rocket_cors/tests/fairing.rs

//! This crate tests using rocket_cors using Fairings

#![feature(plugin, custom_derive, test)]
#![plugin(rocket_codegen)]
extern crate hyper;
extern crate rocket;
extern crate rocket_cors;
extern crate test;

use std::str::FromStr;

use rocket::http::Method;
use rocket::http::{Header, Status};
use rocket::local::Client;
use rocket_cors::*;

#[get("/")]
fn cors<'a>() -> &'a str {
    "Hello CORS"
}

#[get("/panic")]
fn panicking_route() {
    panic!("This route will panic");
}

fn make_cors_options() -> Cors {
    let (allowed_origins, failed_origins) = AllOrSome::new_from_str_list(&["https://www.acme.com"]);
    assert!(failed_origins.is_empty());

    Cors {
        allowed_origins: allowed_origins,
        allowed_methods: vec![Method::Get].into_iter().map(From::from).collect(),
        allowed_headers: AllOrSome::Some(
            ["Authorization"]
                .into_iter()
                .map(|s| s.to_string().into())
                .collect(),
        ),
        allow_credentials: true,
        ..Default::default()
    }
}

fn rocket() -> rocket::Rocket {
    rocket::ignite()
        .mount("/", routes![cors, panicking_route])
        .attach(make_cors_options())
}

#[test]
fn smoke_test() {
    let client = Client::new(rocket()).unwrap();

    // `Options` pre-flight checks
    let origin_header = Header::from(
        hyper::header::Origin::from_str("https://www.acme.com").unwrap(),
    );
    let method_header = Header::from(hyper::header::AccessControlRequestMethod(
        hyper::method::Method::Get,
    ));
    let request_headers = hyper::header::AccessControlRequestHeaders(
        vec![FromStr::from_str("Authorization").unwrap()],
    );
    let request_headers = Header::from(request_headers);
    let req = client
        .options("/")
        .header(origin_header)
        .header(method_header)
        .header(request_headers);

    let response = req.dispatch();
    assert!(response.status().class().is_success());

    // "Actual" request
    let origin_header = Header::from(
        hyper::header::Origin::from_str("https://www.acme.com").unwrap(),
    );
    let authorization = Header::new("Authorization", "let me in");
    let req = client.get("/").header(origin_header).header(authorization);

    let mut response = req.dispatch();
    assert!(response.status().class().is_success());
    let body_str = response.body().and_then(|body| body.into_string());
    assert_eq!(body_str, Some("Hello CORS".to_string()));

}

use test::Bencher;

#[bench]
fn bench_smoke_test(b: &mut Bencher) {
    b.iter(|| smoke_test());
}

#[test]
fn cors_options_check() {
    let client = Client::new(rocket()).unwrap();

    let origin_header = Header::from(
        hyper::header::Origin::from_str("https://www.acme.com").unwrap(),
    );
    let method_header = Header::from(hyper::header::AccessControlRequestMethod(
        hyper::method::Method::Get,
    ));
    let request_headers = hyper::header::AccessControlRequestHeaders(
        vec![FromStr::from_str("Authorization").unwrap()],
    );
    let request_headers = Header::from(request_headers);
    let req = client
        .options("/")
        .header(origin_header)
        .header(method_header)
        .header(request_headers);

    let response = req.dispatch();
    assert!(response.status().class().is_success());
}

#[test]
fn cors_get_check() {
    let client = Client::new(rocket()).unwrap();

    let origin_header = Header::from(
        hyper::header::Origin::from_str("https://www.acme.com").unwrap(),
    );
    let authorization = Header::new("Authorization", "let me in");
    let req = client.get("/").header(origin_header).header(authorization);

    let mut response = req.dispatch();
    println!("{:?}", response);
    assert!(response.status().class().is_success());
    let body_str = response.body().and_then(|body| body.into_string());
    assert_eq!(body_str, Some("Hello CORS".to_string()));
}

