diff --git a/flipper-ui.gemspec b/flipper-ui.gemspec index 8b0836023..2a60ae1b7 100644 --- a/flipper-ui.gemspec +++ b/flipper-ui.gemspec @@ -20,7 +20,7 @@ Gem::Specification.new do |gem| gem.version = Flipper::VERSION gem.add_dependency 'rack', '>= 1.4', '< 3' - gem.add_dependency 'rack-protection', '~> 1.5.3' + gem.add_dependency 'rack-protection', '>= 1.5.3', '< 2.1.0' gem.add_dependency 'flipper', "~> #{Flipper::VERSION}" gem.add_dependency 'erubis', '~> 2.7.0' end diff --git a/spec/flipper/ui/actions/actors_gate_spec.rb b/spec/flipper/ui/actions/actors_gate_spec.rb index 77357a8fa..1de059910 100644 --- a/spec/flipper/ui/actions/actors_gate_spec.rb +++ b/spec/flipper/ui/actions/actors_gate_spec.rb @@ -1,6 +1,21 @@ require 'helper' RSpec.describe Flipper::UI::Actions::ActorsGate do + let(:token) { + if Rack::Protection::AuthenticityToken.respond_to?(:random_token) + Rack::Protection::AuthenticityToken.random_token + else + "a" + end + } + let(:session) { + if Rack::Protection::AuthenticityToken.respond_to?(:random_token) + {:csrf => token} + else + {"_csrf_token" => token} + end + } + describe "GET /features/:feature/actors" do before do get "features/search/actors" @@ -19,8 +34,8 @@ context "enabling an actor" do before do post "features/search/actors", - {"value" => "User:6", "operation" => "enable", "authenticity_token" => "a"}, - "rack.session" => {"_csrf_token" => "a"} + {"value" => "User:6", "operation" => "enable", "authenticity_token" => token}, + "rack.session" => session end it "adds item to members" do @@ -37,8 +52,8 @@ before do flipper[:search].enable_actor Flipper::UI::Actor.new("User:6") post "features/search/actors", - {"value" => "User:6", "operation" => "disable", "authenticity_token" => "a"}, - "rack.session" => {"_csrf_token" => "a"} + {"value" => "User:6", "operation" => "disable", "authenticity_token" => token}, + "rack.session" => session end it "removes item from members" do @@ -54,8 +69,8 @@ context "for an invalid actor value" do before do post "features/search/actors", - {"value" => "", "operation" => "enable", "authenticity_token" => "a"}, - "rack.session" => {"_csrf_token" => "a"} + {"value" => "", "operation" => "enable", "authenticity_token" => token}, + "rack.session" => session end it "redirects back to feature" do diff --git a/spec/flipper/ui/actions/boolean_gate_spec.rb b/spec/flipper/ui/actions/boolean_gate_spec.rb index 7a58c049d..03dedf4bd 100644 --- a/spec/flipper/ui/actions/boolean_gate_spec.rb +++ b/spec/flipper/ui/actions/boolean_gate_spec.rb @@ -1,13 +1,28 @@ require 'helper' RSpec.describe Flipper::UI::Actions::BooleanGate do + let(:token) { + if Rack::Protection::AuthenticityToken.respond_to?(:random_token) + Rack::Protection::AuthenticityToken.random_token + else + "a" + end + } + let(:session) { + if Rack::Protection::AuthenticityToken.respond_to?(:random_token) + {:csrf => token} + else + {"_csrf_token" => token} + end + } + describe "POST /features/:feature/boolean" do context "with enable" do before do flipper.disable :search post "features/search/boolean", - {"action" => "Enable", "authenticity_token" => "a"}, - "rack.session" => {"_csrf_token" => "a"} + {"action" => "Enable", "authenticity_token" => token}, + "rack.session" => session end it "enables the feature" do @@ -24,8 +39,8 @@ before do flipper.enable :search post "features/search/boolean", - {"action" => "Disable", "authenticity_token" => "a"}, - "rack.session" => {"_csrf_token" => "a"} + {"action" => "Disable", "authenticity_token" => token}, + "rack.session" => session end it "disables the feature" do diff --git a/spec/flipper/ui/actions/feature_spec.rb b/spec/flipper/ui/actions/feature_spec.rb index 706ea2cea..4b899ce36 100644 --- a/spec/flipper/ui/actions/feature_spec.rb +++ b/spec/flipper/ui/actions/feature_spec.rb @@ -1,12 +1,27 @@ require 'helper' RSpec.describe Flipper::UI::Actions::Feature do + let(:token) { + if Rack::Protection::AuthenticityToken.respond_to?(:random_token) + Rack::Protection::AuthenticityToken.random_token + else + "a" + end + } + let(:session) { + if Rack::Protection::AuthenticityToken.respond_to?