Return 400 error when upload invalid maven package

Right now we return 500 error if user tries to upload maven package with invalid version. This commit will rescue exception and return 400 error. Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

Return 400 error when upload invalid maven package
Right now we return 500 error if user tries to upload maven package with invalid version. This commit will rescue exception and return 400 error. Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
42f68eb3 · Dmitriy Zaporozhets · b30feee4 · 42f68eb3 · 42f68eb3 · 42f68eb3
Commit 42f68eb3 authored Jan 10, 2019 by Dmitriy Zaporozhets
3 changed files
--- a/ee/changelogs/unreleased/8793-gitlab-returns-500-when-maven-package-metadata-validation-regex-fails.yml
+++ b/ee/changelogs/unreleased/8793-gitlab-returns-500-when-maven-package-metadata-validation-regex-fails.yml
+---
+title: Return 400 error instead of 500 when upload maven package with invalid version
+merge_request: 9125
+author:
+type: fixed
--- a/ee/lib/api/maven_packages.rb
+++ b/ee/lib/api/maven_packages.rb
@@ -9,6 +9,10 @@ module API
    content_type :sha1, 'text/plain'
    content_type :binary, 'application/octet-stream'

+    rescue_from ActiveRecord::RecordInvalid do |e|
+      render_api_error!(e.message, 400)
+    end
+
    before do
      require_packages_enabled!
      authenticate_non_get!

--- a/ee/spec/requests/api/maven_packages_spec.rb
+++ b/ee/spec/requests/api/maven_packages_spec.rb
@@ -10,6 +10,7 @@ describe API::MavenPackages do
  let(:headers) { { 'GitLab-Workhorse' => '1.0', Gitlab::Workhorse::INTERNAL_API_REQUEST_HEADER => jwt_token } }
  let(:headers_with_token) { headers.merge('Private-Token' => personal_access_token.token) }
  let(:job) { create(:ci_build, user: user) }
+  let(:version) { '1.0-SNAPSHOT' }

  before do
    project.add_developer(user)
@@ -345,7 +346,7 @@ describe API::MavenPackages do
    end

    def authorize_upload(params = {}, request_headers = headers)
-      put api("/projects/#{project.id}/packages/maven/com/example/my-app/1.0-SNAPSHOT/maven-metadata.xml/authorize"), params: params, headers: request_headers
+      put api("/projects/#{project.id}/packages/maven/com/example/my-app/#{version}/maven-metadata.xml/authorize"), params: params, headers: request_headers
    end

    def authorize_upload_with_token(params = {}, request_headers = headers_with_token)
@@ -405,10 +406,21 @@ describe API::MavenPackages do

        expect(response).to have_gitlab_http_status(200)
      end
+
+      context 'version is not correct' do
+        let(:version) { '$%123' }
+
+        it 'rejects request' do
+          expect { upload_file_with_token(params) }.not_to change { project.packages.count }
+
+          expect(response).to have_gitlab_http_status(400)
+          expect(json_response['message']).to include('Validation failed')
+        end
+      end
    end

    def upload_file(params = {}, request_headers = headers)
-      put api("/projects/#{project.id}/packages/maven/com/example/my-app/1.0-SNAPSHOT/maven-metadata.xml"), params: params, headers: request_headers
+      put api("/projects/#{project.id}/packages/maven/com/example/my-app/#{version}/maven-metadata.xml"), params: params, headers: request_headers
    end

    def upload_file_with_token(params = {}, request_headers = headers_with_token)