require 'spec_helper' require 'fernet' describe Fernet do let(:token_data) do { :email => 'harold@heroku.com', :id => '123', :arbitrary => 'data' } end let(:secret) { 'JrdICDH6x3M7duQeM8dJEMK4Y5TkBIsYDw1lPy35RiY=' } let(:bad_secret) { 'badICDH6x3M7duQeM8dJEMK4Y5TkBIsYDw1lPy35RiY=' } it 'can verify tokens it generates' do token = Fernet.generate(secret) do |generator| generator.data = token_data end Fernet.verify(secret, token) do |verifier| verifier.data['email'] == 'harold@heroku.com' end.should be_true end it 'fails with a bad secret' do token = Fernet.generate(secret) do |generator| generator.data = token_data end Fernet.verify(bad_secret, token) do |verifier| verifier.data['email'] == 'harold@heroku.com' end.should be_false end it 'fails with a bad custom verification' do token = Fernet.generate(secret) do |generator| generator.data = token_data end Fernet.verify(bad_secret, token) do |verifier| verifier.data['email'] == 'harold@gmail.com' end.should be_false end it 'fails if the token is too old' do token = Fernet.generate(secret) do |generator| generator.data = token_data end Fernet.verify(bad_secret, token) do |verifier| verifier.ttl = 0 end.should be_false end it 'verifies without a custom verification' do token = Fernet.generate(secret) do |generator| generator.data = token_data end Fernet.verify(secret, token).should be_true end it 'can TTL enforcement' do token = Fernet.generate(secret) do |generator| generator.data = token_data end Fernet.verify(secret, token) do |verifier| def verifier.now Time.now + 99999999999 end verifier.enforce_ttl = false true end.should be_true end it 'generates without custom data' do token = Fernet.generate(secret) Fernet.verify(secret, token).should be_true end it 'can encrypt the payload' do token = Fernet.generate(secret, true) do |generator| generator.data['password'] = 'password1' end payload = Base64.decode64(token) payload.should_not match /password1/ Fernet.verify(secret, token) do |verifier| verifier.data['password'].should == 'password1' end end it 'does not encrypt when asked nicely' do token = Fernet.generate(secret, false) do |generator| generator.data['password'] = 'password1' end payload = Base64.decode64(token) payload.should match /password1/ Fernet.verify(secret, token, false) do |verifier| verifier.data['password'].should == 'password1' end end end