks", "system_hooks") },
{ label: "help: Web Hooks Help", url: help_page_path("web_hooks", "web_hooks") }, { label: "help: Webhooks Help", url: help_page_path("web_hooks", "web_hooks") },
{ label: "help: Workflow Help", url: help_page_path("workflow", "README") }, { label: "help: Workflow Help", url: help_page_path("workflow", "README") },
] ]
end end
......
...@@ -12,7 +12,7 @@ class GitPushService < BaseService ...@@ -12,7 +12,7 @@ class GitPushService < BaseService
# 1. Creates the push event # 1. Creates the push event
# 2. Updates merge requests # 2. Updates merge requests
# 3. Recognizes cross-references from commit messages # 3. Recognizes cross-references from commit messages
# 4. Executes the project's web hooks # 4. Executes the project's webhooks
# 5. Executes the project's services # 5. Executes the project's services
# 6. Checks if the project's main language has changed # 6. Checks if the project's main language has changed
# #
......
...@@ -19,10 +19,10 @@ ...@@ -19,10 +19,10 @@
%span %span
Deploy Keys Deploy Keys
= nav_link(controller: :hooks) do = nav_link(controller: :hooks) do
= link_to namespace_project_hooks_path(@project.namespace, @project), title: 'Web Hooks' do = link_to namespace_project_hooks_path(@project.namespace, @project), title: 'Webhooks' do
= icon('link fw') = icon('link fw')
%span %span
Web Hooks Webhooks
= nav_link(controller: :services) do = nav_link(controller: :services) do
= link_to namespace_project_services_path(@project.namespace, @project), title: 'Services' do = link_to namespace_project_services_path(@project.namespace, @project), title: 'Services' do
= icon('cogs fw') = icon('cogs fw')
......
- page_title "Web Hooks" - page_title "Webhooks"
%h3.page-title %h3.page-title
Web hooks Webhooks
%p.light %p.light
#{link_to "Web hooks ", help_page_path("web_hooks", "web_hooks"), class: "vlink"} can be #{link_to "Webhooks ", help_page_path("web_hooks", "web_hooks"), class: "vlink"} can be
used for binding events when something is happening within the project. used for binding events when something is happening within the project.
%hr.clearfix %hr.clearfix
...@@ -70,12 +70,12 @@ ...@@ -70,12 +70,12 @@
= f.check_box :enable_ssl_verification = f.check_box :enable_ssl_verification
%strong Enable SSL verification %strong Enable SSL verification
.form-actions .form-actions
= f.submit "Add Web Hook", class: "btn btn-create" = f.submit "Add Webhook", class: "btn btn-create"
-if @hooks.any? -if @hooks.any?
.panel.panel-default .panel.panel-default
.panel-heading .panel-heading
Web hooks (#{@hooks.count}) Webhooks (#{@hooks.count})
%ul.well-list %ul.well-list
- @hooks.each do |hook| - @hooks.each do |hook|
%li %li
......
...@@ -13,7 +13,7 @@ ...@@ -13,7 +13,7 @@
- [Project Services](project_services/project_services.md) Integrate a project with external services, such as CI and chat. - [Project Services](project_services/project_services.md) Integrate a project with external services, such as CI and chat.
- [Public access](public_access/public_access.md) Learn how you can allow public and internal access to projects. - [Public access](public_access/public_access.md) Learn how you can allow public and internal access to projects.
- [SSH](ssh/README.md) Setup your ssh keys and deploy keys for secure access to your projects. - [SSH](ssh/README.md) Setup your ssh keys and deploy keys for secure access to your projects.
- [Web hooks](web_hooks/web_hooks.md) Let GitLab notify you when new code has been pushed to your project. - [Webhooks](web_hooks/web_hooks.md) Let GitLab notify you when new code has been pushed to your project.
- [Workflow](workflow/README.md) Using GitLab functionality and importing projects from GitHub and SVN. - [Workflow](workflow/README.md) Using GitLab functionality and importing projects from GitHub and SVN.