(:random_token) + {:csrf => token} + else + {"_csrf_token" => token} + end + } + describe "DELETE /features/:feature" do before do flipper.enable :search delete "/features/search", - {"authenticity_token" => "a"}, - "rack.session" => {"_csrf_token" => "a"} + {"authenticity_token" => token}, + "rack.session" => session end it "removes feature" do @@ -23,8 +38,8 @@ before do flipper.enable :search post "/features/search", - {"_method" => "DELETE", "authenticity_token" => "a"}, - "rack.session" => {"_csrf_token" => "a"} + {"_method" => "DELETE", "authenticity_token" => token}, + "rack.session" => session end it "removes feature" do diff --git a/spec/flipper/ui/actions/features_spec.rb b/spec/flipper/ui/actions/features_spec.rb index 96469d260..8ea6a61ce 100644 --- a/spec/flipper/ui/actions/features_spec.rb +++ b/spec/flipper/ui/actions/features_spec.rb @@ -1,6 +1,21 @@ require 'helper' RSpec.describe Flipper::UI::Actions::Features do + let(:token) { + if Rack::Protection::AuthenticityToken.respond_to?(:random_token) + Rack::Protection::AuthenticityToken.random_token + else + "a" + end + } + let(:session) { + if Rack::Protection::AuthenticityToken.respond_to?(:random_token) + {:csrf => token} + else + {"_csrf_token" => token} + end + } + describe "GET /features" do before do flipper[:stats].enable @@ -23,8 +38,8 @@ @original_feature_creation_enabled = Flipper::UI.feature_creation_enabled Flipper::UI.feature_creation_enabled = true post "/features", - {"value" => "notifications_next", "authenticity_token" => "a"}, - "rack.session" => {"_csrf_token" => "a"} + {"value" => "notifications_next", "authenticity_token" => token}, + "rack.session" => session end after do @@ -46,8 +61,8 @@ @original_feature_creation_enabled = Flipper::UI.feature_creation_enabled Flipper::UI.feature_creation_enabled = false post "/features", - {"value" => "notifications_next", "authenticity_token" => "a"}, - "rack.session" => {"_csrf_token" => "a"} + {"value" => "notifications_next", "authenticity_token" => token}, + "rack.session" => session end after do diff --git a/spec/flipper/ui/actions/gate_spec.rb b/spec/flipper/ui/actions/gate_spec.rb index 02cb11d5b..a06bf0910 100644 --- a/spec/flipper/ui/actions/gate_spec.rb +++ b/spec/flipper/ui/actions/gate_spec.rb @@ -1,11 +1,26 @@ require 'helper' RSpec.describe Flipper::UI::Actions::Gate do + let(:token) { + if Rack::Protection::AuthenticityToken.respond_to?(:random_token) + Rack::Protection::AuthenticityToken.random_token + else + "a" + end + } + let(:session) { + if Rack::Protection::AuthenticityToken.respond_to?(:random_token) + {:csrf => token} + else + {"_csrf_token" => token} + end + } + describe "POST /features/:feature/non-existent-gate" do before do post "/features/search/non-existent-gate", - {"authenticity_token" => "a"}, - "rack.session" => {"_csrf_token" => "a"} + {"authenticity_token" => token}, + "rack.session" => session end it "responds with redirect" do diff --git a/spec/flipper/ui/actions/groups_gate_spec.rb b/spec/flipper/ui/actions/groups_gate_spec.rb index 9c93e437e..07974378b 100644 --- a/spec/flipper/ui/actions/groups_gate_spec.rb +++ b/spec/flipper/ui/actions/groups_gate_spec.rb @@ -1,6 +1,21 @@ require 'helper' RSpec.describe Flipper::UI::Actions::GroupsGate do + let(:token) { + if Rack::Protection::AuthenticityToken.respond_to?(:random_token) + Rack::Protection::AuthenticityToken.random_token + else + "a" + end + } + let(:session) { + if Rack::Protection::AuthenticityToken.respond_to?(:random_token) + {:csrf => token} + else + {"_csrf_token" => token} + end + } + describe "GET /features/:feature/groups" do before do Flipper.register(:admins) { |user| user.admin? } @@ -32,8 +47,8 @@ context "enabling a group" do before do post "features/search/groups", - {"value" => "admins", "operation" => "enable", "authenticity_token" => "a"}, - "rack.session" => {"_csrf_token" => "a"} + {"value" => "admins", "operation" => "enable", "authenticity_token" => token}, + "rack.session" => session end it "adds item to members" do @@ -50,8 +65,8 @@ before do flipper[:search].enable_group :admins post "features/search/groups", - {"value" => "admins", "operation" => "disable", "authenticity_token" => "a"}, - "rack.session" => {"_csrf_token" => "a"} + {"value" => "admins", "operation" => "disable", "authenticity_token" => token}, + "rack.session" => session end it "removes item from