diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-04-21 02:50:22 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-04-21 02:50:22 +0300 |
| commit | 9dc93a4519d9d5d7be48ff274127136236a3adb3 (patch) | |
| tree | 70467ae3692a0e35e5ea56bcb803eb512a10bedb /spec/lib/gitlab/crypto_helper_spec.rb | |
| parent | 4b0f34b6d759d6299322b3a54453e930c6121ff0 (diff) | |
Add latest changes from gitlab-org/gitlab@13-11-stable-eev13.11.0-rc43
Diffstat (limited to 'spec/lib/gitlab/crypto_helper_spec.rb')
| -rw-r--r-- | spec/lib/gitlab/crypto_helper_spec.rb | 58 |
1 files changed, 14 insertions, 44 deletions
diff --git a/spec/lib/gitlab/crypto_helper_spec.rb b/spec/lib/gitlab/crypto_helper_spec.rb index 024564ea213..616a37a4cb9 100644 --- a/spec/lib/gitlab/crypto_helper_spec.rb +++ b/spec/lib/gitlab/crypto_helper_spec.rb @@ -20,22 +20,24 @@ RSpec.describe Gitlab::CryptoHelper do expect(encrypted).not_to include "\n" end - it 'does not save hashed token with iv value in database' do - expect { described_class.aes256_gcm_encrypt('some-value') }.not_to change { TokenWithIv.count } - end - it 'encrypts using static iv' do expect(Encryptor).to receive(:encrypt).with(described_class::AES256_GCM_OPTIONS.merge(value: 'some-value', iv: described_class::AES256_GCM_IV_STATIC)).and_return('hashed_value') described_class.aes256_gcm_encrypt('some-value') end - end - describe '.aes256_gcm_decrypt' do - before do - stub_feature_flags(dynamic_nonce_creation: false) + context 'with provided iv' do + let(:iv) { create_nonce } + + it 'encrypts using provided iv' do + expect(Encryptor).to receive(:encrypt).with(described_class::AES256_GCM_OPTIONS.merge(value: 'some-value', iv: iv)).and_return('hashed_value') + + described_class.aes256_gcm_encrypt('some-value', nonce: iv) + end end + end + describe '.aes256_gcm_decrypt' do context 'when token was encrypted using static nonce' do let(:encrypted) { described_class.aes256_gcm_encrypt('some-value', nonce: described_class::AES256_GCM_IV_STATIC) } @@ -50,54 +52,22 @@ RSpec.describe Gitlab::CryptoHelper do expect(decrypted).to eq 'some-value' end - - it 'does not save hashed token with iv value in database' do - expect { described_class.aes256_gcm_decrypt(encrypted) }.not_to change { TokenWithIv.count } - end - - context 'with feature flag switched on' do - before do - stub_feature_flags(dynamic_nonce_creation: true) - end - - it 'correctly decrypts encrypted string' do - decrypted = described_class.aes256_gcm_decrypt(encrypted) - - expect(decrypted).to eq 'some-value' - end - end end context 'when token was encrypted using random nonce' do let(:value) { 'random-value' } - - # for compatibility with tokens encrypted using dynamic nonce - let!(:encrypted) do - iv = create_nonce - encrypted_token = described_class.create_encrypted_token(value, iv) - TokenWithIv.create!(hashed_token: Digest::SHA256.digest(encrypted_token), hashed_plaintext_token: Digest::SHA256.digest(encrypted_token), iv: iv) - encrypted_token - end - - before do - stub_feature_flags(dynamic_nonce_creation: true) - end + let(:iv) { create_nonce } + let(:encrypted) { described_class.aes256_gcm_encrypt(value, nonce: iv) } it 'correctly decrypts encrypted string' do - decrypted = described_class.aes256_gcm_decrypt(encrypted) + decrypted = described_class.aes256_gcm_decrypt(encrypted, nonce: iv) expect(decrypted).to eq value end - - it 'does not save hashed token with iv value in database' do - expect { described_class.aes256_gcm_decrypt(encrypted) }.not_to change { TokenWithIv.count } - end end end def create_nonce - cipher = OpenSSL::Cipher.new('aes-256-gcm') - cipher.encrypt # Required before '#random_iv' can be called - cipher.random_iv # Ensures that the IV is the correct length respective to the algorithm used. + ::Digest::SHA256.hexdigest('my-value').bytes.take(TokenAuthenticatableStrategies::EncryptionHelper::NONCE_SIZE).pack('c*') end end |