Improve error message for anonymous calls to label REST endpoints

At the moment anonymous requests fail with an AuthException saying that read/write permissions for refs/meta/config are missing. It's better to make it explicit that the request is rejected because it was anonymous, as it happens often that users are unaware that they made an anonymous call and then they wonder why it complains about permissions that they actually have. Signed-off-by: Edwin Kempin <ekempin@google.com> Change-Id: I10a393813210ac8c57307d1781814a8f3dd88e85
2019-10-28 09:00:12 +01:00
parent a020d26f4c
commit af3e24d6bc
8 changed files with 81 additions and 1 deletions
--- a/javatests/com/google/gerrit/acceptance/rest/project/CreateLabelIT.java
+++ b/javatests/com/google/gerrit/acceptance/rest/project/CreateLabelIT.java
@@ -41,6 +41,20 @@ public class CreateLabelIT extends AbstractDaemonTest {
  @Inject private RequestScopeOperations requestScopeOperations;
  @Inject private ProjectOperations projectOperations;

+  @Test
+  public void anonymous() throws Exception {
+    requestScopeOperations.setApiUserAnonymous();
+    AuthException thrown =
+        assertThrows(
+            AuthException.class,
+            () ->
+                gApi.projects()
+                    .name(project.get())
+                    .label("Foo-Review")
+                    .create(new LabelDefinitionInput()));
+    assertThat(thrown).hasMessageThat().contains("Authentication required");
+  }
+
  @Test
  public void notAllowed() throws Exception {
    projectOperations
--- a/javatests/com/google/gerrit/acceptance/rest/project/GetLabelIT.java
+++ b/javatests/com/google/gerrit/acceptance/rest/project/GetLabelIT.java
@@ -33,6 +33,16 @@ import org.junit.Test;
 public class GetLabelIT extends AbstractDaemonTest {
  @Inject private RequestScopeOperations requestScopeOperations;

+  @Test
+  public void anonymous() throws Exception {
+    requestScopeOperations.setApiUserAnonymous();
+    AuthException thrown =
+        assertThrows(
+            AuthException.class,
+            () -> gApi.projects().name(allProjects.get()).label("Code-Review").get());
+    assertThat(thrown).hasMessageThat().contains("Authentication required");
+  }
+
  @Test
  public void notAllowed() throws Exception {
    requestScopeOperations.setApiUser(user.id());
--- a/javatests/com/google/gerrit/acceptance/rest/project/ListLabelsIT.java
+++ b/javatests/com/google/gerrit/acceptance/rest/project/ListLabelsIT.java
@@ -42,6 +42,14 @@ public class ListLabelsIT extends AbstractDaemonTest {
  @Inject private RequestScopeOperations requestScopeOperations;
  @Inject private ProjectOperations projectOperations;

+  @Test
+  public void anonymous() throws Exception {
+    requestScopeOperations.setApiUserAnonymous();
+    AuthException thrown =
+        assertThrows(AuthException.class, () -> gApi.projects().name(project.get()).labels().get());
+    assertThat(thrown).hasMessageThat().contains("Authentication required");
+  }
+
  @Test
  public void notAllowed() throws Exception {
    requestScopeOperations.setApiUser(user.id());
--- a/javatests/com/google/gerrit/acceptance/rest/project/SetLabelIT.java
+++ b/javatests/com/google/gerrit/acceptance/rest/project/SetLabelIT.java
@@ -44,6 +44,20 @@ public class SetLabelIT extends AbstractDaemonTest {
  @Inject private RequestScopeOperations requestScopeOperations;
  @Inject private ProjectOperations projectOperations;

+  @Test
+  public void anonymous() throws Exception {
+    requestScopeOperations.setApiUserAnonymous();
+    AuthException thrown =
+        assertThrows(
+            AuthException.class,
+            () ->
+                gApi.projects()
+                    .name(allProjects.get())
+                    .label("Code-Review")
+                    .update(new LabelDefinitionInput()));
+    assertThat(thrown).hasMessageThat().contains("Authentication required");
+  }
+
  @Test
  public void notAllowed() throws Exception {
    projectOperations