fix(server): send 404 on missing api endpoints instead of 405 (#1806)

Returns a 404 instead of 405 on bad API endpoints. The original issue was resolved in 3487fd392e however this resolves another issue that's related. Additionally this ensures the behavior is tested.
Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>

Fixes #1520
Closes #1534
This commit is contained in:
James Elliott 2021-03-11 18:36:58 +11:00 committed by GitHub
parent 2fabfecb55
commit 5a5efa5e02
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 2 deletions

View File

@ -53,7 +53,7 @@ func StartServer(configuration schema.Configuration, providers middlewares.Provi
}
r.GET("/static/{filepath:*}", embeddedFS)
r.GET("/api/{filepath:*}", embeddedFS)
r.ANY("/api/{filepath:*}", embeddedFS)
r.GET("/api/health", autheliaMiddleware(handlers.HealthGet))
r.GET("/api/state", autheliaMiddleware(handlers.StateGet))

View File

@ -35,7 +35,7 @@ func (s *BackendProtectionScenario) AssertRequestStatusCode(method, url string,
}
res, err := client.Do(req)
s.Assert().NoError(err)
s.Assert().Equal(res.StatusCode, expectedStatusCode)
s.Assert().Equal(expectedStatusCode, res.StatusCode)
})
}
@ -55,6 +55,16 @@ func (s *BackendProtectionScenario) TestProtectionOfBackendEndpoints() {
s.AssertRequestStatusCode("POST", fmt.Sprintf("%s/api/secondfactor/totp/identity/finish", AutheliaBaseURL), 403)
}
func (s *BackendProtectionScenario) TestInvalidEndpointsReturn404() {
s.AssertRequestStatusCode("GET", fmt.Sprintf("%s/api/not_existing", AutheliaBaseURL), 404)
s.AssertRequestStatusCode("HEAD", fmt.Sprintf("%s/api/not_existing", AutheliaBaseURL), 404)
s.AssertRequestStatusCode("POST", fmt.Sprintf("%s/api/not_existing", AutheliaBaseURL), 404)
s.AssertRequestStatusCode("GET", fmt.Sprintf("%s/api/not_existing/second", AutheliaBaseURL), 404)
s.AssertRequestStatusCode("HEAD", fmt.Sprintf("%s/api/not_existing/second", AutheliaBaseURL), 404)
s.AssertRequestStatusCode("POST", fmt.Sprintf("%s/api/not_existing/second", AutheliaBaseURL), 404)
}
func TestRunBackendProtection(t *testing.T) {
suite.Run(t, NewBackendProtectionScenario())
}