Commit 0ebc7488 authored by Hugo Ortiz's avatar Hugo Ortiz

Handle MissingPersonalAccessTokenError on Go middleware

The user authentication performed by the Go middleware may throw a
Gitlab::Auth::MissingPersonalAccessTokenError. Respond to this error
with 401 Unauthorized instead of letting it bubble up and end up as a
500 Internal Server Error response.

Changelog: changed
parent ebd17d9f
......@@ -27,6 +27,8 @@ module Gitlab
path: request.fullpath
)
Rack::Response.new('', 403).finish
rescue Gitlab::Auth::MissingPersonalAccessTokenError
Rack::Response.new('', 401).finish
end
private
......
......@@ -147,6 +147,22 @@ RSpec.describe Gitlab::Middleware::Go do
end
end
end
context 'when a personal access token is missing' do
before do
env['REMOTE_ADDR'] = '192.168.0.1'
env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials(current_user.username, 'dummy_password')
end
it 'returns unauthorized' do
expect(Gitlab::Auth).to receive(:find_for_git_client).and_raise(Gitlab::Auth::MissingPersonalAccessTokenError)
response = go
expect(response[0]).to eq(401)
expect(response[1]['Content-Length']).to be_nil
expect(response[2]).to eq([''])
end
end
end
end
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment