diff options
author | Shinya Maeda <shinya@gitlab.com> | 2017-10-06 21:28:40 +0900 |
---|---|---|
committer | Shinya Maeda <shinya@gitlab.com> | 2017-10-06 21:28:40 +0900 |
commit | f293288589f24e1928b57dcd3428b762ae9ced79 (patch) | |
tree | d54b6425ac0fe596e27d3cbe291e08f28b10267b /spec/lib/google_api | |
parent | 5ced761ebdcb0579377e338c2e321e4ba0373336 (diff) | |
download | gitlab-ce-f293288589f24e1928b57dcd3428b762ae9ced79.tar.gz |
Security fix: redirection in google_api/authorizations_controller
Diffstat (limited to 'spec/lib/google_api')
-rw-r--r-- | spec/lib/google_api/cloud_platform/client_spec.rb | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/spec/lib/google_api/cloud_platform/client_spec.rb b/spec/lib/google_api/cloud_platform/client_spec.rb index 6538dc21d6f..e770f2e9edc 100644 --- a/spec/lib/google_api/cloud_platform/client_spec.rb +++ b/spec/lib/google_api/cloud_platform/client_spec.rb @@ -4,6 +4,29 @@ describe GoogleApi::CloudPlatform::Client do let(:token) { 'token' } let(:client) { described_class.new(token, nil) } + describe '.session_key_for_second_redirect_uri' do + subject { described_class.session_key_for_second_redirect_uri(secure: secure) } + + context 'when pass a postfix' do + let(:secure) { SecureRandom.hex } + + it 'creates a required session key' do + key, _ = described_class.session_key_for_second_redirect_uri(secure: secure) + expect(key).to eq("cloud_platform_second_redirect_uri_#{secure}") + end + end + + context 'when pass a postfix' do + let(:secure) { nil } + + it 'creates a new session key' do + key, secure = described_class.session_key_for_second_redirect_uri + expect(key).to include('cloud_platform_second_redirect_uri_') + expect(secure).not_to be_nil + end + end + end + describe '#validate_token' do subject { client.validate_token(expires_at) } |