Add tests

2018-12-19 14:15:38 +08:00 · 2018-12-19 14:15:38 +08:00 · ddd9fdadcc
parent 2b5dfede54
commit ddd9fdadcc
2 changed files with 55 additions and 1 deletions
--- a/src/headers.rs
+++ b/src/headers.rs
@ -216,7 +216,10 @@ mod tests {
        let outcome: request::Outcome<Origin, crate::Error> =
            FromRequest::from_request(request.inner());
        let parsed_header = assert_matches!(outcome, Outcome::Success(s), s);
-        assert_eq!("https://www.example.com", parsed_header.ascii_serialization());
+        assert_eq!(
+            "https://www.example.com",
+            parsed_header.ascii_serialization()
+        );
    }

    #[test]
--- a/src/lib.rs
+++ b/src/lib.rs
@ -1673,6 +1673,39 @@ mod tests {
        Client::new(rocket).expect("valid rocket instance")
    }

+    // `to_origin` tests
+
+    #[test]
+    fn origin_is_parsed_properly() {
+        let url = "https://foo.bar.xyz";
+        let parsed = not_err!(Origin::from_str(url));
+        assert_eq!(parsed.ascii_serialization(), url);
+    }
+
+    #[test]
+    fn origin_parsing_strips_paths() {
+        // this should never really be sent by a compliant user agent
+        let url = "https://foo.bar.xyz/path/somewhere";
+        let parsed = not_err!(Origin::from_str(url));
+        let expected = "https://foo.bar.xyz";
+        assert_eq!(parsed.ascii_serialization(), expected);
+    }
+
+    #[test]
+    #[should_panic(expected = "BadOrigin")]
+    fn origin_parsing_disallows_invalid_origins() {
+        let url = "invalid_url";
+        let _ = Origin::from_str(url).unwrap();
+    }
+
+    #[test]
+    fn origin_parses_opaque_origins() {
+        let url = "blob://foobar";
+        let parsed = not_err!(Origin::from_str(url));
+
+        assert!(!parsed.is_tuple());
+    }
+
    // CORS options test

    #[test]
@ -1718,6 +1751,24 @@ mod tests {
        not_err!(validate_origin(&origin, &allowed_origins));
    }

+    #[test]
+    fn validate_origin_handles_punycode_properly() {
+        // Test a variety of scenarios where the Origin and settings are in punycode, or not
+        let cases = vec![
+            ("https://аpple.com", "https://аpple.com"),
+            ("https://аpple.com", "https://xn--pple-43d.com"),
+            ("https://xn--pple-43d.com", "https://аpple.com"),
+            ("https://xn--pple-43d.com", "https://xn--pple-43d.com"),
+        ];
+
+        for (url, allowed_origin) in cases {
+            let origin = not_err!(to_origin(&url));
+            let allowed_origins = not_err!(parse_origins(&AllowedOrigins::some(&[allowed_origin])));
+
+            not_err!(validate_origin(&origin, &allowed_origins));
+        }
+    }
+
    #[test]
    #[should_panic(expected = "OriginNotAllowed")]
    fn validate_origin_rejects_invalid_origin() {