generate unique session key instead of id.HEADmaster

4 files changed, 8 insertions, 7 deletions

diff --git a/spec/controllers/application_controller_spec.rb b/spec/controllers/application_controller_spec.rb
index 6c4756a..c8e472d 100644
--- a/spec/controllers/application_controller_spec.rb
+++ b/spec/controllers/application_controller_spec.rb
@@ -12,7 +12,7 @@ describe ApplicationController do
     let(:user) { create(:user, password: 'password', password_confirmation: 'password') }
     let(:user_session) { create(:session, user: user) }
 
-    before { cookies.signed[:raphael] = user_session.id }
+    before { cookies.signed[:raphael] = user_session.key }
     before { get :index }
 
     it "lets you continue to do whatever the heck you were trying to do" do
@@ -26,7 +26,7 @@ describe ApplicationController do
 
   context "when not signed in" do
     before :each do
-      cookies.signed[:raphael] = rand(100)
+      cookies.signed[:raphael] = SecureRandom.uuid
       get :index
     end
 
diff --git a/spec/controllers/sessions_controller_spec.rb b/spec/controllers/sessions_controller_spec.rb
index 9a5144c..fdfbd53 100644
--- a/spec/controllers/sessions_controller_spec.rb
+++ b/spec/controllers/sessions_controller_spec.rb
@@ -35,7 +35,7 @@ describe SessionsController do
       end
 
       it 'assigns a session key to a secure cookie' do
-        expect(cookies.signed[:raphael]).to eql(Session.last.id)
+        expect(cookies.signed[:raphael]).to eql(Session.last.key)
       end
     end
   end
@@ -44,7 +44,7 @@ describe SessionsController do
     let(:user_session) { create(:session) }
 
     before :each do
-      cookies.signed[:raphael] = user_session.id
+      cookies.signed[:raphael] = user_session.key
       delete :destroy, { id: 'mine' }
     end
 
diff --git a/spec/models/session_spec.rb b/spec/models/session_spec.rb
index 4195404..4da0210 100644
--- a/spec/models/session_spec.rb
+++ b/spec/models/session_spec.rb
@@ -7,6 +7,7 @@ describe Session do
       session = Session.last
       expect(session.user_id).to eql(1)
       expect(session.ip_address).to eql("127.0.0.1")
+      expect(session.key).to_not be_nil
     end
   end
 
@@ -15,7 +16,7 @@ describe Session do
 
     context "when the session key is legit" do
       it 'returns the session' do
-        expect(Session.authenticate!(user_session.id)).to eql(user_session)
+        expect(Session.authenticate!(user_session.key)).to eql(user_session)
       end
     end
 
@@ -29,7 +30,7 @@ describe Session do
       let(:revoked_session) { create(:session, revoked_at: Time.now) }
 
       it 'raises an error' do
-        expect(-> { Session.authenticate(revoked_session.id) }).to raise_error
+        expect(-> { Session.authenticate(revoked_session.key) }).to raise_error
       end
     end
   end
diff --git a/spec/support/authentication.rb b/spec/support/authentication.rb
index 18c4f31..47a7dc6 100644
--- a/spec/support/authentication.rb
+++ b/spec/support/authentication.rb
@@ -1,6 +1,6 @@
 module HttpAuthentication
   def http_login(user, password = 'password')
     user_session = create(:session, user: user)
-    cookies.signed[:raphael] = user_session.id
+    cookies.signed[:raphael] = user_session.key
   end
 end