fix: enable resource identifiers to contain forward slashes

bethesque · bethesque · commit d8750791ec9a · 2017-09-07T10:43:42.000+10:00
This enables tag names such as 'feat/foo' to be used when escaped.
To do this, the path_traversal rack protection was disabled
diff --git a/lib/pact_broker/app.rb b/lib/pact_broker/app.rb
@@ -78,7 +78,7 @@ def prepare_app
     end
 
     def configure_middleware
-      @app_builder.use Rack::Protection, except: [:remote_token, :session_hijacking, :http_origin]
+      @app_builder.use Rack::Protection, except: [:path_traversal, :remote_token, :session_hijacking, :http_origin]
       @app_builder.use Rack::PactBroker::InvalidUriProtection
       @app_builder.use Rack::PactBroker::AddPactBrokerVersionHeader
       @app_builder.use Rack::Static, :urls => ["/stylesheets", "/css", "/fonts", "/js", "/javascripts", "/images"], :root => PactBroker.project_root.join("public")
diff --git a/spec/integration/app_spec.rb b/spec/integration/app_spec.rb
@@ -187,5 +187,15 @@ module PactBroker
         expect(last_response.status).to eq 404
       end
     end
+
+    describe "when a resource identifier contains a slash" do
+      let(:path) { "/pacticipants/Foo/versions/1.2.3/tags/feat%2Fbar" }
+
+      subject { put path, nil, {'CONTENT_TYPE' => 'application/json'}; last_response }
+
+      it "returns a success status" do
+        expect(subject.status).to eq 201
+      end
+    end
   end
 end
