Respond with 400 when no auth supplied to shared link request

This commit is contained in:
Adam Rutkowski 2022-09-05 11:15:09 +02:00
parent b9ae568bad
commit 2275cd8e22
2 changed files with 9 additions and 0 deletions

View File

@ -144,6 +144,10 @@ defmodule PlausibleWeb.StatsController do
end
end
def shared_link(conn, _) do
render_error(conn, 400)
end
def authenticate_shared_link(conn, %{"slug" => slug, "password" => password}) do
shared_link =
Repo.get_by(Plausible.Site.SharedLink, slug: slug)

View File

@ -263,6 +263,11 @@ defmodule PlausibleWeb.StatsControllerTest do
assert html_response(conn, 200) =~ "Site locked"
refute String.contains?(html_response(conn, 200), "Back to my sites")
end
test "renders bad request when no auth parameter supplied", %{conn: conn} do
conn = get(conn, "/share/example.com")
assert response(conn, 400) =~ "Bad Request"
end
end
describe "POST /share/:slug/authenticate" do