2017-07-09 12:06:36 +00:00
|
|
|
# frozen_string_literal: true
|
2017-07-10 13:39:13 +00:00
|
|
|
|
2016-08-06 16:03:25 +00:00
|
|
|
require "abstract_unit"
|
|
|
|
require "openssl"
|
|
|
|
require "active_support/time"
|
|
|
|
require "active_support/json"
|
2017-07-19 17:21:09 +00:00
|
|
|
require_relative "metadata/shared_metadata_tests"
|
2009-11-14 19:37:06 +00:00
|
|
|
|
2011-09-15 19:51:30 +00:00
|
|
|
class MessageVerifierTest < ActiveSupport::TestCase
|
2011-09-15 17:15:21 +00:00
|
|
|
class JSONSerializer
|
|
|
|
def dump(value)
|
|
|
|
ActiveSupport::JSON.encode(value)
|
|
|
|
end
|
|
|
|
|
|
|
|
def load(value)
|
|
|
|
ActiveSupport::JSON.decode(value)
|
|
|
|
end
|
|
|
|
end
|
2013-11-20 00:20:35 +00:00
|
|
|
|
2008-11-23 14:29:11 +00:00
|
|
|
def setup
|
2009-09-25 06:13:56 +00:00
|
|
|
@verifier = ActiveSupport::MessageVerifier.new("Hey, I'm a secret!")
|
2017-07-24 09:57:53 +00:00
|
|
|
@data = { some: "data", now: Time.utc(2010) }
|
2017-09-23 21:16:21 +00:00
|
|
|
@secret = SecureRandom.random_bytes(32)
|
2008-11-23 14:29:11 +00:00
|
|
|
end
|
2009-09-25 06:13:56 +00:00
|
|
|
|
2014-11-21 23:52:22 +00:00
|
|
|
def test_valid_message
|
|
|
|
data, hash = @verifier.generate(@data).split("--")
|
2018-04-17 22:21:34 +00:00
|
|
|
assert_not @verifier.valid_message?(nil)
|
|
|
|
assert_not @verifier.valid_message?("")
|
|
|
|
assert_not @verifier.valid_message?("\xff") # invalid encoding
|
|
|
|
assert_not @verifier.valid_message?("#{data.reverse}--#{hash}")
|
|
|
|
assert_not @verifier.valid_message?("#{data}--#{hash.reverse}")
|
|
|
|
assert_not @verifier.valid_message?("purejunk")
|
2014-11-21 23:52:22 +00:00
|
|
|
end
|
|
|
|
|
2008-11-23 14:29:11 +00:00
|
|
|
def test_simple_round_tripping
|
2008-11-23 15:33:56 +00:00
|
|
|
message = @verifier.generate(@data)
|
2014-11-21 23:52:22 +00:00
|
|
|
assert_equal @data, @verifier.verified(message)
|
2008-11-23 15:33:56 +00:00
|
|
|
assert_equal @data, @verifier.verify(message)
|
2008-11-23 14:29:11 +00:00
|
|
|
end
|
2014-12-04 01:05:02 +00:00
|
|
|
|
2014-11-21 23:52:22 +00:00
|
|
|
def test_verified_returns_false_on_invalid_message
|
2018-04-17 22:21:34 +00:00
|
|
|
assert_not @verifier.verified("purejunk")
|
2009-10-05 12:27:54 +00:00
|
|
|
end
|
2014-12-04 01:05:02 +00:00
|
|
|
|
2014-11-21 23:52:22 +00:00
|
|
|
def test_verify_exception_on_invalid_message
|
|
|
|
assert_raise(ActiveSupport::MessageVerifier::InvalidSignature) do
|
|
|
|
@verifier.verify("purejunk")
|
|
|
|
end
|
2008-11-23 14:29:11 +00:00
|
|
|
end
|
2013-11-20 00:20:35 +00:00
|
|
|
|
2011-09-15 12:28:53 +00:00
|
|
|
def test_alternative_serialization_method
|
2013-05-03 22:37:18 +00:00
|
|
|
prev = ActiveSupport.use_standard_json_time_format
|
|
|
|
ActiveSupport.use_standard_json_time_format = true
|
2016-08-06 17:38:33 +00:00
|
|
|
verifier = ActiveSupport::MessageVerifier.new("Hey, I'm a secret!", serializer: JSONSerializer.new)
|
2019-09-01 10:59:07 +00:00
|
|
|
message = verifier.generate({:foo => 123, "bar" => Time.utc(2010)})
|
2013-11-07 15:35:49 +00:00
|
|
|
exp = { "foo" => 123, "bar" => "2010-01-01T00:00:00.000Z" }
|
2014-11-21 23:52:22 +00:00
|
|
|
assert_equal exp, verifier.verified(message)
|
2013-05-03 22:37:18 +00:00
|
|
|
assert_equal exp, verifier.verify(message)
|
|
|
|
ensure
|
|
|
|
ActiveSupport.use_standard_json_time_format = prev
