From 2742f9fb98babc0009e446d291757ae43c54c101 Mon Sep 17 00:00:00 2001
From: Kamil Trzcinski <ayufan@ayufan.eu>
Date: Fri, 16 Sep 2016 16:07:21 +0200
Subject: [PATCH] Improve authentication_result usage

---
 .../projects/git_http_client_controller.rb    | 31 ++++++++++++-------
 spec/requests/git_http_spec.rb                |  4 +--
 2 files changed, 21 insertions(+), 14 deletions(-)

diff --git a/app/controllers/projects/git_http_client_controller.rb b/app/controllers/projects/git_http_client_controller.rb
index 632dac6aac9..ee9ea4bc8b2 100644
--- a/app/controllers/projects/git_http_client_controller.rb
+++ b/app/controllers/projects/git_http_client_controller.rb
@@ -19,6 +19,8 @@ class Projects::GitHttpClientController < Projects::ApplicationController
   private
 
   def authenticate_user
+    @authentication_result = Gitlab::Auth::Result.new
+
     if project && project.public? && download_request?
       return # Allow access
     end
@@ -124,6 +126,18 @@ class Projects::GitHttpClientController < Projects::ApplicationController
     end
   end
 
+  def ci?
+    authentication_result.ci? &&
+      authentication_project &&
+      authentication_project == project
+  end
+
+  def lfs_deploy_key?
+    authentication_result.lfs_deploy_token? &&
+      actor &&
+      actor.projects.include?(project)
+  end
+
   def authentication_has_download_access?
     has_authentication_ability?(:download_code) || has_authentication_ability?(:build_download_code)
   end
@@ -132,19 +146,12 @@ class Projects::GitHttpClientController < Projects::ApplicationController
     has_authentication_ability?(:push_code)
   end
 
-  def ci?
-    authentication_result && authentication_result.ci? &&
-      authentication_result.project && authentication_result.project == project
-  end
-
-  def lfs_deploy_key?
-    authentication_result && authentication_result.lfs_deploy_token? &&
-      actor && actor.projects.include?(project)
-  end
-
   def has_authentication_ability?(capability)
-    authentication_abilities &&
-      authentication_abilities.include?(capability)
+    (authentication_abilities || []).include?(capability)
+  end
+
+  def authentication_project
+    authentication_result.project
   end
 
   def verify_workhorse_api!
diff --git a/spec/requests/git_http_spec.rb b/spec/requests/git_http_spec.rb
index f828e898740..e3922bec689 100644
--- a/spec/requests/git_http_spec.rb
+++ b/spec/requests/git_http_spec.rb
@@ -322,10 +322,10 @@ describe 'Git HTTP requests', lib: true do
             expect(response).to have_http_status(401)
           end
 
-          it "downloads from other project get status 401" do
+          it "downloads from other project get status 404" do
             clone_get "#{other_project.path_with_namespace}.git", user: 'gitlab-ci-token', password: build.token
 
-            expect(response).to have_http_status(401)
+            expect(response).to have_http_status(404)
           end
         end