make bunch of stuff public, add some more tests

kitsune-soc · Dec 17, 2024 · f1dbca3 · f1dbca3
1 parent 299a338
commit f1dbca3
Show file tree

Hide file tree

Showing 6 changed files with 109 additions and 45 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/lib/komainu/Cargo.toml b/lib/komainu/Cargo.toml
@@ -22,8 +22,8 @@ tracing.workspace = true
 url.workspace = true
 
 [dev-dependencies]
+divan.workspace = true
 serde_test.workspace = true
-tracing-subscriber.workspace = true
 
 [lints]
 workspace = true
diff --git a/lib/komainu/src/extractor.rs b/lib/komainu/src/extractor.rs
@@ -2,8 +2,8 @@ use crate::{
     error::{Error, Result},
     params::ParamStorage,
 };
-use memchr::memchr;
 use bytes::Bytes;
+use memchr::memchr;
 
 static URL_ENCODED_CONTENT_TYPE: http::HeaderValue =
     http::HeaderValue::from_static("application/x-www-form-urlencoded");
@@ -56,6 +56,7 @@ impl<'a> ClientCredentials<'a> {
     }
 
     #[inline]
+    #[must_use]
     pub fn client_id(&self) -> &str {
         match self {
             Self::Basic(auth) => auth.username(),
@@ -64,6 +65,7 @@ impl<'a> ClientCredentials<'a> {
     }
 
     #[inline]
+    #[must_use]
     pub fn client_secret(&self) -> &str {
         match self {
             Self::Basic(auth) => auth.password(),
@@ -73,9 +75,8 @@ impl<'a> ClientCredentials<'a> {
 }
 
 pub struct BasicAuth {
-    buffer: Vec<u8>,
-    username: &'static str,
-    password: &'static str,
+    buffer: String,
+    delimiter_pos: usize,
 }
 
 impl BasicAuth {
@@ -97,52 +98,42 @@ impl BasicAuth {
             .inspect_err(|error| debug!(?error, "failed to decode basic auth"))
             .ok()?;
 
-        let buffer_str = simdutf8::basic::from_utf8(&value)
-            .inspect_err(|error| debug!(?error, "failed to decode utf8"))
-            .ok()?;
+        // SAFETY: Since `simdutf8` validates that the buffer contents are valid UTF-8 and we exit the function on error,
+        // we can simply call `String::from_utf8_unchecked`.
+        #[allow(unsafe_code)]
+        let buffer = unsafe {
+            simdutf8::basic::from_utf8(&buffer)
+                .inspect_err(|error| debug!(?error, "failed to decode utf8"))
+                .ok()?;
 
-        let (username, password) = buffer_str.split_once(':')?;
+            String::from_utf8_unchecked(buffer)
+        };
 
-        // SAFETY: self-referential struct. can't access invariant lifetimes from the outside.
-        #[allow(unsafe_code)]
-        unsafe {
-            Some(Self {
-                buffer,
-                username: std::mem::transmute(username),
-                password: std::mem::transmute(password),
-            })
-        }
+        let delimiter_pos = buffer.find(':')?;
+
+        Some(Self {
+            buffer,
+            delimiter_pos,
+        })
     }
 
     #[inline]
+    #[must_use]
     pub fn username(&self) -> &str {
-        &self.username
+        // SAFETY: The delimiter was previously found via `str::find`, so the index is guaranteed to be within boundaries
+        #[allow(unsafe_code)]
+        unsafe {
+            self.buffer.get_unchecked(..self.delimiter_pos)
+        }
     }
 
