Merge branch 'fj-fix-internal-api-return-code' into 'master'

Change back internal API return code Closes #208253 See merge request gitlab-org/gitlab!26063

Merge branch 'fj-fix-internal-api-return-code' into 'master'
Change back internal API return code Closes #208253 See merge request gitlab-org/gitlab!26063
81520c00 · Nick Thomas · a5bed62a · 57a3fca2 · 81520c00 · 81520c00
Commit 81520c00 authored Feb 27, 2020 by Nick Thomas
4 changed files
--- a/changelogs/unreleased/fj-fix-internal-api-return-code.yml
+++ b/changelogs/unreleased/fj-fix-internal-api-return-code.yml
+---
+title: Change back internal api return code
+merge_request: 26063
+author:
+type: fixed
--- a/ee/spec/requests/api/internal/base_spec.rb
+++ b/ee/spec/requests/api/internal/base_spec.rb
@@ -132,7 +132,7 @@ describe API::Internal::Base do
               protocol: 'ssh'
             })

-        expect(response).to have_gitlab_http_status(:forbidden)
+        expect(response).to have_gitlab_http_status(:unauthorized)
      end
    end

@@ -237,7 +237,7 @@ describe API::Internal::Base do
        it "does not allow access" do
          subject

-          expect(response).to have_gitlab_http_status(:forbidden)
+          expect(response).to have_gitlab_http_status(:unauthorized)
          expect(json_response['message']).to eql('Project requires smartcard login. Please login to GitLab using a smartcard.')
        end
      end

--- a/lib/api/internal/base.rb
+++ b/lib/api/internal/base.rb
@@ -50,7 +50,11 @@ module API
                           @project ||= access_checker.project
                           result
                         rescue Gitlab::GitAccess::ForbiddenError => e
-                           return response_with_status(code: 403, success: false, message: e.message)
+                           # The return code needs to be 401. If we return 403
+                           # the custom message we return won't be shown to the user
+                           # and, instead, the default message 'GitLab: API is not accessible'
+                           # will be displayed
+                           return response_with_status(code: 401, success: false, message: e.message)
                         rescue Gitlab::GitAccess::TimeoutError => e
                           return response_with_status(code: 503, success: false, message: e.message)
                         rescue Gitlab::GitAccess::NotFoundError => e

--- a/spec/requests/api/internal/base_spec.rb
+++ b/spec/requests/api/internal/base_spec.rb
@@ -409,7 +409,7 @@ describe API::Internal::Base do
        it do
          pull(key, project)

-          expect(response).to have_gitlab_http_status(:forbidden)
+          expect(response).to have_gitlab_http_status(:unauthorized)
          expect(json_response["status"]).to be_falsey
          expect(user.reload.last_activity_on).to be_nil
        end
@@ -419,7 +419,7 @@ describe API::Internal::Base do
        it do
          push(key, project)

-          expect(response).to have_gitlab_http_status(:forbidden)
+          expect(response).to have_gitlab_http_status(:unauthorized)
          expect(json_response["status"]).to be_falsey
          expect(user.reload.last_activity_on).to be_nil
        end
@@ -518,7 +518,7 @@ describe API::Internal::Base do
        it do
          pull(key, personal_project)

-          expect(response).to have_gitlab_http_status(:forbidden)
+          expect(response).to have_gitlab_http_status(:unauthorized)
          expect(json_response["status"]).to be_falsey
          expect(user.reload.last_activity_on).to be_nil
        end
@@ -528,7 +528,7 @@ describe API::Internal::Base do
        it do
          push(key, personal_project)

-          expect(response).to have_gitlab_http_status(:forbidden)
+          expect(response).to have_gitlab_http_status(:unauthorized)
          expect(json_response["status"]).to be_falsey
          expect(user.reload.last_activity_on).to be_nil
        end
@@ -572,7 +572,7 @@ describe API::Internal::Base do
        it do
          push(key, project)

-          expect(response).to have_gitlab_http_status(:forbidden)
+          expect(response).to have_gitlab_http_status(:unauthorized)
          expect(json_response["status"]).to be_falsey
        end
      end
@@ -654,7 +654,7 @@ describe API::Internal::Base do
      it 'rejects the SSH push' do
        push(key, project)

-        expect(response).to have_gitlab_http_status(:forbidden)
+        expect(response).to have_gitlab_http_status(:unauthorized)
        expect(json_response['status']).to be_falsey
        expect(json_response['message']).to eq 'Git access over SSH is not allowed'
      end
@@ -662,7 +662,7 @@ describe API::Internal::Base do
      it 'rejects the SSH pull' do
        pull(key, project)

-        expect(response).to have_gitlab_http_status(:forbidden)
+        expect(response).to have_gitlab_http_status(:unauthorized)
        expect(json_response['status']).to be_falsey
        expect(json_response['message']).to eq 'Git access over SSH is not allowed'
      end
@@ -676,7 +676,7 @@ describe API::Internal::Base do
      it 'rejects the HTTP push' do
        push(key, project, 'http')

-        expect(response).to have_gitlab_http_status(:forbidden)
+        expect(response).to have_gitlab_http_status(:unauthorized)
        expect(json_response['status']).to be_falsey
        expect(json_response['message']).to eq 'Git access over HTTP is not allowed'
      end
@@ -684,7 +684,7 @@ describe API::Internal::Base do
      it 'rejects the HTTP pull' do
        pull(key, project, 'http')

-        expect(response).to have_gitlab_http_status(:forbidden)
+        expect(response).to have_gitlab_http_status(:unauthorized)
        expect(json_response['status']).to be_falsey
        expect(json_response['message']).to eq 'Git access over HTTP is not allowed'
      end