Use general token signing secret (#29205)
Use a clearly defined "signing secret" for token signing.
This commit is contained in:
GitHub
34
modules/setting/oauth2_test.go
Normal file
34
modules/setting/oauth2_test.go
Normal file
@ -0,0 +1,34 @@
|
||||
// Copyright 2024 The Gitea Authors. All rights reserved.
|
||||
// SPDX-License-Identifier: MIT
|
||||
|
||||
package setting
|
||||
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"code.gitea.io/gitea/modules/generate"
|
||||
"code.gitea.io/gitea/modules/test"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
func TestGetGeneralSigningSecret(t *testing.T) {
|
||||
// when there is no general signing secret, it should be generated, and keep the same value
|
||||
assert.Nil(t, generalSigningSecret.Load())
|
||||
s1 := GetGeneralTokenSigningSecret()
|
||||
assert.NotNil(t, s1)
|
||||
s2 := GetGeneralTokenSigningSecret()
|
||||
assert.Equal(t, s1, s2)
|
||||
|
||||
// the config value should always override any pre-generated value
|
||||
cfg, _ := NewConfigProviderFromData(`
|
||||
[oauth2]
|
||||
JWT_SECRET = BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
|
||||
`)
|
||||
defer test.MockVariableValue(&InstallLock, true)()
|
||||
loadOAuth2From(cfg)
|
||||
actual := GetGeneralTokenSigningSecret()
|
||||
expected, _ := generate.DecodeJwtSecretBase64("BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB")
|
||||
assert.Len(t, actual, 32)
|
||||
assert.EqualValues(t, expected, actual)
|
||||
}
|
||||
Reference in New Issue
Block a user