spec/fernet_spec.rb in fernet-1.6 vs spec/fernet_spec.rb in fernet-2.0.rc1
- old
+ new
@@ -2,163 +2,87 @@
require 'fernet'
describe Fernet do
after { Fernet::Configuration.run }
- let(:token_data) do
- { :email => 'harold@heroku.com', :id => '123', :arbitrary => 'data' }
- end
-
let(:secret) { 'JrdICDH6x3M7duQeM8dJEMK4Y5TkBIsYDw1lPy35RiY=' }
let(:bad_secret) { 'badICDH6x3M7duQeM8dJEMK4Y5TkBIsYDw1lPy35RiY=' }
it 'can verify tokens it generates' do
token = Fernet.generate(secret) do |generator|
- generator.data = token_data
+ generator.message = 'harold@heroku.com'
end
- expect(
- Fernet.verify(secret, token) do |verifier|
- verifier.data['email'] == 'harold@heroku.com'
- end
- ).to be_true
+ verifier = Fernet.verifier(secret, token)
+ expect(verifier).to be_valid
+ expect(verifier.message).to eq('harold@heroku.com')
end
- it 'fails with a bad secret' do
- token = Fernet.generate(secret) do |generator|
- generator.data = token_data
- end
-
- expect(
- Fernet.verify(bad_secret, token) do |verifier|
- verifier.data['email'] == 'harold@heroku.com'
- end
- ).to be_false
+ it 'can generate tokens without a block' do
+ token = Fernet.generate(secret, 'harold@heroku.com')
+ verifier = Fernet.verifier(secret, token)
+ expect(verifier).to be_valid
+ expect(verifier.message).to eq('harold@heroku.com')
end
- it 'fails with a bad custom verification' do
+ it 'fails with a bad secret' do
token = Fernet.generate(secret) do |generator|
- generator.data = { :email => 'harold@heroku.com' }
+ generator.message = 'harold@heroku.com'
end
- expect(
- Fernet.verify(secret, token) do |verifier|
- verifier.data['email'] == 'lol@heroku.com'
- end
- ).to be_false
+ verifier = Fernet.verifier(bad_secret, token)
+ expect(verifier.valid?).to be_false
+ expect {
+ verifier.message
+ }.to raise_error
end
it 'fails if the token is too old' do
- token = Fernet.generate(secret) do |generator|
- generator.data = token_data
- end
+ token = Fernet.generate(secret, 'harold@heroku.com', now: (Time.now - 61))
- expect(
- Fernet.verify(secret, token) do |verifier|
- verifier.ttl = 1
-
- def verifier.now
- now = DateTime.now
- DateTime.new(now.year, now.month, now.day, now.hour,
- now.min, now.sec + 2, now.offset)
- end
- true
- end
- ).to be_false
+ verifier = Fernet.verifier(secret, token)
+ expect(verifier.valid?).to be_false
end
- it 'verifies without a custom verification' do
- token = Fernet.generate(secret) do |generator|
- generator.data = token_data
- end
-
- expect(Fernet.verify(secret, token)).to be_true
- end
-
it 'can ignore TTL enforcement' do
- token = Fernet.generate(secret) do |generator|
- generator.data = token_data
+ Fernet::Configuration.run do |config|
+ config.enforce_ttl = true
end
- expect(
- Fernet.verify(secret, token) do |verifier|
- def verifier.now
- Time.now + 99999999999
- end
- verifier.enforce_ttl = false
- true
- end
- ).to be_true
+ token = Fernet.generate(secret, 'harold@heroku.com')
+
+ verifier = Fernet.verifier(secret, token, enforce_ttl: false,
+ now: Time.now + 9999)
+ expect(verifier.valid?).to be_true
end
it 'can ignore TTL enforcement via global config' do
Fernet::Configuration.run do |config|
config.enforce_ttl = false
end
- token = Fernet.generate(secret) do |generator|
- generator.data = token_data
- end
+ token = Fernet.generate(secret, 'harold@heroku.com')
- expect(
- Fernet.verify(secret, token) do |verifier|
- def verifier.now
- Time.now + 99999999999
- end
- true
- end
- ).to be_true
+ verifier = Fernet.verifier(secret, token, now: Time.now + 999999)
+ expect(verifier.valid?).to be_true
end
- it 'generates without custom data' do
- token = Fernet.generate(secret)
+ it 'does not send the message in plain text' do
+ token = Fernet.generate(secret, 'password1')
- expect(Fernet.verify(secret, token)).to be_true
+ expect(Base64.urlsafe_decode64(token)).not_to match /password1/
end
- it 'can encrypt the payload' do
- token = Fernet.generate(secret, true) do |generator|
- generator.data['password'] = 'password1'
+ it 'allows overriding enforce_ttl on a verifier' do
+ Fernet::Configuration.run do |config|
+ config.enforce_ttl = true
+ config.ttl = 0
end
-
- expect(Base64.decode64(token)).not_to match /password1/
-
- Fernet.verify(secret, token) do |verifier|
- expect(verifier.data['password']).to eq('password1')
- end
- end
-
- it 'does not encrypt when asked nicely' do
- token = Fernet.generate(secret, false) do |generator|
- generator.data['password'] = 'password1'
- end
-
- expect(Base64.decode64(token)).to match /password1/
-
- Fernet.verify(secret, token, false) do |verifier|
- expect(verifier.data['password']).to eq('password1')
- end
- end
-
- it 'can disable encryption via global configuration' do
- Fernet::Configuration.run { |c| c.encrypt = false }
token = Fernet.generate(secret) do |generator|
- generator.data['password'] = 'password1'
+ generator.message = 'password1'
end
-
- expect(Base64.decode64(token)).to match /password1/
-
- Fernet.verify(secret, token) do |verifier|
- expect(verifier.data['password']).to eq('password1')
- end
- end
-
- it 'returns the unencrypted message upon verify' do
- token = Fernet.generate(secret) do |generator|
- generator.data['password'] = 'password1'
- end
-
verifier = Fernet.verifier(secret, token)
+ verifier.enforce_ttl = false
expect(verifier.valid?).to be_true
- expect(verifier.data['password']).to eq('password1')
+ expect(verifier.message).to eq('password1')
end
end