Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Return 404 from Contents API when items don't exist #10323

Merged
merged 17 commits into from
Apr 15, 2020
Merged

Return 404 from Contents API when items don't exist #10323

merged 17 commits into from
Apr 15, 2020

Conversation

zeripath
Copy link
Contributor

This may technically be a breaking change but I think the current API is wrong enough that we should be returning 404.

@zeripath zeripath added type/bug modifies/api This PR adds API routes or modifies them labels Feb 17, 2020
@zeripath zeripath added this to the 1.12.0 milestone Feb 17, 2020
@zeripath
Copy link
Contributor Author

If course I now need to fix the tests which expect 500

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Feb 17, 2020
@lunny lunny added the pr/breaking Merging this PR means builds will break. Needs a description what exactly breaks, and how to fix it! label Feb 18, 2020
@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Feb 19, 2020
@6543
Copy link
Member

6543 commented Feb 19, 2020

@zeripath now only test-change is left

@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Feb 20, 2020
sapk
sapk reviewed Feb 21, 2020
View reviewed changes
routers/api/v1/repo/file.go

if !CanWriteFiles(ctx.Repo) {
ctx.Error(http.StatusInternalServerError, "DeleteFile", models.ErrUserDoesNotHaveAccessToRepo{
ctx.Error(http.StatusForbidden, "DeleteFile", models.ErrUserDoesNotHaveAccessToRepo{
Copy link
Member

@sapk sapk Feb 21, 2020
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I hesitate to think this should maybe kept as StatusInternalServerError to limit repo discovery.

In case you want to keep StatusForbidden you need to also update the others requests for consistency.
Like https://github.com/go-gitea/gitea/pull/10323/files#diff-f94444002d94f8c2766292e69cefbee2R466

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you have read only access it should be forbidden status, in case you don't have any access it should be not found status but not internal server error

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In order to get to DeleteFile you have to pass:

						m.Delete("", bind(api.DeleteFileOptions{}), repo.DeleteFile)
					}, reqRepoWriter(models.UnitTypeCode), reqToken())
				}, reqRepoReader(models.UnitTypeCode))
...
			}, repoAssignment())

CanWriteFiles does the following in addition:

// CanWriteFiles returns true if repository is editable and user has proper access level.
func CanWriteFiles(r *context.Repository) bool {
	return r.Permission.CanWrite(models.UnitTypeCode) && !r.Repository.IsMirror && !r.Repository.IsArchived
}

Therefore HttpStatusForbidden or HttpBadRequest are the correct statuses not 404 nor 500.

@6543
Copy link
Member

6543 commented Feb 22, 2020

@zeripath pleace adjust Tests:

  • TestAPIDeleteFile (api_repo_file_delete_test.go:41) Status: 400
  • TestAPIGetContentsList (api_repo_get_contents_list_test.go:51) Status: 404 (&dont check msg)
  • TestAPIGetContents (api_repo_get_contents_test.go:52) Status: 404 (&dont check msg)

6543
6543 reviewed Apr 1, 2020
View reviewed changes
routers/api/v1/repo/file.go Outdated Show resolved Hide resolved
@6543
Copy link
Member

6543 commented Apr 1, 2020

@zeripath send fix for this pr: zeripath#3

@6543
Copy link
Member

6543 commented Apr 6, 2020

@zeripath sorry missed to remove unused imports: zeripath#4

@zeripath
Copy link
Contributor Author

zeripath commented Apr 6, 2020

@6543 just fixed it.

@6543
Copy link
Member

6543 commented Apr 6, 2020 

api_repo_file_delete_test.go:113:
--
196 | Error Trace:	integration_test.go:400
197 | integration_test.go:258
198 | api_repo_file_delete_test.go:113
199 | git_helper_for_declarative_test.go:108
200 | api_repo_file_delete_test.go:39
201 | Error:      	Not equal:
202 | expected: 404
203 | actual  : 400
204 | Test:       	TestAPIDeleteFile
205 | Messages:   	Request: DELETE /api/v1/repos/user2/repo1/contents/delete/file5.txt?token=d289564555043a69039c84e140f71712bfb234b2
206 | api_repo_file_delete_test.go:113: Response: {"message":"sha does not match [given: badsha, expected: 103ff9234cefeee5ec5361d22b49fbb04d385885]","url":"http://localhost:3001/api/swagger"}

It just takes no end :/

@zeripath
Copy link
Contributor Author

zeripath commented Apr 6, 2020

It appears the whole test just needs rewriting unfortunately.

This is why I prefer declarative tests which say what they're doing - much easier to write, add to and change.

@6543
Copy link
Member

6543 commented Apr 13, 2020
edited

@zeripath can you apply my latest suggestion and update branch afterwards?

@6543
Copy link
Member

6543 commented Apr 14, 2020

worked 🎉 - so its ready to merge 🚀

@guillep2k
Copy link
Member

Ping LG-TM

@guillep2k guillep2k merged commit 2e85ad6 into go-gitea:master Apr 15, 2020
@zeripath zeripath deleted the contents-api-should-return-404-on-not-found branch April 15, 2020 10:20
@zeripath zeripath changed the title Contents API should return 404 on not exist Return 404 from Contents API when items don't exist May 17, 2020
@zeripath zeripath mentioned this pull request May 17, 2020
Merged
ydelafollye pushed a commit to ydelafollye/gitea that referenced this pull request Jul 31, 2020
@zeripath @techknowlogick
@sapk @6543 @guillep2k
Contents API should return 404 on not exist (go-gitea#10323)
a76cb99 
* Return 404 on not exist

* swagger update and use git.IsErrNotExist

* Handle delete too

* Handle delete too x2

* Fix pr 10323 (go-gitea#3)

* fix TESTS

* leafe a note for fututre

* placate golangci-lint

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update integrations/api_repo_file_delete_test.go

Co-Authored-By: 6543 <6543@obermui.de>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Antoine GIRARD <sapk@users.noreply.github.com>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
@go-gitea go-gitea locked and limited conversation to collaborators Nov 24, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@lafriks lafriks lafriks left review comments

@sapk sapk sapk approved these changes

@6543 6543 6543 approved these changes

@guillep2k guillep2k guillep2k approved these changes

Assignees
No one assigned
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. modifies/api This PR adds API routes or modifies them pr/breaking Merging this PR means builds will break. Needs a description what exactly breaks, and how to fix it! type/bug
Projects
None yet
Milestone
1.12.0
Development

Successfully merging this pull request may close these issues.

None yet
8 participants
@zeripath @6543 @guillep2k @lafriks @sapk @lunny @GiteaBot @techknowlogick