summaryrefslogtreecommitdiff
path: root/spec/initializers/secret_token_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/initializers/secret_token_spec.rb')
-rw-r--r--spec/initializers/secret_token_spec.rb36
1 files changed, 32 insertions, 4 deletions
diff --git a/spec/initializers/secret_token_spec.rb b/spec/initializers/secret_token_spec.rb
index 362371e0962..ab16dbad3fc 100644
--- a/spec/initializers/secret_token_spec.rb
+++ b/spec/initializers/secret_token_spec.rb
@@ -11,17 +11,20 @@ RSpec.describe 'create_tokens' do
let(:rsa_key) { /\A-----BEGIN RSA PRIVATE KEY-----\n.+\n-----END RSA PRIVATE KEY-----\n\Z/m.freeze }
before do
- allow(File).to receive(:write)
- allow(File).to receive(:delete)
allow(Rails).to receive_message_chain(:application, :secrets).and_return(secrets)
allow(Rails).to receive_message_chain(:root, :join) { |string| string }
+
+ allow(File).to receive(:write).and_call_original
+ allow(File).to receive(:write).with(Rails.root.join('config/secrets.yml'))
+ allow(File).to receive(:delete).and_call_original
+ allow(File).to receive(:delete).with(Rails.root.join('.secret'))
allow(self).to receive(:warn)
allow(self).to receive(:exit)
end
describe 'ensure acknowledged secrets in any installations' do
let(:acknowledged_secrets) do
- %w[secret_key_base otp_key_base db_key_base openid_connect_signing_key]
+ %w[secret_key_base otp_key_base db_key_base openid_connect_signing_key encrypted_settings_key_base rotated_encrypted_settings_key_base]
end
it 'does not allow to add a new secret without a proper handling' do
@@ -87,6 +90,7 @@ RSpec.describe 'create_tokens' do
expect(new_secrets['otp_key_base']).to eq(secrets.otp_key_base)
expect(new_secrets['db_key_base']).to eq(secrets.db_key_base)
expect(new_secrets['openid_connect_signing_key']).to eq(secrets.openid_connect_signing_key)
+ expect(new_secrets['encrypted_settings_key_base']).to eq(secrets.encrypted_settings_key_base)
end
create_tokens
@@ -103,9 +107,10 @@ RSpec.describe 'create_tokens' do
before do
secrets.db_key_base = 'db_key_base'
secrets.openid_connect_signing_key = 'openid_connect_signing_key'
+ secrets.encrypted_settings_key_base = 'encrypted_settings_key_base'
allow(File).to receive(:exist?).with('.secret').and_return(true)
- allow(File).to receive(:read).with('.secret').and_return('file_key')
+ stub_file_read('.secret', content: 'file_key')
end
context 'when secret_key_base exists in the environment and secrets.yml' do
@@ -155,6 +160,7 @@ RSpec.describe 'create_tokens' do
expect(secrets.otp_key_base).to eq('otp_key_base')
expect(secrets.db_key_base).to eq('db_key_base')
expect(secrets.openid_connect_signing_key).to eq('openid_connect_signing_key')
+ expect(secrets.encrypted_settings_key_base).to eq('encrypted_settings_key_base')
end
it 'deletes the .secret file' do
@@ -205,12 +211,34 @@ RSpec.describe 'create_tokens' do
create_tokens
end
end
+
+ context 'when rotated_encrypted_settings_key_base does not exist' do
+ before do
+ secrets.secret_key_base = 'secret_key_base'
+ secrets.otp_key_base = 'otp_key_base'
+ secrets.openid_connect_signing_key = 'openid_connect_signing_key'
+ secrets.encrypted_settings_key_base = 'encrypted_settings_key_base'
+ end
+
+ it 'does not warn about the missing secrets' do
+ expect(self).not_to receive(:warn_missing_secret).with('rotated_encrypted_settings_key_base')
+
+ create_tokens
+ end
+
+ it 'does not update secrets.yml' do
+ expect(File).not_to receive(:write)
+
+ create_tokens
+ end
+ end
end
context 'when db_key_base is blank but exists in secrets.yml' do
before do
secrets.otp_key_base = 'otp_key_base'
secrets.secret_key_base = 'secret_key_base'
+ secrets.encrypted_settings_key_base = 'encrypted_settings_key_base'
yaml_secrets = secrets.to_h.stringify_keys.merge('db_key_base' => '<%= an_erb_expression %>')
allow(File).to receive(:exist?).with('.secret').and_return(false)
View Lorry Controller Status