[collector] ensure endpoint only accepts POST requests

collector/tests.py

@@ -7,6 +7,7 @@ from .models import Teil
 
 names = st.text(alphabet=st.characters(exclude_categories=["C"]), min_size=1)
 
+
 @given(data=names)
 def test_submitted_data_ends_up_in_database(data, session: Client):
     with pytest.raises(Teil.DoesNotExist):
@@ -29,3 +30,22 @@ def test_entering_same_name_twice_does_not_change_database_entry(data, session:
     assert response.status_code == 302
     assert Teil.objects.filter(name=data).count() == 1
 
+
+@pytest.mark.parametrize(
+    "http_method,expected_status",
+    [
+        ("GET", 405),
+        ("PATCH", 405),
+        ("POST", 302),
+        ("PUT", 405),
+    ],
+)
+def test_enter_endpoint_accepts_only_post_requests(
+    client: Client, http_method: str, expected_status: int, random_name
+):
+    request_method = getattr(client, http_method.lower())
+
+    response = request_method(
+        reverse("collector:enter"), data={"new_name": random_name(8)}
+    )
+    assert response.status_code == expected_status

collector/views.py

@@ -6,6 +6,7 @@ from django.db.models import QuerySet
 from django.http import HttpRequest, HttpResponse, HttpResponseRedirect
 from django.urls import reverse
 from django.views import generic
+from django.views.decorators.http import require_http_methods
 
 from .models import Teil
 
@@ -44,6 +45,7 @@ class DetailView(generic.DetailView):
         return context
 
 
+@require_http_methods(["POST"])
 def enter(request: HttpRequest) -> HttpResponse:
     try:
         with transaction.atomic():