diff options
author | Azul <azul@leap.se> | 2014-05-01 10:45:57 +0200 |
---|---|---|
committer | Azul <azul@leap.se> | 2014-05-26 09:58:40 +0200 |
commit | 5764daae090227bf4c5967900b708392c967be47 (patch) | |
tree | d611429113b8b0ebc363f8b0333c6896a41c7ced /test/unit/token_test.rb | |
parent | 0f686b1256b4190522bcb101ba06cd2c7406eb36 (diff) |
hash token with sha512 against timing attacs #3398
Diffstat (limited to 'test/unit/token_test.rb')
-rw-r--r-- | test/unit/token_test.rb | 23 |
1 files changed, 14 insertions, 9 deletions
diff --git a/test/unit/token_test.rb b/test/unit/token_test.rb index a3c6cf6..b143345 100644 --- a/test/unit/token_test.rb +++ b/test/unit/token_test.rb @@ -14,17 +14,22 @@ class ClientCertificateTest < ActiveSupport::TestCase assert_equal @user, sample.authenticate end - test "token id is secure" do + test "token is secure" do sample = Token.new(:user_id => @user.id) other = Token.new(:user_id => @user.id) - assert sample.id, - "id is set on initialization" - assert sample.id[0..10] != other.id[0..10], - "token id prefixes should not repeat" - assert /[g-zG-Z]/.match(sample.id), - "should use non hex chars in the token id" - assert sample.id.size > 16, - "token id should be more than 16 chars long" + assert sample.token, + "token is set on initialization" + assert sample.token[0..10] != other.token[0..10], + "token prefixes should not repeat" + assert /[g-zG-Z]/.match(sample.token), + "should use non hex chars in the token" + assert sample.token.size > 16, + "token should be more than 16 chars long" + end + + test "token id is hash of the token" do + sample = Token.new(:user_id => @user.id) + assert_equal Digest::SHA512.hexdigest(sample.token), sample.id end test "token checks for user" do |