[Proximity auth] Disallow '+' and '/' in incoming base64-encoded strings.

components/proximity_auth/cryptauth/base64url_unittest.cc

Index: components/proximity_auth/cryptauth/base64url_unittest.cc
diff --git a/components/proximity_auth/cryptauth/base64url_unittest.cc b/components/proximity_auth/cryptauth/base64url_unittest.cc
index 88fd16c6283f436817dbb0bd14ef9289c115bc9a..ed332f9f416a28caabf1c977e298e917aaa7cd36 100644
--- a/components/proximity_auth/cryptauth/base64url_unittest.cc
+++ b/components/proximity_auth/cryptauth/base64url_unittest.cc
@@ -64,4 +64,22 @@ TEST(ProximityAuthBase64UrlTest, DecodeSpecialCharacters) {
   EXPECT_EQ("/+Y=", non_web_safe_encoded);
 }
 
+TEST(ProximityAuthBase64UrlTest, DecodeBailsOnPlus) {
+  // Note that "_-Y=" is a valid encoded string, as tested above. This test
+  // simply verifies that an otherwise correctly encoded string cannot use '+'
+  // in palce of '-', since the proximity auth code expects websafe encodings.

[Ryan Sleevi, 2015/06/09 23:14:02]

typo: place

+  const std::string encoded = "_+Y=";
+  std::string decoded;
+  EXPECT_FALSE(Base64UrlDecode(encoded, &decoded));
+}
+
+TEST(ProximityAuthBase64UrlTest, DecodeBailsOnSlash) {
+  // Note that "_-Y=" is a valid encoded string, as tested above. This test
+  // simply verifies that an otherwise correctly encoded string cannot use '/'
+  // in palce of '_', since the proximity auth code expects websafe encodings.

[Ryan Sleevi, 2015/06/09 23:14:02]

typo: place

+  const std::string encoded = "/-Y=";
+  std::string decoded;
+  EXPECT_FALSE(Base64UrlDecode(encoded, &decoded));
+}
+
 }  // namespace proximity_auth