8936: consider blobSigningTtl while generating and verifying signatures.

[arvados.git] / services / api / test / unit / blob_test.rb

diff --git a/services/api/test/unit/blob_test.rb b/services/api/test/unit/blob_test.rb
index 0794a751e097bb7b42317529177085e5572a3810..707056d2ade5adc295edf07fefd4259e50e544c2 100644 (file)
--- a/services/api/test/unit/blob_test.rb
+++ b/services/api/test/unit/blob_test.rb
@@ -17,7 +17,7 @@ class BlobTest < ActiveSupport::TestCase
     'vu5wm9fpnwjyxfldw3vbo01mgjs75rgo7qioh8z8ij7jpyp8508okhgbbex3ceei' +
     '786u5rw2a9gx743dj3fgq2irk'
   @@known_signed_locator = 'acbd18db4cc2f85cedef654fccc4a4d8+3' +
-    '+A257f3f5f5f0a4e4626a18fc74bd42ec34dcb228a@7fffffff'
+    '+A44362129a92a48d02b2e0789c597f970f3b1faf3@7fffffff'
 
   test 'generate predictable invincible signature' do
     signed = Blob.sign_locator @@known_locator, {
@@ -118,4 +118,23 @@ class BlobTest < ActiveSupport::TestCase
       Blob.verify_signature!(@@blob_locator, api_token: @@api_token, key: @@key)
     end
   end
+
+  test 'signature changes when ttl changes' do
+    signed = Blob.sign_locator @@known_locator, {
+      api_token: @@known_token,
+      key: @@known_key,
+      expire: 0x7fffffff,
+    }
+    assert_equal @@known_signed_locator, signed
+
+    original_ttl = Rails.configuration.blob_signature_ttl
+    Rails.configuration.blob_signature_ttl = original_ttl*2
+    signed2 = Blob.sign_locator @@known_locator, {
+      api_token: @@known_token,
+      key: @@known_key,
+      expire: 0x7fffffff,
+    }
+    Rails.configuration.blob_signature_ttl = original_ttl
+    assert_not_equal signed, signed2
+  end
 end