[rubygems/rubygems] Bad auth should not fallback either

rubygems/rubygems@ba3ea27869
ruby · Aug 16, 2023 · e678aff · e678aff
1 parent c076ac8
commit e678aff
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 1 deletion.
diff --git a/lib/bundler/fetcher/compact_index.rb b/lib/bundler/fetcher/compact_index.rb
@@ -15,7 +15,7 @@ def self.compact_index_request(method_name)
           method.bind(self).call(*args, &blk)
         rescue NetworkDownError, CompactIndexClient::Updater::MisMatchedChecksumError => e
           raise HTTPError, e.message
-        rescue AuthenticationRequiredError
+        rescue AuthenticationRequiredError, BadAuthenticationError
           # Fail since we got a 401 from the server.
           raise
         rescue HTTPError => e

diff --git a/spec/bundler/install/gems/compact_index_spec.rb b/spec/bundler/install/gems/compact_index_spec.rb
@@ -683,6 +683,15 @@ def require(*args)
         bundle :install, :artifice => "compact_index_strict_basic_authentication", :raise_on_error => false
         expect(err).to include("Bad username or password")
       end
+
+      it "does not fallback to old dependency API if bad authentication is provided" do
+        bundle "config set #{source_hostname} #{user}:wrong"
+
+        bundle :install, :artifice => "compact_index_strict_basic_authentication", :raise_on_error => false, :verbose => true
+        expect(err).to include("Bad username or password")
+        expect(out).to include("HTTP 401 Unauthorized http://user@localgemserver.test/versions")
+        expect(out).not_to include("HTTP 401 Unauthorized http://user@localgemserver.test/api/v1/dependencies")
+      end
     end
 
     describe "with no password" do