skip verify authenticity token for helpscout

Co-authored-by: LeSim <mail@simon.lehericey.net>
2020-08-10 17:18:10 +02:00 · 2020-08-10 17:18:10 +02:00 · 0b35619322
commit 0b35619322
parent 406a31fda9
2 changed files with 11 additions and 1 deletions
--- a/app/controllers/webhook_controller.rb
+++ b/app/controllers/webhook_controller.rb
@ -1,5 +1,6 @@
 class WebhookController < ActionController::Base
  before_action :verify_signature!, only: :helpscout
+  skip_before_action :verify_authenticity_token

  def helpscout
    email = params[:customer][:email].downcase
--- a/spec/controllers/webhook_controller_spec.rb
+++ b/spec/controllers/webhook_controller_spec.rb
@ -1,10 +1,19 @@
 describe WebhookController, type: :controller do
  describe '#helpscout' do
-    before { allow(controller).to receive(:verify_signature!).and_return(true) }
+    before do
+      allow(controller).to receive(:verify_signature!).and_return(true)
+      allow(controller).to receive(:verify_authenticity_token)
+    end

    subject(:response) { get :helpscout, params: { customer: { email: customer_email } } }

    let(:payload) { JSON.parse(subject.body) }
+    let(:customer_email) { 'a-user@exemple.fr' }
+
+    it "doesn't verify authenticity token" do
+      subject
+      expect(controller).not_to have_received(:verify_authenticity_token)
+    end

    context 'when there is no matching user' do
      let(:customer_email) { 'not-a-user@exemple.fr' }