From 167a6b9eefd2076d08b4f1504f8b5ff3fb281026 Mon Sep 17 00:00:00 2001
From: Robert Speicher <rspeicher@gmail.com>
Date: Mon, 6 Apr 2015 23:02:06 -0400
Subject: [PATCH] Render a 404 when RefsController#logs_tree gets an HTML
 request

Fixes #2152
---
 app/controllers/projects/refs_controller.rb   |  5 +++
 .../projects/refs_controller_spec.rb          | 41 +++++++++++++++++++
 2 files changed, 46 insertions(+)
 create mode 100644 spec/controllers/projects/refs_controller_spec.rb

diff --git a/app/controllers/projects/refs_controller.rb b/app/controllers/projects/refs_controller.rb
index 67acf45ab7f..ec3b2b8d75a 100644
--- a/app/controllers/projects/refs_controller.rb
+++ b/app/controllers/projects/refs_controller.rb
@@ -55,5 +55,10 @@ class Projects::RefsController < Projects::ApplicationController
         commit: last_commit
       }
     end
+
+    respond_to do |format|
+      format.html { render_404 }
+      format.js
+    end
   end
 end
diff --git a/spec/controllers/projects/refs_controller_spec.rb b/spec/controllers/projects/refs_controller_spec.rb
new file mode 100644
index 00000000000..c254ab7cb6e
--- /dev/null
+++ b/spec/controllers/projects/refs_controller_spec.rb
@@ -0,0 +1,41 @@
+require 'spec_helper'
+
+describe Projects::RefsController do
+  let(:project) { create(:project) }
+  let(:user)    { create(:user) }
+
+  before do
+    sign_in(user)
+    project.team << [user, :developer]
+  end
+
+  describe 'GET #logs_tree' do
+    def default_get(format = :html)
+      get :logs_tree, namespace_id: project.namespace.to_param,
+        project_id: project.to_param, id: 'master',
+        path: 'foo/bar/baz.html', format: format
+    end
+
+    def xhr_get(format = :html)
+      xhr :get, :logs_tree, namespace_id: project.namespace.to_param,
+        project_id: project.to_param, id: 'master',
+        path: 'foo/bar/baz.html', format: format
+    end
+
+    it 'never throws MissingTemplate' do
+      expect { default_get }.not_to raise_error
+      expect { xhr_get }.not_to raise_error
+    end
+
+    it 'renders 404 for non-JS requests' do
+      xhr_get
+
+      expect(response).to be_not_found
+    end
+
+    it 'renders JS' do
+      xhr_get(:js)
+      expect(response).to be_success
+    end
+  end
+end
-- 
GitLab