From 5e43642c062905ef390eeff525b48bc5e05a8bdd Mon Sep 17 00:00:00 2001 From: Gerard Guillemas Martos Date: Mon, 26 Aug 2024 13:38:57 +0200 Subject: [PATCH] Test the case of an invalid session identifier (#4594) Co-authored-by: Tobie Morgan Hitchcock --- tests/common/tests.rs | 15 +++++++++++++++ tests/http_integration.rs | 23 +++++++++++++++++++++++ 2 files changed, 38 insertions(+) diff --git a/tests/common/tests.rs b/tests/common/tests.rs index 477e026c..afa77374 100644 --- a/tests/common/tests.rs +++ b/tests/common/tests.rs @@ -1853,6 +1853,21 @@ async fn session_id_defined_both() { server.finish().unwrap(); } +#[test(tokio::test)] +async fn session_id_invalid() { + // Setup database server + let (addr, mut server) = common::start_server_with_defaults().await.unwrap(); + // We specify a request identifier via a specific SurrealDB header + let mut headers = HeaderMap::new(); + headers.insert("surreal-id", HeaderValue::from_static("123")); // Not a valid UUIDv4 + // Connect to WebSocket + let socket = Socket::connect_with_headers(&addr, SERVER, FORMAT, headers).await; + assert!(socket.is_err(), "unexpected success using connecting with invalid id header"); + + // Test passed + server.finish().unwrap(); +} + #[test(tokio::test)] async fn session_id_undefined() { // Setup database server diff --git a/tests/http_integration.rs b/tests/http_integration.rs index c3f4a03a..105baa2b 100644 --- a/tests/http_integration.rs +++ b/tests/http_integration.rs @@ -348,6 +348,29 @@ mod http_integration { let body = res.text().await.unwrap(); assert!(body.contains("00000000-0000-0000-0000-000000000000"), "body: {body}"); } + + // Request with invalid header, should fail + { + // Prepare HTTP client with header + let mut headers = reqwest::header::HeaderMap::new(); + let ns = Ulid::new().to_string(); + let db = Ulid::new().to_string(); + headers.insert("surreal-ns", ns.parse().unwrap()); + headers.insert("surreal-db", db.parse().unwrap()); + headers.insert( + "surreal-id", + HeaderValue::from_static("123"), // Not a valid UUIDv4 + ); + headers.insert(header::ACCEPT, "application/json".parse().unwrap()); + let client = reqwest::Client::builder() + .connect_timeout(Duration::from_millis(10)) + .default_headers(headers) + .build() + .unwrap(); + + let res = client.post(url).body("SELECT VALUE id FROM $session").send().await.unwrap(); + assert_eq!(res.status(), 401); + } } #[test(tokio::test)]