summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNavaL <ayoyo@thoughtworks.com>2016-09-28 16:01:13 +0200
committerNavaL <ayoyo@thoughtworks.com>2016-09-28 16:03:09 +0200
commit663241d3add5dca912efac9c080181ede94dbe9f (patch)
tree73e83f76dc404b09c6f85e2620a56c805483f429
parentb9549559b136ddbe2cc5b81fe244457e556cd7ab (diff)
actually 404-ing valid requests but non-existing resource
Issue #684
-rw-r--r--service/pixelated/resources/root_resource.py3
-rw-r--r--service/test/unit/resources/test_root_resource.py16
2 files changed, 18 insertions, 1 deletions
diff --git a/service/pixelated/resources/root_resource.py b/service/pixelated/resources/root_resource.py
index 54fe7b4a..504d156d 100644
--- a/service/pixelated/resources/root_resource.py
+++ b/service/pixelated/resources/root_resource.py
@@ -31,6 +31,7 @@ from pixelated.resources.mail_resource import MailResource
from pixelated.resources.mails_resource import MailsResource
from pixelated.resources.tags_resource import TagsResource
from pixelated.resources.keys_resource import KeysResource
+from twisted.web.resource import NoResource
from twisted.web.static import File
from pixelated.resources.users import UsersResource
@@ -139,4 +140,4 @@ class ChildResourcesMap(object):
self._registry[path] = resource
def get(self, path):
- return self._registry.get(path)
+ return self._registry.get(path) or NoResource()
diff --git a/service/test/unit/resources/test_root_resource.py b/service/test/unit/resources/test_root_resource.py
index 0e963f02..4ff11ce8 100644
--- a/service/test/unit/resources/test_root_resource.py
+++ b/service/test/unit/resources/test_root_resource.py
@@ -103,6 +103,22 @@ class TestRootResource(unittest.TestCase):
d.addCallback(assert_unauthorized)
return d
+ def test_should_404_non_existing_resource_with_valid_csrf(self):
+ request = DummyRequest(['/non-existing-child'])
+ request.method = 'POST'
+ self._mock_ajax_csrf(request, 'stubbed csrf token')
+
+ request.getCookie = MagicMock(return_value='stubbed csrf token')
+
+ d = self.web.get(request)
+
+ def assert_not_found(_):
+ self.assertEqual(404, request.responseCode)
+ self.assertIn("No Such Resource", request.written[0])
+
+ d.addCallback(assert_not_found)
+ return d
+
def test_should_authorize_child_resource_non_ajax_GET_requests(self):
request = DummyRequest(['features'])