From: Salvatore Orlando <salv.orlando@gmail.com>
Date: Thu, 13 Aug 2015 21:41:21 +0000 (-0700)
Subject: Allow only GET on Root controller
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=4e4a6cff5d257c85fb062d660ef2d1c9d0941ce9;p=openstack-build%2Fneutron-build.git

Allow only GET on Root controller

This patch simply ensures a 405 error is returned when a HTTP
method different from GET is invoked on '/'.
This differs from the eventlet WSGI server behaviour; however
returning the same response as for a GET for any method, even
made up ones - like 'meh' - is a mistake that should not be
repeated in the Pecan WSGI server.

Change-Id: I4305f374e4aacab718daa6f131f278cc69e8d699
---

diff --git a/neutron/pecan_wsgi/controllers/root.py b/neutron/pecan_wsgi/controllers/root.py
index 6bcace413..396778bac 100644
--- a/neutron/pecan_wsgi/controllers/root.py
+++ b/neutron/pecan_wsgi/controllers/root.py
@@ -54,6 +54,12 @@ class RootController(object):
         versions = [builder.build(version) for version in _get_version_info()]
         return dict(versions=versions)
 
+    @when(index, method='POST')
+    @when(index, method='PUT')
+    @when(index, method='DELETE')
+    def not_supported(self):
+        pecan.abort(405)
+
 
 class ExtensionsController(object):
 
diff --git a/neutron/tests/functional/pecan_wsgi/test_functional.py b/neutron/tests/functional/pecan_wsgi/test_functional.py
index ee3d4ed4f..8e4b135d3 100644
--- a/neutron/tests/functional/pecan_wsgi/test_functional.py
+++ b/neutron/tests/functional/pecan_wsgi/test_functional.py
@@ -248,3 +248,23 @@ class TestRootController(PecanFunctionalTest):
         for (attr, value) in controllers.V2Controller.version_info.items():
             self.assertIn(attr, versions[0])
             self.assertEqual(value, versions[0][attr])
+
+    def _test_method_returns_405(self, method):
+        api_method = getattr(self.app, method)
+        response = api_method('/', expect_errors=True)
+        self.assertEqual(response.status_int, 405)
+
+    def test_post(self):
+        self._test_method_returns_405('post')
+
+    def test_put(self):
+        self._test_method_returns_405('put')
+
+    def test_patch(self):
+        self._test_method_returns_405('patch')
+
+    def test_delete(self):
+        self._test_method_returns_405('delete')
+
+    def test_head(self):
+        self._test_method_returns_405('head')