|
2011-09-15 12:28:53 +00:00
|
|
|
end
|
2013-11-20 00:20:35 +00:00
|
|
|
|
2013-12-07 18:56:09 +00:00
|
|
|
def test_raise_error_when_argument_class_is_not_loaded
|
|
|
|
# To generate the valid message below:
|
|
|
|
#
|
|
|
|
# AutoloadClass = Struct.new(:foo)
|
|
|
|
# valid_message = @verifier.generate(foo: AutoloadClass.new('foo'))
|
|
|
|
#
|
|
|
|
valid_message = "BAh7BjoIZm9vbzonTWVzc2FnZVZlcmlmaWVyVGVzdDo6QXV0b2xvYWRDbGFzcwY6CUBmb29JIghmb28GOgZFVA==--f3ef39a5241c365083770566dc7a9eb5d6ace914"
|
2014-11-21 23:52:22 +00:00
|
|
|
exception = assert_raise(ArgumentError, NameError) do
|
|
|
|
@verifier.verified(valid_message)
|
|
|
|
end
|
|
|
|
assert_includes ["uninitialized constant MessageVerifierTest::AutoloadClass",
|
|
|
|
"undefined class/module MessageVerifierTest::AutoloadClass"], exception.message
|
2013-12-07 18:56:09 +00:00
|
|
|
exception = assert_raise(ArgumentError, NameError) do
|
|
|
|
@verifier.verify(valid_message)
|
|
|
|
end
|
|
|
|
assert_includes ["uninitialized constant MessageVerifierTest::AutoloadClass",
|
|
|
|
"undefined class/module MessageVerifierTest::AutoloadClass"], exception.message
|
|
|
|
end
|
|
|
|
|
2014-09-12 12:58:04 +00:00
|
|
|
def test_raise_error_when_secret_is_nil
|
|
|
|
exception = assert_raise(ArgumentError) do
|
|
|
|
ActiveSupport::MessageVerifier.new(nil)
|
|
|
|
end
|
2016-12-26 02:04:41 +00:00
|
|
|
assert_equal "Secret should not be nil.", exception.message
|
2014-09-12 12:58:04 +00:00
|
|
|
end
|
2017-07-19 17:21:09 +00:00
|
|
|
|
|
|
|
def test_backward_compatibility_messages_signed_without_metadata
|
|
|
|
signed_message = "BAh7BzoJc29tZUkiCWRhdGEGOgZFVDoIbm93SXU6CVRpbWUNIIAbgAAAAAAHOgtvZmZzZXRpADoJem9uZUkiCFVUQwY7BkY=--d03c52c91dfe4ccc5159417c660461bcce005e96"
|
|
|
|
assert_equal @data, @verifier.verify(signed_message)
|
|
|
|
end
|
2017-09-23 21:16:21 +00:00
|
|
|
|
2017-09-24 18:06:38 +00:00
|
|
|
def test_rotating_secret
|
|
|
|
old_message = ActiveSupport::MessageVerifier.new("old", digest: "SHA1").generate("old")
|
2017-09-23 21:16:21 +00:00
|
|
|
|
|
|
|
verifier = ActiveSupport::MessageVerifier.new(@secret, digest: "SHA1")
|
2017-09-24 18:06:38 +00:00
|
|
|
verifier.rotate "old"
|
2017-09-23 21:16:21 +00:00
|
|
|
|
2017-09-24 18:06:38 +00:00
|
|
|
assert_equal "old", verifier.verified(old_message)
|
2017-09-23 21:16:21 +00:00
|
|
|
end
|
|
|
|
|
2017-09-24 18:06:38 +00:00
|
|
|
def test_multiple_rotations
|
|
|
|
old_message = ActiveSupport::MessageVerifier.new("old", digest: "SHA256").generate("old")
|
|
|
|
older_message = ActiveSupport::MessageVerifier.new("older", digest: "SHA1").generate("older")
|
2017-09-23 21:16:21 +00:00
|
|
|
|
2017-09-24 18:06:38 +00:00
|
|
|
verifier = ActiveSupport::MessageVerifier.new(@secret, digest: "SHA512")
|
|
|
|
verifier.rotate "old", digest: "SHA256"
|
|
|
|
verifier.rotate "older", digest: "SHA1"
|
2017-09-23 21:16:21 +00:00
|
|
|
|
2017-09-24 18:06:38 +00:00
|
|
|
assert_equal "new", verifier.verified(verifier.generate("new"))
|
|
|
|
assert_equal "old", verifier.verified(old_message)
|
|
|
|
assert_equal "older", verifier.verified(older_message)
|
2017-09-23 21:16:21 +00:00
|
|
|
end
|
|
|
|
|
2017-09-24 18:06:38 +00:00
|
|
|
def test_on_rotation_is_called_and_verified_returns_message
|
2019-09-01 10:59:07 +00:00
|
|
|
