From c337f75f325e4e0ed756e2f716c98445c1675287 Mon Sep 17 00:00:00 2001
From: Sergio Benitez <sb@sergio.bz>
Date: Thu, 10 Aug 2023 16:22:28 -0400
Subject: [PATCH] Fix 'get_pending()' docs, functionality.

The `get_pending()` method now properly decrypts private cookies that were
present in the jar originally.

Resolves #2591.
---
 core/lib/src/cookies.rs           | 14 +++++++++++---
 core/lib/tests/cookies-private.rs |  9 +++++----
 2 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/core/lib/src/cookies.rs b/core/lib/src/cookies.rs
index d52a31f5..62515c05 100644
--- a/core/lib/src/cookies.rs
+++ b/core/lib/src/cookies.rs
@@ -243,8 +243,9 @@ impl<'a> CookieJar<'a> {
     /// container with the name `name`, irrespective of whether the cookie was
     /// private or not. If no such cookie exists, returns `None`.
     ///
-    /// This _does not_ return cookies sent by the client in a request. To
-    /// retrieve such cookies, using [`CookieJar::get()`] or
+    /// In general, due to performance overhead, calling this method should be
+    /// avoided if it is known that a cookie called `name` is not pending.
+    /// Instead, prefer to use [`CookieJar::get()`] or
     /// [`CookieJar::get_private()`].
     ///
     /// # Example
@@ -268,7 +269,14 @@ impl<'a> CookieJar<'a> {
         }
 
         drop(ops);
-        self.get(name).cloned()
+
+        #[cfg(feature = "secrets")] {
+            self.get_private(name).or_else(|| self.get(name).cloned())
+        }
+
+        #[cfg(not(feature = "secrets"))] {
+            self.get(name).cloned()
+        }
     }
 
     /// Adds `cookie` to this collection.
diff --git a/core/lib/tests/cookies-private.rs b/core/lib/tests/cookies-private.rs
index f7c807d6..e499ed34 100644
--- a/core/lib/tests/cookies-private.rs
+++ b/core/lib/tests/cookies-private.rs
@@ -36,6 +36,7 @@ fn cookie_get_private(jar: &CookieJar<'_>) -> String {
     assert_ne!(a, b.as_ref());
     assert_ne!(a, c);
     assert_ne!(b.as_ref(), c);
+    assert_eq!(b, jar.get_pending("b"));
 
     format!(
         "{}{}{}",
@@ -49,6 +50,7 @@ fn cookie_get_private(jar: &CookieJar<'_>) -> String {
 #[get("/oh-no")]
 fn cookie_get(jar: &CookieJar<'_>) -> String {
     let (a, b, c) = (jar.get("a"), jar.get("b"), jar.get("c"));
+    assert_eq!(b.cloned(), jar.get_pending("b"));
 
     format!(
         "{}{}{}",
@@ -65,10 +67,8 @@ mod cookies_private_tests {
     use rocket::{Build, Rocket};
 
     fn rocket() -> Rocket<Build> {
-        rocket::build().mount(
-            "/",
-            routes![cookie_add_private, cookie_get, cookie_get_private],
-        )
+        rocket::build()
+            .mount("/", routes![cookie_add_private, cookie_get, cookie_get_private])
     }
 
     #[test]
@@ -79,6 +79,7 @@ mod cookies_private_tests {
         assert_eq!(cookies.iter().count(), 3);
         assert_eq!(cookies.get("a").unwrap().value(), "v1");
         assert_eq!(cookies.get_private("b").unwrap().value(), "v2");
+        assert_eq!(cookies.get_pending("b").unwrap().value(), "v2");
         assert_ne!(cookies.get("b").unwrap().value(), "v2");
         assert_eq!(cookies.get("c").unwrap().value(), "v3");
     }