     #[inline]
+    #[must_use]
     pub fn password(&self) -> &str {
-        &self.password
-    }
-}
-
-#[cfg(test)]
-mod test {
-    use super::BasicAuth;
-    use std::env;
-
-    #[test]
-    fn parse_basic_auth_rfc() {
-        env::set_var("RUST_LOG", "debug");
-        tracing_subscriber::fmt::init();
-
-        let mut map = http::HeaderMap::new();
-        map.insert(
-            http::header::AUTHORIZATION,
-            http::HeaderValue::from_static("Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=="),
-        );
-
-        let auth = BasicAuth::extract(&map).unwrap();
-        assert_eq!(auth.username(), "Aladdin");
-        assert_eq!(auth.password(), "open sesame");
+        // SAFETY: The delimiter was previously found via `str::find`, so the index is guaranteed to be within boundaries
+        #[allow(unsafe_code)]
+        unsafe {
+            self.buffer.get_unchecked((self.delimiter_pos + 1)..)
+        }
     }
 }
diff --git a/lib/komainu/src/lib.rs b/lib/komainu/src/lib.rs
@@ -9,11 +9,11 @@ pub use self::error::{Error, Result};
 pub use self::params::ParamStorage;
 
 mod error;
-mod extractor;
-mod params;
 
 pub mod authorize;
+pub mod extractor;
 pub mod flow;
+pub mod params;
 
 trait OptionExt<T> {
     fn or_missing_param(self) -> Result<T>;

diff --git a/lib/komainu/tests/basic_auth.rs b/lib/komainu/tests/basic_auth.rs
@@ -0,0 +1,65 @@
+use komainu::extractor::BasicAuth;
+
+#[test]
+fn parse_basic_auth_rfc() {
+    let mut map = http::HeaderMap::new();
+    map.insert(
+        http::header::AUTHORIZATION,
+        http::HeaderValue::from_static("Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=="),
+    );
+
+    let auth = BasicAuth::extract(&map).unwrap();
+    assert_eq!(auth.username(), "Aladdin");
+    assert_eq!(auth.password(), "open sesame");
+}
+
+#[test]
+fn empty_creds() {
+    let creds = ":";
+    let encoded = base64_simd::STANDARD.encode_to_string(creds);
+    let val = format!("Basic {encoded}");
+
+    let mut map = http::HeaderMap::new();
+    map.insert(
+        http::header::AUTHORIZATION,
+        http::HeaderValue::from_str(val.as_str()).unwrap(),
+    );
+
+    let auth = BasicAuth::extract(&map).unwrap();
+    assert_eq!(auth.username(), "");
+    assert_eq!(auth.password(), "");
+}
+
+#[test]
+fn empty_username() {
+    let creds = ":UwU";
+    let encoded = base64_simd::STANDARD.encode_to_string(creds);
+    let val = format!("Basic {encoded}");
+
+    let mut map = http::HeaderMap::new();
+    map.insert(
+        http::header::AUTHORIZATION,
+        http::HeaderValue::from_str(val.as_str()).unwrap(),
+    );
+
+    let auth = BasicAuth::extract(&map).unwrap();
+    assert_eq!(auth.username(), "");
+    assert_eq!(auth.password(), "UwU");
+}
+
+#[test]
+fn empty_password() {
+    let creds = "OwO:";
+    let encoded = base64_simd::STANDARD.encode_to_string(creds);
+    let val = format!("Basic {encoded}");
+
+    let mut map = http::HeaderMap::new();
+    map.insert(
+        http::header::AUTHORIZATION,
+        http::HeaderValue::from_str(val.as_str()).unwrap(),
+    );
+
+    let auth = BasicAuth::extract(&map).unwrap();
+    assert_eq!(auth.username(), "OwO");
+    assert_eq!(auth.password(), "");
+}
diff --git a/lib/komainu/tests/pkce.rs b/lib/komainu/tests/pkce.rs
@@ -9,13 +9,21 @@ fn verify_rfc_payload_s256() {
     ];
 
     let verifier_base64 = "dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk";
+    assert_eq!(
+        base64_simd::URL_SAFE_NO_PAD.encode_to_string(verifier),
+        verifier_base64
+    );
 
     let challenge = [
         19, 211, 30, 150, 26, 26, 216, 236, 47, 22, 177, 12, 76, 152, 46, 8, 118, 168, 120, 173,
         109, 241, 68, 86, 110, 225, 137, 74, 203, 112, 249, 195,
     ];
 
     let challenge_base64 = "E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM";
+    assert_eq!(
+        base64_simd::URL_SAFE_NO_PAD.encode_to_string(challenge),
+        challenge_base64
+    );
 
     let payload = PkcePayload {
         method: PkceMethod::S256,