older_message = ActiveSupport::MessageVerifier.new("older", digest: "SHA1").generate({encoded: "message"})
|
2017-09-23 21:16:21 +00:00
|
|
|
|
2017-09-24 18:06:38 +00:00
|
|
|
verifier = ActiveSupport::MessageVerifier.new(@secret, digest: "SHA512")
|
|
|
|
verifier.rotate "old", digest: "SHA256"
|
|
|
|
verifier.rotate "older", digest: "SHA1"
|
2017-09-23 21:16:21 +00:00
|
|
|
|
2017-09-24 18:06:38 +00:00
|
|
|
rotated = false
|
|
|
|
message = verifier.verified(older_message, on_rotation: proc { rotated = true })
|
2017-09-23 21:16:21 +00:00
|
|
|
|
|
|
|
assert_equal({ encoded: "message" }, message)
|
2017-09-24 18:06:38 +00:00
|
|
|
assert rotated
|
2017-09-23 21:16:21 +00:00
|
|
|
end
|
|
|
|
|
2017-09-24 18:06:38 +00:00
|
|
|
def test_rotations_with_metadata
|
|
|
|
old_message = ActiveSupport::MessageVerifier.new("old").generate("old", purpose: :rotation)
|
2017-09-23 21:16:21 +00:00
|
|
|
|
2017-09-24 18:06:38 +00:00
|
|
|
verifier = ActiveSupport::MessageVerifier.new(@secret)
|
|
|
|
verifier.rotate "old"
|
2017-09-23 21:16:21 +00:00
|
|
|
|
2017-09-24 18:06:38 +00:00
|
|
|
assert_equal "old", verifier.verified(old_message, purpose: :rotation)
|
2017-09-23 21:16:21 +00:00
|
|
|
end
|
2017-07-19 17:21:09 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
class MessageVerifierMetadataTest < ActiveSupport::TestCase
|
|
|
|
include SharedMessageMetadataTests
|
|
|
|
|
|
|
|
setup do
|
|
|
|
@verifier = ActiveSupport::MessageVerifier.new("Hey, I'm a secret!", verifier_options)
|
|
|
|
end
|
|
|
|
|
2017-07-24 08:33:21 +00:00
|
|
|
def test_verify_raises_when_purpose_differs
|
|
|
|
assert_raise(ActiveSupport::MessageVerifier::InvalidSignature) do
|
2017-08-09 19:48:25 +00:00
|
|
|
@verifier.verify(generate(data, purpose: "payment"), purpose: "shipping")
|
2017-07-24 08:33:21 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_verify_raises_when_expired
|
2017-08-09 19:48:25 +00:00
|
|
|
signed_message = generate(data, expires_in: 1.month)
|
2017-07-24 08:33:21 +00:00
|
|
|
|
|
|
|
travel 2.months
|
|
|
|
assert_raise(ActiveSupport::MessageVerifier::InvalidSignature) do
|
|
|
|
@verifier.verify(signed_message)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2017-07-19 17:21:09 +00:00
|
|
|
private
|
|
|
|
def generate(message, **options)
|
|
|
|
@verifier.generate(message, options)
|
|
|
|
end
|
|
|
|
|
|
|
|
def parse(message, **options)
|
|
|
|
@verifier.verified(message, options)
|
|
|
|
end
|
|
|
|
|
|
|
|
def verifier_options
|
|
|
|
Hash.new
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
class MessageVerifierMetadataMarshalTest < MessageVerifierMetadataTest
|
|
|
|
private
|
|
|
|
def verifier_options
|
|
|
|
{ serializer: Marshal }
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
class MessageVerifierMetadataJSONTest < MessageVerifierMetadataTest
|
|
|
|
private
|
|
|
|
def verifier_options
|
|
|
|
{ serializer: MessageVerifierTest::JSONSerializer.new }
|
|
|
|
end
|
2008-11-23 14:29:11 +00:00
|
|
|
end
|
2017-08-09 19:48:25 +00:00
|
|
|
|
|
|
|
class MessageEncryptorMetadataNullSerializerTest < MessageVerifierMetadataTest
|
|
|
|
private
|
|
|
|
def data
|
|
|
|
"string message"
|
|
|
|
end
|
|
|
|
|
|
|
|
def null_serializing?
|
|
|
|
true
|
|
|
|
end
|
|
|
|
|
|
|
|
def verifier_options
|
|
|
|
{ serializer: ActiveSupport::MessageEncryptor::NullSerializer }
|
|
|
|
end
|
|
|
|
end
|