Merge branch '521696-authenticate-header' into 'master'

Maven virtual registry: add the authenticate header in the unauthorized response

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/182919



Merged-by: Piotr Skorupa <pskorupa@gitlab.com>
Approved-by: Moaz Khalifa <mkhalifa@gitlab.com>
Approved-by: Piotr Skorupa <pskorupa@gitlab.com>
Reviewed-by: Moaz Khalifa <mkhalifa@gitlab.com>
Co-authored-by: David Fernandez <dfernandez@gitlab.com>

lib/api/virtual_registries/packages/maven/endpoints.rb

@@ -12,6 +12,9 @@ class Endpoints < ::API::Base
           feature_category :virtual_registry
           urgency :low
 
+          AUTHENTICATE_REALM_HEADER = 'WWW-Authenticate'
+          AUTHENTICATE_REALM_NAME = 'Basic realm="GitLab Virtual Registry"'
+
           SHA1_CHECKSUM_HEADER = 'x-checksum-sha1'
           MD5_CHECKSUM_HEADER = 'x-checksum-md5'
 
@@ -50,6 +53,12 @@ def download_file_extra_response_headers(action_params:)
               }
             end
 
+            # override from api helpers unauthorized! function
+            def unauthorized!(reason = nil)
+              header(AUTHENTICATE_REALM_HEADER, AUTHENTICATE_REALM_NAME)
+              super
+            end
+
             params :id_and_path do
               requires :id,
                 type: Integer,

spec/requests/api/virtual_registries/packages/maven/endpoints_spec.rb

@@ -199,6 +199,18 @@
       it_behaves_like 'maven virtual registry disabled dependency proxy'
     end
 
+    context 'with no user' do
+      let(:headers) { {} }
+
+      it 'returns unauthorized with the www-authenticate header' do
+        request
+
+        expect(response).to have_gitlab_http_status(:unauthorized)
+        expect(response.headers[described_class::AUTHENTICATE_REALM_HEADER])
+          .to eq(described_class::AUTHENTICATE_REALM_NAME)
+      end
+    end
+
     it_behaves_like 'maven virtual registry not authenticated user'
   end