hash token with sha512 against timing attacs #3398

author: Azul <azul@leap.se> 2014-05-01 10:45:57 +0200
committer: Azul <azul@leap.se> 2014-05-26 09:58:40 +0200
commit: 5764daae090227bf4c5967900b708392c967be47 (patch)
tree: d611429113b8b0ebc363f8b0333c6896a41c7ced /test/functional
parent: 0f686b1256b4190522bcb101ba06cd2c7406eb36 (diff)
2 files changed, 2 insertions, 2 deletions
diff --git a/test/functional/test_helpers_test.rb b/test/functional/test_helpers_test.rb
index 845e516..ca85482 100644
--- a/test/functional/test_helpers_test.rb
+++ b/test/functional/test_helpers_test.rb
@@ -27,7 +27,7 @@ class TestHelpersTest < ActionController::TestCase
   def test_login_adds_token_header
     login
     token_present = @controller.authenticate_with_http_token do |token, options|
-      assert_equal @token.id, token
+      assert_equal @token.to_s, token
     end
     # authenticate_with_http_token just returns nil and does not
     # execute the block if there is no token. So we have to also
diff --git a/test/functional/v1/sessions_controller_test.rb b/test/functional/v1/sessions_controller_test.rb
index df0d681..8bb6acd 100644
--- a/test/functional/v1/sessions_controller_test.rb
+++ b/test/functional/v1/sessions_controller_test.rb
@@ -48,7 +48,7 @@ class V1::SessionsControllerTest < ActionController::TestCase
     assert_response :success
     assert json_response.keys.include?("id")
     assert json_response.keys.include?("token")
-    assert token = Token.find(json_response['token'])
+    assert token = Token.find_by_token(json_response['token'])
     assert_equal @user.id, token.user_id
   end
author	Azul <azul@leap.se>	2014-05-01 10:45:57 +0200
committer	Azul <azul@leap.se>	2014-05-26 09:58:40 +0200
commit	5764daae090227bf4c5967900b708392c967be47 (patch)
tree	d611429113b8b0ebc363f8b0333c6896a41c7ced /test/functional
parent	0f686b1256b4190522bcb101ba06cd2c7406eb36 (diff)