From 46e4ea86df651a61dab2c46530f7813f66b69d12 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9my=20Coutable?= <remy@rymai.me>
Date: Mon, 28 Oct 2024 17:32:14 +0100
Subject: [PATCH] Fix a leaking state test
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The state leak can be reproduced without the fix with the following
command:

```
bundle exec rspec spec/initializers/secret_token_spec.rb spec/lib/gitlab/otp_key_rotator_spec.rb
```

Signed-off-by: Rémy Coutable <remy@rymai.me>
---
 spec/initializers/secret_token_spec.rb | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/spec/initializers/secret_token_spec.rb b/spec/initializers/secret_token_spec.rb
index 29e7e46b1812..aaebb17f3013 100644
--- a/spec/initializers/secret_token_spec.rb
+++ b/spec/initializers/secret_token_spec.rb
@@ -91,7 +91,10 @@
     let(:rsa_key) { /\A-----BEGIN RSA PRIVATE KEY-----\n.+\n-----END RSA PRIVATE KEY-----\n\Z/m }
 
     around do |example|
-      original_credentials = Rails.application.credentials
+      # We store Rails.application.credentials as a hash so that we can revert to the original
+      # values after the example has run. Assigning Rails.application.credentials= directly doesn't work.
+      original_credentials = Rails.application.credentials.to_h
+
       # Ensure we clear any existing `encrypted_settings_key_base` credential
       allowed_keys.each do |key|
         Rails.application.credentials.public_send(:"#{key}=", nil)
@@ -99,7 +102,9 @@
 
       example.run
 
-      Rails.application.credentials = original_credentials
+      original_credentials.each do |key, value|
+        Rails.application.credentials.public_send(:"#{key}=", value)
+      end
     end
 
     before do
-- 
GitLab