Merge branch 'git-http-push-check' into 'master'

Stop 'git push' over HTTP early Before this change we always let users push Git data over HTTP before deciding whether to accept to push. This was different from pushing over SSH where we terminate a 'git push' early if we already know the user is not allowed to push. This change let Git over HTTP follow the same behavior as Git over SSH. We also distinguish between HTTP 404 and 403 responses when denying Git requests, depending on whether the user is allowed to know the project exists. See merge request !5639
author: Robert Speicher <robert@gitlab.com> 2016-08-08 19:23:31 +0000
committer: Robert Speicher <robert@gitlab.com> 2016-08-08 19:23:31 +0000
commit: 86c081f71fabbc5877b415031855df2d83e9c64c (patch)
tree: 706c0f78361008b68ad6ec14cd20dbb6758116b4 /spec/requests/git_http_spec.rb
parent: c9240d91b04fa5c7376dc2bc257da41f32468cdc (diff)
parent: e55e224cd9d5dfb3fc351374a0cd4620f8e845b9 (diff)
download: gitlab-ce-86c081f71fabbc5877b415031855df2d83e9c64c.tar.gz
1 files changed, 5 insertions, 5 deletions
diff --git a/spec/requests/git_http_spec.rb b/spec/requests/git_http_spec.rb
index 022781d8696..8537c252b58 100644
--- a/spec/requests/git_http_spec.rb
+++ b/spec/requests/git_http_spec.rb
@@ -75,9 +75,9 @@ describe 'Git HTTP requests', lib: true do
       context "with correct credentials" do
         let(:env) { { user: user.username, password: user.password } }
 
-        it "uploads get status 200 (because Git hooks do the real check)" do
+        it "uploads get status 403" do
           upload(path, env) do |response|
-            expect(response).to have_http_status(200)
+            expect(response).to have_http_status(403)
           end
         end
 
@@ -86,7 +86,7 @@ describe 'Git HTTP requests', lib: true do
             allow(Gitlab.config.gitlab_shell).to receive(:receive_pack).and_return(false)
 
             upload(path, env) do |response|
-              expect(response).to have_http_status(404)
+              expect(response).to have_http_status(403)
             end
           end
         end
@@ -236,9 +236,9 @@ describe 'Git HTTP requests', lib: true do
               end
             end
 
-            it "uploads get status 200 (because Git hooks do the real check)" do
+            it "uploads get status 404" do
               upload(path, user: user.username, password: user.password) do |response|
-                expect(response).to have_http_status(200)
+                expect(response).to have_http_status(404)
               end
             end
           end
author	Robert Speicher <robert@gitlab.com>	2016-08-08 19:23:31 +0000
committer	Robert Speicher <robert@gitlab.com>	2016-08-08 19:23:31 +0000
commit	86c081f71fabbc5877b415031855df2d83e9c64c (patch)
tree	706c0f78361008b68ad6ec14cd20dbb6758116b4 /spec/requests/git_http_spec.rb
parent	c9240d91b04fa5c7376dc2bc257da41f32468cdc (diff)
parent	e55e224cd9d5dfb3fc351374a0cd4620f8e845b9 (diff)
download	gitlab-ce-86c081f71fabbc5877b415031855df2d83e9c64c.tar.gz