Enable CSRF protection in notify_push acceptance tests

A bug in notify_push was missed due to CSRF protection being disabled in the test environment. Fix that by adding a tag that can enabled it in some features. We might eventually want to enable it for all acceptance tests to make sure other cases like this don't show up.

Enable CSRF protection in notify_push acceptance tests
A bug in notify_push was missed due to CSRF protection being disabled in the test environment. Fix that by adding a tag that can enabled it in some features. We might eventually want to enable it for all acceptance tests to make sure other cases like this don't show up.
Daniel
1 parent 06d11499
Showing 2 changed files with 13 additions and 3 deletions Show diff stats
features/repository/notify_push.feature
features/support/hooks.rb
@@ -3,7 +3,7 @@ Feature: Notify push to repository
   As a regular user
   I want to use a webhook in my repository to notify Mezuro of new pushes
  
-  @kalibro_configuration_restart @kalibro_processor_restart
+  @kalibro_configuration_restart @kalibro_processor_restart @enable_forgery_protection
   Scenario: Valid repository
     Given I am a regular user
     And I have a sample configuration with hotspot metrics
@@ -13,13 +13,13 @@ Feature: Notify push to repository
     When I push some commits to the repository
     Then Mezuro should process the repository again
  
-  @kalibro_configuration_restart @kalibro_processor_restart
+  @kalibro_configuration_restart @kalibro_processor_restart @enable_forgery_protection
   Scenario: Invalid repository
     Given I am a regular user
     When I push some commits to an invalid repository
     Then I should get a not found error
  
-  @kalibro_configuration_restart @kalibro_processor_restart
+  @kalibro_configuration_restart @kalibro_processor_restart @enable_forgery_protection
   Scenario: Repository with an errored processing
     Given I am a regular user
     And I have a sample reading group
@@ -20,3 +20,13 @@ AfterConfiguration do |config|
   KalibroClient::KalibroCucumberHelpers.clean_configurations
   KalibroClient::KalibroCucumberHelpers.clean_processor
 end
+
+Around('@enable_forgery_protection') do |scenario, block|
+  old_value = ActionController::Base.allow_forgery_protection
+  begin
+    ActionController::Base.allow_forgery_protection = true
+    block.call
+  ensure
+    ActionController::Base.allow_forgery_protection = old_value
+  end
+end
...	...	@@ -3,7 +3,7 @@ Feature: Notify push to repository
3	3	As a regular user
4	4	I want to use a webhook in my repository to notify Mezuro of new pushes
5	5
6		- @kalibro_configuration_restart @kalibro_processor_restart
	6	+ @kalibro_configuration_restart @kalibro_processor_restart @enable_forgery_protection
7	7	Scenario: Valid repository
8	8	Given I am a regular user
9	9	And I have a sample configuration with hotspot metrics
...	...	@@ -13,13 +13,13 @@ Feature: Notify push to repository
13	13	When I push some commits to the repository
14	14	Then Mezuro should process the repository again
15	15
16		- @kalibro_configuration_restart @kalibro_processor_restart
	16	+ @kalibro_configuration_restart @kalibro_processor_restart @enable_forgery_protection
17	17	Scenario: Invalid repository
18	18	Given I am a regular user
19	19	When I push some commits to an invalid repository
20	20	Then I should get a not found error
21	21
22		- @kalibro_configuration_restart @kalibro_processor_restart
	22	+ @kalibro_configuration_restart @kalibro_processor_restart @enable_forgery_protection
23	23	Scenario: Repository with an errored processing
24	24	Given I am a regular user
25	25	And I have a sample reading group
...	...
...	...	@@ -20,3 +20,13 @@ AfterConfiguration do \|config\|
20	20	KalibroClient::KalibroCucumberHelpers.clean_configurations
21	21	KalibroClient::KalibroCucumberHelpers.clean_processor
22	22	end
	23	+
	24	+Around('@enable_forgery_protection') do \|scenario, block\|
	25	+ old_value = ActionController::Base.allow_forgery_protection
	26	+ begin
	27	+ ActionController::Base.allow_forgery_protection = true
	28	+ block.call
	29	+ ensure
	30	+ ActionController::Base.allow_forgery_protection = old_value
	31	+ end
	32	+end
...	...