Merge pull request #36434 from Edouard-chin/ec-securecompare-rotation

Introduce a new ActiveSupport::SecureCompareRotator class:
author: Rafael França <rafael@franca.dev> 2019-07-24 14:16:03 -0400
committer: GitHub <noreply@github.com> 2019-07-24 14:16:03 -0400
commit: bcc3d625b446142842d26f4c8a32740a4cafc60b (patch)
tree: 8521fcbccc039b3a1fdfe38f1e6e12b00867420d /activesupport/test
parent: 89ba95b69a4b79f3469254b6fbb164491df9454a (diff)
parent: 123bcf5faa6d6963862a33489b2d678d6ef3c137 (diff)
download: rails-bcc3d625b446142842d26f4c8a32740a4cafc60b.tar.gz
rails-bcc3d625b446142842d26f4c8a32740a4cafc60b.tar.bz2
rails-bcc3d625b446142842d26f4c8a32740a4cafc60b.zip
1 files changed, 44 insertions, 0 deletions
diff --git a/activesupport/test/secure_compare_rotator_test.rb b/activesupport/test/secure_compare_rotator_test.rb
new file mode 100644
index 0000000000..8acf13e38f
--- /dev/null
+++ b/activesupport/test/secure_compare_rotator_test.rb
@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+require "abstract_unit"
+require "active_support/secure_compare_rotator"
+
+class SecureCompareRotatorTest < ActiveSupport::TestCase
+  test "#secure_compare! works correctly after rotation" do
+    wrapper = ActiveSupport::SecureCompareRotator.new("old_secret")
+    wrapper.rotate("new_secret")
+
+    assert_equal(true, wrapper.secure_compare!("new_secret"))
+  end
+
+  test "#secure_compare! works correctly after multiple rotation" do
+    wrapper = ActiveSupport::SecureCompareRotator.new("old_secret")
+    wrapper.rotate("new_secret")
+    wrapper.rotate("another_secret")
+    wrapper.rotate("and_another_one")
+
+    assert_equal(true, wrapper.secure_compare!("and_another_one"))
+  end
+
+  test "#secure_compare! fails correctly when credential is not part of the rotation" do
+    wrapper = ActiveSupport::SecureCompareRotator.new("old_secret")
+    wrapper.rotate("new_secret")
+
+    assert_raises(ActiveSupport::SecureCompareRotator::InvalidMatch) do
+      wrapper.secure_compare!("different_secret")
+    end
+  end
+
+  test "#secure_compare! calls the on_rotation proc" do
+    wrapper = ActiveSupport::SecureCompareRotator.new("old_secret")
+    wrapper.rotate("new_secret")
+    wrapper.rotate("another_secret")
+    wrapper.rotate("and_another_one")
+
+    @witness = nil
+
+    assert_changes(:@witness, from: nil, to: true) do
+      assert_equal(true, wrapper.secure_compare!("and_another_one", on_rotation: -> { @witness = true }))
+    end
+  end
+end
author	Rafael França <rafael@franca.dev>	2019-07-24 14:16:03 -0400
committer	GitHub <noreply@github.com>	2019-07-24 14:16:03 -0400
commit	bcc3d625b446142842d26f4c8a32740a4cafc60b (patch)
tree	8521fcbccc039b3a1fdfe38f1e6e12b00867420d /activesupport/test
parent	89ba95b69a4b79f3469254b6fbb164491df9454a (diff)
parent	123bcf5faa6d6963862a33489b2d678d6ef3c137 (diff)
download	rails-bcc3d625b446142842d26f4c8a32740a4cafc60b.tar.gz rails-bcc3d625b446142842d26f4c8a32740a4cafc60b.tar.bz2 rails-bcc3d625b446142842d26f4c8a32740a4cafc60b.zip