Permalink
Browse files

New tests

Reworks some tests and add one that does a more in-depth inspection of
the encrypted payload. Works with ActiveSupport v3.2 as well. Close #3
  • Loading branch information...
1 parent 1224f14 commit 3bbb9a57ea18421fd26b225960b13f98bec2528d @hmcfletch committed Dec 1, 2011
Showing with 48 additions and 9 deletions.
  1. +48 −9 test/encryped_cookie_test.rb
@@ -10,7 +10,6 @@ def encrypted_value(name)
def set_encrypted_value(name, value)
@parent_jar[name] = value
end
-
end
end
@@ -23,30 +22,38 @@ class TestEncryptedCookies < Test::Unit::TestCase
def setup
@cookie_jar = ActionDispatch::Cookies::CookieJar.new
@encrypted_cookie_jar = EncryptedCookies::EncryptedCookieJar.new(@cookie_jar, GOOD_SECRET_1)
- @str = "test string"
+ @str = "nothing to see here"
end
+ # make sure we detect valid secrets
def test_secret
assert_raise (ArgumentError) { EncryptedCookies::EncryptedCookieJar.new(@cookie_jar, nil) }
assert_raise (ArgumentError) { EncryptedCookies::EncryptedCookieJar.new(@cookie_jar, "") }
assert_raise (ArgumentError) { EncryptedCookies::EncryptedCookieJar.new(@cookie_jar, BAD_SECRET) }
assert_nothing_raised { EncryptedCookies::EncryptedCookieJar.new(@cookie_jar, GOOD_SECRET_1) }
end
+ # quick test to see if the same thing comes out that goes in
def test_basic_encryption_decryption
@encrypted_cookie_jar[:test] = @str
-
- assert @encrypted_cookie_jar.encrypted_value(:test) != @str
- assert @encrypted_cookie_jar[:test] == @str
+ assert_equal @str, @encrypted_cookie_jar[:test]
end
+ # monkey with the signature
def test_tampered_signature
@encrypted_cookie_jar[:test] = @str
enc_value = @encrypted_cookie_jar.encrypted_value(:test)
+ enc_value = "#{enc_value}alittleextraattheend"
+ @encrypted_cookie_jar.set_encrypted_value(:test, enc_value)
+ assert @encrypted_cookie_jar[:test].nil?
+ end
- data, digest = enc_value.split("--")
- @encrypted_cookie_jar.set_encrypted_value(:test, "#{data}--sdgsad")
-
+ # monkey with the payload
+ def test_tampered_payload
+ @encrypted_cookie_jar[:test] = @str
+ enc_value = @encrypted_cookie_jar.encrypted_value(:test)
+ enc_value = "alittleextraatthefront#{enc_value}"
+ @encrypted_cookie_jar.set_encrypted_value(:test, enc_value)
assert @encrypted_cookie_jar[:test].nil?
end
@@ -69,7 +76,39 @@ def test_same_cookie_jar
encrypted_cookie_jar_2 = EncryptedCookies::EncryptedCookieJar.new(@cookie_jar, GOOD_SECRET_1)
encrypted_cookie_jar_2.set_encrypted_value(:test, enc_value)
- assert encrypted_cookie_jar_2[:test] == @str
+ assert_equal @str, encrypted_cookie_jar_2[:test]
+ end
+
+ # some pieces of this test require checks against the version of ActiveSupport
+ # checking the individual pieces of the cookie payload
+ def test_full_encryption_path
+ @encrypted_cookie_jar[:test] = @str
+ enc_value = @encrypted_cookie_jar.encrypted_value(:test)
+ encryptor = ActiveSupport::MessageEncryptor.new(GOOD_SECRET_1)
+
+ # ActiveSupport 3.2 fixes an issue where the payload is serialized twice during
+ # encryption and verification
+ if ActiveSupport::VERSION::MAJOR == 3 && ActiveSupport::VERSION::MINOR >= 2
+ serializer = ActiveSupport::MessageEncryptor::NullSerializer
+ verifier = ActiveSupport::MessageVerifier.new(GOOD_SECRET_1, :serializer => serializer)
+ else
+ verifier = ActiveSupport::MessageVerifier.new(GOOD_SECRET_1)
+ end
+
+ payload, signature = @encrypted_cookie_jar.encrypted_value(:test).split("--")
+ # ActiveSupport 3.2 deprecates encrypt and decrypt
+ if ActiveSupport::VERSION::MAJOR == 3 && ActiveSupport::VERSION::MINOR >= 2
+ decoded_payload = ActiveSupport::Base64.decode64(payload)
+ decrypted_payload = encryptor.send(:_decrypt, decoded_payload)
+ else
+ # part of the double serialization in ActiveSupport < 3.2
+ decoded_payload = Marshal.load(ActiveSupport::Base64.decode64(payload))
+ decrypted_payload = encryptor.decrypt(decoded_payload)
+ end
+ signature_control = verifier.generate(decoded_payload)
+
+ assert_equal @str, decrypted_payload
+ assert_equal signature_control.split("--")[1], signature
end
end

0 comments on commit 3bbb9a5

Please sign in to comment.