/// This test is to check that non CORS compliant requests to GET should still work. (i.e. curl)
#[test]
fn cors_get_no_origin() {
    let client = Client::new(rocket()).unwrap();

    let authorization = Header::new("Authorization", "let me in");
    let req = client.get("/").header(authorization);

    let mut response = req.dispatch();
    assert!(response.status().class().is_success());
    let body_str = response.body().and_then(|body| body.into_string());
    assert_eq!(body_str, Some("Hello CORS".to_string()));
}

#[test]
fn cors_options_bad_origin() {
    let client = Client::new(rocket()).unwrap();

    let origin_header = Header::from(
        hyper::header::Origin::from_str("https://www.bad-origin.com").unwrap(),
    );
    let method_header = Header::from(hyper::header::AccessControlRequestMethod(
        hyper::method::Method::Get,
    ));
    let request_headers = hyper::header::AccessControlRequestHeaders(
        vec![FromStr::from_str("Authorization").unwrap()],
    );
    let request_headers = Header::from(request_headers);
    let req = client
        .options("/")
        .header(origin_header)
        .header(method_header)
        .header(request_headers);

    let response = req.dispatch();
    assert_eq!(response.status(), Status::Forbidden);
}

#[test]
fn cors_options_missing_origin() {
    let client = Client::new(rocket()).unwrap();

    let method_header = Header::from(hyper::header::AccessControlRequestMethod(
        hyper::method::Method::Get,
    ));
    let request_headers = hyper::header::AccessControlRequestHeaders(
        vec![FromStr::from_str("Authorization").unwrap()],
    );
    let request_headers = Header::from(request_headers);
    let req = client.options("/").header(method_header).header(
        request_headers,
    );

    let response = req.dispatch();
    assert!(response.status().class().is_success());
}

#[test]
fn cors_options_bad_request_method() {
    let client = Client::new(rocket()).unwrap();

    let origin_header = Header::from(
        hyper::header::Origin::from_str("https://www.acme.com").unwrap(),
    );
    let method_header = Header::from(hyper::header::AccessControlRequestMethod(
        hyper::method::Method::Post,
    ));
    let request_headers = hyper::header::AccessControlRequestHeaders(
        vec![FromStr::from_str("Authorization").unwrap()],
    );
    let request_headers = Header::from(request_headers);
    let req = client
        .options("/")
        .header(origin_header)
        .header(method_header)
        .header(request_headers);

    let response = req.dispatch();
    assert_eq!(response.status(), Status::Forbidden);
}

#[test]
fn cors_options_bad_request_header() {
    let client = Client::new(rocket()).unwrap();

    let origin_header = Header::from(
        hyper::header::Origin::from_str("https://www.acme.com").unwrap(),
    );
    let method_header = Header::from(hyper::header::AccessControlRequestMethod(
        hyper::method::Method::Get,
    ));
    let request_headers =
        hyper::header::AccessControlRequestHeaders(vec![FromStr::from_str("Foobar").unwrap()]);
    let request_headers = Header::from(request_headers);
    let req = client
        .options("/")
        .header(origin_header)
        .header(method_header)
        .header(request_headers);

    let response = req.dispatch();
    assert_eq!(response.status(), Status::Forbidden);
}

#[test]
fn cors_get_bad_origin() {
    let client = Client::new(rocket()).unwrap();

    let origin_header = Header::from(
        hyper::header::Origin::from_str("https://www.bad-origin.com").unwrap(),
    );
    let authorization = Header::new("Authorization", "let me in");
    let req = client.get("/").header(origin_header).header(authorization);

    let response = req.dispatch();
    assert_eq!(response.status(), Status::Forbidden);
}

