ldraney/landscaping-assistant
1
0
Fork 0
Code Issues 32 Pull requests 1 Projects Releases Packages Wiki Activity Actions 4

Fix session specs to use POST for OmniAuth request phase #135

Merged
ldraney merged 1 commit from fix/session-specs-post-method into main 2026-06-07 01:02:46 +00:00
Conversation 1 Commits 1 Files changed 2 +3 -8
ldraney commented 2026-06-07 01:01:12 +00:00
Owner
Copy link

Summary

  • Fix 4 failing session specs caused by the CSRF fix in PR #134 (removing GET from OmniAuth.config.allowed_request_methods)
  • Specs now use post "/auth/keycloak" instead of get "/auth/keycloak" to match production behavior (button_to POST)

Changes

  • spec/requests/sessions_spec.rb — Changed get "/auth/keycloak" to post "/auth/keycloak" in 3 places
  • spec/support/omniauth.rb — Removed stale OmniAuth.config.silence_get_warning = true

Test Plan

  • All 101 specs pass locally (7 session specs + 94 existing)

Review Checklist

  • No secrets committed
  • No unnecessary file changes
  • Specs match production auth flow (POST only)

Related Notes

Follow-up fix for PR #134. No standalone issue — this is a regression from the CSRF hardening fix.

Closes #115

## Summary - Fix 4 failing session specs caused by the CSRF fix in PR #134 (removing GET from `OmniAuth.config.allowed_request_methods`) - Specs now use `post "/auth/keycloak"` instead of `get "/auth/keycloak"` to match production behavior (`button_to` POST) ## Changes - `spec/requests/sessions_spec.rb` — Changed `get "/auth/keycloak"` to `post "/auth/keycloak"` in 3 places - `spec/support/omniauth.rb` — Removed stale `OmniAuth.config.silence_get_warning = true` ## Test Plan - [x] All 101 specs pass locally (7 session specs + 94 existing) ## Review Checklist - [x] No secrets committed - [x] No unnecessary file changes - [x] Specs match production auth flow (POST only) ## Related Notes Follow-up fix for PR #134. No standalone issue — this is a regression from the CSRF hardening fix. Closes #115
Fix session specs to use POST for OmniAuth request phase
Some checks failed
ci/woodpecker/push/woodpecker Pipeline was successful
Details
ci/woodpecker/pr/woodpecker Pipeline was successful
Details
CI / scan_ruby (pull_request) Has been cancelled
Details
CI / scan_js (pull_request) Has been cancelled
Details
CI / lint (pull_request) Has been cancelled
Details
50b31381d6 
The CSRF fix (removing GET from allowed_request_methods) broke specs
that used `get "/auth/keycloak"` to initiate the flow. Specs now use
POST to match production behavior (button_to POST). Removed stale
silence_get_warning config.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
ldraney commented 2026-06-07 01:01:25 +00:00
Author
Owner
Copy link

QA Review

Verdict: APPROVED

Mechanical fix — 3 get "/auth/keycloak" changed to post, matching the POST-only allowed_request_methods set in the initializer. Removed stale silence_get_warning that no longer applies. All 101 specs pass. No issues.

### QA Review **Verdict: APPROVED** Mechanical fix — 3 `get "/auth/keycloak"` changed to `post`, matching the POST-only `allowed_request_methods` set in the initializer. Removed stale `silence_get_warning` that no longer applies. All 101 specs pass. No issues.
ldraney deleted branch fix/session-specs-post-method 2026-06-07 01:02:46 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
ldraney/landscaping-assistant!135
No description provided.