Respond 404 when repo does not exist

4be20ba9 · Michael Kozono · Stan Hu · b9ed721b · 4be20ba9 · 4be20ba9
Commit 4be20ba9 authored Feb 22, 2018 by Michael Kozono Committed by Stan Hu Feb 24, 2018
5 changed files
--- a/changelogs/unreleased/mk-fix-error-code-for-repo-does-not-exist.yml
+++ b/changelogs/unreleased/mk-fix-error-code-for-repo-does-not-exist.yml
+---
+title: Return a 404 instead of 403 if the repository does not exist on disk
+merge_request: 17341
+author:
+type: fixed
--- a/lib/gitlab/git_access.rb
+++ b/lib/gitlab/git_access.rb
@@ -199,7 +199,7 @@ module Gitlab

    def check_repository_existence!
      unless repository.exists?
-        raise UnauthorizedError, ERROR_MESSAGES[:no_repo]
+        raise NotFoundError, ERROR_MESSAGES[:no_repo]
      end
    end


--- a/spec/lib/gitlab/git_access_spec.rb
+++ b/spec/lib/gitlab/git_access_spec.rb
@@ -534,6 +534,19 @@ describe Gitlab::GitAccess do
      expect { pull_access_check }.to raise_unauthorized('Your account has been blocked.')
    end

+    context 'when the project repository does not exist' do
+      it 'returns not found' do
+        project.add_guest(user)
+        repo = project.repository
+        FileUtils.rm_rf(repo.path)
+
+        # Sanity check for rm_rf
+        expect(repo.exists?).to eq(false)
+
+        expect { pull_access_check }.to raise_error(Gitlab::GitAccess::NotFoundError, 'A repository for this project does not exist yet.')
+      end
+    end
+
    describe 'without access to project' do
      context 'pull code' do
        it { expect { pull_access_check }.to raise_not_found }

--- a/spec/lib/gitlab/git_access_wiki_spec.rb
+++ b/spec/lib/gitlab/git_access_wiki_spec.rb
@@ -57,7 +57,7 @@ describe Gitlab::GitAccessWiki do
          # Sanity check for rm_rf
          expect(wiki_repo.exists?).to eq(false)

-          expect { subject }.to raise_error(Gitlab::GitAccess::UnauthorizedError, 'A repository for this project does not exist yet.')
+          expect { subject }.to raise_error(Gitlab::GitAccess::NotFoundError, 'A repository for this project does not exist yet.')
        end
      end
    end

--- a/spec/requests/git_http_spec.rb
+++ b/spec/requests/git_http_spec.rb
@@ -597,7 +597,7 @@ describe 'Git HTTP requests' do
        context "when a gitlab ci token is provided" do
          let(:project) { create(:project, :repository) }
          let(:build) { create(:ci_build, :running) }
-          let(:other_project) { create(:project) }
+          let(:other_project) { create(:project, :repository) }

          before do
            build.update!(project: project) # can't associate it on factory create
@@ -648,10 +648,10 @@ describe 'Git HTTP requests' do
              context 'when the repo does not exist' do
                let(:project) { create(:project) }

-                it 'rejects pulls with 403 Forbidden' do
+                it 'rejects pulls with 404 Not Found' do
                  clone_get path, env

-                  expect(response).to have_gitlab_http_status(:forbidden)
+                  expect(response).to have_gitlab_http_status(:not_found)
                  expect(response.body).to eq(git_access_error(:no_repo))
                end
              end