Commit bd3161b8defccbbce21c5ae478f2b9314866e221
1 parent
06d11499
Exists in
colab
and in
2 other branches
Enable CSRF protection in notify_push acceptance tests
A bug in notify_push was missed due to CSRF protection being disabled in the test environment. Fix that by adding a tag that can enabled it in some features. We might eventually want to enable it for all acceptance tests to make sure other cases like this don't show up.
Showing
2 changed files
with
13 additions
and
3 deletions
Show diff stats
features/repository/notify_push.feature
| @@ -3,7 +3,7 @@ Feature: Notify push to repository | @@ -3,7 +3,7 @@ Feature: Notify push to repository | ||
| 3 | As a regular user | 3 | As a regular user |
| 4 | I want to use a webhook in my repository to notify Mezuro of new pushes | 4 | I want to use a webhook in my repository to notify Mezuro of new pushes |
| 5 | 5 | ||
| 6 | - @kalibro_configuration_restart @kalibro_processor_restart | 6 | + @kalibro_configuration_restart @kalibro_processor_restart @enable_forgery_protection |
| 7 | Scenario: Valid repository | 7 | Scenario: Valid repository |
| 8 | Given I am a regular user | 8 | Given I am a regular user |
| 9 | And I have a sample configuration with hotspot metrics | 9 | And I have a sample configuration with hotspot metrics |
| @@ -13,13 +13,13 @@ Feature: Notify push to repository | @@ -13,13 +13,13 @@ Feature: Notify push to repository | ||
| 13 | When I push some commits to the repository | 13 | When I push some commits to the repository |
| 14 | Then Mezuro should process the repository again | 14 | Then Mezuro should process the repository again |
| 15 | 15 | ||
| 16 | - @kalibro_configuration_restart @kalibro_processor_restart | 16 | + @kalibro_configuration_restart @kalibro_processor_restart @enable_forgery_protection |
| 17 | Scenario: Invalid repository | 17 | Scenario: Invalid repository |
| 18 | Given I am a regular user | 18 | Given I am a regular user |
| 19 | When I push some commits to an invalid repository | 19 | When I push some commits to an invalid repository |
| 20 | Then I should get a not found error | 20 | Then I should get a not found error |
| 21 | 21 | ||
| 22 | - @kalibro_configuration_restart @kalibro_processor_restart | 22 | + @kalibro_configuration_restart @kalibro_processor_restart @enable_forgery_protection |
| 23 | Scenario: Repository with an errored processing | 23 | Scenario: Repository with an errored processing |
| 24 | Given I am a regular user | 24 | Given I am a regular user |
| 25 | And I have a sample reading group | 25 | And I have a sample reading group |
features/support/hooks.rb
| @@ -20,3 +20,13 @@ AfterConfiguration do |config| | @@ -20,3 +20,13 @@ AfterConfiguration do |config| | ||
| 20 | KalibroClient::KalibroCucumberHelpers.clean_configurations | 20 | KalibroClient::KalibroCucumberHelpers.clean_configurations |
| 21 | KalibroClient::KalibroCucumberHelpers.clean_processor | 21 | KalibroClient::KalibroCucumberHelpers.clean_processor |
| 22 | end | 22 | end |
| 23 | + | ||
| 24 | +Around('@enable_forgery_protection') do |scenario, block| | ||
| 25 | + old_value = ActionController::Base.allow_forgery_protection | ||
| 26 | + begin | ||
| 27 | + ActionController::Base.allow_forgery_protection = true | ||
| 28 | + block.call | ||
| 29 | + ensure | ||
| 30 | + ActionController::Base.allow_forgery_protection = old_value | ||
| 31 | + end | ||
| 32 | +end |