From aedfab27b9a03f41638fefb1b39857ca66a99257 Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 2 Apr 2013 10:35:21 +0200 Subject: initial token model and unit test --- users/test/unit/token_test.rb | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 users/test/unit/token_test.rb (limited to 'users/test/unit') diff --git a/users/test/unit/token_test.rb b/users/test/unit/token_test.rb new file mode 100644 index 0000000..d409265 --- /dev/null +++ b/users/test/unit/token_test.rb @@ -0,0 +1,24 @@ +require 'test_helper' + +class ClientCertificateTest < ActiveSupport::TestCase + + setup do + @user = FactoryGirl.create(:user) + end + + teardown do + @user.destroy + end + + test "new token for user" do + sample = Token.new(:user_id => @user.id) + assert sample.valid? + assert_equal @user.id, sample.user_id + end + + test "token checks for user" do + sample = Token.new + assert !sample.valid?, "Token should require a user record" + end + +end -- cgit v1.2.3 From 08ce330fd3676ba0b51d604a2aa653c680fffea5 Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 2 Apr 2013 10:58:13 +0200 Subject: let's use safe ids instead of the default couch ones Couch uses partly random partly sequential ids by default. We could change that in couch config to be all random. But this is probably more safe. --- users/test/unit/token_test.rb | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'users/test/unit') diff --git a/users/test/unit/token_test.rb b/users/test/unit/token_test.rb index d409265..bff6b71 100644 --- a/users/test/unit/token_test.rb +++ b/users/test/unit/token_test.rb @@ -16,6 +16,19 @@ class ClientCertificateTest < ActiveSupport::TestCase assert_equal @user.id, sample.user_id end + test "token id is secure" do + sample = Token.new(:user_id => @user.id) + other = Token.new(:user_id => @user.id) + assert sample.id, + "id is set on initialization" + assert sample.id[0..10] != other.id[0..10], + "token id prefixes should not repeat" + assert /[g-zG-Z]/.match(sample.id), + "should use non hex chars in the token id" + assert sample.id.size > 16, + "token id should be more than 16 chars long" + end + test "token checks for user" do sample = Token.new assert !sample.valid?, "Token should require a user record" -- cgit v1.2.3