Commit 9a830f1e authored by Grzegorz Bizon's avatar Grzegorz Bizon

Add unit tests for encrypted token authenticatable

parent c04f56d3
# frozen_string_literal: true # frozen_string_literal: true
module TokenAuthenticatableStrategies module TokenAuthenticatableStrategies
attr_reader :klass, :token_field, :options
class Base class Base
attr_reader :klass, :token_field, :options
def initialize(klass, token_field, options) def initialize(klass, token_field, options)
@klass = klass @klass = klass
@token_field = token_field @token_field = token_field
......
...@@ -2,18 +2,69 @@ require 'spec_helper' ...@@ -2,18 +2,69 @@ require 'spec_helper'
describe TokenAuthenticatableStrategies::Encrypted do describe TokenAuthenticatableStrategies::Encrypted do
let(:model) { double(:model) } let(:model) { double(:model) }
let(:instance) { double(:instance) }
let(:options) { { fallback: true } } let(:options) { { fallback: true } }
let(:encrypted) do
Gitlab::CryptoHelper.aes256_gcm_encrypt('my-value')
end
subject do subject do
described_class.new(model, 'some_field', options) described_class.new(model, 'some_field', options)
end end
describe '#find_token_authenticatable' do describe '#find_token_authenticatable' do
it 'finds a relevant resource by encrypted value' do
allow(model).to receive(:find_by)
.with('some_field_encrypted' => encrypted)
.and_return('encrypted resource')
expect(subject.find_token_authenticatable('my-value'))
.to eq 'encrypted resource'
end
it 'uses fallback strategy when token can not be found' do
allow_any_instance_of(TokenAuthenticatableStrategies::Insecure)
.to receive(:find_token_authenticatable)
.and_return('plaintext resource')
allow(model).to receive(:find_by)
.with('some_field_encrypted' => encrypted)
.and_return(nil)
expect(subject.find_token_authenticatable('my-value'))
.to eq 'plaintext resource'
end
end end
describe '#get_token' do describe '#get_token' do
it 'decrypts a token when encrypted token is present' do
allow(instance).to receive(:read_attribute)
.with('some_field_encrypted')
.and_return(encrypted)
expect(subject.get_token(instance)).to eq 'my-value'
end
it 'reads a plaintext token when encrypted token is not present' do
allow(instance).to receive(:read_attribute)
.with('some_field_encrypted')
.and_return(nil)
allow(instance).to receive(:read_attribute)
.with('some_field')
.and_return('cleartext value')
expect(subject.get_token(instance)).to eq 'cleartext value'
end
end end
describe '#set_token' do describe '#set_token' do
it 'writes encrypted token to a model instance' do
expect(instance).to receive(:[]=)
.with('some_field_encrypted', encrypted)
subject.set_token(instance, 'my-value')
end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment