Restore inadvertently-removed fallback

2 files changed, 8 insertions, 1 deletions

diff --git a/activestorage/app/controllers/active_storage/disk_controller.rb b/activestorage/app/controllers/active_storage/disk_controller.rb
index 436cd0ccd8..75cc11d6ff 100644
--- a/activestorage/app/controllers/active_storage/disk_controller.rb
+++ b/activestorage/app/controllers/active_storage/disk_controller.rb
@@ -19,10 +19,11 @@ class ActiveStorage::DiskController < ActiveStorage::BaseController
     if token = decode_verified_token
       if acceptable_content?(token)
         disk_service.upload token[:key], request.body, checksum: token[:checksum]
-        head :no_content
       else
         head :unprocessable_entity
       end
+    else
+      head :not_found
     end
   rescue ActiveStorage::IntegrityError
     head :unprocessable_entity
diff --git a/activestorage/test/controllers/disk_controller_test.rb b/activestorage/test/controllers/disk_controller_test.rb
index 32b930730d..c053052f6f 100644
--- a/activestorage/test/controllers/disk_controller_test.rb
+++ b/activestorage/test/controllers/disk_controller_test.rb
@@ -67,4 +67,10 @@ class ActiveStorage::DiskControllerTest < ActionDispatch::IntegrationTest
     assert_response :unprocessable_entity
     assert_not blob.service.exist?(blob.key)
   end
+
+  test "directly uploading blob with invalid token" do
+    put update_rails_disk_service_url(encoded_token: "invalid"),
+      params: "Something else entirely!", headers: { "Content-Type" => "text/plain" }
+    assert_response :not_found
+  end
 end