Respond 404 when repo does not exist

This commit is contained in:
Michael Kozono 2018-02-22 10:51:00 -08:00 committed by Stan Hu
parent b9ed721bc2
commit 4be20ba923
5 changed files with 23 additions and 5 deletions

View file

@ -0,0 +1,5 @@
---
title: Return a 404 instead of 403 if the repository does not exist on disk
merge_request: 17341
author:
type: fixed

View file

@ -199,7 +199,7 @@ module Gitlab
def check_repository_existence! def check_repository_existence!
unless repository.exists? unless repository.exists?
raise UnauthorizedError, ERROR_MESSAGES[:no_repo] raise NotFoundError, ERROR_MESSAGES[:no_repo]
end end
end end

View file

@ -534,6 +534,19 @@ describe Gitlab::GitAccess do
expect { pull_access_check }.to raise_unauthorized('Your account has been blocked.') expect { pull_access_check }.to raise_unauthorized('Your account has been blocked.')
end end
context 'when the project repository does not exist' do
it 'returns not found' do
project.add_guest(user)
repo = project.repository
FileUtils.rm_rf(repo.path)
# Sanity check for rm_rf
expect(repo.exists?).to eq(false)
expect { pull_access_check }.to raise_error(Gitlab::GitAccess::NotFoundError, 'A repository for this project does not exist yet.')
end
end
describe 'without access to project' do describe 'without access to project' do
context 'pull code' do context 'pull code' do
it { expect { pull_access_check }.to raise_not_found } it { expect { pull_access_check }.to raise_not_found }

View file

@ -57,7 +57,7 @@ describe Gitlab::GitAccessWiki do
# Sanity check for rm_rf # Sanity check for rm_rf
expect(wiki_repo.exists?).to eq(false) expect(wiki_repo.exists?).to eq(false)
expect { subject }.to raise_error(Gitlab::GitAccess::UnauthorizedError, 'A repository for this project does not exist yet.') expect { subject }.to raise_error(Gitlab::GitAccess::NotFoundError, 'A repository for this project does not exist yet.')
end end
end end
end end

View file

@ -597,7 +597,7 @@ describe 'Git HTTP requests' do
context "when a gitlab ci token is provided" do context "when a gitlab ci token is provided" do
let(:project) { create(:project, :repository) } let(:project) { create(:project, :repository) }
let(:build) { create(:ci_build, :running) } let(:build) { create(:ci_build, :running) }
let(:other_project) { create(:project) } let(:other_project) { create(:project, :repository) }
before do before do
build.update!(project: project) # can't associate it on factory create build.update!(project: project) # can't associate it on factory create
@ -648,10 +648,10 @@ describe 'Git HTTP requests' do
context 'when the repo does not exist' do context 'when the repo does not exist' do
let(:project) { create(:project) } let(:project) { create(:project) }
it 'rejects pulls with 403 Forbidden' do it 'rejects pulls with 404 Not Found' do
clone_get path, env clone_get path, env
expect(response).to have_gitlab_http_status(:forbidden) expect(response).to have_gitlab_http_status(:not_found)
expect(response.body).to eq(git_access_error(:no_repo)) expect(response.body).to eq(git_access_error(:no_repo))
end end
end end