diff options
Diffstat (limited to '')
| -rw-r--r-- | src/errors.rs | 6 | ||||
| -rw-r--r-- | src/file_upload.rs | 4 | ||||
| -rw-r--r-- | tests/upload_files.rs | 2 |
3 files changed, 8 insertions, 4 deletions
diff --git a/src/errors.rs b/src/errors.rs index b2ed459..06569d3 100644 --- a/src/errors.rs +++ b/src/errors.rs @@ -22,6 +22,10 @@ pub enum ContextualError { #[error("File already exists, and the overwrite_files option has not been set")] DuplicateFileError, + /// Upload not allowed + #[error("Upload not allowed to this directory")] + UploadForbiddenError, + /// Any error related to an invalid path (failed to retrieve entry name, unexpected entry type, etc) #[error("Invalid path\ncaused by: {0}")] InvalidPathError(String), @@ -88,6 +92,8 @@ impl ResponseError for ContextualError { Self::InsufficientPermissionsError(_) => StatusCode::FORBIDDEN, Self::InvalidHttpCredentials => StatusCode::UNAUTHORIZED, Self::InvalidHttpRequestError(_) => StatusCode::BAD_REQUEST, + Self::DuplicateFileError => StatusCode::FORBIDDEN, + Self::UploadForbiddenError => StatusCode::FORBIDDEN, _ => StatusCode::INTERNAL_SERVER_ERROR, } } diff --git a/src/file_upload.rs b/src/file_upload.rs index 0232c7e..cf214b8 100644 --- a/src/file_upload.rs +++ b/src/file_upload.rs @@ -179,9 +179,7 @@ pub async fn upload_file( .any(|s| upload_path.starts_with(s)); if !upload_allowed { - return Err(ContextualError::InvalidPathError( - "Not allowed to upload to this path".to_string(), - )); + return Err(ContextualError::UploadForbiddenError); } // Disallow the target path to go outside of the served directory diff --git a/tests/upload_files.rs b/tests/upload_files.rs index 98ddc2a..196f3cd 100644 --- a/tests/upload_files.rs +++ b/tests/upload_files.rs @@ -100,7 +100,7 @@ fn uploading_files_is_restricted(#[case] server: TestServer) -> Result<(), Error let client = Client::new(); // Ensure uploading fails and returns an error assert_eq!( - 500, + 403, client .post(server.url().join("/upload?path=/")?) .multipart(form) |