From 6c0de46aefcdeb8613bd3ecced2955cea363ca3c Mon Sep 17 00:00:00 2001
From: Vasilii Iakliushin <viakliushin@gitlab.com>
Date: Sun, 6 Oct 2024 20:06:01 +0200
Subject: [PATCH] Remove `go_get_handle_401_error` feature flag

Contributes to https://gitlab.com/gitlab-org/gitlab/-/issues/496539

**Original problem**

Self-managed instances that restricted password authentication for Git
over HTTP(S) started to receive 401 error code for `go-get=1` requests
from go toolchain.

The reason is a missing return for the case when request doesn't have
basic credentials.

It was introduced in
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/161162.

**Solution**

Restore check for missing basic credentials and add a test case.

Changelog: fixed
---
 .../gitlab_com_derisk/go_get_handle_401_error.yml     |  9 ---------
 lib/gitlab/middleware/go.rb                           |  5 +----
 spec/lib/gitlab/middleware/go_spec.rb                 | 11 -----------
 3 files changed, 1 insertion(+), 24 deletions(-)
 delete mode 100644 config/feature_flags/gitlab_com_derisk/go_get_handle_401_error.yml

diff --git a/config/feature_flags/gitlab_com_derisk/go_get_handle_401_error.yml b/config/feature_flags/gitlab_com_derisk/go_get_handle_401_error.yml
deleted file mode 100644
index 237eaaaf5888e..0000000000000
--- a/config/feature_flags/gitlab_com_derisk/go_get_handle_401_error.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-name: go_get_handle_401_error
-feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/493732
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/167640
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/496539
-milestone: '17.5'
-group: group::source code
-type: gitlab_com_derisk
-default_enabled: false
diff --git a/lib/gitlab/middleware/go.rb b/lib/gitlab/middleware/go.rb
index ef8004f73d363..e9f0732df6f70 100644
--- a/lib/gitlab/middleware/go.rb
+++ b/lib/gitlab/middleware/go.rb
@@ -130,10 +130,7 @@ def project_for_path(path_info)
       # can_read_project? checks if the request's credentials have read access to the project
       def can_read_project?(request, project)
         return true if project.public?
-
-        if Feature.enabled?(:go_get_handle_401_error, Feature.current_request) && !has_basic_credentials?(request)
-          return false
-        end
+        return false unless has_basic_credentials?(request)
 
         login, password = user_name_and_password(request)
         auth_result = Gitlab::Auth.find_for_git_client(login, password, project: project, request: request)
diff --git a/spec/lib/gitlab/middleware/go_spec.rb b/spec/lib/gitlab/middleware/go_spec.rb
index ace21ba91338d..584bcebd5ce83 100644
--- a/spec/lib/gitlab/middleware/go_spec.rb
+++ b/spec/lib/gitlab/middleware/go_spec.rb
@@ -69,17 +69,6 @@
                   it 'returns the 2-segment path' do
                     expect_response_with_path(go, enabled_protocol, project.full_path)
                   end
-
-                  context 'when "go_get_handle_401_error" feature flag disabled' do
-                    before do
-                      stub_feature_flags(go_get_handle_401_error: false)
-                    end
-
-                    it 'returns 401 error response' do
-                      response = go
-                      expect(response[0]).to eq(401)
-                    end
-                  end
                 end
               end
 
-- 
GitLab