From 88f7e888c3b5541eb5edf76ea73058127d4b2b3e Mon Sep 17 00:00:00 2001 From: simon lehericey Date: Wed, 26 Sep 2018 17:22:36 +0200 Subject: [PATCH] Administrateur: do not save api_token in clear text anymore --- app/models/administrateur.rb | 2 +- spec/models/administrateur_spec.rb | 16 +++++----------- .../admin/gestionnaires/index.html.haml_spec.rb | 3 +-- 3 files changed, 7 insertions(+), 14 deletions(-) diff --git a/app/models/administrateur.rb b/app/models/administrateur.rb index 6b188a6f2..e29c7e893 100644 --- a/app/models/administrateur.rb +++ b/app/models/administrateur.rb @@ -39,7 +39,7 @@ class Administrateur < ApplicationRecord def renew_api_token api_token = Administrateur.generate_unique_secure_token encrypted_token = BCrypt::Password.create(api_token) - update(api_token: api_token, encrypted_token: encrypted_token) + update(encrypted_token: encrypted_token) api_token end diff --git a/spec/models/administrateur_spec.rb b/spec/models/administrateur_spec.rb index 9da914738..372de835a 100644 --- a/spec/models/administrateur_spec.rb +++ b/spec/models/administrateur_spec.rb @@ -33,21 +33,15 @@ describe Administrateur, type: :model do end describe "#renew_api_token" do - let(:administrateur) { create(:administrateur) } + let!(:administrateur) { create(:administrateur) } + let!(:token) { administrateur.renew_api_token } - before do - administrateur.renew_api_token - administrateur.reload - end - - it { expect(administrateur.api_token).to be_present } - it { expect(administrateur.api_token).not_to eq(administrateur.encrypted_token) } - it { expect(BCrypt::Password.new(administrateur.encrypted_token)).to eq(administrateur.api_token) } + it { expect(BCrypt::Password.new(administrateur.encrypted_token)).to eq(token) } context 'when it s called twice' do - let!(:previous_token) { administrateur.api_token } + let!(:new_token) { administrateur.renew_api_token } - it { expect(previous_token).not_to eq(administrateur.renew_api_token) } + it { expect(new_token).not_to eq(token) } end end diff --git a/spec/views/admin/gestionnaires/index.html.haml_spec.rb b/spec/views/admin/gestionnaires/index.html.haml_spec.rb index fc07723af..35b32f211 100644 --- a/spec/views/admin/gestionnaires/index.html.haml_spec.rb +++ b/spec/views/admin/gestionnaires/index.html.haml_spec.rb @@ -1,8 +1,7 @@ require 'spec_helper' describe 'admin/gestionnaires/index.html.haml', type: :view do - let(:token) { 'super_token' } - let(:admin) { create(:administrateur, api_token: token) } + let(:admin) { create(:administrateur) } before do assign(:gestionnaires, (smart_listing_create :gestionnaires,