/// This test ensures that on a failing CORS request, the route (along with its side effects)
/// should never be executed.
/// The route used will panic if executed
#[test]
fn routes_failing_checks_are_not_executed() {
    let client = Client::new(rocket()).unwrap();

    let origin_header = Header::from(
        hyper::header::Origin::from_str("https://www.bad-origin.com").unwrap(),
    );
    let method_header = Header::from(hyper::header::AccessControlRequestMethod(
        hyper::method::Method::Get,
    ));
    let request_headers = hyper::header::AccessControlRequestHeaders(
        vec![FromStr::from_str("Authorization").unwrap()],
    );
    let request_headers = Header::from(request_headers);
    let req = client
        .options("/panic")
        .header(origin_header)
        .header(method_header)
        .header(request_headers);

    let response = req.dispatch();
    assert_eq!(response.status(), Status::Forbidden);
}
Implement CORS Fairing (#9) * Add validate to Cors * Skeleton * Refactor to allow for fairings to be even built * Errors are not handled properly * Response no longer validates * Ad-hoc response now use response guards * Seems like lifetime proliferation * Wrap Response in a Guard with some dummy lifetime * Fairing implementation 2017-07-17 06:28:54 +00:00			`//! This crate tests using rocket_cors using Fairings`
Move integration tests 2017-07-14 04:26:47 +00:00
Add bench 2017-07-17 10:06:06 +00:00			`#![feature(plugin, custom_derive, test)]`
Move integration tests 2017-07-14 04:26:47 +00:00			`#![plugin(rocket_codegen)]`
			`extern crate hyper;`
			`extern crate rocket;`
			`extern crate rocket_cors;`
Add bench 2017-07-17 10:06:06 +00:00			`extern crate test;`
Move integration tests 2017-07-14 04:26:47 +00:00
			`use std::str::FromStr;`

			`use rocket::http::Method;`
			`use rocket::http::{Header, Status};`
			`use rocket::local::Client;`
			`use rocket_cors::*;`

			`#[get("/")]`
Implement CORS Fairing (#9) * Add validate to Cors * Skeleton * Refactor to allow for fairings to be even built * Errors are not handled properly * Response no longer validates * Ad-hoc response now use response guards * Seems like lifetime proliferation * Wrap Response in a Guard with some dummy lifetime * Fairing implementation 2017-07-17 06:28:54 +00:00			`fn cors<'a>() -> &'a str {`
			`"Hello CORS"`
Move integration tests 2017-07-14 04:26:47 +00:00			`}`

Add tests to ensure that routes are not executed on failure 2017-07-17 06:41:08 +00:00			`#[get("/panic")]`
			`fn panicking_route() {`
			`panic!("This route will panic");`
			`}`

Rename Options to Cors 2017-07-15 02:54:26 +00:00			`fn make_cors_options() -> Cors {`
Move integration tests 2017-07-14 04:26:47 +00:00			`let (allowed_origins, failed_origins) = AllOrSome::new_from_str_list(&["https://www.acme.com"]);`
			`assert!(failed_origins.is_empty());`

Rename Options to Cors 2017-07-15 02:54:26 +00:00			`Cors {`
Move integration tests 2017-07-14 04:26:47 +00:00			`allowed_origins: allowed_origins,`
Implement Serde (De)serialization for `Cors` struct (#7) * Add serde support for Method * "Turn on" serde * Add Serde support for UniCase * Fix merge error * Add default tests 2017-07-17 08:22:45 +00:00			`allowed_methods: vec![Method::Get].into_iter().map(From::from).collect(),`
Move integration tests 2017-07-14 04:26:47 +00:00			`allowed_headers: AllOrSome::Some(`
			`["Authorization"]`
			`.into_iter()`
			`.map(\|s\| s.to_string().into())`
			`.collect(),`
			`),`
			`allow_credentials: true,`
			`..Default::default()`
			`}`
			`}`

