Introduce SecretKeyGenerator for more secure session secrets than CGI::Session's pseudo-random id generator. Consider extracting to Active Support later. Closes #10286.

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8229 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

1 files changed, 35 insertions, 0 deletions

diff --git a/railties/test/secret_key_generation_test.rb b/railties/test/secret_key_generation_test.rb
new file mode 100644
index 0000000000..093436889c
--- /dev/null
+++ b/railties/test/secret_key_generation_test.rb
@@ -0,0 +1,35 @@
+require 'test/unit'
+
+# Must set before requiring generator libs.
+if defined?(RAILS_ROOT)
+  RAILS_ROOT.replace "#{File.dirname(__FILE__)}/fixtures"
+else
+  RAILS_ROOT = "#{File.dirname(__FILE__)}/fixtures"
+end
+
+$LOAD_PATH.unshift "#{File.dirname(__FILE__)}/../lib"
+
+require 'rails_generator'
+require 'rails_generator/secret_key_generator'
+require 'rails_generator/generators/applications/app/app_generator'
+
+class SecretKeyGenerationTest < Test::Unit::TestCase
+  SECRET_KEY_MIN_LENGTH = 128
+  APP_NAME = "foo"
+
+  def setup
+    @generator = Rails::SecretKeyGenerator.new(APP_NAME)
+  end
+
+  def test_secret_key_generation
+    assert @generator.generate_secret.length >= SECRET_KEY_MIN_LENGTH
+  end
+
+  Rails::SecretKeyGenerator::GENERATORS.each do |generator|
+    if Rails::SecretKeyGenerator.send("supports_#{generator}?")
+      define_method("test_secret_key_generation_with_#{generator}") do
+        assert @generator.send("generate_secret_with_#{generator}").length >= SECRET_KEY_MIN_LENGTH
+      end
+    end
+  end
+end