store fingerprints with timestamp

Only storing the date as that should suffice for normal expiry and is less useful for identifying users by timestamps

4 files changed, 31 insertions, 5 deletions

diff --git a/app/controllers/v1/smtp_certs_controller.rb b/app/controllers/v1/smtp_certs_controller.rb
index 533a19a..fcc00b8 100644
--- a/app/controllers/v1/smtp_certs_controller.rb
+++ b/app/controllers/v1/smtp_certs_controller.rb
@@ -2,22 +2,36 @@ class V1::SmtpCertsController < ApplicationController
 
   before_filter :require_login
   before_filter :require_email_account
+  before_filter :fetch_identity
 
   # GET /1/smtp_cert
   def show
     @cert = ClientCertificate.new prefix: current_user.email_address
-    current_user.identity.cert_fingerprints << @cert.fingerprint
-    current_user.identity.save
+    @identity.register_cert(@cert)
+    @identity.save
     render text: @cert.to_s, content_type: 'text/plain'
   end
 
   protected
 
+  #
+  # Filters
+  #
+
   def require_email_account
     access_denied unless service_level.provides? 'email'
   end
 
+  def fetch_identity
+    @identity = current_user.identity
+  end
+
+  #
+  # Helper methods
+  #
+
   def service_level
     current_user.effective_service_level
   end
+
 end
diff --git a/app/models/identity.rb b/app/models/identity.rb
index 2f8d4eb..a4225e7 100644
--- a/app/models/identity.rb
+++ b/app/models/identity.rb
@@ -8,7 +8,7 @@ class Identity < CouchRest::Model::Base
   property :address, LocalEmail
   property :destination, Email
   property :keys, HashWithIndifferentAccess
-  property :cert_fingerprints, [String]
+  property :cert_fingerprints, Hash
 
   validate :unique_forward
   validate :alias_available
@@ -108,6 +108,16 @@ class Identity < CouchRest::Model::Base
     write_attribute('keys', keys.merge(type => key.to_s))
   end
 
+  def cert_fingerprints
+    read_attribute('cert_fingerprints') || Hash.new
+  end
+
+  def register_cert(cert)
+    today = DateTime.now.to_date.to_s
+    write_attribute 'cert_fingerprints',
+      cert_fingerprints.merge(cert.fingerprint => today)
+  end
+
   # for LoginFormatValidation
   def login
     self.address.handle
diff --git a/test/integration/api/smtp_cert_test.rb b/test/integration/api/smtp_cert_test.rb
index 4f0f4a6..992249b 100644
--- a/test/integration/api/smtp_cert_test.rb
+++ b/test/integration/api/smtp_cert_test.rb
@@ -33,7 +33,8 @@ class SmtpCertTest < ApiIntegrationTest
     assert_text_response
     cert = OpenSSL::X509::Certificate.new(get_response.body)
     fingerprint = OpenSSL::Digest::SHA1.hexdigest(cert.to_der).scan(/../).join(':')
-    assert_equal fingerprint, @user.identity.cert_fingerprints.last
+    today = DateTime.now.to_date.to_s
+    assert_equal({fingerprint => today}, @user.identity.cert_fingerprints)
   end
 
   test "fetching smtp certs requires email account" do
diff --git a/test/support/api_integration_test.rb b/test/support/api_integration_test.rb
index 0e8e261..bd10f11 100644
--- a/test/support/api_integration_test.rb
+++ b/test/support/api_integration_test.rb
@@ -5,7 +5,8 @@ class ApiIntegrationTest < ActionDispatch::IntegrationTest
 
   def login(user = nil)
     @user ||= user ||= FactoryGirl.create(:user)
-    @token ||= DUMMY_TOKEN
+    # DUMMY_TOKEN will be frozen. So let's use a dup
+    @token ||= DUMMY_TOKEN.dup
     # make sure @token is up to date if it already exists
     @token.reload if @token.persisted?
     @token.user_id = @user.id