Skip to content

Commit

Permalink
added test
Browse files Browse the repository at this point in the history
  • Loading branch information
eutopian committed Nov 14, 2018
1 parent 938b858 commit b547a44
Show file tree
Hide file tree
Showing 4 changed files with 15 additions and 5 deletions.
2 changes: 1 addition & 1 deletion .rubocop.yml
Original file line number Diff line number Diff line change
Expand Up @@ -44,5 +44,5 @@ Style/StringLiterals:
Style/TrailingCommaInArguments:
EnforcedStyleForMultiline: comma

Style/TrailingCommaInLiteral:
Style/TrailingCommaInArrayLiteral:
EnforcedStyleForMultiline: comma
2 changes: 1 addition & 1 deletion lib/omniauth-oauth2.rb
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
require "omniauth-oauth2/version" # rubocop:disable FileName
require "omniauth-oauth2/version"
require "omniauth/strategies/oauth2"
6 changes: 3 additions & 3 deletions lib/omniauth/strategies/oauth2.rb
Original file line number Diff line number Diff line change
Expand Up @@ -106,14 +106,14 @@ def options_for(option)
end

# constant-time comparison algorithm to prevent timing attacks
def secure_compare(a, b)
return false unless a.bytesize == b.bytesize
def secure_compare(string_a, string_b)
return false unless string_a.bytesize == string_b.bytesize

l = a.unpack "C#{a.bytesize}"

res = 0
b.each_byte { |byte| res |= byte ^ l.shift }
res == 0
res.zero?
end

# An error that is indicated in the OAuth 2.0 callback.
Expand Down
10 changes: 10 additions & 0 deletions spec/omniauth/strategies/oauth2_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,16 @@ def app
instance.callback_phase
end
end

describe "#secure_params" do
subject { fresh_strategy }

it "returns true when the two inputs are the same and false otherwise" do
instance = subject.new("abc", "def")
expect(instance.send(:secure_compare, "a", "a")).to be true
expect(instance.send(:secure_compare, "b", "a")).to be false
end
end
end

describe OmniAuth::Strategies::OAuth2::CallbackError do
Expand Down

0 comments on commit b547a44

Please sign in to comment.