kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity

Add test to validate that ciphertext is returned when all previous schemes fail

Browse source
This commit is contained in:
Jorge Manrubia 2021-04-22 11:49:04 +02:00 committed by George Claghorn
parent 9b7aafac98
commit 6107209361
1 changed files with 13 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
activerecord/test/cases/encryption/encryption_schemes_test.rb
View file

@ -75,6 +75,17 @@ class ActiveRecord::Encryption::EncryptionSchemesTest < ActiveRecord::Encryption
assert_equal "1", author.reload.name assert_equal "1", author.reload.name
end end
test "returns ciphertext all the previous schemes fail to decrypt and support for unencrypted data is on" do
ActiveRecord::Encryption.config.support_unencrypted_data = true
encrypted_author_class = declare_class_with_global_previous_encryption_schemes({ encryptor: TestEncryptor.new("0" => "1") }, { encryptor: TestEncryptor.new("1" => "2") })
author = ActiveRecord::Encryption.without_encryption do
encrypted_author_class.create name: "some ciphertext"
end
assert_equal "some ciphertext", author.reload.name
end
test "raise decryption error when all the previous schemes fail to decrypt" do test "raise decryption error when all the previous schemes fail to decrypt" do
ActiveRecord::Encryption.config.support_unencrypted_data = false ActiveRecord::Encryption.config.support_unencrypted_data = false
encrypted_author_class = declare_class_with_global_previous_encryption_schemes({ encryptor: TestEncryptor.new("0" => "1") }, { encryptor: TestEncryptor.new("1" => "2") }) encrypted_author_class = declare_class_with_global_previous_encryption_schemes({ encryptor: TestEncryptor.new("0" => "1") }, { encryptor: TestEncryptor.new("1" => "2") })
@ -91,7 +102,7 @@ class ActiveRecord::Encryption::EncryptionSchemesTest < ActiveRecord::Encryption
test "deterministic encryption is fixed by default: it will always use the oldest scheme to encrypt data" do test "deterministic encryption is fixed by default: it will always use the oldest scheme to encrypt data" do
ActiveRecord::Encryption.config.support_unencrypted_data = false ActiveRecord::Encryption.config.support_unencrypted_data = false
ActiveRecord::Encryption.config.deterministic_key = "12345" ActiveRecord::Encryption.config.deterministic_key = "12345"
ActiveRecord::Encryption.config.previous = [ { downcase: true }, { downcase: false } ] ActiveRecord::Encryption.config.previous = [{ downcase: true }, { downcase: false }]
encrypted_author_class = Class.new(Author) do encrypted_author_class = Class.new(Author) do
self.table_name = "authors" self.table_name = "authors"
@ -106,7 +117,7 @@ class ActiveRecord::Encryption::EncryptionSchemesTest < ActiveRecord::Encryption
test "deterministic encryption will use the newest encryption scheme to encrypt data when setting it to { fixed: false }" do test "deterministic encryption will use the newest encryption scheme to encrypt data when setting it to { fixed: false }" do
ActiveRecord::Encryption.config.support_unencrypted_data = false ActiveRecord::Encryption.config.support_unencrypted_data = false
ActiveRecord::Encryption.config.deterministic_key = "12345" ActiveRecord::Encryption.config.deterministic_key = "12345"
ActiveRecord::Encryption.config.previous = [ { downcase: true }, { downcase: false } ] ActiveRecord::Encryption.config.previous = [{ downcase: true }, { downcase: false }]
encrypted_author_class = Class.new(Author) do encrypted_author_class = Class.new(Author) do
self.table_name = "authors" self.table_name = "authors"