From 73041c8988f348e35d02175e04f7e100277832cc Mon Sep 17 00:00:00 2001
From: SzudemJ <43202090+SzudemJ@users.noreply.github.com>
Date: Mon, 18 Jul 2022 15:43:18 +0200
Subject: [PATCH] Avoid exposure of type names by QueryRejection (#1171)

---
 axum-extra/src/extract/form.rs  |  4 ++--
 axum-extra/src/extract/query.rs |  2 +-
 axum/CHANGELOG.md               |  2 ++
 axum/src/extract/query.rs       |  2 +-
 axum/src/extract/rejection.rs   | 10 ++--------
 axum/src/form.rs                |  4 ++--
 6 files changed, 10 insertions(+), 14 deletions(-)

diff --git a/axum-extra/src/extract/form.rs b/axum-extra/src/extract/form.rs
index bcd8c1809f..ada651910c 100644
--- a/axum-extra/src/extract/form.rs
+++ b/axum-extra/src/extract/form.rs
@@ -67,7 +67,7 @@ where
         if req.method() == Method::GET {
             let query = req.uri().query().unwrap_or_default();
             let value = serde_html_form::from_str(query)
-                .map_err(FailedToDeserializeQueryString::__private_new::<T, _>)?;
+                .map_err(FailedToDeserializeQueryString::__private_new)?;
             Ok(Form(value))
         } else {
             if !has_content_type(req, &mime::APPLICATION_WWW_FORM_URLENCODED) {
@@ -76,7 +76,7 @@ where
 
             let bytes = Bytes::from_request(req).await?;
             let value = serde_html_form::from_bytes(&bytes)
-                .map_err(FailedToDeserializeQueryString::__private_new::<T, _>)?;
+                .map_err(FailedToDeserializeQueryString::__private_new)?;
 
             Ok(Form(value))
         }
diff --git a/axum-extra/src/extract/query.rs b/axum-extra/src/extract/query.rs
index dcbcdb31fd..dbd092df01 100644
--- a/axum-extra/src/extract/query.rs
+++ b/axum-extra/src/extract/query.rs
@@ -68,7 +68,7 @@ where
     async fn from_request(req: &mut RequestParts<B>) -> Result<Self, Self::Rejection> {
         let query = req.uri().query().unwrap_or_default();
         let value = serde_html_form::from_str(query)
-            .map_err(FailedToDeserializeQueryString::__private_new::<T, _>)?;
+            .map_err(FailedToDeserializeQueryString::__private_new)?;
         Ok(Query(value))
     }
 }
diff --git a/axum/CHANGELOG.md b/axum/CHANGELOG.md
index b4879fd10e..3f4b04e3a9 100644
--- a/axum/CHANGELOG.md
+++ b/axum/CHANGELOG.md
@@ -7,6 +7,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 # Unreleased
 
+- **fixed:** Don't expose internal type names in `QueryRejection` response. ([#1171])
 - **breaking:** Remove `extractor_middleware` which was previously deprecated.
   Use `axum::middleware::from_extractor` instead ([#1077])
 - **breaking:** Allow `Error: Into<Infallible>` for `Route::{layer, route_layer}` ([#924])
@@ -29,6 +30,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - **breaking:** Require middleware added with `Handler::layer` to have
   `Infallible` as the error type ([#1152])
 
+[#1171]: https://github.com/tokio-rs/axum/pull/1171
 [#1077]: https://github.com/tokio-rs/axum/pull/1077
 [#1088]: https://github.com/tokio-rs/axum/pull/1088
 [#1102]: https://github.com/tokio-rs/axum/pull/1102
diff --git a/axum/src/extract/query.rs b/axum/src/extract/query.rs
index c267ce05fc..dc024366b2 100644
--- a/axum/src/extract/query.rs
+++ b/axum/src/extract/query.rs
@@ -59,7 +59,7 @@ where
     async fn from_request(req: &mut RequestParts<B>) -> Result<Self, Self::Rejection> {
         let query = req.uri().query().unwrap_or_default();
         let value = serde_urlencoded::from_str(query)
-            .map_err(FailedToDeserializeQueryString::__private_new::<T, _>)?;
+            .map_err(FailedToDeserializeQueryString::__private_new)?;
         Ok(Query(value))
     }
 }
diff --git a/axum/src/extract/rejection.rs b/axum/src/extract/rejection.rs
index 68e72e6beb..21dfd14ad1 100644
--- a/axum/src/extract/rejection.rs
+++ b/axum/src/extract/rejection.rs
@@ -100,18 +100,16 @@ define_rejection! {
 #[derive(Debug)]
 pub struct FailedToDeserializeQueryString {
     error: Error,
-    type_name: &'static str,
 }
 
 impl FailedToDeserializeQueryString {
     #[doc(hidden)]
-    pub fn __private_new<T, E>(error: E) -> Self
+    pub fn __private_new<E>(error: E) -> Self
     where
         E: Into<BoxError>,
     {
         FailedToDeserializeQueryString {
             error: Error::new(error),
-            type_name: std::any::type_name::<T>(),
         }
     }
 }
@@ -124,11 +122,7 @@ impl IntoResponse for FailedToDeserializeQueryString {
 
 impl std::fmt::Display for FailedToDeserializeQueryString {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        write!(
-            f,
-            "Failed to deserialize query string. Expected something of type `{}`. Error: {}",
-            self.type_name, self.error,
-        )
+        write!(f, "Failed to deserialize query string: {}", self.error,)
     }
 }
 
diff --git a/axum/src/form.rs b/axum/src/form.rs
index 9974a46036..d1a16f7b6f 100644
--- a/axum/src/form.rs
+++ b/axum/src/form.rs
@@ -69,7 +69,7 @@ where
         if req.method() == Method::GET {
             let query = req.uri().query().unwrap_or_default();
             let value = serde_urlencoded::from_str(query)
-                .map_err(FailedToDeserializeQueryString::__private_new::<T, _>)?;
+                .map_err(FailedToDeserializeQueryString::__private_new)?;
             Ok(Form(value))
         } else {
             if !has_content_type(req, &mime::APPLICATION_WWW_FORM_URLENCODED) {
@@ -78,7 +78,7 @@ where
 
             let bytes = Bytes::from_request(req).await?;
             let value = serde_urlencoded::from_bytes(&bytes)
-                .map_err(FailedToDeserializeQueryString::__private_new::<T, _>)?;
+                .map_err(FailedToDeserializeQueryString::__private_new)?;
 
             Ok(Form(value))
         }