diff options
| -rw-r--r-- | activestorage/app/controllers/active_storage/disk_controller.rb | 3 | ||||
| -rw-r--r-- | activestorage/test/controllers/disk_controller_test.rb | 6 |
2 files changed, 8 insertions, 1 deletions
diff --git a/activestorage/app/controllers/active_storage/disk_controller.rb b/activestorage/app/controllers/active_storage/disk_controller.rb index 436cd0ccd8..75cc11d6ff 100644 --- a/activestorage/app/controllers/active_storage/disk_controller.rb +++ b/activestorage/app/controllers/active_storage/disk_controller.rb @@ -19,10 +19,11 @@ class ActiveStorage::DiskController < ActiveStorage::BaseController if token = decode_verified_token if acceptable_content?(token) disk_service.upload token[:key], request.body, checksum: token[:checksum] - head :no_content else head :unprocessable_entity end + else + head :not_found end rescue ActiveStorage::IntegrityError head :unprocessable_entity diff --git a/activestorage/test/controllers/disk_controller_test.rb b/activestorage/test/controllers/disk_controller_test.rb index 32b930730d..c053052f6f 100644 --- a/activestorage/test/controllers/disk_controller_test.rb +++ b/activestorage/test/controllers/disk_controller_test.rb @@ -67,4 +67,10 @@ class ActiveStorage::DiskControllerTest < ActionDispatch::IntegrationTest assert_response :unprocessable_entity assert_not blob.service.exist?(blob.key) end + + test "directly uploading blob with invalid token" do + put update_rails_disk_service_url(encoded_token: "invalid"), + params: "Something else entirely!", headers: { "Content-Type" => "text/plain" } + assert_response :not_found + end end |