Respond 404 when repo does not exist

2018-02-22 10:51:00 -08:00 · 2018-02-22 10:51:00 -08:00 · 4be20ba923
commit 4be20ba923
parent b9ed721bc2
5 changed files with 23 additions and 5 deletions
--- a/changelogs/unreleased/mk-fix-error-code-for-repo-does-not-exist.yml
+++ b/changelogs/unreleased/mk-fix-error-code-for-repo-does-not-exist.yml
@ -0,0 +1,5 @@
+---
+title: Return a 404 instead of 403 if the repository does not exist on disk
+merge_request: 17341
+author:
+type: fixed
--- a/lib/gitlab/git_access.rb
+++ b/lib/gitlab/git_access.rb
@ -199,7 +199,7 @@ module Gitlab

    def check_repository_existence!
      unless repository.exists?
-        raise UnauthorizedError, ERROR_MESSAGES[:no_repo]
+        raise NotFoundError, ERROR_MESSAGES[:no_repo]
      end
    end

--- a/spec/lib/gitlab/git_access_spec.rb
+++ b/spec/lib/gitlab/git_access_spec.rb
@ -534,6 +534,19 @@ describe Gitlab::GitAccess do
      expect { pull_access_check }.to raise_unauthorized('Your account has been blocked.')
    end

+    context 'when the project repository does not exist' do
+      it 'returns not found' do
+        project.add_guest(user)
+        repo = project.repository
+        FileUtils.rm_rf(repo.path)
+
+        # Sanity check for rm_rf
+        expect(repo.exists?).to eq(false)
+
+        expect { pull_access_check }.to raise_error(Gitlab::GitAccess::NotFoundError, 'A repository for this project does not exist yet.')
+      end
+    end
+
    describe 'without access to project' do
      context 'pull code' do
        it { expect { pull_access_check }.to raise_not_found }
--- a/spec/lib/gitlab/git_access_wiki_spec.rb
+++ b/spec/lib/gitlab/git_access_wiki_spec.rb
@ -57,7 +57,7 @@ describe Gitlab::GitAccessWiki do
          # Sanity check for rm_rf
          expect(wiki_repo.exists?).to eq(false)

-          expect { subject }.to raise_error(Gitlab::GitAccess::UnauthorizedError, 'A repository for this project does not exist yet.')
+          expect { subject }.to raise_error(Gitlab::GitAccess::NotFoundError, 'A repository for this project does not exist yet.')
        end
      end
    end
--- a/spec/requests/git_http_spec.rb
+++ b/spec/requests/git_http_spec.rb
@ -597,7 +597,7 @@ describe 'Git HTTP requests' do
        context "when a gitlab ci token is provided" do
          let(:project) { create(:project, :repository) }
          let(:build) { create(:ci_build, :running) }
-          let(:other_project) { create(:project) }
+          let(:other_project) { create(:project, :repository) }

          before do
            build.update!(project: project) # can't associate it on factory create
@ -648,10 +648,10 @@ describe 'Git HTTP requests' do
              context 'when the repo does not exist' do
                let(:project) { create(:project) }

-                it 'rejects pulls with 403 Forbidden' do
+                it 'rejects pulls with 404 Not Found' do
                  clone_get path, env

-                  expect(response).to have_gitlab_http_status(:forbidden)
+                  expect(response).to have_gitlab_http_status(:not_found)
                  expect(response.body).to eq(git_access_error(:no_repo))
                end
              end