From 0b9cb507c7a4488e6f9e7cc1cbc2c8a5a98b04b8 Mon Sep 17 00:00:00 2001
From: Oliver Walters <oliver.henry.walters@gmail.com>
Date: Sat, 27 Feb 2021 22:38:08 +1100
Subject: [PATCH 1/3] Redirect invalid API urls to a 404 page

---
 InvenTree/InvenTree/api.py  | 16 ++++++++++++++++
 InvenTree/InvenTree/urls.py |  5 ++++-
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/InvenTree/InvenTree/api.py b/InvenTree/InvenTree/api.py
index c204c0befb..fa8a6739b7 100644
--- a/InvenTree/InvenTree/api.py
+++ b/InvenTree/InvenTree/api.py
@@ -48,6 +48,22 @@ class InfoView(AjaxView):
         return JsonResponse(data)
 
 
+class NotFoundView(AjaxView):
+    """
+    Simple JSON view when accessing an invalid API view.
+    """
+
+    permission_classes = [permissions.AllowAny]
+
+    def get(self, request, *args, **kwargs):
+
+        data = {
+            'details': _('API endpoint not found')
+        }
+
+        return JsonResponse(data, status=404)
+
+
 class AttachmentMixin:
     """
     Mixin for creating attachment objects,
diff --git a/InvenTree/InvenTree/urls.py b/InvenTree/InvenTree/urls.py
index c5b439c0be..a9f53a7014 100644
--- a/InvenTree/InvenTree/urls.py
+++ b/InvenTree/InvenTree/urls.py
@@ -43,7 +43,7 @@ from .views import DynamicJsView
 
 from common.views import SettingEdit
 
-from .api import InfoView
+from .api import InfoView, NotFoundView
 from .api import ActionPluginView
 
 from users.urls import user_urls
@@ -70,6 +70,9 @@ apipatterns = [
 
     # InvenTree information endpoint
     url(r'^$', InfoView.as_view(), name='api-inventree-info'),
+
+    # Unknown endpoint
+    url(r'^.*$', NotFoundView.as_view(), name='api-404'),
 ]
 
 settings_urls = [

From 5069882a7f895de620af4703467c3b197b19ca87 Mon Sep 17 00:00:00 2001
From: Oliver Walters <oliver.henry.walters@gmail.com>
Date: Sat, 27 Feb 2021 22:41:36 +1100
Subject: [PATCH 2/3] URL tweaks

---
 InvenTree/users/urls.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/InvenTree/users/urls.py b/InvenTree/users/urls.py
index 7d8d23883f..7f29bd85cc 100644
--- a/InvenTree/users/urls.py
+++ b/InvenTree/users/urls.py
@@ -5,8 +5,8 @@ from . import api
 user_urls = [
     url(r'^(?P<pk>[0-9]+)/?$', api.UserDetail.as_view(), name='user-detail'),
 
-    url(r'roles', api.RoleDetails.as_view(), name='api-user-roles'),
-    url(r'token', api.GetAuthToken.as_view(), name='api-token'),
+    url(r'roles/?$', api.RoleDetails.as_view(), name='api-user-roles'),
+    url(r'token/?$', api.GetAuthToken.as_view(), name='api-token'),
 
     url(r'^$', api.UserList.as_view()),
 ]

From 19c76f7842c587a5e1bb03a8ad6620f21c7cbab4 Mon Sep 17 00:00:00 2001
From: Oliver Walters <oliver.henry.walters@gmail.com>
Date: Sat, 27 Feb 2021 22:44:38 +1100
Subject: [PATCH 3/3] Include 404 URL in response

---
 InvenTree/InvenTree/api.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/InvenTree/InvenTree/api.py b/InvenTree/InvenTree/api.py
index fa8a6739b7..3489056865 100644
--- a/InvenTree/InvenTree/api.py
+++ b/InvenTree/InvenTree/api.py
@@ -58,7 +58,8 @@ class NotFoundView(AjaxView):
     def get(self, request, *args, **kwargs):
 
         data = {
-            'details': _('API endpoint not found')
+            'details': _('API endpoint not found'),
+            'url': request.build_absolute_uri(),
         }
 
         return JsonResponse(data, status=404)