Merge pull request #842 from alphagov/sign-in-route

Check content item is a sign in page before attempting to sign in
alphagov · Mar 21, 2018 · 5215df7 · 5215df7
2 parents c1afd34 + 91d0296
commit 5215df7
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 0 deletions.
diff --git a/app/controllers/content_items_controller.rb b/app/controllers/content_items_controller.rb
@@ -23,6 +23,8 @@ def show
   end
 
   def service_sign_in_options
+    return head :not_found unless is_sign_in_content_item_path?
+
     if params[:option].blank?
       @error = true
       show
@@ -35,6 +37,10 @@ def service_sign_in_options
 
 private
 
+  def is_sign_in_content_item_path?
+    content_item_path.include?("sign-in")
+  end
+
   # Allow guides to pass access token to each part to allow
   # fact checking of all content
   def set_guide_draft_access_token

diff --git a/test/controllers/service_sign_in_content_item_controller_test.rb b/test/controllers/service_sign_in_content_item_controller_test.rb
@@ -52,6 +52,11 @@ class ContentItemsControllerTest < ActionController::TestCase
   end
 
 
+  test "raises a 404 for a content item which isn't a service_sign_in page" do
+    path = "this/is/not/a/sign/in/page"
+    post :service_sign_in_options, params: { path: path }
+    assert_response :not_found
+  end
 
   test "service_sign_in_options with option param set" do
     content_item = content_store_has_schema_example("service_sign_in", "service_sign_in")