cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Reject oauth nonces over a day old

Browse source
This commit is contained in:
Tom Hughes 2016-11-02 15:35:45 +00:00
parent eb21a32ea4
commit e84f0c710d
2 changed files with 15 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

14
test/models/oauth_nonce_test.rb
View file

@ -8,7 +8,7 @@ class OauthNonceTest < ActiveSupport::TestCase
# string and timestamp.
def test_nonce_uniqueness
string = "0123456789ABCDEF"
timestamp = Time.now
timestamp = Time.now.to_i
nonce1 = OauthNonce.remember(string, timestamp)
assert_not_equal false, nonce1, "First nonce should be unique. Check your test database is empty."
@ -16,4 +16,16 @@ class OauthNonceTest < ActiveSupport::TestCase
nonce2 = OauthNonce.remember(string, timestamp)
assert_equal false, nonce2, "Shouldn't be able to remember the same nonce twice."
end
##
# nonces that are not current should be rejected
def test_nonce_not_current
string = "0123456789ABCDEF"
nonce1 = OauthNonce.remember(string, Time.now.to_i - 86430)
assert_equal false, nonce1, "Nonces over a day in the past should be rejected"
nonce2 = OauthNonce.remember(string, Time.now.to_i - 86370)
assert_not_equal false, nonce2, "Nonces under a day in the past should be rejected"
end
end