main
rb 39 lines 1.41 KB
Raw
1 # frozen_string_literal: true
2
3 require "rails_helper"
4
5 RSpec.describe GithubConnection, type: :model do
6 let(:user) { User.create!(smbcloud_id: 42, email: "gh@example.com", username: "ghuser") }
7
8 it "stores the access token encrypted at rest, not in plaintext" do
9 conn = user.create_github_connection!(access_token: "gho_secrettoken123", scope: "repo")
10
11 # The model round-trips the real value...
12 expect(conn.reload.access_token).to eq("gho_secrettoken123")
13
14 # ...but the raw column holds ciphertext, never the plaintext token.
15 raw = ActiveRecord::Base.connection.select_value(
16 "SELECT access_token FROM github_connections WHERE id = #{conn.id}"
17 )
18 expect(raw).not_to include("gho_secrettoken123")
19 expect(raw).to be_present
20 end
21
22 it "requires an access token" do
23 conn = user.build_github_connection(access_token: nil)
24 expect(conn).not_to be_valid
25 expect(conn.errors[:access_token]).to be_present
26 end
27
28 it "is unique per user" do
29 user.create_github_connection!(access_token: "a")
30 dup = GithubConnection.new(user_id: user.id, access_token: "b")
31 expect(dup).not_to be_valid
32 expect(dup.errors[:user_id]).to be_present
33 end
34
35 it "detects private scope" do
36 expect(user.build_github_connection(access_token: "a", scope: "repo").private_scope?).to be(true)
37 expect(user.build_github_connection(access_token: "a", scope: "public_repo").private_scope?).to be(false)
38 end
39 end