From eb6d5015eec34a1a65fb2d4d54b5201d4aef2728 Mon Sep 17 00:00:00 2001 From: Vika Date: Mon, 21 Feb 2022 21:42:21 +0300 Subject: indieauth/require_token(): reject with 401 when no header --- src/indieauth.rs | 36 ++++++++++++++++++++++++++++++++++-- 1 file changed, 34 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/indieauth.rs b/src/indieauth.rs index 305452a..8f3ef8f 100644 --- a/src/indieauth.rs +++ b/src/indieauth.rs @@ -1,6 +1,6 @@ use url::Url; use serde::{Serialize, Deserialize}; -use warp::{Filter, Rejection}; +use warp::{Filter, Rejection, reject::MissingHeader}; #[derive(Deserialize, Serialize, Debug, PartialEq, Clone)] pub struct User { @@ -101,8 +101,18 @@ pub fn require_token(token_endpoint: String, http: HttpClient) -> impl Filter("Authorization")) .and_then(|token_endpoint, http: HttpClient, token| async move { + .and(warp::header::("Authorization").recover(|err: Rejection| async move { + if err.find::().is_some() { + Err(IndieAuthError { + source: None, + msg: "No Authorization header provided.".to_string(), + kind: ErrorKind::NotAuthorized + }.into()) + } else { + Err(err) + } + }).unify()) let request = hyper::Request::builder() .method(hyper::Method::GET) .uri(token_endpoint) @@ -264,6 +274,28 @@ mod tests { assert_eq!(err.kind, super::ErrorKind::NotAuthorized); } + #[tokio::test] + async fn test_require_token_no_token() { + let server = MockServer::start_async().await; + let mock = server.mock_async(|when, then| { + when.path("/should_never_be_called"); + + then.status(500); + }).await; + let filter = require_token(server.url("/should_never_be_called"), get_http_client()); + + let res = warp::test::request() + .path("/") + .filter(&filter) + .await + .unwrap_err(); + + let err: &IndieAuthError = res.find().unwrap(); + assert_eq!(err.kind, super::ErrorKind::NotAuthorized); + + mock.assert_hits_async(0).await; + } + #[tokio::test] async fn test_require_token_400_error_unauthorized() { let server = MockServer::start_async().await; -- cgit 1.4.1