kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Specify new Git-LFS-over-HTTP behavior

Browse source 
Changes to `GitHttpClientController`’s authentication logic caused this behavior change.

The old 401 Unauthorized statuses didn’t cause any harm, but they weren’t quite as accurate as the new behavior.
This commit is contained in:
Michael Kozono 2017-05-17 11:00:36 -07:00
parent bad08fbea2
commit 9d78f83571
1 changed files with 20 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
spec/requests/lfs_http_spec.rb
View file

@ -759,8 +759,8 @@ describe 'Git LFS API and storage' do
context 'tries to push to own project' do
let(:build) { create(:ci_build, :running, pipeline: pipeline, user: user) }
it 'responds with 401' do
expect(response).to have_http_status(401)
it 'responds with 403 (not 404 because project is public)' do
expect(response).to have_http_status(403)
end
end
@ -769,8 +769,9 @@ describe 'Git LFS API and storage' do
let(:pipeline) { create(:ci_empty_pipeline, project: other_project) }
let(:build) { create(:ci_build, :running, pipeline: pipeline, user: user) }
it 'responds with 401' do
expect(response).to have_http_status(401)
# I'm not sure what this tests that is different from the previous test
it 'responds with 403 (not 404 because project is public)' do
expect(response).to have_http_status(403)
end
end
end
@ -778,8 +779,8 @@ describe 'Git LFS API and storage' do
context 'does not have user' do
let(:build) { create(:ci_build, :running, pipeline: pipeline) }
it 'responds with 401' do
expect(response).to have_http_status(401)
it 'responds with 403 (not 404 because project is public)' do
expect(response).to have_http_status(403)
end
end
end
@ -979,8 +980,8 @@ describe 'Git LFS API and storage' do
put_authorize
end
it 'responds with 401' do
expect(response).to have_http_status(401)
it 'responds with 403 (not 404 because the build user can read the project)' do
expect(response).to have_http_status(403)
end
end
@ -993,8 +994,8 @@ describe 'Git LFS API and storage' do
put_authorize
end
it 'responds with 401' do
expect(response).to have_http_status(401)
it 'responds with 404 (do not leak non-public project existence)' do
expect(response).to have_http_status(404)
end
end
end
@ -1006,8 +1007,8 @@ describe 'Git LFS API and storage' do
put_authorize
end
it 'responds with 401' do
expect(response).to have_http_status(401)
it 'responds with 404 (do not leak non-public project existence)' do
expect(response).to have_http_status(404)
end
end
end
@ -1079,8 +1080,8 @@ describe 'Git LFS API and storage' do
context 'tries to push to own project' do
let(:build) { create(:ci_build, :running, pipeline: pipeline, user: user) }
it 'responds with 401' do
expect(response).to have_http_status(401)
it 'responds with 403 (not 404 because project is public)' do
expect(response).to have_http_status(403)
end
end
@ -1089,8 +1090,9 @@ describe 'Git LFS API and storage' do
let(:pipeline) { create(:ci_empty_pipeline, project: other_project) }
let(:build) { create(:ci_build, :running, pipeline: pipeline, user: user) }
it 'responds with 401' do
expect(response).to have_http_status(401)
# I'm not sure what this tests that is different from the previous test
it 'responds with 403 (not 404 because project is public)' do
expect(response).to have_http_status(403)
end
end
end
@ -1098,8 +1100,8 @@ describe 'Git LFS API and storage' do
context 'does not have user' do
let(:build) { create(:ci_build, :running, pipeline: pipeline) }
it 'responds with 401' do
expect(response).to have_http_status(401)
it 'responds with 403 (not 404 because project is public)' do
expect(response).to have_http_status(403)
end
end
end