Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Authentication token verification #1

Merged
merged 3 commits into from
May 24, 2023
Merged

Authentication token verification #1

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
bf1d88e
Minor tweak to debug statements (so debug=0 is silent when no problems)
eric-eisenhart May 24, 2023
055881d
Validate that Authentication header matches configured auth token.
eric-eisenhart May 24, 2023
e792683
Style fixup with `perltidy -b`
eric-eisenhart May 24, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 27 additions & 4 deletions pd2zabbix.cgi
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,10 +73,13 @@ our $config = AppConfig->new(
);

# Search for and load the first available configuration file
my $found_config = 0;
my $found_config = 0;
my $config_path_used = '';
foreach my $config_path (@config_paths) {
if ( -e $config_path ) {
warn("Reading config $config_path\n");
$config_path_used = $config_path;

# warn("Reading config $config_path\n");
$config->file($config_path);
$found_config = 1;
last;
Expand All @@ -85,7 +88,9 @@ foreach my $config_path (@config_paths) {

if ($found_config) {
$DEBUG = $config->get('debug');
$DEBUG >= 3 && warn( to_json( $config, { allow_blessed => 1 } ) );
$DEBUG && warn("Config used: $config_path_used\n");
my %vars = $config->varlist('.');
$DEBUG >= 3 && warn( "Config: " . to_json( \%vars ) . "\n" ) if $DEBUG >= 3;
}
else {
warn("No config found");
Expand All @@ -99,7 +104,7 @@ our $ua = LWP::UserAgent->new( agent => 'pagerduty2zabbix (https://github.com/so
# Always tell PD we got the message right away:
#print $cgi->header();

if ($DEBUG) {
if ( $DEBUG >= 2 ) {
warn "Headers:\n";

for my $header ( $cgi->http() ) {
Expand All @@ -109,6 +114,24 @@ if ($DEBUG) {
warn $cgi->param('POSTDATA');
}

# Authenticate (verify token received matches configured token)
if ( $config->get('pdauthtoken') ) {
my $pdauthtoken = $config->get('pdauthtoken');
my $pdauthheader = $cgi->http('Authentication');
$DEBUG >= 3 && warn("Auth header: $pdauthheader\n");
$DEBUG >= 3 && warn("Auth token config: $pdauthtoken\n");
if ( defined($pdauthheader) && $pdauthtoken eq $pdauthheader ) {
$DEBUG && warn("Auth token verified");
}
else {
print $cgi->header( -status => '401 Invalid Authentication Header' );
die("Auth header didn't match configured auth token");
}
}
else {
$DEBUG && warn("No stored auth token to verify.");
}

# Read and parse the incoming PagerDuty webhook payload
my $json_payload = $cgi->param('POSTDATA');
unless ($json_payload) {
Expand Down