Fix index method.

The HTML reply pointed to the new-reg URL, when it should point to the
directory.

Also fix https://github.com/letsencrypt/boulder/issues/717 by checking first
whether the request path is exactly "/" and giving 404 otherwise.

wfe/web-front-end.go

@@ -11,7 +11,6 @@ import (
 	"database/sql"
 	"encoding/json"
 	"fmt"
-	"html/template"
 	"io/ioutil"
 	"net/http"
 	"regexp"
@@ -212,7 +211,6 @@ func (wfe *WebFrontEndImpl) Handler() (http.Handler, error) {
 	wfe.DirectoryJSON = directoryJSON
 
 	m := http.NewServeMux()
-	wfe.HandleFunc(m, "/", wfe.Index, "GET")
 	wfe.HandleFunc(m, DirectoryPath, wfe.Directory, "GET")
 	wfe.HandleFunc(m, NewRegPath, wfe.NewRegistration, "POST")
 	wfe.HandleFunc(m, NewAuthzPath, wfe.NewAuthorization, "POST")
@@ -224,6 +222,10 @@ func (wfe *WebFrontEndImpl) Handler() (http.Handler, error) {
 	wfe.HandleFunc(m, TermsPath, wfe.Terms, "GET")
 	wfe.HandleFunc(m, IssuerPath, wfe.Issuer, "GET")
 	wfe.HandleFunc(m, BuildIDPath, wfe.BuildID, "GET")
+	// We don't use our special HandleFunc for "/" because it matches everything,
+	// meaning we can wind up returning 405 when we mean to return 404. See
+	// https://github.com/letsencrypt/boulder/issues/717
+	m.HandleFunc("/", wfe.Index)
 	return m, nil
 }
 
@@ -243,16 +245,22 @@ func (wfe *WebFrontEndImpl) Index(response http.ResponseWriter, request *http.Re
 		return
 	}
 
-	tmpl := template.Must(template.New("body").Parse(`<html>
-  <body>
-    This is an <a href="https://github.com/letsencrypt/acme-spec/">ACME</a>
-    Certificate Authority running <a href="https://github.com/letsencrypt/boulder">Boulder</a>,
-    New registration is available at <a href="{{.NewReg}}">{{.NewReg}}</a>.
-  </body>
-</html>
-`))
-	tmpl.Execute(response, wfe)
+	if request.Method != "GET" {
+		logEvent.Error = "Bad method"
+		response.Header().Set("Allow", "GET")
+		response.WriteHeader(http.StatusMethodNotAllowed)
+		return
+	}
+
 	response.Header().Set("Content-Type", "text/html")
+	response.Write([]byte(fmt.Sprintf(`<html>
+		<body>
+			This is an <a href="https://github.com/letsencrypt/acme-spec/">ACME</a>
+			Certificate Authority running <a href="https://github.com/letsencrypt/boulder">Boulder</a>.
+			JSON directory is available at <a href="%s">%s</a>.
+		</body>
+	</html>
+	`, DirectoryPath, DirectoryPath)))
 	addCacheHeader(response, wfe.IndexCacheDuration.Seconds())
 }
 

wfe/web-front-end_test.go

@@ -466,7 +466,6 @@ func TestStandardHeaders(t *testing.T) {
 		path    string
 		allowed []string
 	}{
-		{"/", []string{"GET"}},
 		{wfe.NewReg, []string{"POST"}},
 		{wfe.RegBase, []string{"POST"}},
 		{wfe.NewAuthz, []string{"POST"}},
@@ -492,6 +491,28 @@ func TestStandardHeaders(t *testing.T) {
 	}
 }
 
+func TestIndexPOST(t *testing.T) {
+	wfe := setupWFE(t)
+	responseWriter := httptest.NewRecorder()
+	url, _ := url.Parse("/")
+	wfe.Index(responseWriter, &http.Request{
+		Method: "POST",
+		URL:    url,
+	})
+	test.AssertEquals(t, responseWriter.Code, http.StatusMethodNotAllowed)
+}
+
+func TestPOST404(t *testing.T) {
+	wfe := setupWFE(t)
+	responseWriter := httptest.NewRecorder()
+	url, _ := url.Parse("/foobar")
+	wfe.Index(responseWriter, &http.Request{
+		Method: "POST",
+		URL:    url,
+	})
+	test.AssertEquals(t, responseWriter.Code, http.StatusNotFound)
+}
+
 func TestIndex(t *testing.T) {
 	wfe := setupWFE(t)
 	wfe.IndexCacheDuration = time.Second * 10
@@ -505,8 +526,8 @@ func TestIndex(t *testing.T) {
 	})
 	test.AssertEquals(t, responseWriter.Code, http.StatusOK)
 	test.AssertNotEquals(t, responseWriter.Body.String(), "404 page not found\n")
-	test.Assert(t, strings.Contains(responseWriter.Body.String(), wfe.NewReg),
-		"new-reg not found")
+	test.Assert(t, strings.Contains(responseWriter.Body.String(), DirectoryPath),
+		"directory path not found")
 	test.AssertEquals(t, responseWriter.Header().Get("Cache-Control"), "public, max-age=10")
 
 	responseWriter.Body.Reset()