Commit c0263c49223943327dc78ddfeb382fc8788f438e
Exists in
colab
and in
2 other branches
Merge pull request #325 from mezuro/gitlab_hooks_fix
Fix CSRF protection error in Gitlab webhooks
Showing
3 changed files
with
16 additions
and
3 deletions
Show diff stats
app/controllers/repositories_controller.rb
| ... | ... | @@ -7,6 +7,9 @@ class RepositoriesController < ApplicationController |
| 7 | 7 | before_action :set_repository, only: [:show, :edit, :update, :destroy, :state, :state_with_date, :process_repository] |
| 8 | 8 | before_action :set_project_id_repository_types_and_configurations, only: [:new, :edit] |
| 9 | 9 | |
| 10 | + # Gitlab can't send a CSRF token, don't require one | |
| 11 | + skip_before_action :verify_authenticity_token, :only => [:notify_push] | |
| 12 | + | |
| 10 | 13 | def index |
| 11 | 14 | @repositories = Repository.all |
| 12 | 15 | end | ... | ... |
features/repository/notify_push.feature
| ... | ... | @@ -3,7 +3,7 @@ Feature: Notify push to repository |
| 3 | 3 | As a regular user |
| 4 | 4 | I want to use a webhook in my repository to notify Mezuro of new pushes |
| 5 | 5 | |
| 6 | - @kalibro_configuration_restart @kalibro_processor_restart | |
| 6 | + @kalibro_configuration_restart @kalibro_processor_restart @enable_forgery_protection | |
| 7 | 7 | Scenario: Valid repository |
| 8 | 8 | Given I am a regular user |
| 9 | 9 | And I have a sample configuration with hotspot metrics |
| ... | ... | @@ -13,13 +13,13 @@ Feature: Notify push to repository |
| 13 | 13 | When I push some commits to the repository |
| 14 | 14 | Then Mezuro should process the repository again |
| 15 | 15 | |
| 16 | - @kalibro_configuration_restart @kalibro_processor_restart | |
| 16 | + @kalibro_configuration_restart @kalibro_processor_restart @enable_forgery_protection | |
| 17 | 17 | Scenario: Invalid repository |
| 18 | 18 | Given I am a regular user |
| 19 | 19 | When I push some commits to an invalid repository |
| 20 | 20 | Then I should get a not found error |
| 21 | 21 | |
| 22 | - @kalibro_configuration_restart @kalibro_processor_restart | |
| 22 | + @kalibro_configuration_restart @kalibro_processor_restart @enable_forgery_protection | |
| 23 | 23 | Scenario: Repository with an errored processing |
| 24 | 24 | Given I am a regular user |
| 25 | 25 | And I have a sample reading group | ... | ... |
features/support/hooks.rb
| ... | ... | @@ -20,3 +20,13 @@ AfterConfiguration do |config| |
| 20 | 20 | KalibroClient::KalibroCucumberHelpers.clean_configurations |
| 21 | 21 | KalibroClient::KalibroCucumberHelpers.clean_processor |
| 22 | 22 | end |
| 23 | + | |
| 24 | +Around('@enable_forgery_protection') do |scenario, block| | |
| 25 | + old_value = ActionController::Base.allow_forgery_protection | |
| 26 | + begin | |
| 27 | + ActionController::Base.allow_forgery_protection = true | |
| 28 | + block.call | |
| 29 | + ensure | |
| 30 | + ActionController::Base.allow_forgery_protection = old_value | |
| 31 | + end | |
| 32 | +end | ... | ... |