fix(console): restore admin_auth_cors_ratelimit test after ureq 3 API drift (task #37)#321
Merged
Merged
Conversation
… drift Cargo.lock pins ureq 3.3.0 (Cargo.toml `ureq = "3"`), but tests/admin_auth_cors_ratelimit.rs (task #37) was still written against the ureq 2.x API: `.set()`, `.timeout()`, `ureq::request(method, url)`, `resp.header()`, and matching `ureq::Error::Status(code, resp)` to read headers off 4xx/5xx responses. ureq 3 renamed/removed all of these: `.header()` replaces `.set()`, per-request timeouts move to `.config().timeout_global(...).build()`, `ureq::request()` is gone in favor of method-named free functions (`ureq::options()`), and — the breaking part for these tests — `Error::StatusCode(u16)` no longer carries the response, so header assertions on error responses (www-authenticate on 401, retry-after on 429) were no longer reachable at all. Fix: build every request with `http_status_as_error(false)` so 4xx/5xx responses come back as `Ok(Response<Body>)` instead of `Err`, and assert on `resp.status()` / `resp.headers()` directly. This preserves every original assertion (bearer-token enforcement, tampered-signature rejection, CORS origin echo/elision, rate-limit 429 + retry-after, preflight bypass, healthz/readyz auth exemption) — nothing was weakened, only the mechanism for reaching the response headers changed. Verified: cargo test --release --features console --test admin_auth_cors_ratelimit (7/7 pass), cargo fmt --check, cargo clippy --no-default-features --features runtime-monoio,jemalloc,graph,text-index,console --tests -- -D warnings (clean). Refs: task #37 (console-feature test rot from PR #284 review) author: Tin Dang
Qodo reviews are paused for this user.Troubleshooting steps vary by plan Learn more → On a Teams plan? Using GitHub Enterprise Server, GitLab Self-Managed, or Bitbucket Data Center? |
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughChangesHTTP response handling tests
Estimated code review effort: 2 (Simple) | ~10 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Task #37: the console-feature test
admin_auth_cors_ratelimitwas written against ureq 2.x butCargo.tomlpinsureq = "3"(Lock: 3.3.0). ureq 3 renamed/removed.set(),.timeout(),ureq::request(),resp.header(), and — the breaking part —ureq::Error::StatusCode(u16)no longer carries theResponse, so header assertions on 4xx/5xx (www-authenticateon 401,retry-afteron 429) were structurally unreachable.Fix
Two helpers build each request with
.config().http_status_as_error(false).timeout_global(...).build(), so 4xx/5xx come back asOk(Response)and the test asserts onresp.status()/resp.headers()directly. Every original assertion preserved (bearer enforcement, tampered-signature rejection, CORS origin echo/elision, 429 + retry-after, preflight bypass, healthz/readyz auth exemption). Test-only change; no non-test console code used ureq.Verification
cargo test --release --features console --test admin_auth_cors_ratelimit→ 7/7cargo fmt --checkclean;cargo clippy --no-default-features --features runtime-monoio,jemalloc,graph,text-index,console --tests -D warningsclean (matches CI check-console exactly)Summary by CodeRabbit