diff options
| author | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2018-11-14 15:24:00 +0100 |
|---|---|---|
| committer | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2018-11-14 15:24:00 +0100 |
| commit | 9a830f1e0bb6c6ef87b704a7e43dee5aecbdc0cc (patch) | |
| tree | d78f2ea1e92bcd487e335dc80eac9c49da1cf447 | |
| parent | c04f56d3b449ed3cc9b3ecc611fe0bd663d1ee41 (diff) | |
| download | gitlab-ce-9a830f1e0bb6c6ef87b704a7e43dee5aecbdc0cc.tar.gz | |
Add unit tests for encrypted token authenticatable
| -rw-r--r-- | app/models/concerns/token_authenticatable_strategies/base.rb | 4 | ||||
| -rw-r--r-- | spec/models/concerns/token_authenticatable_strategies/encrypted_spec.rb | 51 |
2 files changed, 53 insertions, 2 deletions
diff --git a/app/models/concerns/token_authenticatable_strategies/base.rb b/app/models/concerns/token_authenticatable_strategies/base.rb index ef5ed0e577e..ef1b2487cea 100644 --- a/app/models/concerns/token_authenticatable_strategies/base.rb +++ b/app/models/concerns/token_authenticatable_strategies/base.rb @@ -1,9 +1,9 @@ # frozen_string_literal: true module TokenAuthenticatableStrategies - attr_reader :klass, :token_field, :options - class Base + attr_reader :klass, :token_field, :options + def initialize(klass, token_field, options) @klass = klass @token_field = token_field diff --git a/spec/models/concerns/token_authenticatable_strategies/encrypted_spec.rb b/spec/models/concerns/token_authenticatable_strategies/encrypted_spec.rb index 34e5268b34d..e09da304cfb 100644 --- a/spec/models/concerns/token_authenticatable_strategies/encrypted_spec.rb +++ b/spec/models/concerns/token_authenticatable_strategies/encrypted_spec.rb @@ -2,18 +2,69 @@ require 'spec_helper' describe TokenAuthenticatableStrategies::Encrypted do let(:model) { double(:model) } + let(:instance) { double(:instance) } let(:options) { { fallback: true } } + let(:encrypted) do + Gitlab::CryptoHelper.aes256_gcm_encrypt('my-value') + end + subject do described_class.new(model, 'some_field', options) end describe '#find_token_authenticatable' do + it 'finds a relevant resource by encrypted value' do + allow(model).to receive(:find_by) + .with('some_field_encrypted' => encrypted) + .and_return('encrypted resource') + + expect(subject.find_token_authenticatable('my-value')) + .to eq 'encrypted resource' + end + + it 'uses fallback strategy when token can not be found' do + allow_any_instance_of(TokenAuthenticatableStrategies::Insecure) + .to receive(:find_token_authenticatable) + .and_return('plaintext resource') + + allow(model).to receive(:find_by) + .with('some_field_encrypted' => encrypted) + .and_return(nil) + + expect(subject.find_token_authenticatable('my-value')) + .to eq 'plaintext resource' + end end describe '#get_token' do + it 'decrypts a token when encrypted token is present' do + allow(instance).to receive(:read_attribute) + .with('some_field_encrypted') + .and_return(encrypted) + + expect(subject.get_token(instance)).to eq 'my-value' + end + + it 'reads a plaintext token when encrypted token is not present' do + allow(instance).to receive(:read_attribute) + .with('some_field_encrypted') + .and_return(nil) + + allow(instance).to receive(:read_attribute) + .with('some_field') + .and_return('cleartext value') + + expect(subject.get_token(instance)).to eq 'cleartext value' + end end describe '#set_token' do + it 'writes encrypted token to a model instance' do + expect(instance).to receive(:[]=) + .with('some_field_encrypted', encrypted) + + subject.set_token(instance, 'my-value') + end end end |