Implement CORS Fairing (#9) * Add validate to Cors * Skeleton * Refactor to allow for fairings to be even built * Errors are not handled properly * Response no longer validates * Ad-hoc response now use response guards * Seems like lifetime proliferation * Wrap Response in a Guard with some dummy lifetime * Fairing implementation 2017-07-17 06:28:54 +00:00			`fn rocket() -> rocket::Rocket {`
Implement Serde (De)serialization for `Cors` struct (#7) * Add serde support for Method * "Turn on" serde * Add Serde support for UniCase * Fix merge error * Add default tests 2017-07-17 08:22:45 +00:00			`rocket::ignite()`
			`.mount("/", routes![cors, panicking_route])`
			`.attach(make_cors_options())`
Implement CORS Fairing (#9) * Add validate to Cors * Skeleton * Refactor to allow for fairings to be even built * Errors are not handled properly * Response no longer validates * Ad-hoc response now use response guards * Seems like lifetime proliferation * Wrap Response in a Guard with some dummy lifetime * Fairing implementation 2017-07-17 06:28:54 +00:00			`}`

Move integration tests 2017-07-14 04:26:47 +00:00			`#[test]`
			`fn smoke_test() {`
Implement CORS Fairing (#9) * Add validate to Cors * Skeleton * Refactor to allow for fairings to be even built * Errors are not handled properly * Response no longer validates * Ad-hoc response now use response guards * Seems like lifetime proliferation * Wrap Response in a Guard with some dummy lifetime * Fairing implementation 2017-07-17 06:28:54 +00:00			`let client = Client::new(rocket()).unwrap();`
Move integration tests 2017-07-14 04:26:47 +00:00
			// `Options` pre-flight checks
			`let origin_header = Header::from(`
			`hyper::header::Origin::from_str("https://www.acme.com").unwrap(),`
			`);`
			`let method_header = Header::from(hyper::header::AccessControlRequestMethod(`
			`hyper::method::Method::Get,`
			`));`
			`let request_headers = hyper::header::AccessControlRequestHeaders(`
			`vec![FromStr::from_str("Authorization").unwrap()],`
			`);`
			`let request_headers = Header::from(request_headers);`
			`let req = client`
			`.options("/")`
			`.header(origin_header)`
			`.header(method_header)`
			`.header(request_headers);`

			`let response = req.dispatch();`
Implement CORS Fairing (#9) * Add validate to Cors * Skeleton * Refactor to allow for fairings to be even built * Errors are not handled properly * Response no longer validates * Ad-hoc response now use response guards * Seems like lifetime proliferation * Wrap Response in a Guard with some dummy lifetime * Fairing implementation 2017-07-17 06:28:54 +00:00			`assert!(response.status().class().is_success());`
Move integration tests 2017-07-14 04:26:47 +00:00
			`// "Actual" request`
			`let origin_header = Header::from(`
			`hyper::header::Origin::from_str("https://www.acme.com").unwrap(),`
			`);`
			`let authorization = Header::new("Authorization", "let me in");`
			`let req = client.get("/").header(origin_header).header(authorization);`

			`let mut response = req.dispatch();`
Implement CORS Fairing (#9) * Add validate to Cors * Skeleton * Refactor to allow for fairings to be even built * Errors are not handled properly * Response no longer validates * Ad-hoc response now use response guards * Seems like lifetime proliferation * Wrap Response in a Guard with some dummy lifetime * Fairing implementation 2017-07-17 06:28:54 +00:00			`assert!(response.status().class().is_success());`
Move integration tests 2017-07-14 04:26:47 +00:00			`let body_str = response.body().and_then(\|body\| body.into_string());`
			`assert_eq!(body_str, Some("Hello CORS".to_string()));`

			`}`

Add bench 2017-07-17 10:06:06 +00:00			`use test::Bencher;`

			`#[bench]`
			`fn bench_smoke_test(b: &mut Bencher) {`
			`b.iter(\|\| smoke_test());`
			`}`

