Security fix: redirection in google_api/authorizations_controller

author: Shinya Maeda <shinya@gitlab.com> 2017-10-06 15:28:40 +0300
committer: Shinya Maeda <shinya@gitlab.com> 2017-10-06 15:28:40 +0300
commit: f293288589f24e1928b57dcd3428b762ae9ced79 (patch)
tree: d54b6425ac0fe596e27d3cbe291e08f28b10267b /spec/lib/google_api
parent: 5ced761ebdcb0579377e338c2e321e4ba0373336 (diff)
1 files changed, 23 insertions, 0 deletions
diff --git a/spec/lib/google_api/cloud_platform/client_spec.rb b/spec/lib/google_api/cloud_platform/client_spec.rb
index 6538dc21d6f..e770f2e9edc 100644
--- a/spec/lib/google_api/cloud_platform/client_spec.rb
+++ b/spec/lib/google_api/cloud_platform/client_spec.rb
@@ -4,6 +4,29 @@ describe GoogleApi::CloudPlatform::Client do
   let(:token) { 'token' }
   let(:client) { described_class.new(token, nil) }
 
+  describe '.session_key_for_second_redirect_uri' do
+    subject { described_class.session_key_for_second_redirect_uri(secure: secure) }
+
+    context 'when pass a postfix' do
+      let(:secure) { SecureRandom.hex }
+
+      it 'creates a required session key' do
+        key, _ = described_class.session_key_for_second_redirect_uri(secure: secure)
+        expect(key).to eq("cloud_platform_second_redirect_uri_#{secure}")
+      end
+    end
+
+    context 'when pass a postfix' do
+      let(:secure) { nil }
+
+      it 'creates a new session key' do
+        key, secure = described_class.session_key_for_second_redirect_uri
+        expect(key).to include('cloud_platform_second_redirect_uri_')
+        expect(secure).not_to be_nil
+      end
+    end
+  end
+
   describe '#validate_token' do
     subject { client.validate_token(expires_at) }
author	Shinya Maeda <shinya@gitlab.com>	2017-10-06 15:28:40 +0300
committer	Shinya Maeda <shinya@gitlab.com>	2017-10-06 15:28:40 +0300
commit	f293288589f24e1928b57dcd3428b762ae9ced79 (patch)
tree	d54b6425ac0fe596e27d3cbe291e08f28b10267b /spec/lib/google_api
parent	5ced761ebdcb0579377e338c2e321e4ba0373336 (diff)