1
0
mirror of https://github.com/rwf2/Rocket.git synced 2025-01-27 03:42:01 +00:00
Rocket/core/lib/tests/uri-percent-encoding-issue-808.rs
Sergio Benitez 4e06ee64aa Test 'secret_key' validation, now on pre-launch.
Prior to this commit, it was not possible to test Rocket crates in
production mode without setting a global secret key or bypassing secret
key checking - the testing script did the latter. The consequence is
that it became impossible to test secret key related failures because
the tests passed regardless.

This commit undoes this. As a consequence, all tests are now aware of
the difference between debug and release configurations, the latter of
which validates 'secret_key' by default. New 'Client::debug()' and
'Client::debug_with()' simplify creating an instance of 'Client' with
configuration in debug mode to avoid undesired test failures.

The summary of changes in this commit are:

  * Config 'secret_key' success and failure are now tested.
  * 'secret_key' validation was moved to pre-launch from 'Config:from()'.
  * 'Config::from()' only extracts the config.
  * Added 'Config::try_from()' for non-panicking extraction.
  * 'Config' now knows the profile it was extracted from.
  * The 'Config' provider sets a profile of 'Config.profile'.
  * 'Rocket', 'Client', 'Fairings', implement 'Debug'.
  * 'fairing::Info' implements 'Copy', 'Clone'.
  * 'Fairings' keeps track of, logs attach fairings.
  * 'Rocket::reconfigure()' was added to allow modifying a config.

Internally, the testing script was refactored to properly test the
codebase with the new changes. In particular, it no longer sets a rustc
'cfg' to avoid secret-key checking.

Resolves .
Fixes .
2021-03-09 21:57:26 -08:00

58 lines
1.6 KiB
Rust

#[macro_use] extern crate rocket;
use rocket::response::Redirect;
use rocket::http::uri::Uri;
const NAME: &str = "John[]|\\%@^";
#[get("/hello/<name>")]
fn hello(name: String) -> String {
format!("Hello, {}!", name)
}
#[get("/raw")]
fn raw_redirect() -> Redirect {
Redirect::to(format!("/hello/{}", Uri::percent_encode(NAME)))
}
#[get("/uri")]
fn uri_redirect() -> Redirect {
Redirect::to(uri!(hello: NAME))
}
fn rocket() -> rocket::Rocket {
rocket::ignite().mount("/", routes![hello, uri_redirect, raw_redirect])
}
mod tests {
use super::*;
use rocket::local::blocking::Client;
use rocket::http::{Status, uri::Uri};
#[test]
fn uri_percent_encoding_redirect() {
let expected_location = vec!["/hello/John%5B%5D%7C%5C%25@%5E"];
let client = Client::debug(rocket()).unwrap();
let response = client.get("/raw").dispatch();
let location: Vec<_> = response.headers().get("location").collect();
assert_eq!(response.status(), Status::SeeOther);
assert_eq!(&location, &expected_location);
let response = client.get("/uri").dispatch();
let location: Vec<_> = response.headers().get("location").collect();
assert_eq!(response.status(), Status::SeeOther);
assert_eq!(&location, &expected_location);
}
#[test]
fn uri_percent_encoding_get() {
let client = Client::debug(rocket()).unwrap();
let name = Uri::percent_encode(NAME);
let response = client.get(format!("/hello/{}", name)).dispatch();
assert_eq!(response.status(), Status::Ok);
assert_eq!(response.into_string().unwrap(), format!("Hello, {}!", NAME));
}
}