spec/fernet_spec.rb in fernet-0.1 vs spec/fernet_spec.rb in fernet-1.0
- old
+ new
@@ -4,11 +4,12 @@
describe Fernet do
let(:token_data) do
{ email: 'harold@heroku.com', id: '123', arbitrary: 'data' }
end
- let(:secret) { 'sekrit123' }
+ let(:secret) { 'JrdICDH6x3M7duQeM8dJEMK4Y5TkBIsYDw1lPy35RiY=' }
+ let(:bad_secret) { 'jrdICDH6x3M7duQeM8dJEMK4Y5TkBIsYDw1lPy35RiY=' }
it 'can verify tokens it generates' do
token = Fernet.generate(secret) do |generator|
generator.data = token_data
end
@@ -21,31 +22,31 @@
it 'fails with a bad secret' do
token = Fernet.generate(secret) do |generator|
generator.data = token_data
end
- Fernet.verify('bad', token) do |verifier|
+ Fernet.verify(bad_secret, token) do |verifier|
verifier.data['email'] == 'harold@heroku.com'
end.should be_false
end
it 'fails with a bad custom verification' do
token = Fernet.generate(secret) do |generator|
generator.data = token_data
end
- Fernet.verify('bad', token) do |verifier|
+ Fernet.verify(bad_secret, token) do |verifier|
verifier.data['email'] == 'harold@gmail.com'
end.should be_false
end
it 'fails if the token is too old' do
token = Fernet.generate(secret) do |generator|
generator.data = token_data
end
- Fernet.verify('bad', token) do |verifier|
+ Fernet.verify(bad_secret, token) do |verifier|
verifier.seconds_valid = 0
end.should be_false
end
it 'verifies without a custom verification' do
@@ -59,6 +60,33 @@
it 'generates without custom data' do
token = Fernet.generate(secret)
Fernet.verify(secret, token).should be_true
end
+
+ it 'can encrypt the payload' do
+ token = Fernet.generate(secret, true) do |generator|
+ generator.data['password'] = 'password1'
+ end
+
+ payload = Base64.decode64(token)
+ payload.should_not match /password1/
+
+ Fernet.verify(secret, token) do |verifier|
+ verifier.data['password'].should == 'password1'
+ end
+ end
+
+ it 'does not encrypt when asked nicely' do
+ token = Fernet.generate(secret, false) do |generator|
+ generator.data['password'] = 'password1'
+ end
+
+ payload = Base64.decode64(token)
+ payload.should match /password1/
+
+ Fernet.verify(secret, token, false) do |verifier|
+ verifier.data['password'].should == 'password1'
+ end
+ end
+
end