Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Having a : or @ in a route does not work #1552

Merged
merged 1 commit into from
Feb 6, 2017
Merged

Having a : or @ in a route does not work #1552

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 11 additions & 7 deletions aiohttp/web_urldispatcher.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,10 @@
from pathlib import Path
from types import MappingProxyType

from yarl import URL, quote, unquote
# do not use yarl.quote directly,
# use `URL(path).raw_path` instead of `quote(path)`
# Escaping of the URLs need to be consitent with the escaping done by yarl
from yarl import URL, unquote

from . import hdrs
from .abc import AbstractMatchInfo, AbstractRouter, AbstractView
Expand Down Expand Up @@ -373,7 +376,7 @@ def __init__(self, prefix, *, name=None):
assert not prefix or prefix.startswith('/'), prefix
assert prefix in ('', '/') or not prefix.endswith('/'), prefix
super().__init__(name=name)
self._prefix = quote(prefix, safe='/')
self._prefix = URL(prefix).raw_path

def add_prefix(self, prefix):
assert prefix.startswith('/')
Expand Down Expand Up @@ -421,7 +424,7 @@ def url_for(self, *, filename):
while filename.startswith('/'):
filename = filename[1:]
filename = '/' + filename
url = self._prefix + quote(filename, safe='/')
url = self._prefix + URL(filename).raw_path
return URL(url)

def get_info(self):
Expand Down Expand Up @@ -783,7 +786,8 @@ def add_resource(self, path, *, name=None):
if path and not path.startswith('/'):
raise ValueError("path should be started with / or be empty")
if not ('{' in path or '}' in path or self.ROUTE_RE.search(path)):
resource = PlainResource(quote(path, safe='/'), name=name)
url = URL(path)
resource = PlainResource(url.raw_path, name=name)
self.register_resource(resource)
return resource

Expand All @@ -805,9 +809,9 @@ def add_resource(self, path, *, name=None):
if '{' in part or '}' in part:
raise ValueError("Invalid path '{}'['{}']".format(path, part))

part = quote(part, safe='/')
formatter += part
pattern += re.escape(part)
path = URL(part).raw_path
formatter += path
pattern += re.escape(path)

try:
compiled = re.compile(pattern)
Expand Down
22 changes: 22 additions & 0 deletions tests/test_web_urldispatcher.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -158,6 +158,28 @@ def test_access_non_existing_resource(tmp_dir_path, loop, test_client):
yield from r.release()


@pytest.mark.parametrize('registered_path,request_url', [
('/a:b', '/a:b'),
('/a@b', '/a@b'),
('/a:b', '/a%3Ab'),
])
@asyncio.coroutine
def test_url_escaping(loop, test_client, registered_path, request_url):
"""
Tests accessing a resource with
"""
app = web.Application(loop=loop)

def handler(_):
return web.Response()
app.router.add_get(registered_path, handler)
client = yield from test_client(app)

r = yield from client.get(request_url)
assert r.status == 200
yield from r.release()


@asyncio.coroutine
def test_unauthorized_folder_access(tmp_dir_path, loop, test_client):
"""
Expand Down