diff options
author | Rafael França <rafael@franca.dev> | 2019-07-24 14:16:03 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-07-24 14:16:03 -0400 |
commit | bcc3d625b446142842d26f4c8a32740a4cafc60b (patch) | |
tree | 8521fcbccc039b3a1fdfe38f1e6e12b00867420d /activesupport/test | |
parent | 89ba95b69a4b79f3469254b6fbb164491df9454a (diff) | |
parent | 123bcf5faa6d6963862a33489b2d678d6ef3c137 (diff) | |
download | rails-bcc3d625b446142842d26f4c8a32740a4cafc60b.tar.gz rails-bcc3d625b446142842d26f4c8a32740a4cafc60b.tar.bz2 rails-bcc3d625b446142842d26f4c8a32740a4cafc60b.zip |
Merge pull request #36434 from Edouard-chin/ec-securecompare-rotation
Introduce a new ActiveSupport::SecureCompareRotator class:
Diffstat (limited to 'activesupport/test')
-rw-r--r-- | activesupport/test/secure_compare_rotator_test.rb | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/activesupport/test/secure_compare_rotator_test.rb b/activesupport/test/secure_compare_rotator_test.rb new file mode 100644 index 0000000000..8acf13e38f --- /dev/null +++ b/activesupport/test/secure_compare_rotator_test.rb @@ -0,0 +1,44 @@ +# frozen_string_literal: true + +require "abstract_unit" +require "active_support/secure_compare_rotator" + +class SecureCompareRotatorTest < ActiveSupport::TestCase + test "#secure_compare! works correctly after rotation" do + wrapper = ActiveSupport::SecureCompareRotator.new("old_secret") + wrapper.rotate("new_secret") + + assert_equal(true, wrapper.secure_compare!("new_secret")) + end + + test "#secure_compare! works correctly after multiple rotation" do + wrapper = ActiveSupport::SecureCompareRotator.new("old_secret") + wrapper.rotate("new_secret") + wrapper.rotate("another_secret") + wrapper.rotate("and_another_one") + + assert_equal(true, wrapper.secure_compare!("and_another_one")) + end + + test "#secure_compare! fails correctly when credential is not part of the rotation" do + wrapper = ActiveSupport::SecureCompareRotator.new("old_secret") + wrapper.rotate("new_secret") + + assert_raises(ActiveSupport::SecureCompareRotator::InvalidMatch) do + wrapper.secure_compare!("different_secret") + end + end + + test "#secure_compare! calls the on_rotation proc" do + wrapper = ActiveSupport::SecureCompareRotator.new("old_secret") + wrapper.rotate("new_secret") + wrapper.rotate("another_secret") + wrapper.rotate("and_another_one") + + @witness = nil + + assert_changes(:@witness, from: nil, to: true) do + assert_equal(true, wrapper.secure_compare!("and_another_one", on_rotation: -> { @witness = true })) + end + end +end |