diff options
| author | Connor Shea <connor.james.shea@gmail.com> | 2016-05-19 13:55:25 -0500 |
|---|---|---|
| committer | Connor Shea <connor.james.shea@gmail.com> | 2016-05-30 13:51:21 -0600 |
| commit | d287315dbf1a1493e3f2c2511e559204cc914ff8 (patch) | |
| tree | e8ad832255adec67b700a73e4cf853392e27bbb8 /spec | |
| parent | d47b2b92c9b5e80eb3430e2b4950e17646b8efd8 (diff) | |
| download | gitlab-ce-d287315dbf1a1493e3f2c2511e559204cc914ff8.tar.gz | |
Upgrade attr_encrypted and encryptor
attr_encrypted (1.3.4 => 3.0.1) Changelog:
https://github.com/attr-encrypted/attr_encrypted/blob/master/CHANGELOG.m
d
attr_encrypted 2.x included a vulnerability, so that major version is
skipped. 3.x requires that the algorithm and mode used by each
encrypted attribute is specified explicitly.
`nil` is no longer a valid value for the encrypted_value_iv field, so
it’s changed to a randomly generated string.
Diffstat (limited to 'spec')
| -rw-r--r-- | spec/features/login_spec.rb | 2 | ||||
| -rw-r--r-- | spec/models/ci/variable_spec.rb | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/spec/features/login_spec.rb b/spec/features/login_spec.rb index 8c38dd5b122..54dcc50f4a2 100644 --- a/spec/features/login_spec.rb +++ b/spec/features/login_spec.rb @@ -121,7 +121,7 @@ feature 'Login', feature: true do user = create(:user, password: 'not-the-default') login_with(user) - expect(page).to have_content('Invalid login or password.') + expect(page).to have_content('Invalid Login or password.') end end diff --git a/spec/models/ci/variable_spec.rb b/spec/models/ci/variable_spec.rb index c712d211b0f..98f60087cf5 100644 --- a/spec/models/ci/variable_spec.rb +++ b/spec/models/ci/variable_spec.rb @@ -23,7 +23,7 @@ describe Ci::Variable, models: true do end it 'fails to decrypt if iv is incorrect' do - subject.encrypted_value_iv = nil + subject.encrypted_value_iv = SecureRandom.hex subject.instance_variable_set(:@value, nil) expect { subject.value }. to raise_error(OpenSSL::Cipher::CipherError, 'bad decrypt') |