Change back internal API return code

In https://gitlab.com/gitlab-org/gitlab/-/merge_requests/25936 we align the return code for the same error to be 403. Nevertheless, it seems the internal API needs it to be 401, otherwise, the custom error message won't be shown.

Change back internal API return code
In https://gitlab.com/gitlab-org/gitlab/-/merge_requests/25936 we align the return code for the same error to be 403. Nevertheless, it seems the internal API needs it to be 401, otherwise, the custom error message won't be shown.
57a3fca2 · Francisco Javier López · 681b47de · 57a3fca2 · 57a3fca2 · 57a3fca2
Commit 57a3fca2 authored Feb 27, 2020 by Francisco Javier López
4 changed files
--- a/changelogs/unreleased/fj-fix-internal-api-return-code.yml
+++ b/changelogs/unreleased/fj-fix-internal-api-return-code.yml
+---
+title: Change back internal api return code
+merge_request: 26063
+author:
+type: fixed
--- a/ee/spec/requests/api/internal/base_spec.rb
+++ b/ee/spec/requests/api/internal/base_spec.rb
@@ -132,7 +132,7 @@ describe API::Internal::Base do
               protocol: 'ssh'
             })
-        expect(response).to have_gitlab_http_status(:forbidden)
+        expect(response).to have_gitlab_http_status(:unauthorized)
      end
    end
@@ -237,7 +237,7 @@ describe API::Internal::Base do
        it "does not allow access" do
          subject
-          expect(response).to have_gitlab_http_status(:forbidden)
+          expect(response).to have_gitlab_http_status(:unauthorized)
          expect(json_response['message']).to eql('Project requires smartcard login. Please login to GitLab using a smartcard.')
        end
      end

--- a/lib/api/internal/base.rb
+++ b/lib/api/internal/base.rb
@@ -50,7 +50,11 @@ module API
                           @project ||= access_checker.project
                           result
                         rescue Gitlab::GitAccess::ForbiddenError => e
-                           return response_with_status(code: 403, success: false, message: e.message)
+                           # The return code needs to be 401. If we return 403
+                           # the custom message we return won't be shown to the user
+                           # and, instead, the default message 'GitLab: API is not accessible'
+                           # will be displayed
+                           return response_with_status(code: 401, success: false, message: e.message)
                         rescue Gitlab::GitAccess::TimeoutError => e
                           return response_with_status(code: 503, success: false, message: e.message)
                         rescue Gitlab::GitAccess::NotFoundError => e

--- a/spec/requests/api/internal/base_spec.rb
+++ b/spec/requests/api/internal/base_spec.rb
@@ -409,7 +409,7 @@ describe API::Internal::Base do
        it do
          pull(key, project)
-          expect(response).to have_gitlab_http_status(:forbidden)
+          expect(response).to have_gitlab_http_status(:unauthorized)
          expect(json_response["status"]).to be_falsey
          expect(user.reload.last_activity_on).to be_nil
        end
@@ -419,7 +419,7 @@ describe API::Internal::Base do
        it do
          push(key, project)
-          expect(response).to have_gitlab_http_status(:forbidden)
+          expect(response).to have_gitlab_http_status(:unauthorized)
          expect(json_response["status"]).to be_falsey
          expect(user.reload.last_activity_on).to be_nil
        end
@@ -518,7 +518,7 @@ describe API::Internal::Base do
        it do
          pull(key, personal_project)
-          expect(response).to have_gitlab_http_status(:forbidden)
+          expect(response).to have_gitlab_http_status(:unauthorized)
          expect(json_response["status"]).to be_falsey
          expect(user.reload.last_activity_on).to be_nil
        end
@@ -528,7 +528,7 @@ describe API::Internal::Base do
        it do
          push(key, personal_project)
-          expect(response).to have_gitlab_http_status(:forbidden)
+          expect(response).to have_gitlab_http_status(:unauthorized)
          expect(json_response["status"]).to be_falsey
          expect(user.reload.last_activity_on).to be_nil
        end
@@ -572,7 +572,7 @@ describe API::Internal::Base do
        it do
          push(key, project)
-          expect(response).to have_gitlab_http_status(:forbidden)
+          expect(response).to have_gitlab_http_status(:unauthorized)
          expect(json_response["status"]).to be_falsey
        end
      end
@@ -654,7 +654,7 @@ describe API::Internal::Base do
      it 'rejects the SSH push' do
        push(key, project)
-        expect(response).to have_gitlab_http_status(:forbidden)
+        expect(response).to have_gitlab_http_status(:unauthorized)
        expect(json_response['status']).to be_falsey
        expect(json_response['message']).to eq 'Git access over SSH is not allowed'
      end
@@ -662,7 +662,7 @@ describe API::Internal::Base do
      it 'rejects the SSH pull' do
        pull(key, project)
-        expect(response).to have_gitlab_http_status(:forbidden)
+        expect(response).to have_gitlab_http_status(:unauthorized)
        expect(json_response['status']).to be_falsey
        expect(json_response['message']).to eq 'Git access over SSH is not allowed'
      end
@@ -676,7 +676,7 @@ describe API::Internal::Base do
      it 'rejects the HTTP push' do
        push(key, project, 'http')
-        expect(response).to have_gitlab_http_status(:forbidden)
+        expect(response).to have_gitlab_http_status(:unauthorized)
        expect(json_response['status']).to be_falsey
        expect(json_response['message']).to eq 'Git access over HTTP is not allowed'
      end
@@ -684,7 +684,7 @@ describe API::Internal::Base do
      it 'rejects the HTTP pull' do
        pull(key, project, 'http')
-        expect(response).to have_gitlab_http_status(:forbidden)
+        expect(response).to have_gitlab_http_status(:unauthorized)
        expect(json_response['status']).to be_falsey
        expect(json_response['message']).to eq 'Git access over HTTP is not allowed'
      end