Commit 4be20ba9 authored by Michael Kozono's avatar Michael Kozono Committed by Stan Hu

Respond 404 when repo does not exist

parent b9ed721b
---
title: Return a 404 instead of 403 if the repository does not exist on disk
merge_request: 17341
author:
type: fixed
...@@ -199,7 +199,7 @@ module Gitlab ...@@ -199,7 +199,7 @@ module Gitlab
def check_repository_existence! def check_repository_existence!
unless repository.exists? unless repository.exists?
raise UnauthorizedError, ERROR_MESSAGES[:no_repo] raise NotFoundError, ERROR_MESSAGES[:no_repo]
end end
end end
......
...@@ -534,6 +534,19 @@ describe Gitlab::GitAccess do ...@@ -534,6 +534,19 @@ describe Gitlab::GitAccess do
expect { pull_access_check }.to raise_unauthorized('Your account has been blocked.') expect { pull_access_check }.to raise_unauthorized('Your account has been blocked.')
end end
context 'when the project repository does not exist' do
it 'returns not found' do
project.add_guest(user)
repo = project.repository
FileUtils.rm_rf(repo.path)
# Sanity check for rm_rf
expect(repo.exists?).to eq(false)
expect { pull_access_check }.to raise_error(Gitlab::GitAccess::NotFoundError, 'A repository for this project does not exist yet.')
end
end
describe 'without access to project' do describe 'without access to project' do
context 'pull code' do context 'pull code' do
it { expect { pull_access_check }.to raise_not_found } it { expect { pull_access_check }.to raise_not_found }
......
...@@ -57,7 +57,7 @@ describe Gitlab::GitAccessWiki do ...@@ -57,7 +57,7 @@ describe Gitlab::GitAccessWiki do
# Sanity check for rm_rf # Sanity check for rm_rf
expect(wiki_repo.exists?).to eq(false) expect(wiki_repo.exists?).to eq(false)
expect { subject }.to raise_error(Gitlab::GitAccess::UnauthorizedError, 'A repository for this project does not exist yet.') expect { subject }.to raise_error(Gitlab::GitAccess::NotFoundError, 'A repository for this project does not exist yet.')
end end
end end
end end
......
...@@ -597,7 +597,7 @@ describe 'Git HTTP requests' do ...@@ -597,7 +597,7 @@ describe 'Git HTTP requests' do
context "when a gitlab ci token is provided" do context "when a gitlab ci token is provided" do
let(:project) { create(:project, :repository) } let(:project) { create(:project, :repository) }
let(:build) { create(:ci_build, :running) } let(:build) { create(:ci_build, :running) }
let(:other_project) { create(:project) } let(:other_project) { create(:project, :repository) }
before do before do
build.update!(project: project) # can't associate it on factory create build.update!(project: project) # can't associate it on factory create
...@@ -648,10 +648,10 @@ describe 'Git HTTP requests' do ...@@ -648,10 +648,10 @@ describe 'Git HTTP requests' do
context 'when the repo does not exist' do context 'when the repo does not exist' do
let(:project) { create(:project) } let(:project) { create(:project) }
it 'rejects pulls with 403 Forbidden' do it 'rejects pulls with 404 Not Found' do
clone_get path, env clone_get path, env
expect(response).to have_gitlab_http_status(:forbidden) expect(response).to have_gitlab_http_status(:not_found)
expect(response.body).to eq(git_access_error(:no_repo)) expect(response.body).to eq(git_access_error(:no_repo))
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment