mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
fix(server): send 404 on missing api endpoints instead of 405 (#1806)
Returns a 404 instead of 405 on bad API endpoints. The original issue was resolved in 3487fd392e
however this resolves another issue that's related. Additionally this ensures the behavior is tested.
Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
Fixes #1520
Closes #1534
This commit is contained in:
parent
2fabfecb55
commit
5a5efa5e02
|
@ -53,7 +53,7 @@ func StartServer(configuration schema.Configuration, providers middlewares.Provi
|
|||
}
|
||||
|
||||
r.GET("/static/{filepath:*}", embeddedFS)
|
||||
r.GET("/api/{filepath:*}", embeddedFS)
|
||||
r.ANY("/api/{filepath:*}", embeddedFS)
|
||||
|
||||
r.GET("/api/health", autheliaMiddleware(handlers.HealthGet))
|
||||
r.GET("/api/state", autheliaMiddleware(handlers.StateGet))
|
||||
|
|
|
@ -35,7 +35,7 @@ func (s *BackendProtectionScenario) AssertRequestStatusCode(method, url string,
|
|||
}
|
||||
res, err := client.Do(req)
|
||||
s.Assert().NoError(err)
|
||||
s.Assert().Equal(res.StatusCode, expectedStatusCode)
|
||||
s.Assert().Equal(expectedStatusCode, res.StatusCode)
|
||||
})
|
||||
}
|
||||
|
||||
|
@ -55,6 +55,16 @@ func (s *BackendProtectionScenario) TestProtectionOfBackendEndpoints() {
|
|||
s.AssertRequestStatusCode("POST", fmt.Sprintf("%s/api/secondfactor/totp/identity/finish", AutheliaBaseURL), 403)
|
||||
}
|
||||
|
||||
func (s *BackendProtectionScenario) TestInvalidEndpointsReturn404() {
|
||||
s.AssertRequestStatusCode("GET", fmt.Sprintf("%s/api/not_existing", AutheliaBaseURL), 404)
|
||||
s.AssertRequestStatusCode("HEAD", fmt.Sprintf("%s/api/not_existing", AutheliaBaseURL), 404)
|
||||
s.AssertRequestStatusCode("POST", fmt.Sprintf("%s/api/not_existing", AutheliaBaseURL), 404)
|
||||
|
||||
s.AssertRequestStatusCode("GET", fmt.Sprintf("%s/api/not_existing/second", AutheliaBaseURL), 404)
|
||||
s.AssertRequestStatusCode("HEAD", fmt.Sprintf("%s/api/not_existing/second", AutheliaBaseURL), 404)
|
||||
s.AssertRequestStatusCode("POST", fmt.Sprintf("%s/api/not_existing/second", AutheliaBaseURL), 404)
|
||||
}
|
||||
|
||||
func TestRunBackendProtection(t *testing.T) {
|
||||
suite.Run(t, NewBackendProtectionScenario())
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user