Rocket/core/lib/tests/uri-percent-encoding-issue-808.rs

58 lines
1.6 KiB
Rust
Raw Normal View History

#[macro_use] extern crate rocket;
use rocket::response::Redirect;
use rocket::http::uri::Uri;
const NAME: &str = "John[]|\\%@^";
#[get("/hello/<name>")]
fn hello(name: String) -> String {
format!("Hello, {}!", name)
}
#[get("/raw")]
fn raw_redirect() -> Redirect {
Redirect::to(format!("/hello/{}", Uri::percent_encode(NAME)))
}
#[get("/uri")]
fn uri_redirect() -> Redirect {
Redirect::to(uri!(hello: NAME))
}
fn rocket() -> rocket::Rocket {
rocket::ignite().mount("/", routes![hello, uri_redirect, raw_redirect])
}
mod tests {
use super::*;
use rocket::local::blocking::Client;
use rocket::http::{Status, uri::Uri};
#[test]
fn uri_percent_encoding_redirect() {
let expected_location = vec!["/hello/John%5B%5D%7C%5C%25@%5E"];
Test 'secret_key' validation, now on pre-launch. Prior to this commit, it was not possible to test Rocket crates in production mode without setting a global secret key or bypassing secret key checking - the testing script did the latter. The consequence is that it became impossible to test secret key related failures because the tests passed regardless. This commit undoes this. As a consequence, all tests are now aware of the difference between debug and release configurations, the latter of which validates 'secret_key' by default. New 'Client::debug()' and 'Client::debug_with()' simplify creating an instance of 'Client' with configuration in debug mode to avoid undesired test failures. The summary of changes in this commit are: * Config 'secret_key' success and failure are now tested. * 'secret_key' validation was moved to pre-launch from 'Config:from()'. * 'Config::from()' only extracts the config. * Added 'Config::try_from()' for non-panicking extraction. * 'Config' now knows the profile it was extracted from. * The 'Config' provider sets a profile of 'Config.profile'. * 'Rocket', 'Client', 'Fairings', implement 'Debug'. * 'fairing::Info' implements 'Copy', 'Clone'. * 'Fairings' keeps track of, logs attach fairings. * 'Rocket::reconfigure()' was added to allow modifying a config. Internally, the testing script was refactored to properly test the codebase with the new changes. In particular, it no longer sets a rustc 'cfg' to avoid secret-key checking. Resolves #1543. Fixes #1564.
2021-03-09 08:07:43 +00:00
let client = Client::debug(rocket()).unwrap();
let response = client.get("/raw").dispatch();
let location: Vec<_> = response.headers().get("location").collect();
assert_eq!(response.status(), Status::SeeOther);
assert_eq!(&location, &expected_location);
let response = client.get("/uri").dispatch();
let location: Vec<_> = response.headers().get("location").collect();
assert_eq!(response.status(), Status::SeeOther);
assert_eq!(&location, &expected_location);
}
#[test]
fn uri_percent_encoding_get() {
Test 'secret_key' validation, now on pre-launch. Prior to this commit, it was not possible to test Rocket crates in production mode without setting a global secret key or bypassing secret key checking - the testing script did the latter. The consequence is that it became impossible to test secret key related failures because the tests passed regardless. This commit undoes this. As a consequence, all tests are now aware of the difference between debug and release configurations, the latter of which validates 'secret_key' by default. New 'Client::debug()' and 'Client::debug_with()' simplify creating an instance of 'Client' with configuration in debug mode to avoid undesired test failures. The summary of changes in this commit are: * Config 'secret_key' success and failure are now tested. * 'secret_key' validation was moved to pre-launch from 'Config:from()'. * 'Config::from()' only extracts the config. * Added 'Config::try_from()' for non-panicking extraction. * 'Config' now knows the profile it was extracted from. * The 'Config' provider sets a profile of 'Config.profile'. * 'Rocket', 'Client', 'Fairings', implement 'Debug'. * 'fairing::Info' implements 'Copy', 'Clone'. * 'Fairings' keeps track of, logs attach fairings. * 'Rocket::reconfigure()' was added to allow modifying a config. Internally, the testing script was refactored to properly test the codebase with the new changes. In particular, it no longer sets a rustc 'cfg' to avoid secret-key checking. Resolves #1543. Fixes #1564.
2021-03-09 08:07:43 +00:00
let client = Client::debug(rocket()).unwrap();
let name = Uri::percent_encode(NAME);
let response = client.get(format!("/hello/{}", name)).dispatch();
assert_eq!(response.status(), Status::Ok);
assert_eq!(response.into_string().unwrap(), format!("Hello, {}!", NAME));
}
}