## CI User documentation ## CI User documentation
...@@ -54,7 +54,7 @@ be linked with your base image. Below is a list of examples you may use: ...@@ -54,7 +54,7 @@ be linked with your base image. Below is a list of examples you may use:
## Administrator documentation ## Administrator documentation
- [Custom git hooks](hooks/custom_hooks.md) Custom git hooks (on the filesystem) for when web hooks aren't enough. - [Custom git hooks](hooks/custom_hooks.md) Custom git hooks (on the filesystem) for when webhooks aren't enough.
- [Install](install/README.md) Requirements, directory structures and installation from source. - [Install](install/README.md) Requirements, directory structures and installation from source.
- [Restart GitLab](administration/restart_gitlab.md) Learn how to restart GitLab and its components - [Restart GitLab](administration/restart_gitlab.md) Learn how to restart GitLab and its components
- [Integration](integration/README.md) How to integrate with systems such as JIRA, Redmine, LDAP and Twitter. - [Integration](integration/README.md) How to integrate with systems such as JIRA, Redmine, LDAP and Twitter.
...@@ -63,7 +63,7 @@ be linked with your base image. Below is a list of examples you may use: ...@@ -63,7 +63,7 @@ be linked with your base image. Below is a list of examples you may use:
- [Log system](logs/logs.md) Log system. - [Log system](logs/logs.md) Log system.
- [Environment Variables](administration/environment_variables.md) to configure GitLab. - [Environment Variables](administration/environment_variables.md) to configure GitLab.
- [Operations](operations/README.md) Keeping GitLab up and running - [Operations](operations/README.md) Keeping GitLab up and running
- [Raketasks](raketasks/README.md) Backups, maintenance, automatic web hook setup and the importing of projects. - [Raketasks](raketasks/README.md) Backups, maintenance, automatic webhook setup and the importing of projects.
- [Security](security/README.md) Learn what you can do to further secure your GitLab instance. - [Security](security/README.md) Learn what you can do to further secure your GitLab instance.
- [System hooks](system_hooks/system_hooks.md) Notifications when users, projects and keys are changed. - [System hooks](system_hooks/system_hooks.md) Notifications when users, projects and keys are changed.
- [Update](update/README.md) Update guides to upgrade your installation. - [Update](update/README.md) Update guides to upgrade your installation.
......
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
**Note: Custom git hooks must be configured on the filesystem of the GitLab **Note: Custom git hooks must be configured on the filesystem of the GitLab
server. Only GitLab server administrators will be able to complete these tasks. server. Only GitLab server administrators will be able to complete these tasks.
Please explore [web hooks](doc/web_hooks/web_hooks.md) as an option if you do not have filesystem access. For a user configurable Git Hooks interface, please see [GitLab Enterprise Edition Git Hooks](http://doc.gitlab.com/ee/git_hooks/git_hooks.html).** Please explore [webhooks](doc/web_hooks/web_hooks.md) as an option if you do not have filesystem access. For a user configurable Git Hooks interface, please see [GitLab Enterprise Edition Git Hooks](http://doc.gitlab.com/ee/git_hooks/git_hooks.html).**
Git natively supports hooks that are executed on different actions. Git natively supports hooks that are executed on different actions.
Examples of server-side git hooks include pre-receive, post-receive, and update. Examples of server-side git hooks include pre-receive, post-receive, and update.
......
