Only allow valid options when configuring tokens

2 files changed, 11 insertions, 0 deletions

diff --git a/app/models/concerns/token_authenticatable_strategies/base.rb b/app/models/concerns/token_authenticatable_strategies/base.rb
index c2c644558c0..23ee34962c7 100644
--- a/app/models/concerns/token_authenticatable_strategies/base.rb
+++ b/app/models/concerns/token_authenticatable_strategies/base.rb
@@ -48,6 +48,10 @@ module TokenAuthenticatableStrategies
     end
 
     def self.fabricate(instance, field, options)
+      if options[:digest] && options[:encrypted]
+        raise ArgumentError, 'Incompatible options set!'
+      end
+
       if options[:digest]
         TokenAuthenticatableStrategies::Digest.new(instance, field, options)
       elsif options[:encrypted]
diff --git a/spec/models/concerns/token_authenticatable_strategies/base_spec.rb b/spec/models/concerns/token_authenticatable_strategies/base_spec.rb
index acf5c656ea9..6605f1f5a5f 100644
--- a/spec/models/concerns/token_authenticatable_strategies/base_spec.rb
+++ b/spec/models/concerns/token_authenticatable_strategies/base_spec.rb
@@ -28,6 +28,13 @@ describe TokenAuthenticatableStrategies::Base do
         expect(strategy).to be_a TokenAuthenticatableStrategies::Insecure
       end
     end
+
+    context 'when incompatible options are provided' do
+      it 'raises an error' do
+        expect { described_class.fabricate(instance, field, digest: true, encrypted: true) }
+          .to raise_error ArgumentError
+      end
+    end
   end
 
   describe '#fallback?' do