webhooks/github: Restrict membership event scope to teams.

According to GitHub's webhook docs, the scope of a membership event can only be limited to 'teams', which holds true when a new member is added to a team. However, we just found a payload in our logs that indicates that when a user is removed from a team, the scope of the membership is erroneously set to 'organization', not 'team'. This is most likely a bug on GitHub's end because such behaviour is a direct violation of their webhook API event specifications. We account for this by restricting membership events to teams explicitly, at least till GitHub's docs suggest otherwise.
2025-11-06 15:03:34 +00:00 · 2019-03-09 16:36:44 -03:30
parent 0a17a2acaa
commit 6afd02bef5
3 changed files with 81 additions and 11 deletions
--- a/zerver/webhooks/github/view.py
+++ b/zerver/webhooks/github/view.py
@@ -75,16 +75,15 @@ def get_closed_pull_request_body(payload: Dict[str, Any],
 def get_membership_body(payload: Dict[str, Any]) -> str:
    action = payload['action']
    member = payload['member']
-    scope = payload['scope']
-    scope_object = payload[scope]
+    team_name = payload['team']['name']

-    return u"{} {} [{}]({}) to {} {}".format(
-        get_sender_name(payload),
-        action,
-        member['login'],
-        member['html_url'],
-        scope_object['name'],
-        scope
+    return u"{sender} {action} [{username}]({html_url}) {preposition} the {team_name} team".format(
+        sender=get_sender_name(payload),
+        action=action,
+        username=member['login'],
+        html_url=member['html_url'],
+        preposition='from' if action == 'removed' else 'to',
+        team_name=team_name
    )

 def get_member_body(payload: Dict[str, Any]) -> str: