From 636b038e01c7064c6d1a88359f0370dbefc323e1 Mon Sep 17 00:00:00 2001
From: Grzegorz Bizon <grzesiek.bizon@gmail.com>
Date: Fri, 23 Nov 2018 10:25:36 +0100
Subject: Only allow valid options when configuring tokens

---
 app/models/concerns/token_authenticatable_strategies/base.rb       | 4 ++++
 spec/models/concerns/token_authenticatable_strategies/base_spec.rb | 7 +++++++
 2 files changed, 11 insertions(+)

diff --git a/app/models/concerns/token_authenticatable_strategies/base.rb b/app/models/concerns/token_authenticatable_strategies/base.rb
index c2c644558c0..23ee34962c7 100644
--- a/app/models/concerns/token_authenticatable_strategies/base.rb
+++ b/app/models/concerns/token_authenticatable_strategies/base.rb
@@ -48,6 +48,10 @@ module TokenAuthenticatableStrategies
     end
 
     def self.fabricate(instance, field, options)
+      if options[:digest] && options[:encrypted]
+        raise ArgumentError, 'Incompatible options set!'
+      end
+
       if options[:digest]
         TokenAuthenticatableStrategies::Digest.new(instance, field, options)
       elsif options[:encrypted]
diff --git a/spec/models/concerns/token_authenticatable_strategies/base_spec.rb b/spec/models/concerns/token_authenticatable_strategies/base_spec.rb
index acf5c656ea9..6605f1f5a5f 100644
--- a/spec/models/concerns/token_authenticatable_strategies/base_spec.rb
+++ b/spec/models/concerns/token_authenticatable_strategies/base_spec.rb
@@ -28,6 +28,13 @@ describe TokenAuthenticatableStrategies::Base do
         expect(strategy).to be_a TokenAuthenticatableStrategies::Insecure
       end
     end
+
+    context 'when incompatible options are provided' do
+      it 'raises an error' do
+        expect { described_class.fabricate(instance, field, digest: true, encrypted: true) }
+          .to raise_error ArgumentError
+      end
+    end
   end
 
   describe '#fallback?' do
-- 
cgit v1.2.1