...@@ -6,6 +6,6 @@ ...@@ -6,6 +6,6 @@
- [Features](features.md) - [Features](features.md)
- [Maintenance](maintenance.md) and self-checks - [Maintenance](maintenance.md) and self-checks
- [User management](user_management.md) - [User management](user_management.md)
- [Web hooks](web_hooks.md) - [Webhooks](web_hooks.md)
- [Import](import.md) of git repositories in bulk - [Import](import.md) of git repositories in bulk
- [Rebuild authorized_keys file](http://doc.gitlab.com/ce/raketasks/maintenance.html#rebuild-authorized_keys-file) task for administrators - [Rebuild authorized_keys file](http://doc.gitlab.com/ce/raketasks/maintenance.html#rebuild-authorized_keys-file) task for administrators
# Web hooks # Webhooks
## Add a web hook for **ALL** projects: ## Add a webhook for **ALL** projects:
# omnibus-gitlab # omnibus-gitlab
sudo gitlab-rake gitlab:web_hook:add URL="http://example.com/hook" sudo gitlab-rake gitlab:web_hook:add URL="http://example.com/hook"
# source installations # source installations
bundle exec rake gitlab:web_hook:add URL="http://example.com/hook" RAILS_ENV=production bundle exec rake gitlab:web_hook:add URL="http://example.com/hook" RAILS_ENV=production
## Add a web hook for projects in a given **NAMESPACE**: ## Add a webhook for projects in a given **NAMESPACE**:
# omnibus-gitlab # omnibus-gitlab
sudo gitlab-rake gitlab:web_hook:add URL="http://example.com/hook" NAMESPACE=acme sudo gitlab-rake gitlab:web_hook:add URL="http://example.com/hook" NAMESPACE=acme
# source installations # source installations
bundle exec rake gitlab:web_hook:add URL="http://example.com/hook" NAMESPACE=acme RAILS_ENV=production bundle exec rake gitlab:web_hook:add URL="http://example.com/hook" NAMESPACE=acme RAILS_ENV=production
## Remove a web hook from **ALL** projects using: ## Remove a webhook from **ALL** projects using:
# omnibus-gitlab # omnibus-gitlab
sudo gitlab-rake gitlab:web_hook:rm URL="http://example.com/hook" sudo gitlab-rake gitlab:web_hook:rm URL="http://example.com/hook"
# source installations # source installations
bundle exec rake gitlab:web_hook:rm URL="http://example.com/hook" RAILS_ENV=production bundle exec rake gitlab:web_hook:rm URL="http://example.com/hook" RAILS_ENV=production
## Remove a web hook from projects in a given **NAMESPACE**: ## Remove a webhook from projects in a given **NAMESPACE**:
# omnibus-gitlab # omnibus-gitlab
sudo gitlab-rake gitlab:web_hook:rm URL="http://example.com/hook" NAMESPACE=acme sudo gitlab-rake gitlab:web_hook:rm URL="http://example.com/hook" NAMESPACE=acme
# source installations # source installations
bundle exec rake gitlab:web_hook:rm URL="http://example.com/hook" NAMESPACE=acme RAILS_ENV=production bundle exec rake gitlab:web_hook:rm URL="http://example.com/hook" NAMESPACE=acme RAILS_ENV=production
## List **ALL** web hooks: ## List **ALL** webhooks:
# omnibus-gitlab # omnibus-gitlab
sudo gitlab-rake gitlab:web_hook:list sudo gitlab-rake gitlab:web_hook:list
# source installations # source installations
bundle exec rake gitlab:web_hook:list RAILS_ENV=production bundle exec rake gitlab:web_hook:list RAILS_ENV=production
## List the web hooks from projects in a given **NAMESPACE**: ## List the webhooks from projects in a given **NAMESPACE**:
# omnibus-gitlab # omnibus-gitlab
sudo gitlab-rake gitlab:web_hook:list NAMESPACE=/ sudo gitlab-rake gitlab:web_hook:list NAMESPACE=/
......
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
- [Password length limits](password_length_limits.md) - [Password length limits](password_length_limits.md)
- [Rack attack](rack_attack.md) - [Rack attack](rack_attack.md)
- [Web Hooks and insecure internal web services](webhooks.md) - [Webhooks and insecure internal web services](webhooks.md)
- [Information exclusivity](information_exclusivity.md) - [Information exclusivity](information_exclusivity.md)
- [Reset your root password](reset_root_password.md) - [Reset your root password](reset_root_password.md)
- [User File Uploads](user_file_uploads.md) - [User File Uploads](user_file_uploads.md)
......
# Web Hooks and insecure internal web services # Webhooks and insecure internal web services
If you have non-GitLab web services running on your GitLab server or within its local network, these may be vulnerable to exploitation via Web Hooks. If you have non-GitLab web services running on your GitLab server or within its local network, these may be vulnerable to exploitation via Webhooks.
With [Web Hooks](../web_hooks/web_hooks.md), you and your project masters and owners can set up URLs to be triggered when specific things happen to projects. Normally, these requests are sent to external web services specifically set up for this purpose, that process the request and its attached data in some appropriate way. With [Webhooks](../web_hooks/web_hooks.md), you and your project masters and owners can set up URLs to be triggered when specific things happen to projects. Normally, these requests are sent to external web services specifically set up for this purpose, that process the request and its attached data in some appropriate way.
