WIP Move omniauth links to post

Omniauth 2 requires post. heartcombo/devise#5236 ``` Install the gem OmniAuth - Rails CSRF Protection Add the link user_facebook_omniauth_authorize_path method: :post ``` TODO: Convert the rest of the links to `user_github_omniauth_authorize_path` to be post
codetriage · Apr 4, 2021 · 2d51ff8 · 2d51ff8
1 parent b592400
commit 2d51ff8
Show file tree

Hide file tree

Showing 5 changed files with 29 additions and 19 deletions.
diff --git a/Gemfile b/Gemfile
@@ -30,6 +30,7 @@ gem 'jquery-rails'
 gem 'local_time', '2.1.0'
 gem 'maildown', '~> 3.3'
 gem 'omniauth', '~> 2.0.3'
+gem 'omniauth-rails_csrf_protection'
 gem 'omniauth-github'
 gem 'pg'
 gem 'puma'

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -261,6 +261,9 @@ GEM
     omniauth-oauth2 (1.7.1)
       oauth2 (~> 1.4)
       omniauth (>= 1.9, < 3)
+    omniauth-rails_csrf_protection (1.0.0)
+      actionpack (>= 4.2)
+      omniauth (~> 2.0)
     optimist (3.0.1)
     orm_adapter (0.5.0)
     parallel (1.20.1)
@@ -488,6 +491,7 @@ DEPENDENCIES
   oj
   omniauth (~> 2.0.3)
   omniauth-github
+  omniauth-rails_csrf_protection
   pg
   prawn
   premailer-rails

diff --git a/app/views/application/_nav.html.slim b/app/views/application/_nav.html.slim
@@ -17,8 +17,8 @@ nav.application-navigation
     - else
       li.application-navigation-list-item= link_to 'About', what_path
       li.application-navigation-list-item= link_to 'University', university_index_path
-      li.application-navigation-list-item= link_to 'Log in', user_github_omniauth_authorize_path
-      li.application-navigation-list-item= link_to 'Sign Up', user_github_omniauth_authorize_path
+      li.application-navigation-list-item= link_to 'Log in', user_github_omniauth_authorize_path, method: :post
+      li.application-navigation-list-item= link_to 'Sign Up', user_github_omniauth_authorize_path, method: :post
 
 div.application-logo
   = link_to root_path

diff --git a/test/integration/adding_repos_test.rb b/test/integration/adding_repos_test.rb
@@ -40,7 +40,9 @@ class AddingReposTest < ActionDispatch::IntegrationTest
   end
 
   test "supports URL without github.com" do
+    visit "/"
     login_via_github
+
     VCR.use_cassette('my_repos') do
       visit "/"
       click_link "Submit a Repo"

diff --git a/test/test_helper.rb b/test/test_helper.rb
@@ -30,22 +30,24 @@ class ActionDispatch::IntegrationTest
 end
 
 OmniAuth.config.test_mode = true
-OmniAuth.config.add_mock(:github, {
-                           uid: 'mockstar',
-                           credentials: {
-                             token: ENV['GITHUB_API_KEY'] || "d401116495671f0a0ceca9276e677eff"
-                           },
-                           email: "[email protected]",
-                           info: {
-                             nickname: 'mockstar'
-                           },
-                           extra: {
-                             raw_info: {
-                               name: "Mock Star",
-                               avatar_url: "http://gravatar.com/avatar/default"
-                             }
-                           }
-                         })
+OmniAuth.config.add_mock(
+  :github, {
+   uid: 'mockstar',
+   credentials: {
+     token: ENV['GITHUB_API_KEY'] || "d401116495671f0a0ceca9276e677eff"
+   },
+   email: "[email protected]",
+   info: {
+     nickname: 'mockstar'
+   },
+   extra: {
+     raw_info: {
+       name: "Mock Star",
+       avatar_url: "http://gravatar.com/avatar/default"
+     }
+   }
+  }
+)
 
 VCR.configure do |c|
   # This 'allow' should be temporary, work towards covering
@@ -68,7 +70,8 @@ def login_via_github
       # Works based off of omniauth's mock
       # The user will be looked up from the database and updated
       # based off of the info in the mock.
-      visit "/users/auth/github"
+      visit "/"
+      click_on "Log in"
     end
   end
 end