[master] Missing CSRF in System Hooks resend action
This commit is contained in:
parent
beb8354b34
commit
cdc2bc43d4
|
@ -4,7 +4,6 @@
|
||||||
|
|
||||||
%hr
|
%hr
|
||||||
|
|
||||||
= link_to 'Resend Request', retry_admin_hook_hook_log_path(@hook, @hook_log), class: "btn btn-default float-right prepend-left-10"
|
= link_to 'Resend Request', retry_admin_hook_hook_log_path(@hook, @hook_log), method: :post, class: "btn btn-default float-right prepend-left-10"
|
||||||
|
|
||||||
= render partial: 'shared/hook_logs/content', locals: { hook_log: @hook_log }
|
= render partial: 'shared/hook_logs/content', locals: { hook_log: @hook_log }
|
||||||
|
|
||||||
|
|
|
@ -4,6 +4,6 @@
|
||||||
Request details
|
Request details
|
||||||
.col-lg-9
|
.col-lg-9
|
||||||
|
|
||||||
= link_to 'Resend Request', retry_project_hook_hook_log_path(@project, @hook, @hook_log), class: "btn btn-default float-right prepend-left-10"
|
= link_to 'Resend Request', retry_project_hook_hook_log_path(@project, @hook, @hook_log), method: :post, class: "btn btn-default float-right prepend-left-10"
|
||||||
|
|
||||||
= render partial: 'shared/hook_logs/content', locals: { hook_log: @hook_log }
|
= render partial: 'shared/hook_logs/content', locals: { hook_log: @hook_log }
|
||||||
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
title: Adding CSRF protection to Hooks resend action
|
||||||
|
merge_request:
|
||||||
|
author:
|
||||||
|
type: security
|
|
@ -59,7 +59,7 @@ namespace :admin do
|
||||||
|
|
||||||
resources :hook_logs, only: [:show] do
|
resources :hook_logs, only: [:show] do
|
||||||
member do
|
member do
|
||||||
get :retry
|
post :retry
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -307,7 +307,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
|
||||||
|
|
||||||
resources :hook_logs, only: [:show] do
|
resources :hook_logs, only: [:show] do
|
||||||
member do
|
member do
|
||||||
get :retry
|
post :retry
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -103,11 +103,11 @@ describe Admin::HooksController, "routing" do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
# admin_hook_hook_log_retry GET /admin/hooks/:hook_id/hook_logs/:id/retry(.:format) admin/hook_logs#retry
|
# admin_hook_hook_log_retry POST /admin/hooks/:hook_id/hook_logs/:id/retry(.:format) admin/hook_logs#retry
|
||||||
# admin_hook_hook_log GET /admin/hooks/:hook_id/hook_logs/:id(.:format) admin/hook_logs#show
|
# admin_hook_hook_log GET /admin/hooks/:hook_id/hook_logs/:id(.:format) admin/hook_logs#show
|
||||||
describe Admin::HookLogsController, 'routing' do
|
describe Admin::HookLogsController, 'routing' do
|
||||||
it 'to #retry' do
|
it 'to #retry' do
|
||||||
expect(get('/admin/hooks/1/hook_logs/1/retry')).to route_to('admin/hook_logs#retry', hook_id: '1', id: '1')
|
expect(post('/admin/hooks/1/hook_logs/1/retry')).to route_to('admin/hook_logs#retry', hook_id: '1', id: '1')
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'to #show' do
|
it 'to #show' do
|
||||||
|
|
|
@ -381,7 +381,7 @@ describe 'project routing' do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
# test_project_hook GET /:project_id/hooks/:id/test(.:format) hooks#test
|
# test_project_hook POST /:project_id/hooks/:id/test(.:format) hooks#test
|
||||||
# project_hooks GET /:project_id/hooks(.:format) hooks#index
|
# project_hooks GET /:project_id/hooks(.:format) hooks#index
|
||||||
# POST /:project_id/hooks(.:format) hooks#create
|
# POST /:project_id/hooks(.:format) hooks#create
|
||||||
# edit_project_hook GET /:project_id/hooks/:id/edit(.:format) hooks#edit
|
# edit_project_hook GET /:project_id/hooks/:id/edit(.:format) hooks#edit
|
||||||
|
@ -398,11 +398,11 @@ describe 'project routing' do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
# retry_namespace_project_hook_hook_log GET /:project_id/hooks/:hook_id/hook_logs/:id/retry(.:format) projects/hook_logs#retry
|
# retry_namespace_project_hook_hook_log POST /:project_id/hooks/:hook_id/hook_logs/:id/retry(.:format) projects/hook_logs#retry
|
||||||
# namespace_project_hook_hook_log GET /:project_id/hooks/:hook_id/hook_logs/:id(.:format) projects/hook_logs#show
|
# namespace_project_hook_hook_log GET /:project_id/hooks/:hook_id/hook_logs/:id(.:format) projects/hook_logs#show
|
||||||
describe Projects::HookLogsController, 'routing' do
|
describe Projects::HookLogsController, 'routing' do
|
||||||
it 'to #retry' do
|
it 'to #retry' do
|
||||||
expect(get('/gitlab/gitlabhq/hooks/1/hook_logs/1/retry')).to route_to('projects/hook_logs#retry', namespace_id: 'gitlab', project_id: 'gitlabhq', hook_id: '1', id: '1')
|
expect(post('/gitlab/gitlabhq/hooks/1/hook_logs/1/retry')).to route_to('projects/hook_logs#retry', namespace_id: 'gitlab', project_id: 'gitlabhq', hook_id: '1', id: '1')
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'to #show' do
|
it 'to #show' do
|
||||||
|
|
Loading…
Reference in New Issue