Commit ccb6b0fc authored by Thong Kuah's avatar Thong Kuah

Fix HTTP status code for agent tokens that are invalid or missing

parent a853e5ad
......@@ -38,16 +38,16 @@ RSpec.describe API::Internal::Kubernetes do
end
shared_examples 'agent authentication' do
it 'returns 403 if Authorization header not sent' do
it 'returns 401 if Authorization header not sent' do
send_request
expect(response).to have_gitlab_http_status(:forbidden)
expect(response).to have_gitlab_http_status(:unauthorized)
end
it 'returns 403 if Authorization is for non-existent agent' do
it 'returns 401 if Authorization is for non-existent agent' do
send_request(headers: { 'Authorization' => 'Bearer NONEXISTENT' })
expect(response).to have_gitlab_http_status(:forbidden)
expect(response).to have_gitlab_http_status(:unauthorized)
end
end
......
......@@ -13,7 +13,7 @@ module API
helpers do
def authenticate_gitlab_kas_request!
unauthorized! unless Gitlab::Kas.verify_api_request(headers)
render_api_error!('KAS JWT authentication invalid', 401) unless Gitlab::Kas.verify_api_request(headers)
end
def agent_token
......@@ -51,7 +51,7 @@ module API
end
def check_agent_token
forbidden! unless agent_token
unauthorized! unless agent_token
forbidden! unless Gitlab::Kas.included_in_gitlab_com_rollout?(agent.project)
......
......@@ -38,16 +38,16 @@ RSpec.describe API::Internal::Kubernetes do
end
shared_examples 'agent authentication' do
it 'returns 403 if Authorization header not sent' do
it 'returns 401 if Authorization header not sent' do
send_request
expect(response).to have_gitlab_http_status(:forbidden)
expect(response).to have_gitlab_http_status(:unauthorized)
end
it 'returns 403 if Authorization is for non-existent agent' do
it 'returns 401 if Authorization is for non-existent agent' do
send_request(headers: { 'Authorization' => 'Bearer NONEXISTENT' })
expect(response).to have_gitlab_http_status(:forbidden)
expect(response).to have_gitlab_http_status(:unauthorized)
end
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment