From 438de103ec22a6f1bbf3482ec50700a6c11d8c93 Mon Sep 17 00:00:00 2001 From: Manuel Bustillo Date: Sun, 8 Dec 2024 09:32:34 +0100 Subject: [PATCH 1/2] Define a dummy endpoint to return a valid CSRF token --- app/controllers/tokens_controller.rb | 8 ++++++++ config/routes.rb | 19 ++++++++++--------- spec/requests/tokens_spec.rb | 13 +++++++++++++ 3 files changed, 31 insertions(+), 9 deletions(-) create mode 100644 app/controllers/tokens_controller.rb create mode 100644 spec/requests/tokens_spec.rb diff --git a/app/controllers/tokens_controller.rb b/app/controllers/tokens_controller.rb new file mode 100644 index 0000000..a065647 --- /dev/null +++ b/app/controllers/tokens_controller.rb @@ -0,0 +1,8 @@ +class TokensController < ApplicationController + skip_before_action :authenticate_user! + skip_before_action :set_tenant + + def show + head :ok + end +end diff --git a/config/routes.rb b/config/routes.rb index bd26594..1075005 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -2,6 +2,16 @@ Rails.application.routes.draw do mount LetterOpenerWeb::Engine, at: "/letter_opener" if Rails.env.development? + get 'token' => 'tokens#show', as: :token + get 'up' => 'rails/health#show', as: :rails_health_check + + resources :captcha, only: :create do + get 'v2/media', to: 'captcha#media', on: :collection, as: :media + end + + mount Rswag::Ui::Engine => '/api-docs' + mount Rswag::Api::Engine => '/api-docs' + scope ":slug", constraints: { slug: Wedding::SLUG_REGEX } do devise_for :users, skip: [:registration, :session, :confirmation] devise_scope :user do @@ -24,13 +34,4 @@ Rails.application.routes.draw do root to: redirect("/%{slug}") end - - resources :captcha, only: :create do - get 'v2/media', to: 'captcha#media', on: :collection, as: :media - end - - mount Rswag::Ui::Engine => '/api-docs' - mount Rswag::Api::Engine => '/api-docs' - - get 'up' => 'rails/health#show', as: :rails_health_check end diff --git a/spec/requests/tokens_spec.rb b/spec/requests/tokens_spec.rb new file mode 100644 index 0000000..1010def --- /dev/null +++ b/spec/requests/tokens_spec.rb @@ -0,0 +1,13 @@ +require 'swagger_helper' + +RSpec.describe 'tokens', type: :request do + path '/token' do + get('get a cookie with CSRF token') do + tags 'CSRF token' + consumes 'application/json' + produces 'application/json' + + response_empty_200 + end + end +end From 98877166dd9677686868e1e5664e5f1f8cc64bbe Mon Sep 17 00:00:00 2001 From: Manuel Bustillo Date: Sun, 8 Dec 2024 08:34:55 +0000 Subject: [PATCH 2/2] Add copyright notice --- app/controllers/tokens_controller.rb | 2 ++ spec/requests/tokens_spec.rb | 2 ++ 2 files changed, 4 insertions(+) diff --git a/app/controllers/tokens_controller.rb b/app/controllers/tokens_controller.rb index a065647..c3dabba 100644 --- a/app/controllers/tokens_controller.rb +++ b/app/controllers/tokens_controller.rb @@ -1,3 +1,5 @@ +# Copyright (C) 2024 Manuel Bustillo + class TokensController < ApplicationController skip_before_action :authenticate_user! skip_before_action :set_tenant diff --git a/spec/requests/tokens_spec.rb b/spec/requests/tokens_spec.rb index 1010def..5a08e05 100644 --- a/spec/requests/tokens_spec.rb +++ b/spec/requests/tokens_spec.rb @@ -1,3 +1,5 @@ +# Copyright (C) 2024 Manuel Bustillo + require 'swagger_helper' RSpec.describe 'tokens', type: :request do