dkam/clinch
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases Wiki Activity

Fixes for tests and AR Encryption
Some checks failed
CI / scan_ruby (push) Has been cancelled
Details
CI / scan_js (push) Has been cancelled
Details
CI / lint (push) Has been cancelled
Details
CI / test (push) Has been cancelled
Details
CI / system-test (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Dan Milne
2025-12-31 16:08:05 +11:00
parent 9d352ab8ec
commit 364e6e21dd
3 changed files with 32 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
test/models/oidc_access_token_test.rb
View File

@@ -163,7 +163,7 @@ class OidcAccessTokenTest < ActiveSupport::TestCase
user: users(:alice)
)
assert access_token.plaintext_token.length > auth_code.code.length,
assert access_token.plaintext_token.length > auth_code.plaintext_code.length,
"Access tokens should be longer than authorization codes"
end

26
test/models/oidc_authorization_code_test.rb
View File

@@ -25,10 +25,10 @@ class OidcAuthorizationCodeTest < ActiveSupport::TestCase
user: users(:alice),
redirect_uri: "https://example.com/callback"
)
assert_nil new_code.code
assert_nil new_code.code_hmac
assert new_code.save
assert_not_nil new_code.code
assert_match /^[A-Za-z0-9_-]+$/, new_code.code
assert_not_nil new_code.code_hmac
assert_match /^[a-f0-9]{64}$/, new_code.code_hmac # SHA256 hex digest
end
test "should set expiry before validation on create" do
@@ -44,22 +44,22 @@ class OidcAuthorizationCodeTest < ActiveSupport::TestCase
assert new_code.expires_at <= 11.minutes.from_now # Allow some variance
end
test "should validate presence of code" do
@auth_code.code = nil
test "should validate presence of code_hmac" do
@auth_code.code_hmac = nil
assert_not @auth_code.valid?
assert_includes @auth_code.errors[:code], "can't be blank"
assert_includes @auth_code.errors[:code_hmac], "can't be blank"
end
test "should validate uniqueness of code" do
test "should validate uniqueness of code_hmac" do
@auth_code.save! if @auth_code.changed?
duplicate = OidcAuthorizationCode.new(
code: @auth_code.code,
code_hmac: @auth_code.code_hmac,
application: applications(:another_app),
user: users(:bob),
redirect_uri: "https://example.com/callback"
)
assert_not duplicate.valid?
assert_includes duplicate.errors[:code], "has already been taken"
assert_includes duplicate.errors[:code_hmac], "has already been taken"
end
test "should validate presence of redirect_uri" do
@@ -178,16 +178,16 @@ class OidcAuthorizationCodeTest < ActiveSupport::TestCase
user: users(:alice),
redirect_uri: "https://example.com/callback"
)
codes << code.code
codes << code.code_hmac
end
# All codes should be unique
assert_equal codes.length, codes.uniq.length
# All codes should match the expected pattern
# All codes should be SHA256 hex digests
codes.each do |code|
assert_match /^[A-Za-z0-9_-]+$/, code
assert_equal 43, code.length # Base64 padding removed
assert_match /^[a-f0-9]{64}$/, code
assert_equal 64, code.length # SHA256 hex digest
end
end
end