From 28ed9907047dd07089833d5b7bb8cd800e0ddff6 Mon Sep 17 00:00:00 2001
From: Kamil Trzcinski <ayufan@ayufan.eu>
Date: Sun, 15 May 2016 10:46:54 -0500
Subject: [PATCH] Fix http status codes for container registry authentication
 service

---
 ...container_registry_authentication_service.rb |  4 ++--
 ...iner_registry_authentication_service_spec.rb | 17 ++++++-----------
 2 files changed, 8 insertions(+), 13 deletions(-)

diff --git a/app/services/auth/container_registry_authentication_service.rb b/app/services/auth/container_registry_authentication_service.rb
index c61d339ffdd..72d28af7f7d 100644
--- a/app/services/auth/container_registry_authentication_service.rb
+++ b/app/services/auth/container_registry_authentication_service.rb
@@ -6,9 +6,9 @@ module Auth
       return error('not found', 404) unless registry.enabled
 
       if params[:offline_token]
-        return error('forbidden', 403) unless current_user
+        return error('forbidden', 401) unless current_user
       else
-        return error('forbidden', 401) unless scope
+        return error('forbidden', 403) unless scope
       end
 
       { token: authorized_token(scope).encoded }
diff --git a/spec/services/auth/container_registry_authentication_service_spec.rb b/spec/services/auth/container_registry_authentication_service_spec.rb
index 4a6cd132e8d..3ea252ed44f 100644
--- a/spec/services/auth/container_registry_authentication_service_spec.rb
+++ b/spec/services/auth/container_registry_authentication_service_spec.rb
@@ -57,11 +57,6 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
     end
   end
 
-  shared_examples 'a unauthorized' do
-    it { is_expected.to include(http_status: 401) }
-    it { is_expected.to_not include(:token) }
-  end
-
   shared_examples 'a forbidden' do
     it { is_expected.to include(http_status: 403) }
     it { is_expected.to_not include(:token) }
@@ -116,7 +111,7 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
         { scope: "repository:#{project.path_with_namespace}:pull,push" }
       end
 
-      it_behaves_like 'a unauthorized'
+      it_behaves_like 'a forbidden'
     end
   end
 
@@ -154,7 +149,7 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
 
         context 'disallow for private' do
           let(:project) { create(:empty_project, :private) }
-          it_behaves_like 'a unauthorized'
+          it_behaves_like 'a forbidden'
         end
       end
 
@@ -165,7 +160,7 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
 
         context 'disallow for all' do
           let(:project) { create(:empty_project, :public) }
-          it_behaves_like 'a unauthorized'
+          it_behaves_like 'a forbidden'
         end
       end
     end
@@ -185,7 +180,7 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
         { scope: 'invalid:aa:bb' }
       end
 
-      it_behaves_like 'a unauthorized'
+      it_behaves_like 'a forbidden'
     end
 
     context 'for private project' do
@@ -195,7 +190,7 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
         { scope: "repository:#{project.path_with_namespace}:pull" }
       end
 
-      it_behaves_like 'a unauthorized'
+      it_behaves_like 'a forbidden'
     end
 
     context 'for public project' do
@@ -214,7 +209,7 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
           { scope: "repository:#{project.path_with_namespace}:push" }
         end
 
-        it_behaves_like 'a unauthorized'
+        it_behaves_like 'a forbidden'
       end
     end
   end
-- 
GitLab