Only allow valid options when configuring tokens

636b038e · Grzegorz Bizon · d31a3873 · 636b038e · 636b038e
2 changed file
--- a/app/models/concerns/token_authenticatable_strategies/base.rb
+++ b/app/models/concerns/token_authenticatable_strategies/base.rb
@@ -48,6 +48,10 @@ module TokenAuthenticatableStrategies
    end

    def self.fabricate(instance, field, options)
+      if options[:digest] && options[:encrypted]
+        raise ArgumentError, 'Incompatible options set!'
+      end
+
      if options[:digest]
        TokenAuthenticatableStrategies::Digest.new(instance, field, options)
      elsif options[:encrypted]

--- a/spec/models/concerns/token_authenticatable_strategies/base_spec.rb
+++ b/spec/models/concerns/token_authenticatable_strategies/base_spec.rb
@@ -28,6 +28,13 @@ describe TokenAuthenticatableStrategies::Base do
        expect(strategy).to be_a TokenAuthenticatableStrategies::Insecure
      end
    end
+
+    context 'when incompatible options are provided' do
+      it 'raises an error' do
+        expect { described_class.fabricate(instance, field, digest: true, encrypted: true) }
+          .to raise_error ArgumentError
+      end
+    end
  end

  describe '#fallback?' do