Address review comments

* moved `is_empty` check into `check_token` * improved error message (is quite long now but should explain the error well) * removed one helper function from new test
2025-10-01 11:30:39 +00:00 · 2023-02-16 19:12:46 +01:00 · 2023-02-16 19:12:46 +01:00 · 823ab52f19
commit 823ab52f19
parent 3d2e107b5a
2 changed files with 32 additions and 15 deletions
--- a/crates/crates-io/lib.rs
+++ b/crates/crates-io/lib.rs
@ -518,16 +518,20 @@ pub fn is_url_crates_io(url: &str) -> bool {
 /// It would be easier to check just for alphanumeric tokens, but we can't be sure that all
 /// registries only create tokens in that format so that is as less restricted as possible.
 pub fn check_token(token: &str) -> Result<()> {
-    let is_valid = token.bytes().all(|b| {
+    if token.is_empty() {
+        bail!("please provide a non-empty token");
+    }
+    if token.bytes().all(|b| {
        b >= 32 // undefined in ISO-8859-1, in ASCII/ UTF-8 not-printable character
        && b < 128 // utf-8: the first bit signals a multi-byte character
        && b != 127 // 127 is a control character in ascii and not in ISO 8859-1
        || b == b't' // tab is also allowed (even when < 32)
-    });
-
-    if is_valid {
+    }) {
        Ok(())
    } else {
-        Err(anyhow::anyhow!("invalid token."))
+        Err(anyhow::anyhow!(
+            "token contains invalid characters.\nOnly printable ISO-8859-1 characters \
+             are allowed as it is sent in a HTTPS header."
+        ))
    }
 }
--- a/tests/testsuite/login.rs
+++ b/tests/testsuite/login.rs
@ -134,7 +134,7 @@ fn invalid_login_token() {
        .build();
    setup_new_credentials();

-    let check_ = |stdin: &str, stderr: &str| {
+    let check = |stdin: &str, stderr: &str| {
        cargo_process("login")
            .replace_crates_io(registry.index_url())
            .with_stdout("please paste the token found on [..]/me below")
@ -143,19 +143,32 @@ fn invalid_login_token() {
            .with_status(101)
            .run();
    };
-    let check = |stdin: &str| {
-        check_(stdin, "[ERROR] invalid token.");
-    };
-    // first check updates index so it must be handled differently
-    check_(
+
+    check(
        "😄",
        "\
 [UPDATING] crates.io index
-[ERROR] invalid token.",
+[ERROR] token contains invalid characters.
+Only printable ISO-8859-1 characters are allowed as it is sent in a HTTPS header.",
+    );
+    check(
+        "\u{0016}",
+        "\
+[ERROR] token contains invalid characters.
+Only printable ISO-8859-1 characters are allowed as it is sent in a HTTPS header.",
+    );
+    check(
+        "\u{0000}",
+        "\
+[ERROR] token contains invalid characters.
+Only printable ISO-8859-1 characters are allowed as it is sent in a HTTPS header.",
+    );
+    check(
+        "你好",
+        "\
+[ERROR] token contains invalid characters.
+Only printable ISO-8859-1 characters are allowed as it is sent in a HTTPS header.",
    );
-    check("\u{0016}");
-    check("\u{0000}");
-    check("你好");
 }

 #[cargo_test]