diff options
-rw-r--r-- | users/app/models/token.rb | 7 | ||||
-rw-r--r-- | users/test/unit/token_test.rb | 13 |
2 files changed, 20 insertions, 0 deletions
diff --git a/users/app/models/token.rb b/users/app/models/token.rb index 9de6850..44a6dfe 100644 --- a/users/app/models/token.rb +++ b/users/app/models/token.rb @@ -6,5 +6,12 @@ class Token < CouchRest::Model::Base validates :user_id, presence: true + def initialize(*args) + super + self.id = SecureRandom.urlsafe_base64(32) + end + + design do + end end diff --git a/users/test/unit/token_test.rb b/users/test/unit/token_test.rb index d409265..bff6b71 100644 --- a/users/test/unit/token_test.rb +++ b/users/test/unit/token_test.rb @@ -16,6 +16,19 @@ class ClientCertificateTest < ActiveSupport::TestCase assert_equal @user.id, sample.user_id end + test "token id is secure" do + sample = Token.new(:user_id => @user.id) + other = Token.new(:user_id => @user.id) + assert sample.id, + "id is set on initialization" + assert sample.id[0..10] != other.id[0..10], + "token id prefixes should not repeat" + assert /[g-zG-Z]/.match(sample.id), + "should use non hex chars in the token id" + assert sample.id.size > 16, + "token id should be more than 16 chars long" + end + test "token checks for user" do sample = Token.new assert !sample.valid?, "Token should require a user record" |