Improve validation of auth token generation

RTLcoil · web-flow · commit a46ecef978fc · 2021-03-25T01:15:06.000-04:00
diff --git a/lib/cloudinary/auth_token.rb b/lib/cloudinary/auth_token.rb
@@ -33,6 +33,10 @@ def self.generate(options = {})
         end
       end
 
+      if url.blank? && acl.blank?
+        raise 'AuthToken must contain either an acl or a url property'
+      end
+
       token = []
       token << "ip=#{ip}" if ip
       token << "st=#{start}" if start
diff --git a/spec/auth_token_spec.rb b/spec/auth_token_spec.rb
@@ -62,6 +62,12 @@
       token = { :key => KEY, :expiration => 0, :duration => 0 }
       expect{Cloudinary::Utils.generate_auth_token(token)}.to raise_error(/Must provide either expiration or duration/)
     end
+
+    it "should raise if generate_auth_token is missing acl or url" do
+      expect{Cloudinary::Utils.generate_auth_token(:start_time => 1111111111, :duration => 300)}.to raise_error("AuthToken must contain either an acl or a url property")
+      expect{Cloudinary::Utils.generate_auth_token(:start_time => 1111111111, :duration => 300, :acl => "/*/t_foobar")}.not_to raise_error
+      expect{Cloudinary::Utils.generate_auth_token(:start_time => 1111111111, :duration => 300, :url => "http://res.cloudinary.com/test123/image/upload/v1486020273/sample.jpg")}.not_to raise_error
+    end
   end
   describe "authentication token" do
     it "should generate token string" do
