Return http.StatusMethodNotAllowed for request method mismatch

oapi-codegen · Oct 19, 2024 · 4ee567c · 4ee567c
1 parent 5324ea6
commit 4ee567c
Show file tree

Hide file tree

Showing 4 changed files with 54 additions and 2 deletions.
diff --git a/internal/test/chi/oapi_validate_test.go b/internal/test/chi/oapi_validate_test.go
@@ -371,6 +371,19 @@ func testRequestValidatorBasicFunctions(t *testing.T, r *chi.Mux) {
 		called = false
 	}
 
+	// Send a request with wrong HTTP method
+	{
+		body := struct {
+			Name string `json:"name"`
+		}{
+			Name: "Marcin",
+		}
+		rec := doPost(t, r, "http://deepmap.ai/resource", body)
+		assert.Equal(t, http.StatusMethodNotAllowed, rec.Code)
+		assert.False(t, called, "Handler should not have been called")
+		called = false
+	}
+
 	// Add a handler for the POST message
 	r.Post("/resource", func(w http.ResponseWriter, r *http.Request) {
 		called = true

diff --git a/internal/test/gorilla/oapi_validate_test.go b/internal/test/gorilla/oapi_validate_test.go
@@ -10,8 +10,8 @@ import (
 	"net/url"
 	"testing"
 
-	"github.com/oapi-codegen/testutil"
 	middleware "github.com/oapi-codegen/nethttp-middleware"
+	"github.com/oapi-codegen/testutil"
 
 	"github.com/getkin/kin-openapi/openapi3"
 	"github.com/getkin/kin-openapi/openapi3filter"
@@ -371,6 +371,19 @@ func testRequestValidatorBasicFunctions(t *testing.T, r *mux.Router) {
 		called = false
 	}
 
+	// Send a request with wrong HTTP method
+	{
+		body := struct {
+			Name string `json:"name"`
+		}{
+			Name: "Marcin",
+		}
+		rec := doPost(t, r, "http://deepmap.ai/resource", body)
+		assert.Equal(t, http.StatusMethodNotAllowed, rec.Code)
+		assert.False(t, called, "Handler should not have been called")
+		called = false
+	}
+
 	// Add a handler for the POST message
 	r.HandleFunc("/resource", func(w http.ResponseWriter, r *http.Request) {
 		called = true

diff --git a/internal/test/nethttp/oapi_validate_test.go b/internal/test/nethttp/oapi_validate_test.go
@@ -10,8 +10,8 @@ import (
 	"net/url"
 	"testing"
 
-	"github.com/oapi-codegen/testutil"
 	middleware "github.com/oapi-codegen/nethttp-middleware"
+	"github.com/oapi-codegen/testutil"
 
 	"github.com/getkin/kin-openapi/openapi3"
 	"github.com/getkin/kin-openapi/openapi3filter"
@@ -42,6 +42,16 @@ func doPost(t *testing.T, mux http.Handler, rawURL string, jsonBody interface{})
 	return response.Recorder
 }
 
+func doPatch(t *testing.T, mux http.Handler, rawURL string, jsonBody interface{}) *httptest.ResponseRecorder {
+	u, err := url.Parse(rawURL)
+	if err != nil {
+		t.Fatalf("Invalid url: %s", rawURL)
+	}
+
+	response := testutil.NewRequest().Patch(u.RequestURI()).WithHost(u.Host).WithJsonBody(jsonBody).GoWithHTTPHandler(t, mux)
+	return response.Recorder
+}
+
 // use wraps a given http.ServeMux with middleware for execution
 func use(r *http.ServeMux, mw func(next http.Handler) http.Handler) http.Handler {
 	return mw(r)
@@ -413,6 +423,19 @@ func testRequestValidatorBasicFunctions(t *testing.T, r *http.ServeMux, mw func(
 		called = false
 	}
 
+	// Send a request with wrong method
+	{
+		body := struct {
+			Name string `json:"name"`
+		}{
+			Name: "Marcin",
+		}
+		rec := doPatch(t, server, "http://deepmap.ai/resource", body)
+		assert.Equal(t, http.StatusMethodNotAllowed, rec.Code)
+		assert.False(t, called, "Handler should not have been called")
+		called = false
+	}
+
 	called = false
 	// Send a good request body
 	{

diff --git a/oapi_validate.go b/oapi_validate.go
@@ -74,6 +74,9 @@ func validateRequest(r *http.Request, router routers.Router, options *Options) (
 	// Find route
 	route, pathParams, err := router.FindRoute(r)
 	if err != nil {
+		if errors.Is(err, routers.ErrMethodNotAllowed) {
+			return http.StatusMethodNotAllowed, err
+		}
 		return http.StatusNotFound, err // We failed to find a matching route for the request.
 	}