From 2f7dc67bd5b3743c628da1c56b232a9935fb10eb Mon Sep 17 00:00:00 2001 From: Renata Marques Date: Sun, 24 May 2020 20:28:10 -0300 Subject: [PATCH 1/2] add warning when key is missing --- lib/knock.rb | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/lib/knock.rb b/lib/knock.rb index 0337700..d7f31c4 100644 --- a/lib/knock.rb +++ b/lib/knock.rb @@ -16,8 +16,18 @@ module Knock self.token_signature_algorithm = "HS256" # Configure the key used to sign tokens. - mattr_accessor :token_secret_signature_key - self.token_secret_signature_key = -> { Rails.application.secrets.secret_key_base } + mattr_writer :token_secret_signature_key, default: -> { Rails.application.secrets.secret_key_base } + + class EmptySecretKey < StandardError + def initialize(msg="Knock secret signature key can't be empty") + super + end + end + + def self.token_secret_signature_key + raise EmptySecretKey unless @@token_secret_signature_key + @@token_secret_signature_key + end # Configure the public key used to decode tokens, when required. mattr_accessor :token_public_key From f265719ef3f2872af57499df87c8f63f9a542bbc Mon Sep 17 00:00:00 2001 From: Renata Marques Date: Sun, 24 May 2020 20:28:57 -0300 Subject: [PATCH 2/2] test for empty key --- .../test/controllers/protected_resources_controller_test.rb | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/test/dummy/test/controllers/protected_resources_controller_test.rb b/test/dummy/test/controllers/protected_resources_controller_test.rb index da14ffe..9008f75 100644 --- a/test/dummy/test/controllers/protected_resources_controller_test.rb +++ b/test/dummy/test/controllers/protected_resources_controller_test.rb @@ -15,6 +15,12 @@ def authenticate token: @token assert_response :unauthorized end + test "responds with unauthorized with empty token in header" do + authenticate token: "" + get :index + assert_response :unauthorized + end + test "responds with success with valid token in header" do authenticate get :index