Things get hairy, however, when a Web Hook is set up with a URL that doesn't point to an external, but to an internal service, that may do something completely unintended when the web hook is triggered and the POST request is sent. Things get hairy, however, when a Webhook is set up with a URL that doesn't point to an external, but to an internal service, that may do something completely unintended when the webhook is triggered and the POST request is sent.
Because Web Hook requests are made by the GitLab server itself, these have complete access to everything running on the server (http://localhost:123) or within the server's local network (http://192.168.1.12:345), even if these services are otherwise protected and inaccessible from the outside world. Because Webhook requests are made by the GitLab server itself, these have complete access to everything running on the server (http://localhost:123) or within the server's local network (http://192.168.1.12:345), even if these services are otherwise protected and inaccessible from the outside world.
If a web service does not require authentication, Web Hooks can be used to trigger destructive commands by getting the GitLab server to make POST requests to endpoints like "http://localhost:123/some-resource/delete". If a web service does not require authentication, Webhooks can be used to trigger destructive commands by getting the GitLab server to make POST requests to endpoints like "http://localhost:123/some-resource/delete".
To prevent this type of exploitation from happening, make sure that you are aware of every web service GitLab could potentially have access to, and that all of these are set up to require authentication for every potentially destructive command. Enabling authentication but leaving a default password is not enough. To prevent this type of exploitation from happening, make sure that you are aware of every web service GitLab could potentially have access to, and that all of these are set up to require authentication for every potentially destructive command. Enabling authentication but leaving a default password is not enough.
\ No newline at end of file
# Web hooks # Webhooks
_**Note:** _**Note:**
Starting from GitLab 8.5:_ Starting from GitLab 8.5:_
...@@ -7,11 +7,11 @@ Starting from GitLab 8.5:_ ...@@ -7,11 +7,11 @@ Starting from GitLab 8.5:_
- _the `project.ssh_url` key is deprecated in favor of the `project.git_ssh_url` key_ - _the `project.ssh_url` key is deprecated in favor of the `project.git_ssh_url` key_
- _the `project.http_url` key is deprecated in favor of the `project.git_http_url` key_ - _the `project.http_url` key is deprecated in favor of the `project.git_http_url` key_
Project web hooks allow you to trigger an URL if new code is pushed or a new issue is created. Project webhooks allow you to trigger an URL if new code is pushed or a new issue is created.
You can configure web hooks to listen for specific events like pushes, issues or merge requests. GitLab will send a POST request with data to the web hook URL. You can configure webhooks to listen for specific events like pushes, issues or merge requests. GitLab will send a POST request with data to the webhook URL.
Web hooks can be used to update an external issue tracker, trigger CI builds, update a backup mirror, or even deploy to your production server. Webhooks can be used to update an external issue tracker, trigger CI builds, update a backup mirror, or even deploy to your production server.
## SSL Verification ## SSL Verification
...@@ -19,7 +19,7 @@ By default, the SSL certificate of the webhook endpoint is verified based on ...@@ -19,7 +19,7 @@ By default, the SSL certificate of the webhook endpoint is verified based on
an internal list of Certificate Authorities, an internal list of Certificate Authorities,
which means the certificate cannot be self-signed. which means the certificate cannot be self-signed.
You can turn this off in the web hook settings in your GitLab projects. You can turn this off in the webhook settings in your GitLab projects.
![SSL Verification](ssl.png) ![SSL Verification](ssl.png)
......
