Bug 1252824

Summary: [origin_devexp_555]The tip info is confusing when use invalid token to clone repo from origin-gitserver
Product: OKD Reporter: DeShuai Ma <dma>
Component: BuildAssignee: Cesar Wong <cewong>
Status: CLOSED CURRENTRELEASE QA Contact: Wenjing Zheng <wzheng>
Severity: low Docs Contact:
Priority: medium    
Version: 3.xCC: bparees, libra-bugs
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-05-12 17:16:13 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description DeShuai Ma 2015-08-12 09:58:35 UTC 
Description of problem:
When use invalid token to clone repo from origin-gitserver, it always tip http 500 error, the tip info is confusing.

Version-Release number of selected component (if applicable):
openshift v1.0.4-184-gc5f08bc-dirty
kubernetes v1.1.0-alpha.0-1155-gb73c53c

How reproducible:
Always

Steps to Reproduce:
1.Config gitserver to use token to auth
$ cat examples/gitserver/gitserver.yaml
---skip---
- name: REQUIRE_SERVER_AUTH
  value: "-"

2.Deploy a private gitserver
$ oc create -f gitserver.yaml -n dma1

3.Input invalid token(password) to clone the repo from origin-gitserver
[fedora@ip-10-154-3-36 ruby-sample-build]$ git clone http://172.30.215.113:8080/test.git
Cloning into 'test'...
Username for 'http://172.30.215.113:8080': dma
Password for 'http://dma@172.30.215.113:8080': 
remote: the server has asked for the client to provide credentials (post subjectAccessReviews)
fatal: unable to access 'http://172.30.215.113:8080/test.git/': The requested URL returned error: 500

Actual results:
3. The tip info is error 500, it's confusing

Expected results:
3. It should tip Forbidden or the token is invalid.

Additional info:
Comment 1 Clayton Coleman 2015-08-21 02:52:53 UTC 
Hrm - the default token should let us perform SARs.
Comment 2 DeShuai Ma 2015-09-11 07:00:23 UTC 
On ose env, always fail with 500 error, even use correct token.
[root@openshift-106 gitserver]# git clone http://172.30.224.220:8080/test.git
Cloning into 'test'...
Username for 'http://172.30.224.220:8080': dma
Password for 'http://dma@172.30.224.220:8080': 
fatal: unable to access 'http://172.30.224.220:8080/test.git/': The requested URL returned error: 500
Comment 3 Cesar Wong 2015-11-19 19:08:09 UTC 
PR https://github.com/openshift/origin/pull/5894
Comment 4 DeShuai Ma 2015-11-20 02:13:11 UTC 
[fedora@ip-172-18-9-199 sample-app]$ openshift version
openshift v1.1-60-g0411059
kubernetes v1.1.0-origin-1107-g4c8e6f4
etcd 2.1.2

[fedora@ip-172-18-9-199 sample-app]$ git clone http://172.30.91.206:8080/test.git
Cloning into 'test'...
Username for 'http://172.30.91.206:8080': dma
Password for 'http://dma@172.30.91.206:8080': 
remote: the server has asked for the client to provide credentials (post localSubjectAccessReviews)
fatal: Authentication failed for 'http://172.30.91.206:8080/test.git/'