Move integration tests 2017-07-14 04:26:47 +00:00			`#[test]`
			`fn cors_options_check() {`
Implement CORS Fairing (#9) * Add validate to Cors * Skeleton * Refactor to allow for fairings to be even built * Errors are not handled properly * Response no longer validates * Ad-hoc response now use response guards * Seems like lifetime proliferation * Wrap Response in a Guard with some dummy lifetime * Fairing implementation 2017-07-17 06:28:54 +00:00			`let client = Client::new(rocket()).unwrap();`
Move integration tests 2017-07-14 04:26:47 +00:00
			`let origin_header = Header::from(`
			`hyper::header::Origin::from_str("https://www.acme.com").unwrap(),`
			`);`
			`let method_header = Header::from(hyper::header::AccessControlRequestMethod(`
			`hyper::method::Method::Get,`
			`));`
			`let request_headers = hyper::header::AccessControlRequestHeaders(`
			`vec![FromStr::from_str("Authorization").unwrap()],`
			`);`
			`let request_headers = Header::from(request_headers);`
			`let req = client`
			`.options("/")`
			`.header(origin_header)`
			`.header(method_header)`
			`.header(request_headers);`

			`let response = req.dispatch();`
Implement CORS Fairing (#9) * Add validate to Cors * Skeleton * Refactor to allow for fairings to be even built * Errors are not handled properly * Response no longer validates * Ad-hoc response now use response guards * Seems like lifetime proliferation * Wrap Response in a Guard with some dummy lifetime * Fairing implementation 2017-07-17 06:28:54 +00:00			`assert!(response.status().class().is_success());`
Move integration tests 2017-07-14 04:26:47 +00:00			`}`

			`#[test]`
			`fn cors_get_check() {`
Implement CORS Fairing (#9) * Add validate to Cors * Skeleton * Refactor to allow for fairings to be even built * Errors are not handled properly * Response no longer validates * Ad-hoc response now use response guards * Seems like lifetime proliferation * Wrap Response in a Guard with some dummy lifetime * Fairing implementation 2017-07-17 06:28:54 +00:00			`let client = Client::new(rocket()).unwrap();`
Move integration tests 2017-07-14 04:26:47 +00:00
			`let origin_header = Header::from(`
			`hyper::header::Origin::from_str("https://www.acme.com").unwrap(),`
			`);`
			`let authorization = Header::new("Authorization", "let me in");`
			`let req = client.get("/").header(origin_header).header(authorization);`

			`let mut response = req.dispatch();`
Delay CORS checks and response until `Responder::respond_to` is invoked (#6) * Delay checking of CORS to just before responding * Lifetime issues * Use State::inner() * Fix lifetime issues * Bump Rocket * Document 'static limitation And link to https://github.com/SergioBenitez/Rocket/pull/345 * Remove extraneous comments 2017-07-14 17:38:13 +00:00			`println!("{:?}", response);`
Implement CORS Fairing (#9) * Add validate to Cors * Skeleton * Refactor to allow for fairings to be even built * Errors are not handled properly * Response no longer validates * Ad-hoc response now use response guards * Seems like lifetime proliferation * Wrap Response in a Guard with some dummy lifetime * Fairing implementation 2017-07-17 06:28:54 +00:00			`assert!(response.status().class().is_success());`
Move integration tests 2017-07-14 04:26:47 +00:00			`let body_str = response.body().and_then(\|body\| body.into_string());`
			`assert_eq!(body_str, Some("Hello CORS".to_string()));`
			`}`

			`/// This test is to check that non CORS compliant requests to GET should still work. (i.e. curl)`
			`#[test]`
			`fn cors_get_no_origin() {`
Implement CORS Fairing (#9) * Add validate to Cors * Skeleton * Refactor to allow for fairings to be even built * Errors are not handled properly * Response no longer validates * Ad-hoc response now use response guards * Seems like lifetime proliferation * Wrap Response in a Guard with some dummy lifetime * Fairing implementation 2017-07-17 06:28:54 +00:00			`let client = Client::new(rocket()).unwrap();`
Move integration tests 2017-07-14 04:26:47 +00:00
			`let authorization = Header::new("Authorization", "let me in");`
			`let req = client.get("/").header(authorization);`

