From 9df21737fa7158bca8c02a3bd02005660a9f700d Mon Sep 17 00:00:00 2001 From: Antoine Gersant Date: Fri, 17 Jan 2020 22:02:17 -0800 Subject: [PATCH] Validate auth cookies --- Cargo.lock | 1 + Cargo.toml | 1 + src/service/test.rs | 15 +++++++++++++-- 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index be9bb3a..9d4d4a0 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1521,6 +1521,7 @@ dependencies = [ "ape 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)", "app_dirs 1.2.1 (registry+https://github.com/rust-lang/crates.io-index)", "base64 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)", + "cookie 0.12.0 (registry+https://github.com/rust-lang/crates.io-index)", "diesel 1.4.3 (registry+https://github.com/rust-lang/crates.io-index)", "diesel_migrations 1.4.0 (registry+https://github.com/rust-lang/crates.io-index)", "flame 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)", diff --git a/Cargo.toml b/Cargo.toml index 84b8793..d4afb38 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -15,6 +15,7 @@ anyhow = "1.0" ape = "0.2.0" app_dirs = "1.1.1" base64 = "0.11.0" +cookie = "0.12.0" diesel = { version = "1.4", features = ["sqlite", "r2d2"] } diesel_migrations = { version = "1.4", features = ["sqlite"] } flame = { version = "0.2.2", optional = true } diff --git a/src/service/test.rs b/src/service/test.rs index 7c02333..29a6ed9 100644 --- a/src/service/test.rs +++ b/src/service/test.rs @@ -1,3 +1,4 @@ +use cookie::Cookie; use function_name::named; use http::header::*; use http::{HeaderMap, HeaderValue, Response, StatusCode}; @@ -7,6 +8,7 @@ use serde::Serialize; use std::path::PathBuf; use std::time::Duration; +use crate::service::constants::*; use crate::service::dto; use crate::{config, ddns, index, vfs}; @@ -264,8 +266,17 @@ fn test_service_auth() { username: TEST_USERNAME.into(), password: TEST_PASSWORD.into(), }; - assert!(service.post_json("/api/auth", &credentials).status() == StatusCode::OK); - // TODO validate cookies + let response = service.post_json("/api/auth", &credentials); + assert!(response.status() == StatusCode::OK); + let cookies: Vec = response + .headers() + .get_all(SET_COOKIE) + .iter() + .map(|c| Cookie::parse(c.to_str().unwrap()).unwrap()) + .collect(); + assert!(cookies.iter().any(|c| c.name() == COOKIE_SESSION)); + assert!(cookies.iter().any(|c| c.name() == COOKIE_USERNAME)); + assert!(cookies.iter().any(|c| c.name() == COOKIE_ADMIN)); } }