From 74e5812c26dad3aa102088af9b525a4ead2c78d6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=B4me=20Chilliet?= <come.chilliet@nextcloud.com>
Date: Mon, 10 Jun 2024 16:33:44 +0200
Subject: [PATCH] fix(webhooks): Refuse webhooks registration if auth header is
 used without auth data
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
---
 apps/webhooks/lib/Db/WebhookListener.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/apps/webhooks/lib/Db/WebhookListener.php b/apps/webhooks/lib/Db/WebhookListener.php
index a949d93c9ea..4781454fc1a 100644
--- a/apps/webhooks/lib/Db/WebhookListener.php
+++ b/apps/webhooks/lib/Db/WebhookListener.php
@@ -78,6 +78,9 @@ class WebhookListener extends Entity implements \JsonSerializable {
 
 	public function setAuthDataClear(?array $data): void {
 		if ($data === null) {
+			if ($this->getAuthMethodEnum() === AuthMethod::Header) {
+				throw new \UnexpectedValueException('Header auth method needs an associative array of headers as auth data');
+			}
 			$this->setAuthData(null);
 			return;
 		}