From 20ba2e762ceab098371122b0c02b4a90239d2ace Mon Sep 17 00:00:00 2001 From: Kasper Timm Hansen Date: Sun, 24 Sep 2017 19:46:10 +0200 Subject: Infer options from the primary verifier. Spares users from passing in non-changing values explicitly. [ Michael Coyne & Kasper Timm Hansen ] --- activesupport/test/message_encryptor_test.rb | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) (limited to 'activesupport/test/message_encryptor_test.rb') diff --git a/activesupport/test/message_encryptor_test.rb b/activesupport/test/message_encryptor_test.rb index 17baf3550b..915038c854 100644 --- a/activesupport/test/message_encryptor_test.rb +++ b/activesupport/test/message_encryptor_test.rb @@ -121,11 +121,23 @@ class MessageEncryptorTest < ActiveSupport::TestCase old_message = old_encryptor.encrypt_and_sign("message encrypted with old raw key") encryptor = ActiveSupport::MessageEncryptor.new(@secret, cipher: "aes-256-gcm") - encryptor.rotate raw_key: old_raw_key, cipher: "aes-256-gcm" + encryptor.rotate raw_key: old_raw_key assert_equal "message encrypted with old raw key", encryptor.decrypt_and_verify(old_message) end + def test_rotating_serializer + old_raw_key = SecureRandom.random_bytes(32) + + old_message = ActiveSupport::MessageEncryptor.new(old_raw_key, cipher: "aes-256-gcm", serializer: JSON). + encrypt_and_sign(ahoy: :hoy) + + encryptor = ActiveSupport::MessageEncryptor.new(@secret, cipher: "aes-256-gcm", serializer: JSON) + encryptor.rotate raw_key: old_raw_key + + assert_equal({ "ahoy" => "hoy" }, encryptor.decrypt_and_verify(old_message)) + end + def test_with_rotated_secret_and_salt old_secret, old_salt = SecureRandom.random_bytes(32), "old salt" old_raw_key = ActiveSupport::KeyGenerator.new(old_secret, iterations: 1000).generate_key(old_salt, 32) @@ -134,7 +146,7 @@ class MessageEncryptorTest < ActiveSupport::TestCase old_message = old_encryptor.encrypt_and_sign("message encrypted with old secret and salt") encryptor = ActiveSupport::MessageEncryptor.new(@secret, cipher: "aes-256-gcm") - encryptor.rotate secret: old_secret, salt: old_salt, cipher: "aes-256-gcm" + encryptor.rotate secret: old_secret, salt: old_salt assert_equal "message encrypted with old secret and salt", encryptor.decrypt_and_verify(old_message) end @@ -147,7 +159,7 @@ class MessageEncryptorTest < ActiveSupport::TestCase old_message = old_encryptor.encrypt_and_sign("message encrypted with old key generator and salt") encryptor = ActiveSupport::MessageEncryptor.new(@secret, cipher: "aes-256-gcm") - encryptor.rotate key_generator: old_key_gen, salt: old_salt, cipher: "aes-256-gcm" + encryptor.rotate key_generator: old_key_gen, salt: old_salt assert_equal "message encrypted with old key generator and salt", encryptor.decrypt_and_verify(old_message) end @@ -227,7 +239,7 @@ class MessageEncryptorTest < ActiveSupport::TestCase "message encrypted with old secret, salt, and metadata", purpose: "rotation") encryptor = ActiveSupport::MessageEncryptor.new(@secret, cipher: "aes-256-gcm") - encryptor.rotate secret: old_secret, salt: old_salt, cipher: "aes-256-gcm" + encryptor.rotate secret: old_secret, salt: old_salt assert_equal "message encrypted with old secret, salt, and metadata", encryptor.decrypt_and_verify(old_message, purpose: "rotation") -- cgit v1.2.3