mirror of
https://github.com/woodpecker-ci/woodpecker.git
synced 2026-02-13 21:00:00 +00:00
894ba77d94
## Summary Fixes #5590 Fixes #5713 This PR fixes an issue where webhook handling fails with "failure to parse hook" error when the user's OAuth access token has expired. The root cause is that the Bitbucket and GitHub forge implementations make API calls during webhook processing without first refreshing the OAuth token. ## Problem When a webhook arrives from Bitbucket or GitHub, the `Hook()` function (and its helper functions) make API calls to fetch additional data (changed files, repo info, etc.). These API calls use the stored OAuth access token, which may have expired. **Before this fix:** 1. Webhook arrives 2. `Hook()` makes API calls with potentially expired token 3. API call fails with "OAuth2 access token expired" 4. Error bubbles up as HTTP 400 "failure to parse hook" 5. `forge.Refresh()` is called later in `PostHook()` - but it's too late **Example error from logs:** `failure to parse hook error="OAuth2 access token expired. Use your refresh token to obtain a new access token."` ## Solution Add `forge.Refresh()` calls before making API calls in the webhook handling code paths. This follows the same pattern already used by: - Bitbucket Data Center forge (`server/forge/bitbucketdatacenter/bitbucketdatacenter.go`) - Other code paths like `pipeline.Create()`, `cron.go`, etc. ### Changes **Bitbucket** (`server/forge/bitbucket/bitbucket.go`): - Added `forge.Refresh()` in `Hook()` before API calls **GitHub** (`server/forge/github/github.go`): - Added `forge.Refresh()` in `loadChangedFilesFromPullRequest()` - Added `forge.Refresh()` in `getTagCommitSHA()` - Added `forge.Refresh()` in `loadChangedFilesFromCommits()` ## Testing - All existing Bitbucket and GitHub forge tests pass - Tested in production environment with Bitbucket (waited for token expiry, webhook succeeded after fix)