Test the case of an invalid session identifier (#4594)
Co-authored-by: Tobie Morgan Hitchcock <tobie@surrealdb.com>
This commit is contained in:
parent
5165a34a27
commit
5e43642c06
2 changed files with 38 additions and 0 deletions
|
@ -1853,6 +1853,21 @@ async fn session_id_defined_both() {
|
|||
server.finish().unwrap();
|
||||
}
|
||||
|
||||
#[test(tokio::test)]
|
||||
async fn session_id_invalid() {
|
||||
// Setup database server
|
||||
let (addr, mut server) = common::start_server_with_defaults().await.unwrap();
|
||||
// We specify a request identifier via a specific SurrealDB header
|
||||
let mut headers = HeaderMap::new();
|
||||
headers.insert("surreal-id", HeaderValue::from_static("123")); // Not a valid UUIDv4
|
||||
// Connect to WebSocket
|
||||
let socket = Socket::connect_with_headers(&addr, SERVER, FORMAT, headers).await;
|
||||
assert!(socket.is_err(), "unexpected success using connecting with invalid id header");
|
||||
|
||||
// Test passed
|
||||
server.finish().unwrap();
|
||||
}
|
||||
|
||||
#[test(tokio::test)]
|
||||
async fn session_id_undefined() {
|
||||
// Setup database server
|
||||
|
|
|
@ -348,6 +348,29 @@ mod http_integration {
|
|||
let body = res.text().await.unwrap();
|
||||
assert!(body.contains("00000000-0000-0000-0000-000000000000"), "body: {body}");
|
||||
}
|
||||
|
||||
// Request with invalid header, should fail
|
||||
{
|
||||
// Prepare HTTP client with header
|
||||
let mut headers = reqwest::header::HeaderMap::new();
|
||||
let ns = Ulid::new().to_string();
|
||||
let db = Ulid::new().to_string();
|
||||
headers.insert("surreal-ns", ns.parse().unwrap());
|
||||
headers.insert("surreal-db", db.parse().unwrap());
|
||||
headers.insert(
|
||||
"surreal-id",
|
||||
HeaderValue::from_static("123"), // Not a valid UUIDv4
|
||||
);
|
||||
headers.insert(header::ACCEPT, "application/json".parse().unwrap());
|
||||
let client = reqwest::Client::builder()
|
||||
.connect_timeout(Duration::from_millis(10))
|
||||
.default_headers(headers)
|
||||
.build()
|
||||
.unwrap();
|
||||
|
||||
let res = client.post(url).body("SELECT VALUE id FROM $session").send().await.unwrap();
|
||||
assert_eq!(res.status(), 401);
|
||||
}
|
||||
}
|
||||
|
||||
#[test(tokio::test)]
|
||||
|
|
Loading…
Reference in a new issue