diff options
-rw-r--r-- | app/models/client_certificate.rb | 30 | ||||
-rw-r--r-- | test/functional/v1/smtp_certs_controller_test.rb | 3 | ||||
-rw-r--r-- | test/integration/api/smtp_cert_test.rb | 6 |
3 files changed, 16 insertions, 23 deletions
diff --git a/app/models/client_certificate.rb b/app/models/client_certificate.rb index 6b57985..815801e 100644 --- a/app/models/client_certificate.rb +++ b/app/models/client_certificate.rb @@ -48,7 +48,7 @@ class ClientCertificate end def expiry - @expiry ||= months_from_yesterday(APP_CONFIG[:client_cert_lifespan]) + @expiry ||= lifespan.months.from_now.utc.at_midnight end private @@ -103,28 +103,18 @@ class ClientCertificate } end - ## - ## TIME HELPERS - ## - ## note: we use 'yesterday' instead of 'today', because times are in UTC, and some people on the planet - ## are behind UTC. - ## - - def yesterday - t = Time.now - 24*60*60 - Time.utc t.year, t.month, t.day - end + # + # TIME HELPERS + # + # We normalize timestamps at utc and midnight + # to reduce the fingerprinting possibilities. + # def last_month - t = Time.now - 24*60*60*30 - Time.utc t.year, t.month, t.day + 1.month.ago.utc.at_midnight end - def months_from_yesterday(num) - t = yesterday - date = Date.new t.year, t.month, t.day - date = date >> num # >> is months in the future operator - Time.utc date.year, date.month, date.day + def lifespan + APP_CONFIG[:client_cert_lifespan] end - end diff --git a/test/functional/v1/smtp_certs_controller_test.rb b/test/functional/v1/smtp_certs_controller_test.rb index 9281ae6..3427e2d 100644 --- a/test/functional/v1/smtp_certs_controller_test.rb +++ b/test/functional/v1/smtp_certs_controller_test.rb @@ -27,7 +27,8 @@ class V1::SmtpCertsControllerTest < ActionController::TestCase protected def expect_cert(prefix) - cert = stub :to_s => "#{prefix.downcase} cert" + cert = stub to_s: "#{prefix.downcase} cert", + expiry: 1.month.from_now.utc.at_midnight ClientCertificate.expects(:new). with(:prefix => prefix). returns(cert) diff --git a/test/integration/api/smtp_cert_test.rb b/test/integration/api/smtp_cert_test.rb index f72362d..7697e44 100644 --- a/test/integration/api/smtp_cert_test.rb +++ b/test/integration/api/smtp_cert_test.rb @@ -33,8 +33,10 @@ class SmtpCertTest < ApiIntegrationTest assert_text_response cert = OpenSSL::X509::Certificate.new(get_response.body) fingerprint = OpenSSL::Digest::SHA1.hexdigest(cert.to_der).scan(/../).join(':') - today = DateTime.now.to_date.to_s - assert_equal({fingerprint => today}, @user.reload.identity.cert_fingerprints) + expiry = APP_CONFIG[:client_cert_lifespan].months.from_now.utc.midnight + expiry_string = expiry.to_date.to_s + fingerprints = {fingerprint => expiry_string} + assert_equal fingerprints, @user.reload.identity.cert_fingerprints end test "fetching smtp certs requires email account" do |