From 0b35619322ca19af03504d7ce559e55aa33d915d Mon Sep 17 00:00:00 2001 From: Christophe Robillard Date: Mon, 10 Aug 2020 17:18:10 +0200 Subject: [PATCH] skip verify authenticity token for helpscout Co-authored-by: LeSim --- app/controllers/webhook_controller.rb | 1 + spec/controllers/webhook_controller_spec.rb | 11 ++++++++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/app/controllers/webhook_controller.rb b/app/controllers/webhook_controller.rb index 5382d065f..a8ab7193a 100644 --- a/app/controllers/webhook_controller.rb +++ b/app/controllers/webhook_controller.rb @@ -1,5 +1,6 @@ class WebhookController < ActionController::Base before_action :verify_signature!, only: :helpscout + skip_before_action :verify_authenticity_token def helpscout email = params[:customer][:email].downcase diff --git a/spec/controllers/webhook_controller_spec.rb b/spec/controllers/webhook_controller_spec.rb index 26badc63c..534983c84 100644 --- a/spec/controllers/webhook_controller_spec.rb +++ b/spec/controllers/webhook_controller_spec.rb @@ -1,10 +1,19 @@ describe WebhookController, type: :controller do describe '#helpscout' do - before { allow(controller).to receive(:verify_signature!).and_return(true) } + before do + allow(controller).to receive(:verify_signature!).and_return(true) + allow(controller).to receive(:verify_authenticity_token) + end subject(:response) { get :helpscout, params: { customer: { email: customer_email } } } let(:payload) { JSON.parse(subject.body) } + let(:customer_email) { 'a-user@exemple.fr' } + + it "doesn't verify authenticity token" do + subject + expect(controller).not_to have_received(:verify_authenticity_token) + end context 'when there is no matching user' do let(:customer_email) { 'not-a-user@exemple.fr' }