Merge pull request #5467 from betagouv/dev

2020-08-10-01

app/controllers/webhook_controller.rb

@@ -1,5 +1,6 @@
 class WebhookController < ActionController::Base
   before_action :verify_signature!, only: :helpscout
+  skip_before_action :verify_authenticity_token
 
   def helpscout
     email = params[:customer][:email].downcase

app/helpers/commentaire_helper.rb

@@ -22,4 +22,9 @@ module CommentaireHelper
     template = is_current_year ? :message_date : :message_date_with_year
     I18n.l(commentaire.created_at, format: template)
   end
+
+  def pretty_commentaire(commentaire)
+    body_formatted = commentaire.sent_by_system? ? commentaire.body : simple_format(commentaire.body)
+    sanitize(body_formatted)
+  end
 end

app/views/shared/dossiers/messages/_message.html.haml

@@ -8,7 +8,7 @@
       %span.guest Invité
     %span.date{ class: highlight_if_unseen_class(messagerie_seen_at, commentaire.created_at) }
       = commentaire_date(commentaire)
-  .rich-text= sanitize(simple_format(commentaire.body))
+  .rich-text= pretty_commentaire(commentaire)
 
   .message-extras.flex.justify-start
     - if commentaire.piece_jointe.attached?

spec/controllers/webhook_controller_spec.rb

@@ -1,10 +1,19 @@
 describe WebhookController, type: :controller do
   describe '#helpscout' do
-    before { allow(controller).to receive(:verify_signature!).and_return(true) }
+    before do
+      allow(controller).to receive(:verify_signature!).and_return(true)
+      allow(controller).to receive(:verify_authenticity_token)
+    end
 
     subject(:response) { get :helpscout, params: { customer: { email: customer_email } } }
 
     let(:payload) { JSON.parse(subject.body) }
+    let(:customer_email) { 'a-user@exemple.fr' }
+
+    it "doesn't verify authenticity token" do
+      subject
+      expect(controller).not_to have_received(:verify_authenticity_token)
+    end
 
     context 'when there is no matching user' do
       let(:customer_email) { 'not-a-user@exemple.fr' }