Skip to content
Snippets Groups Projects
Commit 9d78f835 authored by Michael Kozono's avatar Michael Kozono
Browse files

Specify new Git-LFS-over-HTTP behavior 

Changes to `GitHttpClientController`’s authentication logic caused this behavior change.

The old 401 Unauthorized statuses didn’t cause any harm, but they weren’t quite as accurate as the new behavior.
parent bad08fbe
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
spec/requests/lfs_http_spec.rb
+ 20
18
View file @ 9d78f835
@@ -759,8 +759,8 @@ describe 'Git LFS API and storage' do
context 'tries to push to own project' do
let(:build) { create(:ci_build, :running, pipeline: pipeline, user: user) }
 
it 'responds with 401' do
expect(response).to have_http_status(401)
it 'responds with 403 (not 404 because project is public)' do
expect(response).to have_http_status(403)
end
end
 
@@ -769,8 +769,9 @@ describe 'Git LFS API and storage' do
let(:pipeline) { create(:ci_empty_pipeline, project: other_project) }
let(:build) { create(:ci_build, :running, pipeline: pipeline, user: user) }
 
it 'responds with 401' do
expect(response).to have_http_status(401)
# I'm not sure what this tests that is different from the previous test
it 'responds with 403 (not 404 because project is public)' do
expect(response).to have_http_status(403)
end
end
end
@@ -778,8 +779,8 @@ describe 'Git LFS API and storage' do
context 'does not have user' do
let(:build) { create(:ci_build, :running, pipeline: pipeline) }
 
it 'responds with 401' do
expect(response).to have_http_status(401)
it 'responds with 403 (not 404 because project is public)' do
expect(response).to have_http_status(403)
end
end
end
@@ -979,8 +980,8 @@ describe 'Git LFS API and storage' do
put_authorize
end
 
it 'responds with 401' do
expect(response).to have_http_status(401)
it 'responds with 403 (not 404 because the build user can read the project)' do
expect(response).to have_http_status(403)
end
end
 
@@ -993,8 +994,8 @@ describe 'Git LFS API and storage' do
put_authorize
end
 
it 'responds with 401' do
expect(response).to have_http_status(401)
it 'responds with 404 (do not leak non-public project existence)' do
expect(response).to have_http_status(404)
end
end
end
@@ -1006,8 +1007,8 @@ describe 'Git LFS API and storage' do
put_authorize
end
 
it 'responds with 401' do
expect(response).to have_http_status(401)
it 'responds with 404 (do not leak non-public project existence)' do
expect(response).to have_http_status(404)
end
end
end
@@ -1079,8 +1080,8 @@ describe 'Git LFS API and storage' do
context 'tries to push to own project' do
let(:build) { create(:ci_build, :running, pipeline: pipeline, user: user) }
 
it 'responds with 401' do
expect(response).to have_http_status(401)
it 'responds with 403 (not 404 because project is public)' do
expect(response).to have_http_status(403)
end
end
 
@@ -1089,8 +1090,9 @@ describe 'Git LFS API and storage' do
let(:pipeline) { create(:ci_empty_pipeline, project: other_project) }
let(:build) { create(:ci_build, :running, pipeline: pipeline, user: user) }
 
it 'responds with 401' do
expect(response).to have_http_status(401)
# I'm not sure what this tests that is different from the previous test
it 'responds with 403 (not 404 because project is public)' do
expect(response).to have_http_status(403)
end
end
end
@@ -1098,8 +1100,8 @@ describe 'Git LFS API and storage' do
context 'does not have user' do
let(:build) { create(:ci_build, :running, pipeline: pipeline) }
 
it 'responds with 401' do
expect(response).to have_http_status(401)
it 'responds with 403 (not 404 because project is public)' do
expect(response).to have_http_status(403)
end
end
end
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment