From d16e22478d65774431486e63a89bf6d01c00e5eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Mon, 2 Dec 2013 20:16:39 -0200 Subject: [PATCH] Test if two different verifiers don't share the same secret --- railties/test/application/configuration_test.rb | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/railties/test/application/configuration_test.rb b/railties/test/application/configuration_test.rb index 0ffe8a87a8..585d52d258 100644 --- a/railties/test/application/configuration_test.rb +++ b/railties/test/application/configuration_test.rb @@ -289,8 +289,18 @@ module ApplicationTests app.config.session_store :disabled end - assert_equal Rails.application.message_verifier.object_id, Rails.application.message_verifier.object_id - assert_not_equal Rails.application.message_verifier.object_id, Rails.application.message_verifier('text').object_id + default_verifier = app.message_verifier + text_verifier = app.message_verifier('text') + + message = text_verifier.generate('some_value') + + assert_equal 'some_value', text_verifier.verify(message) + assert_raises ActiveSupport::MessageVerifier::InvalidSignature do + default_verifier.verify(message) + end + + assert_equal default_verifier.object_id, app.message_verifier.object_id + assert_not_equal default_verifier.object_id, text_verifier.object_id end test "protect from forgery is the default in a new app" do