spec/integration/rails_spec.rb in vault-rails-0.4.0 vs spec/integration/rails_spec.rb in vault-rails-0.5.0
- old
+ new
@@ -67,12 +67,22 @@
person = Person.create!(ssn: "123-45-6789")
person.update_attributes!(ssn: "")
person.reload
expect(person.ssn).to eq("")
+ expect(person.ssn_encrypted).to eq("")
end
+ it "allows attributes to be null" do
+ person = Person.create!(ssn: "123-45-6789")
+ person.update_attributes!(ssn: nil)
+ person.reload
+
+ expect(person.ssn).to eq(nil)
+ expect(person.ssn_encrypted).to eq(nil)
+ end
+
it "reloads instance variables on reload" do
person = Person.create!(ssn: "123-45-6789")
expect(person.instance_variable_get(:@ssn)).to eq("123-45-6789")
person.ssn = "111-11-1111"
@@ -282,25 +292,79 @@
expect(person.non_ascii).to eq("")
end
end
+ context "with a default" do
+ %i[new create].each do |creation_method|
+ context "on #{creation_method}" do
+ context "without an initial attribute" do
+ it "sets the default" do
+ person = Person.public_send(creation_method)
+ expect(person.default).to eq("abc123")
+ person.save!
+ person.reload
+ expect(person.default).to eq("abc123")
+ end
+ end
+
+ context "with an initial attribute" do
+ it "does not set the default" do
+ person = Person.public_send(creation_method, default: "another")
+ expect(person.default).to eq("another")
+ person.save!
+ person.reload
+ expect(person.default).to eq("another")
+ end
+ end
+ end
+ end
+ end
+
+ context "with a default and serializer" do
+ %i[new create].each do |creation_method|
+ context "on #{creation_method}" do
+ context "without an initial attribute" do
+ it "sets the default" do
+ person = Person.public_send(creation_method)
+ expect(person.default_with_serializer).to eq({})
+ person.save!
+ person.reload
+ expect(person.default_with_serializer).to eq({})
+ end
+ end
+
+ context "with an initial attribute" do
+ it "does not set the default" do
+ person = Person.public_send(
+ creation_method,
+ default_with_serializer: { "foo" => "bar" }
+ )
+
+ expect(person.default_with_serializer).to eq({ "foo" => "bar" })
+ person.save!
+ person.reload
+ expect(person.default_with_serializer).to eq({ "foo" => "bar" })
+ end
+ end
+ end
+ end
+ end
+
context "with the :json serializer" do
before(:all) do
Vault::Rails.logical.write("transit/keys/dummy_people_details")
end
- it "has a default value for unpersisted records" do
+ it "does not default to a hash" do
person = Person.new
- expect(person.details).to eq({})
+ expect(person.details).to eq(nil)
+ person.save!
+ person.reload
+ expect(person.details).to eq(nil)
end
- it "has a default value for persisted records" do
- person = Person.create!
- expect(person.details).to eq({})
- end
-
it "tracks dirty attributes" do
person = Person.create!(details: { "foo" => "bar" })
expect(person.details_changed?).to be(false)
expect(person.details_change).to be(nil)
@@ -351,9 +415,92 @@
raw = Vault::Rails.decrypt("transit", "dummy_people_favorite_color", person.favorite_color_encrypted)
expect(raw).to eq("xxxbluexxx")
expect(person.favorite_color).to eq("blue")
+ end
+ end
+
+ context "with context" do
+ it "encodes and decodes with a string context" do
+ person = Person.create!(context_string: "foobar")
+ person.reload
+
+ raw = Vault::Rails.decrypt(
+ "transit", "dummy_people_context_string",
+ person.context_string_encrypted, context: "production")
+
+ expect(raw).to eq("foobar")
+
+ expect(person.context_string).to eq("foobar")
+
+ # Decrypting without the correct context fails
+ expect {
+ Vault::Rails.decrypt(
+ "transit", "dummy_people_context_string",
+ person.context_string_encrypted, context: "wrongcontext")
+ }.to raise_error(Vault::HTTPClientError, /invalid ciphertext/)
+
+ # Decrypting without a context fails
+ expect {
+ Vault::Rails.decrypt(
+ "transit", "dummy_people_context_string",
+ person.context_string_encrypted)
+ }.to raise_error(Vault::HTTPClientError, /context/)
+ end
+
+ it "encodes and decodes with a symbol context" do
+ person = Person.create!(context_symbol: "foobar")
+ person.reload
+
+ raw = Vault::Rails.decrypt(
+ "transit", "dummy_people_context_symbol",
+ person.context_symbol_encrypted, context: person.encryption_context)
+
+ expect(raw).to eq("foobar")
+
+ expect(person.context_symbol).to eq("foobar")
+
+ # Decrypting without the correct context fails
+ expect {
+ Vault::Rails.decrypt(
+ "transit", "dummy_people_context_symbol",
+ person.context_symbol_encrypted, context: "wrongcontext")
+ }.to raise_error(Vault::HTTPClientError, /invalid ciphertext/)
+
+ # Decrypting without a context fails
+ expect {
+ Vault::Rails.decrypt(
+ "transit", "dummy_people_context_symbol",
+ person.context_symbol_encrypted)
+ }.to raise_error(Vault::HTTPClientError, /context/)
+ end
+
+ it "encodes and decodes with a proc context" do
+ person = Person.create!(context_proc: "foobar")
+ person.reload
+
+ raw = Vault::Rails.decrypt(
+ "transit", "dummy_people_context_proc",
+ person.context_proc_encrypted, context: person.encryption_context)
+
+ expect(raw).to eq("foobar")
+
+ expect(person.context_proc).to eq("foobar")
+
+ # Decrypting without the correct context fails
+ expect {
+ Vault::Rails.decrypt(
+ "transit", "dummy_people_context_proc",
+ person.context_proc_encrypted, context: "wrongcontext")
+ }.to raise_error(Vault::HTTPClientError, /invalid ciphertext/)
+
+ # Decrypting without a context fails
+ expect {
+ Vault::Rails.decrypt(
+ "transit", "dummy_people_context_proc",
+ person.context_proc_encrypted)
+ }.to raise_error(Vault::HTTPClientError, /context/)
end
end
context 'with errors' do
it 'raises the appropriate exception' do