Change back internal API return code

In https://gitlab.com/gitlab-org/gitlab/-/merge_requests/25936
we align the return code for the same error to be 403.

Nevertheless, it seems the internal API needs it to be
401, otherwise, the custom error message won't be shown.

changelogs/unreleased/fj-fix-internal-api-return-code.yml

+---
+title: Change back internal api return code
+merge_request: 26063
+author:
+type: fixed

ee/spec/requests/api/internal/base_spec.rb

@@ -132,7 +132,7 @@ describe API::Internal::Base do
                protocol: 'ssh'
              })
 
-        expect(response).to have_gitlab_http_status(:forbidden)
+        expect(response).to have_gitlab_http_status(:unauthorized)
       end
     end
 
@@ -237,7 +237,7 @@ describe API::Internal::Base do
         it "does not allow access" do
           subject
 
-          expect(response).to have_gitlab_http_status(:forbidden)
+          expect(response).to have_gitlab_http_status(:unauthorized)
           expect(json_response['message']).to eql('Project requires smartcard login. Please login to GitLab using a smartcard.')
         end
       end

lib/api/internal/base.rb

@@ -50,7 +50,11 @@ module API
                            @project ||= access_checker.project
                            result
                          rescue Gitlab::GitAccess::ForbiddenError => e
-                           return response_with_status(code: 403, success: false, message: e.message)
+                           # The return code needs to be 401. If we return 403
+                           # the custom message we return won't be shown to the user
+                           # and, instead, the default message 'GitLab: API is not accessible'
+                           # will be displayed
+                           return response_with_status(code: 401, success: false, message: e.message)
                          rescue Gitlab::GitAccess::TimeoutError => e
                            return response_with_status(code: 503, success: false, message: e.message)
                          rescue Gitlab::GitAccess::NotFoundError => e

spec/requests/api/internal/base_spec.rb

@@ -409,7 +409,7 @@ describe API::Internal::Base do
         it do
           pull(key, project)
 
-          expect(response).to have_gitlab_http_status(:forbidden)
+          expect(response).to have_gitlab_http_status(:unauthorized)
           expect(json_response["status"]).to be_falsey
           expect(user.reload.last_activity_on).to be_nil
         end
@@ -419,7 +419,7 @@ describe API::Internal::Base do
         it do
           push(key, project)
 
-          expect(response).to have_gitlab_http_status(:forbidden)
+          expect(response).to have_gitlab_http_status(:unauthorized)
           expect(json_response["status"]).to be_falsey
           expect(user.reload.last_activity_on).to be_nil
         end
@@ -518,7 +518,7 @@ describe API::Internal::Base do
         it do
           pull(key, personal_project)
 
-          expect(response).to have_gitlab_http_status(:forbidden)
+          expect(response).to have_gitlab_http_status(:unauthorized)
           expect(json_response["status"]).to be_falsey
           expect(user.reload.last_activity_on).to be_nil
         end
@@ -528,7 +528,7 @@ describe API::Internal::Base do
         it do
           push(key, personal_project)
 
-          expect(response).to have_gitlab_http_status(:forbidden)
+          expect(response).to have_gitlab_http_status(:unauthorized)
           expect(json_response["status"]).to be_falsey
           expect(user.reload.last_activity_on).to be_nil
         end
@@ -572,7 +572,7 @@ describe API::Internal::Base do
         it do
           push(key, project)
 
-          expect(response).to have_gitlab_http_status(:forbidden)
+          expect(response).to have_gitlab_http_status(:unauthorized)
           expect(json_response["status"]).to be_falsey
         end
       end
@@ -654,7 +654,7 @@ describe API::Internal::Base do
       it 'rejects the SSH push' do
         push(key, project)
 
-        expect(response).to have_gitlab_http_status(:forbidden)
+        expect(response).to have_gitlab_http_status(:unauthorized)
         expect(json_response['status']).to be_falsey
         expect(json_response['message']).to eq 'Git access over SSH is not allowed'
       end
@@ -662,7 +662,7 @@ describe API::Internal::Base do
       it 'rejects the SSH pull' do
         pull(key, project)
 
-        expect(response).to have_gitlab_http_status(:forbidden)
+        expect(response).to have_gitlab_http_status(:unauthorized)
         expect(json_response['status']).to be_falsey
         expect(json_response['message']).to eq 'Git access over SSH is not allowed'
       end
@@ -676,7 +676,7 @@ describe API::Internal::Base do
       it 'rejects the HTTP push' do
         push(key, project, 'http')
 
-        expect(response).to have_gitlab_http_status(:forbidden)
+        expect(response).to have_gitlab_http_status(:unauthorized)
         expect(json_response['status']).to be_falsey
         expect(json_response['message']).to eq 'Git access over HTTP is not allowed'
       end
@@ -684,7 +684,7 @@ describe API::Internal::Base do
       it 'rejects the HTTP pull' do
         pull(key, project, 'http')
 
-        expect(response).to have_gitlab_http_status(:forbidden)
+        expect(response).to have_gitlab_http_status(:unauthorized)
         expect(json_response['status']).to be_falsey
         expect(json_response['message']).to eq 'Git access over HTTP is not allowed'
       end