From 863e6266c02a09d84570fe6f6884b95fa458ece3 Mon Sep 17 00:00:00 2001
From: Julien Dessaux
Date: Mon, 26 Jul 2021 18:34:25 +0200
Subject: Added MethodNotAllowed errors to login webui handler

---
 internal/webui/login.go      |  7 +++++--
 internal/webui/login_test.go | 23 +++++++++++++++++++++++
 2 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/internal/webui/login.go b/internal/webui/login.go
index c0eb109..5469dd1 100644
--- a/internal/webui/login.go
+++ b/internal/webui/login.go
@@ -26,7 +26,8 @@ func loginHandler(e *env, w http.ResponseWriter, r *http.Request) error {
 			http.Redirect(w, r, "/", http.StatusFound)
 			return nil
 		}
-		if r.Method == http.MethodPost {
+		switch r.Method {
+		case http.MethodPost:
 			r.ParseForm()
 			// username
 			username, ok := r.Form["username"]
@@ -71,13 +72,15 @@ func loginHandler(e *env, w http.ResponseWriter, r *http.Request) error {
 			http.SetCookie(w, &cookie)
 			http.Redirect(w, r, "/", http.StatusFound)
 			return nil
-		} else {
+		case http.MethodGet:
 			p := Page{Title: "Login"}
 			err := loginTemplate.ExecuteTemplate(w, "login.html", p)
 			if err != nil {
 				return newStatusError(http.StatusInternalServerError, err)
 			}
 			return nil
+		default:
+			return newStatusError(http.StatusMethodNotAllowed, fmt.Errorf(http.StatusText(http.StatusMethodNotAllowed)))
 		}
 	} else {
 		return newStatusError(http.StatusNotFound, fmt.Errorf("Invalid path in loginHandler"))
diff --git a/internal/webui/login_test.go b/internal/webui/login_test.go
index fe27f7e..0d661cb 100644
--- a/internal/webui/login_test.go
+++ b/internal/webui/login_test.go
@@ -187,4 +187,27 @@ func TestLoginHandler(t *testing.T) {
 			err:  &statusError{http.StatusNotFound, simpleErrorMessage},
 		},
 	})
+	// Test other request types
+	methods := []string{
+		http.MethodConnect,
+		http.MethodDelete,
+		http.MethodHead,
+		http.MethodOptions,
+		http.MethodPatch,
+		http.MethodPut,
+		http.MethodTrace,
+	}
+	for _, method := range methods {
+		runHttpTest(t, e, loginHandler, &httpTestCase{
+			name: "a login attempt with an invalid method should error",
+			input: httpTestInput{
+				method: method,
+				path:   "/login",
+			},
+			expect: httpTestExpect{
+				code: http.StatusMethodNotAllowed,
+				err:  &statusError{http.StatusMethodNotAllowed, simpleErrorMessage},
+			},
+		})
+	}
 }
-- 
cgit v1.2.3