Commit c0263c49223943327dc78ddfeb382fc8788f438e
Exists in
colab
and in
2 other branches
Merge pull request #325 from mezuro/gitlab_hooks_fix
Fix CSRF protection error in Gitlab webhooks
Showing
3 changed files
with
16 additions
and
3 deletions
Show diff stats
app/controllers/repositories_controller.rb
| @@ -7,6 +7,9 @@ class RepositoriesController < ApplicationController | @@ -7,6 +7,9 @@ class RepositoriesController < ApplicationController | ||
| 7 | before_action :set_repository, only: [:show, :edit, :update, :destroy, :state, :state_with_date, :process_repository] | 7 | before_action :set_repository, only: [:show, :edit, :update, :destroy, :state, :state_with_date, :process_repository] |
| 8 | before_action :set_project_id_repository_types_and_configurations, only: [:new, :edit] | 8 | before_action :set_project_id_repository_types_and_configurations, only: [:new, :edit] |
| 9 | 9 | ||
| 10 | + # Gitlab can't send a CSRF token, don't require one | ||
| 11 | + skip_before_action :verify_authenticity_token, :only => [:notify_push] | ||
| 12 | + | ||
| 10 | def index | 13 | def index |
| 11 | @repositories = Repository.all | 14 | @repositories = Repository.all |
| 12 | end | 15 | end |
features/repository/notify_push.feature
| @@ -3,7 +3,7 @@ Feature: Notify push to repository | @@ -3,7 +3,7 @@ Feature: Notify push to repository | ||
| 3 | As a regular user | 3 | As a regular user |
| 4 | I want to use a webhook in my repository to notify Mezuro of new pushes | 4 | I want to use a webhook in my repository to notify Mezuro of new pushes |
| 5 | 5 | ||
| 6 | - @kalibro_configuration_restart @kalibro_processor_restart | 6 | + @kalibro_configuration_restart @kalibro_processor_restart @enable_forgery_protection |
| 7 | Scenario: Valid repository | 7 | Scenario: Valid repository |
| 8 | Given I am a regular user | 8 | Given I am a regular user |
| 9 | And I have a sample configuration with hotspot metrics | 9 | And I have a sample configuration with hotspot metrics |
| @@ -13,13 +13,13 @@ Feature: Notify push to repository | @@ -13,13 +13,13 @@ Feature: Notify push to repository | ||
| 13 | When I push some commits to the repository | 13 | When I push some commits to the repository |
| 14 | Then Mezuro should process the repository again | 14 | Then Mezuro should process the repository again |
| 15 | 15 | ||
| 16 | - @kalibro_configuration_restart @kalibro_processor_restart | 16 | + @kalibro_configuration_restart @kalibro_processor_restart @enable_forgery_protection |
| 17 | Scenario: Invalid repository | 17 | Scenario: Invalid repository |
| 18 | Given I am a regular user | 18 | Given I am a regular user |
| 19 | When I push some commits to an invalid repository | 19 | When I push some commits to an invalid repository |
| 20 | Then I should get a not found error | 20 | Then I should get a not found error |
| 21 | 21 | ||
| 22 | - @kalibro_configuration_restart @kalibro_processor_restart | 22 | + @kalibro_configuration_restart @kalibro_processor_restart @enable_forgery_protection |
| 23 | Scenario: Repository with an errored processing | 23 | Scenario: Repository with an errored processing |
| 24 | Given I am a regular user | 24 | Given I am a regular user |
| 25 | And I have a sample reading group | 25 | And I have a sample reading group |
features/support/hooks.rb
| @@ -20,3 +20,13 @@ AfterConfiguration do |config| | @@ -20,3 +20,13 @@ AfterConfiguration do |config| | ||
| 20 | KalibroClient::KalibroCucumberHelpers.clean_configurations | 20 | KalibroClient::KalibroCucumberHelpers.clean_configurations |
| 21 | KalibroClient::KalibroCucumberHelpers.clean_processor | 21 | KalibroClient::KalibroCucumberHelpers.clean_processor |
| 22 | end | 22 | end |
| 23 | + | ||
| 24 | +Around('@enable_forgery_protection') do |scenario, block| | ||
| 25 | + old_value = ActionController::Base.allow_forgery_protection | ||
| 26 | + begin | ||
| 27 | + ActionController::Base.allow_forgery_protection = true | ||
| 28 | + block.call | ||
| 29 | + ensure | ||
| 30 | + ActionController::Base.allow_forgery_protection = old_value | ||
| 31 | + end | ||
| 32 | +end |