require 'spec_helper'
require 'fernet'

describe Fernet do
  let(:token_data) do
    { email: 'harold@heroku.com', id: '123', arbitrary: 'data' }
  end

  let(:secret) { 'JrdICDH6x3M7duQeM8dJEMK4Y5TkBIsYDw1lPy35RiY=' }
  let(:bad_secret) { 'jrdICDH6x3M7duQeM8dJEMK4Y5TkBIsYDw1lPy35RiY=' }

  it 'can verify tokens it generates' do
    token = Fernet.generate(secret) do |generator|
      generator.data = token_data
    end

    Fernet.verify(secret, token) do |verifier|
      verifier.data['email'] == 'harold@heroku.com'
    end.should be_true
  end

  it 'fails with a bad secret' do
    token = Fernet.generate(secret) do |generator|
      generator.data = token_data
    end

    Fernet.verify(bad_secret, token) do |verifier|
      verifier.data['email'] == 'harold@heroku.com'
    end.should be_false
  end

  it 'fails with a bad custom verification' do
    token = Fernet.generate(secret) do |generator|
      generator.data = token_data
    end

    Fernet.verify(bad_secret, token) do |verifier|
      verifier.data['email'] == 'harold@gmail.com'
    end.should be_false
  end

  it 'fails if the token is too old' do
    token = Fernet.generate(secret) do |generator|
      generator.data = token_data
    end

    Fernet.verify(bad_secret, token) do |verifier|
      verifier.seconds_valid = 0
    end.should be_false
  end

  it 'verifies without a custom verification' do
    token = Fernet.generate(secret) do |generator|
      generator.data = token_data
    end

    Fernet.verify(secret, token).should be_true
  end

  it 'generates without custom data' do
    token = Fernet.generate(secret)

    Fernet.verify(secret, token).should be_true
  end

  it 'can encrypt the payload' do
    token = Fernet.generate(secret, true) do |generator|
      generator.data['password'] = 'password1'
    end

    payload = Base64.decode64(token)
    payload.should_not match /password1/

    Fernet.verify(secret, token) do |verifier|
      verifier.data['password'].should == 'password1'
    end
  end

  it 'does not encrypt when asked nicely' do
    token = Fernet.generate(secret, false) do |generator|
      generator.data['password'] = 'password1'
    end

    payload = Base64.decode64(token)
    payload.should match /password1/

    Fernet.verify(secret, token, false) do |verifier|
      verifier.data['password'].should == 'password1'
    end
  end

end