Refactor logic to avoid existence leak

author: Tuomo Ala-Vannesluoma <tuomoav@gmail.com> 2018-06-20 22:05:46 +0300
committer: Tuomo Ala-Vannesluoma <tuomoav@gmail.com> 2018-06-30 22:51:43 +0300
commit: 01be853119e87fe56e25901e0c95d92e869f8d52 (patch)
tree: 94ec96af820fc709baa307239506d5e688313748 /acceptance_test.go
parent: a74388ede02f148bb4c39feaed0aff11821ae517 (diff)
1 files changed, 11 insertions, 1 deletions
diff --git a/acceptance_test.go b/acceptance_test.go
index 680eae5a..06fab950 100644
--- a/acceptance_test.go
+++ b/acceptance_test.go
@@ -678,6 +678,9 @@ func TestAccessControl(t *testing.T) {
 			assert.Equal(t, "POST", r.Method)
 			w.WriteHeader(http.StatusOK)
 			fmt.Fprint(w, "{\"access_token\":\"abc\"}")
+		case "/api/v4/projects":
+			assert.Equal(t, "Bearer abc", r.Header.Get("Authorization"))
+			w.WriteHeader(http.StatusOK)
 		case "/api/v4/projects/1000":
 			assert.Equal(t, "Bearer abc", r.Header.Get("Authorization"))
 			w.WriteHeader(http.StatusOK)
@@ -712,7 +715,7 @@ func TestAccessControl(t *testing.T) {
 		{
 			"group.gitlab-example.com",
 			"/private.project.1/",
-			http.StatusUnauthorized,
+			http.StatusNotFound, // Do not expose project existed
 			false,
 			"project without access",
 		},
@@ -723,6 +726,13 @@ func TestAccessControl(t *testing.T) {
 			true,
 			"invalid token test should redirect back",
 		},
+		{
+			"group.gitlab-example.com",
+			"/nonexistent/",
+			http.StatusNotFound,
+			false,
+			"no project should redirect to login and then return 404",
+		},
 	}
 
 	testServer.Start()
author	Tuomo Ala-Vannesluoma <tuomoav@gmail.com>	2018-06-20 22:05:46 +0300
committer	Tuomo Ala-Vannesluoma <tuomoav@gmail.com>	2018-06-30 22:51:43 +0300
commit	01be853119e87fe56e25901e0c95d92e869f8d52 (patch)
tree	94ec96af820fc709baa307239506d5e688313748 /acceptance_test.go
parent	a74388ede02f148bb4c39feaed0aff11821ae517 (diff)