Permalink
Browse files

Test if two different verifiers don't share the same secret

  • Loading branch information...
1 parent 05a011b commit d16e22478d65774431486e63a89bf6d01c00e5eb @rafaelfranca rafaelfranca committed Dec 2, 2013
Showing with 12 additions and 2 deletions.
  1. +12 −2 railties/test/application/configuration_test.rb
View
14 railties/test/application/configuration_test.rb
@@ -289,8 +289,18 @@ def index
app.config.session_store :disabled
end
- assert_equal Rails.application.message_verifier.object_id, Rails.application.message_verifier.object_id
- assert_not_equal Rails.application.message_verifier.object_id, Rails.application.message_verifier('text').object_id
+ default_verifier = app.message_verifier
+ text_verifier = app.message_verifier('text')
+
+ message = text_verifier.generate('some_value')
+
+ assert_equal 'some_value', text_verifier.verify(message)
+ assert_raises ActiveSupport::MessageVerifier::InvalidSignature do
+ default_verifier.verify(message)
+ end
+
+ assert_equal default_verifier.object_id, app.message_verifier.object_id
+ assert_not_equal default_verifier.object_id, text_verifier.object_id
end
test "protect from forgery is the default in a new app" do

0 comments on commit d16e224

Please sign in to comment.