			`let mut response = req.dispatch();`
Implement CORS Fairing (#9) * Add validate to Cors * Skeleton * Refactor to allow for fairings to be even built * Errors are not handled properly * Response no longer validates * Ad-hoc response now use response guards * Seems like lifetime proliferation * Wrap Response in a Guard with some dummy lifetime * Fairing implementation 2017-07-17 06:28:54 +00:00			`assert!(response.status().class().is_success());`
Move integration tests 2017-07-14 04:26:47 +00:00			`let body_str = response.body().and_then(\|body\| body.into_string());`
			`assert_eq!(body_str, Some("Hello CORS".to_string()));`
			`}`

			`#[test]`
			`fn cors_options_bad_origin() {`
Implement CORS Fairing (#9) * Add validate to Cors * Skeleton * Refactor to allow for fairings to be even built * Errors are not handled properly * Response no longer validates * Ad-hoc response now use response guards * Seems like lifetime proliferation * Wrap Response in a Guard with some dummy lifetime * Fairing implementation 2017-07-17 06:28:54 +00:00			`let client = Client::new(rocket()).unwrap();`
Move integration tests 2017-07-14 04:26:47 +00:00
			`let origin_header = Header::from(`
			`hyper::header::Origin::from_str("https://www.bad-origin.com").unwrap(),`
			`);`
			`let method_header = Header::from(hyper::header::AccessControlRequestMethod(`
			`hyper::method::Method::Get,`
			`));`
			`let request_headers = hyper::header::AccessControlRequestHeaders(`
			`vec![FromStr::from_str("Authorization").unwrap()],`
			`);`
			`let request_headers = Header::from(request_headers);`
			`let req = client`
			`.options("/")`
			`.header(origin_header)`
			`.header(method_header)`
			`.header(request_headers);`

			`let response = req.dispatch();`
			`assert_eq!(response.status(), Status::Forbidden);`
			`}`

			`#[test]`
			`fn cors_options_missing_origin() {`
Implement CORS Fairing (#9) * Add validate to Cors * Skeleton * Refactor to allow for fairings to be even built * Errors are not handled properly * Response no longer validates * Ad-hoc response now use response guards * Seems like lifetime proliferation * Wrap Response in a Guard with some dummy lifetime * Fairing implementation 2017-07-17 06:28:54 +00:00			`let client = Client::new(rocket()).unwrap();`
Move integration tests 2017-07-14 04:26:47 +00:00
			`let method_header = Header::from(hyper::header::AccessControlRequestMethod(`
			`hyper::method::Method::Get,`
			`));`
			`let request_headers = hyper::header::AccessControlRequestHeaders(`
			`vec![FromStr::from_str("Authorization").unwrap()],`
			`);`
			`let request_headers = Header::from(request_headers);`
			`let req = client.options("/").header(method_header).header(`
			`request_headers,`
			`);`

			`let response = req.dispatch();`
Implement CORS Fairing (#9) * Add validate to Cors * Skeleton * Refactor to allow for fairings to be even built * Errors are not handled properly * Response no longer validates * Ad-hoc response now use response guards * Seems like lifetime proliferation * Wrap Response in a Guard with some dummy lifetime * Fairing implementation 2017-07-17 06:28:54 +00:00			`assert!(response.status().class().is_success());`
Move integration tests 2017-07-14 04:26:47 +00:00			`}`

