techies/authelia
1
0
Fork 0
mirror of https://github.com/0rangebananaspy/authelia.git synced 2024-09-14 22:47:21 +07:00
Code Issues Projects Releases Wiki Activity

fix(server): send 404 on missing api endpoints instead of 405 (#1806)

Browse Source 
Returns a 404 instead of 405 on bad API endpoints. The original issue was resolved in 3487fd392e however this resolves another issue that's related. Additionally this ensures the behavior is tested.
Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>

Fixes #1520
Closes #1534
This commit is contained in:
James Elliott 2021-03-11 18:36:58 +11:00 committed by GitHub
parent 2fabfecb55
commit 5a5efa5e02
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
internal/server/server.go
View File

@ -53,7 +53,7 @@ func StartServer(configuration schema.Configuration, providers middlewares.Provi
} }
r.GET("/static/{filepath:*}", embeddedFS) r.GET("/static/{filepath:*}", embeddedFS)
r.GET("/api/{filepath:*}", embeddedFS) r.ANY("/api/{filepath:*}", embeddedFS)
r.GET("/api/health", autheliaMiddleware(handlers.HealthGet)) r.GET("/api/health", autheliaMiddleware(handlers.HealthGet))
r.GET("/api/state", autheliaMiddleware(handlers.StateGet)) r.GET("/api/state", autheliaMiddleware(handlers.StateGet))

12
internal/suites/scenario_backend_protection_test.go
View File

@ -35,7 +35,7 @@ func (s *BackendProtectionScenario) AssertRequestStatusCode(method, url string,
} }
res, err := client.Do(req) res, err := client.Do(req)
s.Assert().NoError(err) s.Assert().NoError(err)
s.Assert().Equal(res.StatusCode, expectedStatusCode) s.Assert().Equal(expectedStatusCode, res.StatusCode)
}) })
} }
@ -55,6 +55,16 @@ func (s *BackendProtectionScenario) TestProtectionOfBackendEndpoints() {
s.AssertRequestStatusCode("POST", fmt.Sprintf("%s/api/secondfactor/totp/identity/finish", AutheliaBaseURL), 403) s.AssertRequestStatusCode("POST", fmt.Sprintf("%s/api/secondfactor/totp/identity/finish", AutheliaBaseURL), 403)
} }
func (s *BackendProtectionScenario) TestInvalidEndpointsReturn404() {
s.AssertRequestStatusCode("GET", fmt.Sprintf("%s/api/not_existing", AutheliaBaseURL), 404)
s.AssertRequestStatusCode("HEAD", fmt.Sprintf("%s/api/not_existing", AutheliaBaseURL), 404)
s.AssertRequestStatusCode("POST", fmt.Sprintf("%s/api/not_existing", AutheliaBaseURL), 404)
s.AssertRequestStatusCode("GET", fmt.Sprintf("%s/api/not_existing/second", AutheliaBaseURL), 404)
s.AssertRequestStatusCode("HEAD", fmt.Sprintf("%s/api/not_existing/second", AutheliaBaseURL), 404)
s.AssertRequestStatusCode("POST", fmt.Sprintf("%s/api/not_existing/second", AutheliaBaseURL), 404)
}
func TestRunBackendProtection(t *testing.T) { func TestRunBackendProtection(t *testing.T) {
suite.Run(t, NewBackendProtectionScenario()) suite.Run(t, NewBackendProtectionScenario())
} }