members" do @@ -67,8 +82,8 @@ context "for an unregistered group" do before do post "features/search/groups", - {"value" => "not_here", "operation" => "enable", "authenticity_token" => "a"}, - "rack.session" => {"_csrf_token" => "a"} + {"value" => "not_here", "operation" => "enable", "authenticity_token" => token}, + "rack.session" => session end it "redirects back to feature" do diff --git a/spec/flipper/ui/actions/percentage_of_actors_gate_spec.rb b/spec/flipper/ui/actions/percentage_of_actors_gate_spec.rb index 2405af1b8..0bc0b8485 100644 --- a/spec/flipper/ui/actions/percentage_of_actors_gate_spec.rb +++ b/spec/flipper/ui/actions/percentage_of_actors_gate_spec.rb @@ -1,12 +1,27 @@ require 'helper' RSpec.describe Flipper::UI::Actions::PercentageOfActorsGate do + let(:token) { + if Rack::Protection::AuthenticityToken.respond_to?(:random_token) + Rack::Protection::AuthenticityToken.random_token + else + "a" + end + } + let(:session) { + if Rack::Protection::AuthenticityToken.respond_to?(:random_token) + {:csrf => token} + else + {"_csrf_token" => token} + end + } + describe "POST /features/:feature/percentage_of_actors" do context "with valid value" do before do post "features/search/percentage_of_actors", - {"value" => "24", "authenticity_token" => "a"}, - "rack.session" => {"_csrf_token" => "a"} + {"value" => "24", "authenticity_token" => token}, + "rack.session" => session end it "enables the feature" do @@ -22,8 +37,8 @@ context "with invalid value" do before do post "features/search/percentage_of_actors", - {"value" => "555", "authenticity_token" => "a"}, - "rack.session" => {"_csrf_token" => "a"} + {"value" => "555", "authenticity_token" => token}, + "rack.session" => session end it "does not change value" do diff --git a/spec/flipper/ui/actions/percentage_of_time_gate_spec.rb b/spec/flipper/ui/actions/percentage_of_time_gate_spec.rb index 7e86a5a20..cc091cb34 100644 --- a/spec/flipper/ui/actions/percentage_of_time_gate_spec.rb +++ b/spec/flipper/ui/actions/percentage_of_time_gate_spec.rb @@ -1,12 +1,27 @@ require 'helper' RSpec.describe Flipper::UI::Actions::PercentageOfTimeGate do + let(:token) { + if Rack::Protection::AuthenticityToken.respond_to?(:random_token) + Rack::Protection::AuthenticityToken.random_token + else + "a" + end + } + let(:session) { + if Rack::Protection::AuthenticityToken.respond_to?(:random_token) + {:csrf => token} + else + {"_csrf_token" => token} + end + } + describe "POST /features/:feature/percentage_of_time" do context "with valid value" do before do post "features/search/percentage_of_time", - {"value" => "24", "authenticity_token" => "a"}, - "rack.session" => {"_csrf_token" => "a"} + {"value" => "24", "authenticity_token" => token}, + "rack.session" => session end it "enables the feature" do @@ -22,8 +37,8 @@ context "with invalid value" do before do post "features/search/percentage_of_time", - {"value" => "555", "authenticity_token" => "a"}, - "rack.session" => {"_csrf_token" => "a"} + {"value" => "555", "authenticity_token" => token}, + "rack.session" => session end it "does not change value" do diff --git a/spec/flipper/ui_spec.rb b/spec/flipper/ui_spec.rb index 4b1e3f221..52f32cb00 100644 --- a/spec/flipper/ui_spec.rb +++ b/spec/flipper/ui_spec.rb @@ -1,6 +1,21 @@ require 'helper' RSpec.describe Flipper::UI do + let(:token) { + if Rack::Protection::AuthenticityToken.respond_to?(:random_token) + Rack::Protection::AuthenticityToken.random_token + else + "a" + end + } + let(:session) { + if Rack::Protection::AuthenticityToken.respond_to?(:random_token) + {:csrf => token} + else + {"_csrf_token" => token} + end + } + describe "Initializing middleware with flipper instance" do let(:app) { build_app(flipper) } @@ -36,8 +51,8 @@ # See https://github.com/jnunemaker/flipper/issues/80 it "can route features with names that match static directories" do post "features/refactor-images/actors", - {"value" => "User:6", "operation" => "enable", "authenticity_token" => "a"}, - "rack.session" => {"_csrf_token" => "a"} + {"value" => "User:6", "operation" => "enable", "authenticity_token" => token}, + "rack.session" => session expect(last_response.status).to be(302) expect(last_response.headers["Location"]).to eq("/features/refactor-images") end