1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85

use std::fmt;

use serde::{Deserialize, Serialize};

use super::internal::{self, Encoding};

/// The Userinfo type is an immutable encapsulation of username and
/// password details for a URL. An existing Userinfo value is guaranteed
/// to have a username set (potentially empty, as allowed by RFC 2396),
/// and optionally a password.
#[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)]
pub struct UserInfo {
    pub name: String,
    pub password: Option<String>,
}

impl fmt::Display for UserInfo {
    // fmt returns the encoded userinfo information in the standard form
    // of "username[:password]".
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        let mut s = internal::escape(&self.name, Encoding::UserPassword);
        if let Some(v) = &self.password {
            s += format!(":{}", internal::escape(&v, Encoding::UserPassword)).as_str();
        }

        write!(f, "{}", s)
    }
}

/// user returns a Userinfo containing the provided name
/// and no password set.
pub fn user<T>(name: T) -> UserInfo
where
    T: ToString,
{
    UserInfo {
        name: name.to_string(),
        password: None,
    }
}

/// user_password returns a Userinfo containing the provided name
/// and password.
///
/// This functionality should only be used with legacy web sites.
/// RFC 2396 warns that interpreting Userinfo this way
/// "is NOT RECOMMENDED, because the passing of authentication
/// information in clear text (such as URI) has proven to be a
/// security risk in almost every case where it has been used."
pub fn user_password<S, T>(name: S, password: T) -> UserInfo
where
    S: ToString,
    T: ToString,
{
    UserInfo {
        name: name.to_string(),
        password: Some(password.to_string()),
    }
}

/// valid_userinfo reports whether s is a valid userinfo string per RFC 3986
/// Section 3.2.1:
///     userinfo    = *( unreserved / pct-encoded / sub-delims / ":" )
///     unreserved  = ALPHA / DIGIT / "-" / "." / "_" / "~"
///     sub-delims  = "!" / "$" / "&" / "'" / "(" / ")"
///                   / "*" / "+" / "," / ";" / "="
///
/// It doesn't validate pct-encoded. The caller does that via func unescape.
pub(crate) fn valid_userinfo(s: &str) -> bool {
    let iter = s
        .chars()
        .filter(|&c| c < 'A' || c > 'Z')
        .filter(|&c| c < 'a' || c > 'z')
        .filter(|&c| c < '0' || c > '9');

    for c in iter {
        match c {
            '-' | '.' | '_' | ':' | '~' | '!' | '$' | '&' | '\'' | '(' | ')' | '*' | '+' | '|'
            | ';' | '=' | '%' | '@' => {}
            _ => return false,
        }
    }

    return true;
}