rails--rails/activerecord/test/cases/signed_id_test.rb

# frozen_string_literal: true

require "cases/helper"
require "models/account"
require "models/company"

SIGNED_ID_VERIFIER_TEST_SECRET = "This is normally set by the railtie initializer when used with Rails!"

ActiveRecord::Base.signed_id_verifier_secret = SIGNED_ID_VERIFIER_TEST_SECRET

class SignedIdTest < ActiveRecord::TestCase
  fixtures :accounts

  setup { @account = Account.first }

  test "find signed record" do
    assert_equal @account, Account.find_signed(@account.signed_id)
  end

  test "find signed record with a bang" do
    assert_equal @account, Account.find_signed!(@account.signed_id)
  end

  test "fail to find record from broken signed id" do
    assert_nil Account.find_signed("this won't find anything")
  end

  test "find signed record within expiration date" do
    assert_equal @account, Account.find_signed(@account.signed_id(expires_in: 1.minute))
  end

  test "fail to find signed record within expiration date" do
    signed_id = @account.signed_id(expires_in: 1.minute)
    travel 2.minutes
    assert_nil Account.find_signed(signed_id)
  end

  test "fail to find record from that has since been destroyed" do
    signed_id = @account.signed_id(expires_in: 1.minute)
    @account.destroy
    assert_nil Account.find_signed signed_id
  end

  test "finding record from broken signed id raises on the bang" do
    assert_raises(ActiveSupport::MessageVerifier::InvalidSignature) do
      Account.find_signed! "this will blow up"
    end
  end

  test "finding signed record outside expiration date raises on the bang" do
    signed_id = @account.signed_id(expires_in: 1.minute)
    travel 2.minutes

    assert_raises(ActiveSupport::MessageVerifier::InvalidSignature) do
      Account.find_signed!(signed_id)
    end
  end

  test "finding signed record that has been destroyed raises on the bang" do
    signed_id = @account.signed_id(expires_in: 1.minute)
    @account.destroy

    assert_raises(ActiveRecord::RecordNotFound) do
      Account.find_signed!(signed_id)
    end
  end

  test "fail to work without a signed_id_verifier_secret" do
    ActiveRecord::Base.signed_id_verifier_secret = nil
    Account.instance_variable_set :@signed_id_verifier, nil

    assert_raises(ArgumentError) do
      @account.signed_id
    end
  ensure
    ActiveRecord::Base.signed_id_verifier_secret = SIGNED_ID_VERIFIER_TEST_SECRET
  end

  test "use a custom verifier" do
    old_verifier = Account.signed_id_verifier
    Account.signed_id_verifier = ActiveSupport::MessageVerifier.new("sekret")
    assert_not_equal ActiveRecord::Base.signed_id_verifier, Account.signed_id_verifier
    assert_equal @account, Account.find_signed(@account.signed_id)
  ensure
    Account.signed_id_verifier = old_verifier
  end
end
Add signed ids to Active Record (#39313) Add support for finding records based on signed ids, which are tamper-proof, verified ids that can be set to expire and scoped with a purpose. This is particularly useful for things like password reset or email verification, where you want the bearer of the signed id to be able to interact with the underlying record, but usually only within a certain time period. 2020-05-17 14:19:37 -04:00			`# frozen_string_literal: true`

			`require "cases/helper"`
			`require "models/account"`
			`require "models/company"`

			`SIGNED_ID_VERIFIER_TEST_SECRET = "This is normally set by the railtie initializer when used with Rails!"`

			`ActiveRecord::Base.signed_id_verifier_secret = SIGNED_ID_VERIFIER_TEST_SECRET`

			`class SignedIdTest < ActiveRecord::TestCase`
			`fixtures :accounts`

			`setup { @account = Account.first }`

			`test "find signed record" do`
			`assert_equal @account, Account.find_signed(@account.signed_id)`
			`end`

			`test "find signed record with a bang" do`
			`assert_equal @account, Account.find_signed!(@account.signed_id)`
			`end`

			`test "fail to find record from broken signed id" do`
			`assert_nil Account.find_signed("this won't find anything")`
			`end`

			`test "find signed record within expiration date" do`
			`assert_equal @account, Account.find_signed(@account.signed_id(expires_in: 1.minute))`
			`end`

			`test "fail to find signed record within expiration date" do`
			`signed_id = @account.signed_id(expires_in: 1.minute)`
			`travel 2.minutes`
			`assert_nil Account.find_signed(signed_id)`
			`end`

			`test "fail to find record from that has since been destroyed" do`
			`signed_id = @account.signed_id(expires_in: 1.minute)`
			`@account.destroy`
			`assert_nil Account.find_signed signed_id`
			`end`

			`test "finding record from broken signed id raises on the bang" do`
			`assert_raises(ActiveSupport::MessageVerifier::InvalidSignature) do`
			`Account.find_signed! "this will blow up"`
			`end`
			`end`

			`test "finding signed record outside expiration date raises on the bang" do`
			`signed_id = @account.signed_id(expires_in: 1.minute)`
			`travel 2.minutes`

			`assert_raises(ActiveSupport::MessageVerifier::InvalidSignature) do`
			`Account.find_signed!(signed_id)`
			`end`
			`end`

			`test "finding signed record that has been destroyed raises on the bang" do`
			`signed_id = @account.signed_id(expires_in: 1.minute)`
			`@account.destroy`

			`assert_raises(ActiveRecord::RecordNotFound) do`
			`Account.find_signed!(signed_id)`
			`end`
			`end`

			`test "fail to work without a signed_id_verifier_secret" do`
			`ActiveRecord::Base.signed_id_verifier_secret = nil`
			`Account.instance_variable_set :@signed_id_verifier, nil`

			`assert_raises(ArgumentError) do`
			`@account.signed_id`
			`end`
			`ensure`
			`ActiveRecord::Base.signed_id_verifier_secret = SIGNED_ID_VERIFIER_TEST_SECRET`
			`end`

			`test "use a custom verifier" do`
			`old_verifier = Account.signed_id_verifier`
			`Account.signed_id_verifier = ActiveSupport::MessageVerifier.new("sekret")`
			`assert_not_equal ActiveRecord::Base.signed_id_verifier, Account.signed_id_verifier`
			`assert_equal @account, Account.find_signed(@account.signed_id)`
			`ensure`
			`Account.signed_id_verifier = old_verifier`
			`end`
			`end`