diff --git a/lib/plausible_web/controllers/stats_controller.ex b/lib/plausible_web/controllers/stats_controller.ex index 18bf1acb1..5c3ddbb48 100644 --- a/lib/plausible_web/controllers/stats_controller.ex +++ b/lib/plausible_web/controllers/stats_controller.ex @@ -144,6 +144,10 @@ defmodule PlausibleWeb.StatsController do end end + def shared_link(conn, _) do + render_error(conn, 400) + end + def authenticate_shared_link(conn, %{"slug" => slug, "password" => password}) do shared_link = Repo.get_by(Plausible.Site.SharedLink, slug: slug) diff --git a/test/plausible_web/controllers/stats_controller_test.exs b/test/plausible_web/controllers/stats_controller_test.exs index 416afefa7..54a4a1845 100644 --- a/test/plausible_web/controllers/stats_controller_test.exs +++ b/test/plausible_web/controllers/stats_controller_test.exs @@ -263,6 +263,11 @@ defmodule PlausibleWeb.StatsControllerTest do assert html_response(conn, 200) =~ "Site locked" refute String.contains?(html_response(conn, 200), "Back to my sites") end + + test "renders bad request when no auth parameter supplied", %{conn: conn} do + conn = get(conn, "/share/example.com") + assert response(conn, 400) =~ "Bad Request" + end end describe "POST /share/:slug/authenticate" do