fix tests and simplify time calculations

3 files changed, 16 insertions, 23 deletions

diff --git a/app/models/client_certificate.rb b/app/models/client_certificate.rb
index 6b57985..815801e 100644
--- a/app/models/client_certificate.rb
+++ b/app/models/client_certificate.rb
@@ -48,7 +48,7 @@ class ClientCertificate
   end
 
   def expiry
-    @expiry ||= months_from_yesterday(APP_CONFIG[:client_cert_lifespan])
+    @expiry ||= lifespan.months.from_now.utc.at_midnight
   end
 
   private
@@ -103,28 +103,18 @@ class ClientCertificate
     }
   end
 
-  ##
-  ## TIME HELPERS
-  ##
-  ## note: we use 'yesterday' instead of 'today', because times are in UTC, and some people on the planet
-  ## are behind UTC.
-  ##
-
-  def yesterday
-    t = Time.now - 24*60*60
-    Time.utc t.year, t.month, t.day
-  end
+  #
+  # TIME HELPERS
+  #
+  # We normalize timestamps at utc and midnight
+  # to reduce the fingerprinting possibilities.
+  #
 
   def last_month
-    t = Time.now - 24*60*60*30
-    Time.utc t.year, t.month, t.day
+    1.month.ago.utc.at_midnight
   end
 
-  def months_from_yesterday(num)
-    t = yesterday
-    date = Date.new t.year, t.month, t.day
-    date = date >> num # >> is months in the future operator
-    Time.utc date.year, date.month, date.day
+  def lifespan
+    APP_CONFIG[:client_cert_lifespan]
   end
-
 end
diff --git a/test/functional/v1/smtp_certs_controller_test.rb b/test/functional/v1/smtp_certs_controller_test.rb
index 9281ae6..3427e2d 100644
--- a/test/functional/v1/smtp_certs_controller_test.rb
+++ b/test/functional/v1/smtp_certs_controller_test.rb
@@ -27,7 +27,8 @@ class V1::SmtpCertsControllerTest < ActionController::TestCase
   protected
 
   def expect_cert(prefix)
-    cert = stub :to_s => "#{prefix.downcase} cert"
+    cert = stub to_s: "#{prefix.downcase} cert",
+      expiry: 1.month.from_now.utc.at_midnight
     ClientCertificate.expects(:new).
       with(:prefix => prefix).
       returns(cert)
diff --git a/test/integration/api/smtp_cert_test.rb b/test/integration/api/smtp_cert_test.rb
index f72362d..7697e44 100644
--- a/test/integration/api/smtp_cert_test.rb
+++ b/test/integration/api/smtp_cert_test.rb
@@ -33,8 +33,10 @@ class SmtpCertTest < ApiIntegrationTest
     assert_text_response
     cert = OpenSSL::X509::Certificate.new(get_response.body)
     fingerprint = OpenSSL::Digest::SHA1.hexdigest(cert.to_der).scan(/../).join(':')
-    today = DateTime.now.to_date.to_s
-    assert_equal({fingerprint => today}, @user.reload.identity.cert_fingerprints)
+    expiry = APP_CONFIG[:client_cert_lifespan].months.from_now.utc.midnight
+    expiry_string = expiry.to_date.to_s
+    fingerprints = {fingerprint => expiry_string}
+    assert_equal fingerprints, @user.reload.identity.cert_fingerprints
   end
 
   test "fetching smtp certs requires email account" do