Allow Bearer auth scheme for API tokens

... by using the new `AuthHeader` extractor, which also slightly improves our error messages.

Author: Turbo87

src/auth.rs

@@ -14,7 +14,7 @@ use crates_io_session::SessionExtension;
 use diesel_async::AsyncPgConnection;
 use http::request::Parts;
 use http::{StatusCode, header};
-use secrecy::SecretString;
+use secrecy::{ExposeSecret, SecretString};
 
 pub struct AuthHeader(SecretString);
 
@@ -252,17 +252,12 @@ async fn authenticate_via_token(
     parts: &Parts,
     conn: &mut AsyncPgConnection,
 ) -> AppResult<Option<TokenAuthentication>> {
-    let maybe_authorization = parts
-        .headers()
-        .get(header::AUTHORIZATION)
-        .and_then(|h| h.to_str().ok());
-
-    let Some(header_value) = maybe_authorization else {
+    let Some(auth_header) = AuthHeader::optional_from_request_parts(parts).await? else {
         return Ok(None);
     };
 
-    let token =
-        HashedToken::parse(header_value).map_err(|_| InsecurelyGeneratedTokenRevoked::boxed())?;
+    let token = auth_header.token().expose_secret();
+    let token = HashedToken::parse(token).map_err(|_| InsecurelyGeneratedTokenRevoked::boxed())?;
 
     let token = ApiToken::find_by_api_token(conn, &token)
         .await

src/tests/krate/publish/auth.rs

@@ -1,10 +1,10 @@
 use crate::schema::api_tokens;
 use crate::tests::builders::{CrateBuilder, PublishBuilder};
-use crate::tests::util::{RequestHelper, TestApp};
+use crate::tests::util::{MockTokenUser, RequestHelper, TestApp};
 use diesel::ExpressionMethods;
 use diesel_async::RunQueryDsl;
 use googletest::prelude::*;
-use insta::assert_snapshot;
+use insta::{assert_json_snapshot, assert_snapshot};
 
 #[tokio::test(flavor = "multi_thread")]
 async fn new_wrong_token() {
@@ -54,3 +54,27 @@ async fn new_krate_wrong_user() {
     assert_that!(app.stored_files().await, empty());
     assert_that!(app.emails().await, empty());
 }
+
+#[tokio::test(flavor = "multi_thread")]
+async fn new_krate_with_bearer_token() {
+    let (app, _, _, token) = TestApp::full().with_token().await;
+
+    let token = format!("Bearer {}", token.plaintext());
+    let token = MockTokenUser::with_auth_header(token, app.clone());
+
+    let crate_to_publish = PublishBuilder::new("foo_new", "1.0.0");
+    let response = token.publish_crate(crate_to_publish).await;
+    assert_snapshot!(response.status(), @"200 OK");
+    assert_json_snapshot!(response.json(), {
+        ".crate.created_at" => "[datetime]",
+        ".crate.updated_at" => "[datetime]",
+    });
+
+    assert_snapshot!(app.stored_files().await.join("\n"), @r"
+    crates/foo_new/foo_new-1.0.0.crate
+    index/fo/o_/foo_new
+    rss/crates.xml
+    rss/crates/foo_new.xml
+    rss/updates.xml
+    ");
+}

src/tests/krate/publish/snapshots/crates_io__tests__krate__publish__auth__new_krate_with_bearer_token-2.snap

@@ -0,0 +1,42 @@
+---
+source: src/tests/krate/publish/auth.rs
+expression: response.json()
+---
+{
+  "crate": {
+    "badges": [],
+    "categories": null,
+    "created_at": "[datetime]",
+    "default_version": "1.0.0",
+    "description": "description",
+    "documentation": null,
+    "downloads": 0,
+    "exact_match": false,
+    "homepage": null,
+    "id": "foo_new",
+    "keywords": null,
+    "links": {
+      "owner_team": "/api/v1/crates/foo_new/owner_team",
+      "owner_user": "/api/v1/crates/foo_new/owner_user",
+      "owners": "/api/v1/crates/foo_new/owners",
+      "reverse_dependencies": "/api/v1/crates/foo_new/reverse_dependencies",
+      "version_downloads": "/api/v1/crates/foo_new/downloads",
+      "versions": "/api/v1/crates/foo_new/versions"
+    },
+    "max_stable_version": "1.0.0",
+    "max_version": "1.0.0",
+    "name": "foo_new",
+    "newest_version": "1.0.0",
+    "num_versions": 1,
+    "recent_downloads": null,
+    "repository": null,
+    "updated_at": "[datetime]",
+    "versions": null,
+    "yanked": false
+  },
+  "warnings": {
+    "invalid_badges": [],
+    "invalid_categories": [],
+    "other": []
+  }
+}