actually 404-ing valid requests but non-existing resource

Issue #684

1 files changed, 16 insertions, 0 deletions

diff --git a/service/test/unit/resources/test_root_resource.py b/service/test/unit/resources/test_root_resource.py
index 0e963f02..4ff11ce8 100644
--- a/service/test/unit/resources/test_root_resource.py
+++ b/service/test/unit/resources/test_root_resource.py
@@ -103,6 +103,22 @@ class TestRootResource(unittest.TestCase):
         d.addCallback(assert_unauthorized)
         return d
 
+    def test_should_404_non_existing_resource_with_valid_csrf(self):
+        request = DummyRequest(['/non-existing-child'])
+        request.method = 'POST'
+        self._mock_ajax_csrf(request, 'stubbed csrf token')
+
+        request.getCookie = MagicMock(return_value='stubbed csrf token')
+
+        d = self.web.get(request)
+
+        def assert_not_found(_):
+            self.assertEqual(404, request.responseCode)
+            self.assertIn("No Such Resource", request.written[0])
+
+        d.addCallback(assert_not_found)
+        return d
+
     def test_should_authorize_child_resource_non_ajax_GET_requests(self):
         request = DummyRequest(['features'])