return 405 if method doesn't match

alexferl · Oct 23, 2022 · a3aca65 · a3aca65
1 parent 70c3b42
commit a3aca65
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 8 deletions.
diff --git a/jwt.go b/jwt.go
@@ -172,12 +172,20 @@ func JWTWithConfig(config Config) echo.MiddlewareFunc {
 					return next(c)
 				}
 
-				var routeExists bool
+				var routeExists, methodMatches bool
 				for _, route := range c.Echo().Routes() {
-					if path == route.Path && method == route.Method {
+					if path == route.Path {
+						if method == route.Method {
+							methodMatches = true
+						}
 						routeExists = true
 					}
 				}
+
+				if routeExists && !methodMatches {
+					return echo.NewHTTPError(http.StatusMethodNotAllowed, "Method not allowed")
+				}
+
 				if !routeExists {
 					return echo.NewHTTPError(http.StatusNotFound, "Route does not exist")
 				}

diff --git a/jwt_test.go b/jwt_test.go
@@ -356,12 +356,13 @@ func TestJWTWithConfig_OptionalRoutes(t *testing.T) {
 
 func TestJWT_Route_Not_Found(t *testing.T) {
 	testCases := []struct {
-		name     string
-		endpoint string
-		method   string
+		name       string
+		endpoint   string
+		method     string
+		statusCode int
 	}{
-		{"wrong path", "/wrong", http.MethodGet},
-		{"wrong method", "/", http.MethodPost},
+		{"wrong path", "/wrong", http.MethodGet, http.StatusNotFound},
+		{"wrong method", "/", http.MethodPost, http.StatusMethodNotAllowed},
 	}
 
 	for _, tc := range testCases {
@@ -382,7 +383,7 @@ func TestJWT_Route_Not_Found(t *testing.T) {
 
 			e.ServeHTTP(resp, req)
 
-			assert.Equal(t, http.StatusNotFound, resp.Code)
+			assert.Equal(t, tc.statusCode, resp.Code)
 		})
 	}
 }