diff options
-rw-r--r-- | service/pixelated/resources/root_resource.py | 3 | ||||
-rw-r--r-- | service/test/unit/resources/test_root_resource.py | 16 |
2 files changed, 18 insertions, 1 deletions
diff --git a/service/pixelated/resources/root_resource.py b/service/pixelated/resources/root_resource.py index 54fe7b4a..504d156d 100644 --- a/service/pixelated/resources/root_resource.py +++ b/service/pixelated/resources/root_resource.py @@ -31,6 +31,7 @@ from pixelated.resources.mail_resource import MailResource from pixelated.resources.mails_resource import MailsResource from pixelated.resources.tags_resource import TagsResource from pixelated.resources.keys_resource import KeysResource +from twisted.web.resource import NoResource from twisted.web.static import File from pixelated.resources.users import UsersResource @@ -139,4 +140,4 @@ class ChildResourcesMap(object): self._registry[path] = resource def get(self, path): - return self._registry.get(path) + return self._registry.get(path) or NoResource() diff --git a/service/test/unit/resources/test_root_resource.py b/service/test/unit/resources/test_root_resource.py index 0e963f02..4ff11ce8 100644 --- a/service/test/unit/resources/test_root_resource.py +++ b/service/test/unit/resources/test_root_resource.py @@ -103,6 +103,22 @@ class TestRootResource(unittest.TestCase): d.addCallback(assert_unauthorized) return d + def test_should_404_non_existing_resource_with_valid_csrf(self): + request = DummyRequest(['/non-existing-child']) + request.method = 'POST' + self._mock_ajax_csrf(request, 'stubbed csrf token') + + request.getCookie = MagicMock(return_value='stubbed csrf token') + + d = self.web.get(request) + + def assert_not_found(_): + self.assertEqual(404, request.responseCode) + self.assertIn("No Such Resource", request.written[0]) + + d.addCallback(assert_not_found) + return d + def test_should_authorize_child_resource_non_ajax_GET_requests(self): request = DummyRequest(['features']) |