...@@ -26,7 +26,7 @@ class Spinach::Features::ProjectActiveTab < Spinach::FeatureSteps ...@@ -26,7 +26,7 @@ class Spinach::Features::ProjectActiveTab < Spinach::FeatureSteps
end end
step 'I click the "Hooks" tab' do step 'I click the "Hooks" tab' do
click_link('Web Hooks') click_link('Webhooks')
end end
step 'I click the "Deploy Keys" tab' do step 'I click the "Deploy Keys" tab' do
...@@ -42,7 +42,7 @@ class Spinach::Features::ProjectActiveTab < Spinach::FeatureSteps ...@@ -42,7 +42,7 @@ class Spinach::Features::ProjectActiveTab < Spinach::FeatureSteps
end end
step 'the active sub nav should be Hooks' do step 'the active sub nav should be Hooks' do
ensure_active_sub_nav('Web Hooks') ensure_active_sub_nav('Webhooks')
end end
step 'the active sub nav should be Deploy Keys' do step 'the active sub nav should be Deploy Keys' do
......
...@@ -25,14 +25,14 @@ class Spinach::Features::ProjectHooks < Spinach::FeatureSteps ...@@ -25,14 +25,14 @@ class Spinach::Features::ProjectHooks < Spinach::FeatureSteps
step 'I submit new hook' do step 'I submit new hook' do
@url = FFaker::Internet.uri("http") @url = FFaker::Internet.uri("http")
fill_in "hook_url", with: @url fill_in "hook_url", with: @url
expect { click_button "Add Web Hook" }.to change(ProjectHook, :count).by(1) expect { click_button "Add Webhook" }.to change(ProjectHook, :count).by(1)
end end
step 'I submit new hook with SSL verification enabled' do step 'I submit new hook with SSL verification enabled' do
@url = FFaker::Internet.uri("http") @url = FFaker::Internet.uri("http")
fill_in "hook_url", with: @url fill_in "hook_url", with: @url
check "hook_enable_ssl_verification" check "hook_enable_ssl_verification"
expect { click_button "Add Web Hook" }.to change(ProjectHook, :count).by(1) expect { click_button "Add Webhook" }.to change(ProjectHook, :count).by(1)
end end
step 'I should see newly created hook' do step 'I should see newly created hook' do
......
...@@ -63,7 +63,7 @@ module Gitlab ...@@ -63,7 +63,7 @@ module Gitlab
end end
# This method provide a sample data generated with # This method provide a sample data generated with
# existing project and commits to test web hooks # existing project and commits to test webhooks
def build_sample(project, user) def build_sample(project, user)
commits = project.repository.commits(project.default_branch, nil, 3) commits = project.repository.commits(project.default_branch, nil, 3)
ref = "#{Gitlab::Git::BRANCH_REF_PREFIX}#{project.default_branch}" ref = "#{Gitlab::Git::BRANCH_REF_PREFIX}#{project.default_branch}"
......
namespace :gitlab do namespace :gitlab do
namespace :web_hook do namespace :web_hook do
desc "GitLab | Adds a web hook to the projects" desc "GitLab | Adds a webhook to the projects"
task :add => :environment do task :add => :environment do
web_hook_url = ENV['URL'] web_hook_url = ENV['URL']
namespace_path = ENV['NAMESPACE'] namespace_path = ENV['NAMESPACE']
projects = find_projects(namespace_path) projects = find_projects(namespace_path)
puts "Adding web hook '#{web_hook_url}' to:" puts "Adding webhook '#{web_hook_url}' to:"
projects.find_each(batch_size: 1000) do |project| projects.find_each(batch_size: 1000) do |project|
print "- #{project.name} ... " print "- #{project.name} ... "
web_hook = project.hooks.new(url: web_hook_url) web_hook = project.hooks.new(url: web_hook_url)
...@@ -20,7 +20,7 @@ namespace :gitlab do ...@@ -20,7 +20,7 @@ namespace :gitlab do
end end
end end
desc "GitLab | Remove a web hook from the projects" desc "GitLab | Remove a webhook from the projects"
task :rm => :environment do task :rm => :environment do
web_hook_url = ENV['URL'] web_hook_url = ENV['URL']
namespace_path = ENV['NAMESPACE'] namespace_path = ENV['NAMESPACE']
...@@ -28,12 +28,12 @@ namespace :gitlab do ...@@ -28,12 +28,12 @@ namespace :gitlab do
projects = find_projects(namespace_path) projects = find_projects(namespace_path)
projects_ids = projects.pluck(:id) projects_ids = projects.pluck(:id)
puts "Removing web hooks with the url '#{web_hook_url}' ... " puts "Removing webhooks with the url '#{web_hook_url}' ... "
count = WebHook.where(url: web_hook_url, project_id: projects_ids, type: 'ProjectHook').delete_all count = WebHook.where(url: web_hook_url, project_id: projects_ids, type: 'ProjectHook').delete_all
puts "#{count} web hooks were removed." puts "#{count} webhooks were removed."
