From 58a165166614280a3d9f72c296c04d0d12d6f094 Mon Sep 17 00:00:00 2001 From: siblingsofthevoid Date: Mon, 30 Sep 2024 16:09:56 +0200 Subject: [PATCH 1/5] Set rust version to 1.81 to prevent compatibility issues --- Cargo.toml | 1 + rust-toolchain | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) delete mode 100644 rust-toolchain diff --git a/Cargo.toml b/Cargo.toml index faf3d54..9533b92 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -3,6 +3,7 @@ name = "actix-csrf" version = "0.8.0" authors = ["Edward Shen ", "Benoit Eudier "] edition = "2021" +rust-version = "1.81.0" description = "CSRF middleware for Actix" repository = "https://github.com/edward-shen/actix-csrf" license = "MIT OR Apache-2.0" diff --git a/rust-toolchain b/rust-toolchain deleted file mode 100644 index febdd1a..0000000 --- a/rust-toolchain +++ /dev/null @@ -1 +0,0 @@ -1.59 \ No newline at end of file From a699e611218ff39cd8e21203dc58f3afe6503169 Mon Sep 17 00:00:00 2001 From: siblingsofthevoid Date: Mon, 30 Sep 2024 16:13:16 +0200 Subject: [PATCH 2/5] update Cargo.toml format to latest rust version --- Cargo.toml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 9533b92..fe84b94 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -12,12 +12,12 @@ categories = ["web-programming::http-server"] include = ["src/**/*", "LICENSE-*", "README.md"] [dependencies] -actix-web = { version = "4", default_features = false, features = [ "cookies" ] } -base64 = { version = "0.21.0", default_features = false, features = [ "std" ]} +actix-web = { version = "4", default-features = false, features = [ "cookies" ] } +base64 = { version = "0.21.0", default-features = false, features = [ "std" ]} cookie = "0.16" rand = { version = "0.8", features = [ "std_rng" ] } tracing = "0.1" -serde = { version = "1", default_features = false } +serde = { version = "1", default-features = false } [dev-dependencies] # These versions are pinned to ensure compatibility with 4.0.0 From 759c85f28c665d134f2d49f5ae3692fb04ed3f25 Mon Sep 17 00:00:00 2001 From: siblingsofthevoid Date: Mon, 30 Sep 2024 17:02:05 +0200 Subject: [PATCH 3/5] Fix Clippy issues --- clippy.toml | 2 +- src/extractor.rs | 11 ++++++----- src/lib.rs | 16 ++++++++-------- 3 files changed, 15 insertions(+), 14 deletions(-) diff --git a/clippy.toml b/clippy.toml index abe19b3..8c0bc00 100644 --- a/clippy.toml +++ b/clippy.toml @@ -1 +1 @@ -msrv = "1.59" +msrv = "1.81" diff --git a/src/extractor.rs b/src/extractor.rs index 2dd893e..bb406a6 100644 --- a/src/extractor.rs +++ b/src/extractor.rs @@ -45,10 +45,11 @@ impl FromRequest for CsrfHeader { .headers() .get(header_name) .map_or(Err(CsrfError::MissingCookie), |header| { - match header.to_str() { - Ok(header) => Ok(Self(CsrfToken(header.to_owned()))), - Err(_) => Err(CsrfError::MissingToken), - } + header + .to_str() + .map_or(Err(CsrfError::MissingToken), |header| { + Ok(Self(CsrfToken(header.to_owned()))) + }) }); ready(resp) @@ -165,7 +166,7 @@ impl CsrfCookieConfig { Self { cookie_name } } else { Self { - cookie_name: format!("{}{}", prefix, cookie_name), + cookie_name: format!("{prefix}{cookie_name}"), } } } diff --git a/src/lib.rs b/src/lib.rs index 4ba8025..4e339b7 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -14,14 +14,14 @@ //! follows: //! //! - User submits a request for a resource that will directly send a CSRF token -//! (such as a login form). The server will respond with a `Set-Cookie` header -//! containing the CSRF token. +//! (such as a login form). The server will respond with a `Set-Cookie` header +//! containing the CSRF token. //! - The user then submits a request that contains the CSRF token, either -//! through a custom header or in the request itself. This results in the client -//! sending the CRSF token twice: once as a cookie and once as a header or as -//! part of the request itself. +//! through a custom header or in the request itself. This results in the client +//! sending the CRSF token twice: once as a cookie and once as a header or as +//! part of the request itself. //! - The server then validates if the CSRF value in the request is the same as -//! the CSRF value in the cookie. If it is, the request is allowed to proceed. +//! the CSRF value in the cookie. If it is, the request is allowed to proceed. //! //! This is why this process is known as a double-submit: You submit the CSRF //! value to a CSRF protected endpoint in two different ways. For more @@ -202,7 +202,7 @@ impl CsrfMiddleware { /// Creates a CSRF middleware with secure defaults. Namely: /// /// - The CSRF cookie will be prefixed with `__Host-`. This also implies the - /// following: + /// following: /// - `Secure` is set. /// - `Domain` is _not_ set. /// - `Path` is set to `/`. @@ -222,7 +222,7 @@ impl CsrfMiddleware { /// Namely: /// /// - The CSRF cookie will be prefixed with `__Host-`. This also implies the - /// following: + /// following: /// - `Secure` is set. /// - `Domain` is _not_ set. /// - `Path` is set to `/`. From e0889bbc6209a58280ee12ac0b5ef1b342fd1c3e Mon Sep 17 00:00:00 2001 From: Siblings Of The Void Date: Fri, 15 Nov 2024 17:27:26 +0100 Subject: [PATCH 4/5] Set MSRV to 1.71 as requested in edward-shen/actix-csrf#14 --- .github/workflows/ci.yml | 4 ++-- Cargo.toml | 2 +- clippy.toml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c800aca..8cc1000 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -7,5 +7,5 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - uses: dtolnay/rust-toolchain@1.59.0 - - run: cargo test --all-features \ No newline at end of file + - uses: dtolnay/rust-toolchain@1.72.0 + - run: cargo test --all-features diff --git a/Cargo.toml b/Cargo.toml index fe84b94..5330171 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -3,7 +3,7 @@ name = "actix-csrf" version = "0.8.0" authors = ["Edward Shen ", "Benoit Eudier "] edition = "2021" -rust-version = "1.81.0" +rust-version = "1.72.0" description = "CSRF middleware for Actix" repository = "https://github.com/edward-shen/actix-csrf" license = "MIT OR Apache-2.0" diff --git a/clippy.toml b/clippy.toml index 8c0bc00..ebba035 100644 --- a/clippy.toml +++ b/clippy.toml @@ -1 +1 @@ -msrv = "1.81" +msrv = "1.72" From 800b36a44b2491b3270d31ff280a4a2ad0bad489 Mon Sep 17 00:00:00 2001 From: Siblings Of The Void Date: Fri, 15 Nov 2024 17:32:20 +0100 Subject: [PATCH 5/5] Pin actix-web to 4.3.1 and actix-http to 3.3.1 --- Cargo.toml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 5330171..4d1645b 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -12,7 +12,7 @@ categories = ["web-programming::http-server"] include = ["src/**/*", "LICENSE-*", "README.md"] [dependencies] -actix-web = { version = "4", default-features = false, features = [ "cookies" ] } +actix-web = { version = "4.3.1", default-features = false, features = [ "cookies" ] } base64 = { version = "0.21.0", default-features = false, features = [ "std" ]} cookie = "0.16" rand = { version = "0.8", features = [ "std_rng" ] } @@ -22,8 +22,8 @@ serde = { version = "1", default-features = false } [dev-dependencies] # These versions are pinned to ensure compatibility with 4.0.0 anyhow = "1" -actix-web = { version = "=4.0.0", features = [ "cookies", "openssl"] } -actix-http = "=3.0.0" +actix-web = { version = "=4.3.1", features = [ "cookies", "openssl"] } +actix-http = "=3.3.1" serde = { version = "1", features = [ "derive" ] } tokio = { version = "1", features = [ "macros", "rt-multi-thread" ] } openssl = { version = "0.10" }