Merge branch '493732_fix_401_error_for_go_get_backport' into '17-4-stable-ee'

[Backport] Go-get: fix 401 error for unauthenticated requests See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/167937 Merged-by: Vasilii Iakliushin <viakliushin@gitlab.com> Approved-by: Gavin Hinfey <ghinfey@gitlab.com> Reviewed-by: Duo Code Reviewer <duo-code-review-bot@gitlab.com>

Merge branch '493732_fix_401_error_for_go_get_backport' into '17-4-stable-ee'
2cf6e60c · Vasilli Iakliushin · GitLab · d7bf8ad3 · 75b1ac4d · 2cf6e60c
Unverified Commit 2cf6e60c authored 4 months ago by Vasilli Iakliushin Committed by GitLab 4 months ago
--- a/lib/gitlab/middleware/go.rb
+++ b/lib/gitlab/middleware/go.rb
@@ -130,6 +130,7 @@ def project_for_path(path_info)
      # can_read_project? checks if the request's credentials have read access to the project
      def can_read_project?(request, project)
        return true if project.public?
+        return false unless has_basic_credentials?(request)
  
        login, password = user_name_and_password(request)
        auth_result = Gitlab::Auth.find_for_git_client(login, password, project: project, request: request)

--- a/spec/lib/gitlab/middleware/go_spec.rb
+++ b/spec/lib/gitlab/middleware/go_spec.rb
@@ -60,6 +60,16 @@
                it 'returns the 2-segment path' do
                  expect_response_with_path(go, enabled_protocol, project.full_path)
                end
+
+                context 'when instance does not allow password authentication for Git over HTTP(S)' do
+                  before do
+                    stub_application_setting(password_authentication_enabled_for_git: false)
+                  end
+
+                  it 'returns the 2-segment path' do
+                    expect_response_with_path(go, enabled_protocol, project.full_path)
+                  end
+                end
              end
  
              context 'when authorization header is present but invalid' do