diff options
| author | Kamil Trzcinski <ayufan@ayufan.eu> | 2015-07-08 15:41:09 +0200 |
|---|---|---|
| committer | Kamil Trzcinski <ayufan@ayufan.eu> | 2015-07-08 15:41:09 +0200 |
| commit | 809c4a10ccd51a7bec3b7bbc22b4f95238a32553 (patch) | |
| tree | 776cfb0154cd64dba7e70c7887d4be2571e304b9 /spec | |
| parent | 65b38e5bc1b575c104a4209501b48dda60a3ca89 (diff) | |
| download | gitlab-ci-809c4a10ccd51a7bec3b7bbc22b4f95238a32553.tar.gz | |
Don't use return_to, but instead pass state with signed return_to parameter
Diffstat (limited to 'spec')
| -rw-r--r-- | spec/helpers/user_sessions_helper_spec.rb | 46 |
1 files changed, 23 insertions, 23 deletions
diff --git a/spec/helpers/user_sessions_helper_spec.rb b/spec/helpers/user_sessions_helper_spec.rb index 1fbbad4..4af735c 100644 --- a/spec/helpers/user_sessions_helper_spec.rb +++ b/spec/helpers/user_sessions_helper_spec.rb @@ -1,34 +1,34 @@ require 'spec_helper' describe UserSessionsHelper do - describe :generate_oauth_secret do - let (:salt) { "a" } - let (:salt2) { "b" } - let (:return_to) { "b" } + describe :generate_oauth_hmac do + let (:salt) { 'a' } + let (:salt2) { 'b' } + let (:return_to) { 'b' } - it "should return null if return_to is also null" do - generate_oauth_secret(salt, nil).should be_nil + it 'should return null if return_to is also null' do + generate_oauth_hmac(salt, nil).should be_nil end - it "should return not null if return_to is also not null" do - generate_oauth_secret(salt, return_to).should_not be_nil + it 'should return not null if return_to is also not null' do + generate_oauth_hmac(salt, return_to).should_not be_nil end - it "should return different secrets for different salts" do - secret1 = generate_oauth_secret(salt, return_to) - secret2 = generate_oauth_secret(salt, return_to) + it 'should return different hmacs for different salts' do + secret1 = generate_oauth_hmac(salt, return_to) + secret2 = generate_oauth_hmac(salt, return_to) secret1.should eq(secret2) end end describe :generate_oauth_state do - let (:return_to) { "b" } + let (:return_to) { 'b' } - it "should return null if return_to is also null" do + it 'should return null if return_to is also null' do generate_oauth_state(nil).should be_nil end - it "should return two different states for same return_to" do + it 'should return two different states for same return_to' do state1 = generate_oauth_state(return_to) state2 = generate_oauth_state(return_to) state1.should_not eq(state2) @@ -36,31 +36,31 @@ describe UserSessionsHelper do end describe :get_ouath_state_return_to do - let (:return_to) { "a" } + let (:return_to) { 'a' } let (:state) { generate_oauth_state(return_to) } - it "should return return_to" do + it 'should return return_to' do get_ouath_state_return_to(state).should eq(return_to) end end describe :is_oauth_state_valid? do - let (:return_to) { "a" } + let (:return_to) { 'a' } let (:state) { generate_oauth_state(return_to) } let (:forged) { "forged#{state}" } - let (:invalid) { "aa" } - let (:invalid2) { "aa:bb" } - let (:invalid3) { "aa:bb:" } + let (:invalid) { 'aa' } + let (:invalid2) { 'aa:bb' } + let (:invalid3) { 'aa:bb:' } - it "should validate oauth state" do + it 'should validate oauth state' do is_oauth_state_valid?(state).should be_true end - it "should not validate forged state" do + it 'should not validate forged state' do is_oauth_state_valid?(forged).should be_false end - it "should not validate invalid state" do + it 'should not validate invalid state' do is_oauth_state_valid?(invalid).should be_false is_oauth_state_valid?(invalid2).should be_false is_oauth_state_valid?(invalid3).should be_false |