Respond 404 when repo does not exist
This commit is contained in:
parent
b9ed721bc2
commit
4be20ba923
5 changed files with 23 additions and 5 deletions
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
title: Return a 404 instead of 403 if the repository does not exist on disk
|
||||||
|
merge_request: 17341
|
||||||
|
author:
|
||||||
|
type: fixed
|
|
@ -199,7 +199,7 @@ module Gitlab
|
||||||
|
|
||||||
def check_repository_existence!
|
def check_repository_existence!
|
||||||
unless repository.exists?
|
unless repository.exists?
|
||||||
raise UnauthorizedError, ERROR_MESSAGES[:no_repo]
|
raise NotFoundError, ERROR_MESSAGES[:no_repo]
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -534,6 +534,19 @@ describe Gitlab::GitAccess do
|
||||||
expect { pull_access_check }.to raise_unauthorized('Your account has been blocked.')
|
expect { pull_access_check }.to raise_unauthorized('Your account has been blocked.')
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context 'when the project repository does not exist' do
|
||||||
|
it 'returns not found' do
|
||||||
|
project.add_guest(user)
|
||||||
|
repo = project.repository
|
||||||
|
FileUtils.rm_rf(repo.path)
|
||||||
|
|
||||||
|
# Sanity check for rm_rf
|
||||||
|
expect(repo.exists?).to eq(false)
|
||||||
|
|
||||||
|
expect { pull_access_check }.to raise_error(Gitlab::GitAccess::NotFoundError, 'A repository for this project does not exist yet.')
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
describe 'without access to project' do
|
describe 'without access to project' do
|
||||||
context 'pull code' do
|
context 'pull code' do
|
||||||
it { expect { pull_access_check }.to raise_not_found }
|
it { expect { pull_access_check }.to raise_not_found }
|
||||||
|
|
|
@ -57,7 +57,7 @@ describe Gitlab::GitAccessWiki do
|
||||||
# Sanity check for rm_rf
|
# Sanity check for rm_rf
|
||||||
expect(wiki_repo.exists?).to eq(false)
|
expect(wiki_repo.exists?).to eq(false)
|
||||||
|
|
||||||
expect { subject }.to raise_error(Gitlab::GitAccess::UnauthorizedError, 'A repository for this project does not exist yet.')
|
expect { subject }.to raise_error(Gitlab::GitAccess::NotFoundError, 'A repository for this project does not exist yet.')
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -597,7 +597,7 @@ describe 'Git HTTP requests' do
|
||||||
context "when a gitlab ci token is provided" do
|
context "when a gitlab ci token is provided" do
|
||||||
let(:project) { create(:project, :repository) }
|
let(:project) { create(:project, :repository) }
|
||||||
let(:build) { create(:ci_build, :running) }
|
let(:build) { create(:ci_build, :running) }
|
||||||
let(:other_project) { create(:project) }
|
let(:other_project) { create(:project, :repository) }
|
||||||
|
|
||||||
before do
|
before do
|
||||||
build.update!(project: project) # can't associate it on factory create
|
build.update!(project: project) # can't associate it on factory create
|
||||||
|
@ -648,10 +648,10 @@ describe 'Git HTTP requests' do
|
||||||
context 'when the repo does not exist' do
|
context 'when the repo does not exist' do
|
||||||
let(:project) { create(:project) }
|
let(:project) { create(:project) }
|
||||||
|
|
||||||
it 'rejects pulls with 403 Forbidden' do
|
it 'rejects pulls with 404 Not Found' do
|
||||||
clone_get path, env
|
clone_get path, env
|
||||||
|
|
||||||
expect(response).to have_gitlab_http_status(:forbidden)
|
expect(response).to have_gitlab_http_status(:not_found)
|
||||||
expect(response.body).to eq(git_access_error(:no_repo))
|
expect(response.body).to eq(git_access_error(:no_repo))
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue