Merge pull request #96 from mena-devs/update-omniauth

constantine-nikolaou · web-flow · commit 705fe867dd7a · 2022-06-06T21:22:31.000+02:00
Update omniauth
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,11 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "bundler" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "daily"
diff --git a/Gemfile b/Gemfile
@@ -31,6 +31,7 @@ gem 'meta-tags'
 gem 'mini_racer'
 gem 'nested_form'
 gem 'omniauth-slack'
+gem 'omniauth-rails_csrf_protection'
 gem 'paranoia', '~> 2.2'
 gem 'paperclip', '~> 5.2.0'
 gem 'pg'
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -364,6 +364,9 @@ GEM
     omniauth-oauth2 (1.3.1)
       oauth2 (~> 1.0)
       omniauth (~> 1.2)
+    omniauth-rails_csrf_protection (0.1.2)
+      actionpack (>= 4.2)
+      omniauth (>= 1.3.1)
     omniauth-slack (2.3.0)
       omniauth-oauth2 (~> 1.3.1)
     orm_adapter (0.5.0)
@@ -634,6 +637,7 @@ DEPENDENCIES
   meta-tags
   mini_racer
   nested_form
+  omniauth-rails_csrf_protection
   omniauth-slack
   overcommit
   paperclip (~> 5.2.0)
diff --git a/app/views/devise/shared/_omniauthable.html.erb b/app/views/devise/shared/_omniauthable.html.erb
@@ -1,6 +1,6 @@
 <%- if devise_mapping.omniauthable? %>
   <%- resource_class.omniauth_providers.each do |provider| %>
-    <%= link_to(user_slack_omniauth_authorize_path) do %>
+    <%= link_to(user_slack_omniauth_authorize_path, method: :post) do %>
       <!-- "Sign in with #{OmniAuth::Utils.camelize(provider)}" -->
       <%= image_tag('https://platform.slack-edge.com/img/sign_in_with_slack.png',
                     alt: 'Sign in with Slack',
diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb
@@ -1,3 +1,6 @@
+# Configure OmniAuth to only allow requests from :post and :get
+OmniAuth.config.allowed_request_methods = [:post, :get]
+
 if !AppSettings.slack_app_client_id.blank? && !AppSettings.slack_app_client_secret.blank?
   Rails.application.config.middleware.use(OmniAuth::Builder) do
     provider :slack,
diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb
@@ -13,7 +13,7 @@
 
       response '200', 'Return verified users' do
         schema '$ref' => '#/components/schemas/users'
-        
+
         let!(:user) { create(:user) }
         let!(:api_key) { create(:api_key, user: user) }
         let!(:user_1) { create(:user) }
@@ -90,7 +90,7 @@
         schema schema '$ref' => '#/components/schemas/users'
 
         let!(:user) { create(:user) }
-        let!(:member) { create(:user) }
+        let!(:member) { create(:user, first_name: "find-user-test") }
         let!(:api_key) { create(:api_key, user: user) }
         let!("query[first_name]") { member.first_name }
         let(:Authorization) { 'Bearer ' + api_key.access_token }
