/auth/ url allows arbitrary sub-paths

[mradamcox]

Describe the bug There are valid subpaths of /auth/, like /auth/password, but if I put in a random subpath, like /auth/dfdfdf then I am brought to the default login page. I believe that /auth/dfdfdf should actually return a "not found" error.

The issue is that this line in urls.py https://github.com/archesproject/arches/blob/master/arches/urls.py#L93 is

url(r"^auth/", LoginView.as_view(), name="auth"),

but a $ should be added to indicate the end of the valid pattern like so

url(r"^auth/$", LoginView.as_view(), name="auth"),

To Reproduce Steps to reproduce the behavior:

1. Go to '/auth/dfdfdf'

Expected behavior An invalid url should return a "not found" response.

Your Arches Information

• Version used: dev/6.2.x
• Operating System and version (desktop or mobile):
• Browser Name and version:
• Link to your Arches Install (optional):

Additional context This emerged as an issue in a custom Arches project which overwrites the /auth/ url to provide a custom login page and view. While we can overwrite /auth/ as Arches is currently configured,it is cumbersome to fully override this /auth/random behavior and requires extra patches, where I believe an underlying fix would be better in the long-run.

Ticket Background

• Found by: @mradamcox