Skip to content

Commit 8cb23a6

Browse files
Turbo87Turbo87
authored
Return errors if metadata name or version do not match manifest (#10960)
1 parent a6f7672 commit 8cb23a6

File tree

2 files changed

+40
-0
lines changed

2 files changed

+40
-0
lines changed

src/controllers/krate/publish.rs

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -171,6 +171,22 @@ pub async fn publish(app: AppState, req: Parts, body: Body) -> AppResult<Json<Go
171171
// we only accept manifests with a `package` section and without
172172
// inheritance.
173173
let package = tarball_info.manifest.package.unwrap();
174+
if package.name != metadata.name {
175+
let message = format!(
176+
"metadata name `{}` does not match manifest name `{}`",
177+
metadata.name, package.name
178+
);
179+
return Err(bad_request(message));
180+
}
181+
182+
let manifest_version = package.version.map(|it| it.as_local().unwrap()).unwrap();
183+
if manifest_version != metadata.vers {
184+
let message = format!(
185+
"metadata version `{}` does not match manifest version `{manifest_version}`",
186+
metadata.vers
187+
);
188+
return Err(bad_request(message));
189+
}
174190

175191
let description = package.description.map(|it| it.as_local().unwrap());
176192
let mut license = package.license.map(|it| it.as_local().unwrap());

src/tests/krate/publish/manifest.rs

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -127,6 +127,30 @@ async fn invalid_manifest_missing_version() {
127127
assert_snapshot!(response.text(), @r#"{"errors":[{"detail":"failed to parse `Cargo.toml` manifest file\n\nmissing field `version`"}]}"#);
128128
}
129129

130+
#[tokio::test(flavor = "multi_thread")]
131+
async fn name_mismatch() {
132+
let (_app, _anon, _cookie, token) = TestApp::full().with_token().await;
133+
134+
let response =
135+
token.publish_crate(PublishBuilder::new("foo", "1.0.0").custom_manifest(
136+
"[package]\nname = \"bar\"\nversion = \"1.0.0\"\ndescription = \"description\"\nlicense = \"MIT\"\n",
137+
)).await;
138+
assert_eq!(response.status(), StatusCode::BAD_REQUEST);
139+
assert_snapshot!(response.text(), @r#"{"errors":[{"detail":"metadata name `foo` does not match manifest name `bar`"}]}"#);
140+
}
141+
142+
#[tokio::test(flavor = "multi_thread")]
143+
async fn version_mismatch() {
144+
let (_app, _anon, _cookie, token) = TestApp::full().with_token().await;
145+
146+
let response =
147+
token.publish_crate(PublishBuilder::new("foo", "1.0.0").custom_manifest(
148+
"[package]\nname = \"foo\"\nversion = \"2.0.0\"\ndescription = \"description\"\nlicense = \"MIT\"\n",
149+
)).await;
150+
assert_eq!(response.status(), StatusCode::BAD_REQUEST);
151+
assert_snapshot!(response.text(), @r#"{"errors":[{"detail":"metadata version `1.0.0` does not match manifest version `2.0.0`"}]}"#);
152+
}
153+
130154
#[tokio::test(flavor = "multi_thread")]
131155
async fn invalid_rust_version() {
132156
let (_app, _anon, _cookie, token) = TestApp::full().with_token().await;

0 commit comments

Comments
 (0)