summaryrefslogtreecommitdiff
path: root/users/test
diff options
context:
space:
mode:
authorAzul <azul@leap.se>2013-04-02 10:58:13 +0200
committerAzul <azul@leap.se>2013-04-09 09:01:34 +0200
commit08ce330fd3676ba0b51d604a2aa653c680fffea5 (patch)
tree5d3c0de1b8b0faef04eddb6b9cdc36944f088e83 /users/test
parentaedfab27b9a03f41638fefb1b39857ca66a99257 (diff)
let's use safe ids instead of the default couch ones
Couch uses partly random partly sequential ids by default. We could change that in couch config to be all random. But this is probably more safe.
Diffstat (limited to 'users/test')
-rw-r--r--users/test/unit/token_test.rb13
1 files changed, 13 insertions, 0 deletions
diff --git a/users/test/unit/token_test.rb b/users/test/unit/token_test.rb
index d409265..bff6b71 100644
--- a/users/test/unit/token_test.rb
+++ b/users/test/unit/token_test.rb
@@ -16,6 +16,19 @@ class ClientCertificateTest < ActiveSupport::TestCase
assert_equal @user.id, sample.user_id
end
+ test "token id is secure" do
+ sample = Token.new(:user_id => @user.id)
+ other = Token.new(:user_id => @user.id)
+ assert sample.id,
+ "id is set on initialization"
+ assert sample.id[0..10] != other.id[0..10],
+ "token id prefixes should not repeat"
+ assert /[g-zG-Z]/.match(sample.id),
+ "should use non hex chars in the token id"
+ assert sample.id.size > 16,
+ "token id should be more than 16 chars long"
+ end
+
test "token checks for user" do
sample = Token.new
assert !sample.valid?, "Token should require a user record"