From 4d20083bd7e8839bfef64267535fd3c947a3b374 Mon Sep 17 00:00:00 2001
From: Linus G Thiel <linus@yesbabyyes.se>
Date: Wed, 5 Oct 2016 18:13:49 +0200
Subject: [PATCH 1/3] Respond with 404 Not Found for non-existent tags

Non-existent tags should be handled with 404 Not Found.
---
 CHANGELOG                                         |  1 +
 app/controllers/projects/tags_controller.rb       |  2 ++
 spec/controllers/projects/tags_controller_spec.rb | 14 ++++++++++++++
 3 files changed, 17 insertions(+)

diff --git a/CHANGELOG b/CHANGELOG
index e410d73d1f6..ea54f37a22e 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
 Please view this file on the master branch, on stable branches it's out of date.
 
 v 8.12.0 (unreleased)
+  - Respond with 404 Not Found for non-existent tags
   - Update the rouge gem to 2.0.6, which adds highlighting support for JSX, Prometheus, and others. !6251
   - Only check :can_resolve permission if the note is resolvable
   - Add ability to fork to a specific namespace using API. (ritave)
diff --git a/app/controllers/projects/tags_controller.rb b/app/controllers/projects/tags_controller.rb
index 6ea8ee62bc5..40899abf6ee 100644
--- a/app/controllers/projects/tags_controller.rb
+++ b/app/controllers/projects/tags_controller.rb
@@ -20,6 +20,8 @@ class Projects::TagsController < Projects::ApplicationController
   def show
     @tag = @repository.find_tag(params[:id])
 
+    return render_404 if @tag.nil?
+
     @release = @project.releases.find_or_initialize_by(tag: @tag.name)
     @commit = @repository.commit(@tag.target)
   end
diff --git a/spec/controllers/projects/tags_controller_spec.rb b/spec/controllers/projects/tags_controller_spec.rb
index a6995145cc1..5e661c2c41d 100644
--- a/spec/controllers/projects/tags_controller_spec.rb
+++ b/spec/controllers/projects/tags_controller_spec.rb
@@ -17,4 +17,18 @@ describe Projects::TagsController do
       expect(assigns(:releases)).not_to include(invalid_release)
     end
   end
+
+  describe 'GET show' do
+    before { get :show, namespace_id: project.namespace.to_param, project_id: project.to_param, id: id }
+
+    context "valid tag" do
+      let(:id) { 'v1.0.0' }
+      it { is_expected.to respond_with(:success) }
+    end
+
+    context "invalid tag" do
+      let(:id) { 'latest' }
+      it { is_expected.to respond_with(:not_found) }
+    end
+  end
 end

From 6b9671388d523a03b058e1cc467de77d805fc7a2 Mon Sep 17 00:00:00 2001
From: Linus G Thiel <linus@yesbabyyes.se>
Date: Wed, 5 Oct 2016 18:13:49 +0200
Subject: [PATCH 2/3] Respond with 404 Not Found for non-existent tags

Non-existent tags should be handled with 404 Not Found.
---
 CHANGELOG                                         |  2 ++
 app/controllers/projects/tags_controller.rb       |  2 ++
 spec/controllers/projects/tags_controller_spec.rb | 14 ++++++++++++++
 3 files changed, 18 insertions(+)

diff --git a/CHANGELOG b/CHANGELOG
index 07b2b23003b..1b461f54729 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -90,6 +90,8 @@ v 8.12.1
   - Fix issue with search filter labels not displaying
 
 v 8.12.0
+v 8.12.0 (unreleased)
+  - Respond with 404 Not Found for non-existent tags
   - Update the rouge gem to 2.0.6, which adds highlighting support for JSX, Prometheus, and others. !6251
   - Only check :can_resolve permission if the note is resolvable
   - Bump fog-aws to v0.11.0 to support ap-south-1 region
diff --git a/app/controllers/projects/tags_controller.rb b/app/controllers/projects/tags_controller.rb
index 6ea8ee62bc5..40899abf6ee 100644
--- a/app/controllers/projects/tags_controller.rb
+++ b/app/controllers/projects/tags_controller.rb
@@ -20,6 +20,8 @@ class Projects::TagsController < Projects::ApplicationController
   def show
     @tag = @repository.find_tag(params[:id])
 
+    return render_404 if @tag.nil?
+
     @release = @project.releases.find_or_initialize_by(tag: @tag.name)
     @commit = @repository.commit(@tag.target)
   end
diff --git a/spec/controllers/projects/tags_controller_spec.rb b/spec/controllers/projects/tags_controller_spec.rb
index a6995145cc1..5e661c2c41d 100644
--- a/spec/controllers/projects/tags_controller_spec.rb
+++ b/spec/controllers/projects/tags_controller_spec.rb
@@ -17,4 +17,18 @@ describe Projects::TagsController do
       expect(assigns(:releases)).not_to include(invalid_release)
     end
   end
+
+  describe 'GET show' do
+    before { get :show, namespace_id: project.namespace.to_param, project_id: project.to_param, id: id }
+
+    context "valid tag" do
+      let(:id) { 'v1.0.0' }
+      it { is_expected.to respond_with(:success) }
+    end
+
+    context "invalid tag" do
+      let(:id) { 'latest' }
+      it { is_expected.to respond_with(:not_found) }
+    end
+  end
 end

From ff378e19e6dc385f1c85b7704263129a56778752 Mon Sep 17 00:00:00 2001
From: Linus G Thiel <linus@yesbabyyes.se>
Date: Wed, 5 Oct 2016 19:31:33 +0200
Subject: [PATCH 3/3] Respond with 404 Not Found for non-existent tags

Non-existent tags should be handled with 404 Not Found.
---
 CHANGELOG                                   | 3 +--
 app/controllers/projects/tags_controller.rb | 2 +-
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 1b461f54729..fd480bf87be 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
 Please view this file on the master branch, on stable branches it's out of date.
 
 v 8.13.0 (unreleased)
+  - Respond with 404 Not Found for non-existent tags (Linus Thiel)
   - Update runner version only when updating contacted_at
   - Add link from system note to compare with previous version
   - Use gitlab-shell v3.6.2 (GIT TRACE logging)
@@ -90,8 +91,6 @@ v 8.12.1
   - Fix issue with search filter labels not displaying
 
 v 8.12.0
-v 8.12.0 (unreleased)
-  - Respond with 404 Not Found for non-existent tags
   - Update the rouge gem to 2.0.6, which adds highlighting support for JSX, Prometheus, and others. !6251
   - Only check :can_resolve permission if the note is resolvable
   - Bump fog-aws to v0.11.0 to support ap-south-1 region
diff --git a/app/controllers/projects/tags_controller.rb b/app/controllers/projects/tags_controller.rb
index 40899abf6ee..8fea20cefef 100644
--- a/app/controllers/projects/tags_controller.rb
+++ b/app/controllers/projects/tags_controller.rb
@@ -20,7 +20,7 @@ class Projects::TagsController < Projects::ApplicationController
   def show
     @tag = @repository.find_tag(params[:id])
 
-    return render_404 if @tag.nil?
+    return render_404 unless @tag
 
     @release = @project.releases.find_or_initialize_by(tag: @tag.name)
     @commit = @repository.commit(@tag.target)