			`#[test]`
			`fn cors_options_bad_request_method() {`
Implement CORS Fairing (#9) * Add validate to Cors * Skeleton * Refactor to allow for fairings to be even built * Errors are not handled properly * Response no longer validates * Ad-hoc response now use response guards * Seems like lifetime proliferation * Wrap Response in a Guard with some dummy lifetime * Fairing implementation 2017-07-17 06:28:54 +00:00			`let client = Client::new(rocket()).unwrap();`
Move integration tests 2017-07-14 04:26:47 +00:00
			`let origin_header = Header::from(`
			`hyper::header::Origin::from_str("https://www.acme.com").unwrap(),`
			`);`
			`let method_header = Header::from(hyper::header::AccessControlRequestMethod(`
			`hyper::method::Method::Post,`
			`));`
			`let request_headers = hyper::header::AccessControlRequestHeaders(`
			`vec![FromStr::from_str("Authorization").unwrap()],`
			`);`
			`let request_headers = Header::from(request_headers);`
			`let req = client`
			`.options("/")`
			`.header(origin_header)`
			`.header(method_header)`
			`.header(request_headers);`

			`let response = req.dispatch();`
			`assert_eq!(response.status(), Status::Forbidden);`
			`}`

			`#[test]`
			`fn cors_options_bad_request_header() {`
Implement CORS Fairing (#9) * Add validate to Cors * Skeleton * Refactor to allow for fairings to be even built * Errors are not handled properly * Response no longer validates * Ad-hoc response now use response guards * Seems like lifetime proliferation * Wrap Response in a Guard with some dummy lifetime * Fairing implementation 2017-07-17 06:28:54 +00:00			`let client = Client::new(rocket()).unwrap();`
Move integration tests 2017-07-14 04:26:47 +00:00
			`let origin_header = Header::from(`
			`hyper::header::Origin::from_str("https://www.acme.com").unwrap(),`
			`);`
			`let method_header = Header::from(hyper::header::AccessControlRequestMethod(`
			`hyper::method::Method::Get,`
			`));`
			`let request_headers =`
			`hyper::header::AccessControlRequestHeaders(vec![FromStr::from_str("Foobar").unwrap()]);`
			`let request_headers = Header::from(request_headers);`
			`let req = client`
			`.options("/")`
			`.header(origin_header)`
			`.header(method_header)`
			`.header(request_headers);`

			`let response = req.dispatch();`
			`assert_eq!(response.status(), Status::Forbidden);`
			`}`

			`#[test]`
			`fn cors_get_bad_origin() {`
Implement CORS Fairing (#9) * Add validate to Cors * Skeleton * Refactor to allow for fairings to be even built * Errors are not handled properly * Response no longer validates * Ad-hoc response now use response guards * Seems like lifetime proliferation * Wrap Response in a Guard with some dummy lifetime * Fairing implementation 2017-07-17 06:28:54 +00:00			`let client = Client::new(rocket()).unwrap();`
Move integration tests 2017-07-14 04:26:47 +00:00
			`let origin_header = Header::from(`
			`hyper::header::Origin::from_str("https://www.bad-origin.com").unwrap(),`
			`);`
			`let authorization = Header::new("Authorization", "let me in");`
			`let req = client.get("/").header(origin_header).header(authorization);`

			`let response = req.dispatch();`
			`assert_eq!(response.status(), Status::Forbidden);`
			`}`
Add tests to ensure that routes are not executed on failure 2017-07-17 06:41:08 +00:00
			`/// This test ensures that on a failing CORS request, the route (along with its side effects)`
			`/// should never be executed.`
			`/// The route used will panic if executed`
			`#[test]`
			`fn routes_failing_checks_are_not_executed() {`
			`let client = Client::new(rocket()).unwrap();`

			`let origin_header = Header::from(`
			`hyper::header::Origin::from_str("https://www.bad-origin.com").unwrap(),`
			`);`
			`let method_header = Header::from(hyper::header::AccessControlRequestMethod(`
			`hyper::method::Method::Get,`
			`));`
			`let request_headers = hyper::header::AccessControlRequestHeaders(`
			`vec![FromStr::from_str("Authorization").unwrap()],`
			`);`
			`let request_headers = Header::from(request_headers);`
			`let req = client`
			`.options("/panic")`
			`.header(origin_header)`
			`.header(method_header)`
			`.header(request_headers);`

			`let response = req.dispatch();`
			`assert_eq!(response.status(), Status::Forbidden);`
			`}`