end end
desc "GitLab | List web hooks" desc "GitLab | List webhooks"
task :list => :environment do task :list => :environment do
namespace_path = ENV['NAMESPACE'] namespace_path = ENV['NAMESPACE']
...@@ -43,7 +43,7 @@ namespace :gitlab do ...@@ -43,7 +43,7 @@ namespace :gitlab do
puts "#{hook.project.name.truncate(20).ljust(20)} -> #{hook.url}" puts "#{hook.project.name.truncate(20).ljust(20)} -> #{hook.url}"
end end
puts "\n#{web_hooks.size} web hooks found." puts "\n#{web_hooks.size} webhooks found."
end end
end end
......
...@@ -31,7 +31,7 @@ describe ServiceHook, models: true do ...@@ -31,7 +31,7 @@ describe ServiceHook, models: true do
WebMock.stub_request(:post, @service_hook.url) WebMock.stub_request(:post, @service_hook.url)
end end
it "POSTs to the web hook URL" do it "POSTs to the webhook URL" do
@service_hook.execute(@data) @service_hook.execute(@data)
expect(WebMock).to have_requested(:post, @service_hook.url).with( expect(WebMock).to have_requested(:post, @service_hook.url).with(
headers: { 'Content-Type'=>'application/json', 'X-Gitlab-Event'=>'Service Hook' } headers: { 'Content-Type'=>'application/json', 'X-Gitlab-Event'=>'Service Hook' }
......
...@@ -52,7 +52,7 @@ describe WebHook, models: true do ...@@ -52,7 +52,7 @@ describe WebHook, models: true do
WebMock.stub_request(:post, @project_hook.url) WebMock.stub_request(:post, @project_hook.url)
end end
it "POSTs to the web hook URL" do it "POSTs to the webhook URL" do
@project_hook.execute(@data, 'push_hooks') @project_hook.execute(@data, 'push_hooks')
expect(WebMock).to have_requested(:post, @project_hook.url).with( expect(WebMock).to have_requested(:post, @project_hook.url).with(
headers: { 'Content-Type'=>'application/json', 'X-Gitlab-Event'=>'Push Hook' } headers: { 'Content-Type'=>'application/json', 'X-Gitlab-Event'=>'Push Hook' }
......
...@@ -172,8 +172,8 @@ describe GitPushService, services: true do ...@@ -172,8 +172,8 @@ describe GitPushService, services: true do
end end
describe "Web Hooks" do describe "Webhooks" do
context "execute web hooks" do context "execute webhooks" do
it "when pushing a branch for the first time" do it "when pushing a branch for the first time" do
expect(project).to receive(:execute_hooks) expect(project).to receive(:execute_hooks)
expect(project.default_branch).to eq("master") expect(project.default_branch).to eq("master")
......
...@@ -78,8 +78,8 @@ describe GitTagPushService, services: true do ...@@ -78,8 +78,8 @@ describe GitTagPushService, services: true do
end end
end end
describe "Web Hooks" do describe "Webhooks" do
context "execute web hooks" do context "execute webhooks" do
it "when pushing tags" do it "when pushing tags" do
expect(project).to receive(:execute_hooks) expect(project).to receive(:execute_hooks)
service.execute(project, user, 'oldrev', 'newrev', 'refs/tags/v1.0.0') service.execute(project, user, 'oldrev', 'newrev', 'refs/tags/v1.0.0')
......
...@@ -11,7 +11,7 @@ describe PostReceive do ...@@ -11,7 +11,7 @@ describe PostReceive do
end end
end end
context "web hook" do context "webhook" do
let(:project) { create(:project) } let(:project) { create(:project) }
let(:key) { create(:key, user: project.owner) } let(:key) { create(:key, user: project.owner) }
let(:key_id) { key.shell_id } let(:key_id) { key.shell_id }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment