Ensure /api/v4/allowed response handled correctly154-ensure-http-status-codes-are-integers-add-missing-specs-for-various-handled-http-status-code

* Ideally response Content-Type is application/json, which is explicitly checked
* It's also possible that responses of Content-Types text/html and text/plain can be returned and so we handle these also
* Add/use CONTENT_TYPE_JSON constant
* Add/use API_INACCESSIBLE_MESSAGE constant

16 files changed, 605 insertions, 17 deletions

diff --git a/lib/action/custom.rb b/lib/action/custom.rb
index ba0e650..c781f00 100644
--- a/lib/action/custom.rb
+++ b/lib/action/custom.rb
@@ -13,7 +13,7 @@ module Action
     class UnsuccessfulError < BaseError; end
 
     NO_MESSAGE_TEXT = 'No message'.freeze
-    DEFAULT_HEADERS = { 'Content-Type' => 'application/json' }.freeze
+    DEFAULT_HEADERS = { 'Content-Type' => CONTENT_TYPE_JSON }.freeze
 
     def initialize(gl_id, payload)
       @gl_id = gl_id
diff --git a/lib/gitlab_net.rb b/lib/gitlab_net.rb
index 57ae452..b460f46 100644
--- a/lib/gitlab_net.rb
+++ b/lib/gitlab_net.rb
@@ -14,6 +14,7 @@ class GitlabNet # rubocop:disable Metrics/ClassLength
   class NotFound < StandardError; end
 
   CHECK_TIMEOUT = 5
+  API_INACCESSIBLE_MESSAGE = 'API is not accessible'.freeze
 
   def check_access(cmd, gl_repository, repo, who, changes, protocol, env: {})
     changes = changes.join("\n") unless changes.is_a?(String)
@@ -33,12 +34,15 @@ class GitlabNet # rubocop:disable Metrics/ClassLength
     url = "#{internal_api_endpoint}/allowed"
     resp = post(url, params)
 
-    case resp.code
-    when HTTP_SUCCESS, HTTP_MULTIPLE_CHOICES, HTTP_UNAUTHORIZED, HTTP_NOT_FOUND
-      GitAccessStatus.create_from_json(resp.body, resp.code)
-    else
-      GitAccessStatus.new(false, resp.code, 'API is not accessible')
+    case resp
+    when Net::HTTPSuccess, Net::HTTPMultipleChoices, Net::HTTPUnauthorized,
+         Net::HTTPNotFound
+      if resp.content_type == CONTENT_TYPE_JSON
+        return GitAccessStatus.create_from_json(resp.body, resp.code)
+      end
     end
+
+    GitAccessStatus.new(false, resp.code, API_INACCESSIBLE_MESSAGE)
   end
 
   def discover(who)
diff --git a/lib/http_helper.rb b/lib/http_helper.rb
index 55c504c..a7e7b23 100644
--- a/lib/http_helper.rb
+++ b/lib/http_helper.rb
@@ -6,6 +6,7 @@ module HTTPHelper
   include HTTPCodes
 
   READ_TIMEOUT = 300
+  CONTENT_TYPE_JSON = 'application/json'.freeze
 
   protected
 
diff --git a/spec/gitlab_net_spec.rb b/spec/gitlab_net_spec.rb
index a207ae0..0656084 100644
--- a/spec/gitlab_net_spec.rb
+++ b/spec/gitlab_net_spec.rb
@@ -3,6 +3,8 @@ require_relative '../lib/gitlab_net'
 require_relative '../lib/gitlab_access_status'
 
 describe GitlabNet, vcr: true do
+  using RSpec::Parameterized::TableSyntax
+
   let(:gitlab_net) { described_class.new }
   let(:changes) { ['0000000000000000000000000000000000000000 92d0970eefd7acb6d548878925ce2208cfe2d2ec refs/heads/branch4'] }
   let(:base_api_endpoint) { 'http://localhost:3000/api/v4' }
@@ -273,6 +275,27 @@ describe GitlabNet, vcr: true do
         end
       end
 
+      context 'but project not found' do
+        where(:desc, :cassette, :message) do
+          'deny push access for host'                                        | 'allowed-push-project-not-found'                | 'The project you were looking for could not be found.'
+          'deny push access for host (when text/html)'                       | 'allowed-push-project-not-found-text-html'      | 'API is not accessible'
+          'deny push access for host (when text/plain)'                      | 'allowed-push-project-not-found-text-plain'     | 'API is not accessible'
+          'deny push access for host (when 404 is returned)'                 | 'allowed-push-project-not-found-404'            | 'The project you were looking for could not be found.'
+          'deny push access for host (when 404 is returned with text/html)'  | 'allowed-push-project-not-found-404-text-html'  | 'API is not accessible'
+          'deny push access for host (when 404 is returned with text/plain)' | 'allowed-push-project-not-found-404-text-plain' | 'API is not accessible'
+        end
+
+        with_them do
+          it 'should deny push access for host' do
+            VCR.use_cassette(cassette) do
+              access = gitlab_net.check_access('git-receive-pack', nil, project, key, changes, 'ssh')
+              expect(access.allowed?).to be_falsey
+              expect(access.message).to eql(message)
+            end
+          end
+        end
+      end
+
       it 'adds the secret_token to the request' do
         VCR.use_cassette("allowed-push") do
           expect_any_instance_of(Net::HTTP::Post).to receive(:set_form_data).with(hash_including(secret_token: secret))
@@ -325,17 +348,24 @@ describe GitlabNet, vcr: true do
     end
 
     context 'ssh key without access to project' do
-      it 'should deny push access for host' do
-        VCR.use_cassette("ssh-push-project-denied") do
-          access = gitlab_net.check_access('git-receive-pack', nil, project, key2, changes, 'ssh')
-          expect(access.allowed?).to be_falsey
-        end
-      end
-
-      it 'should deny pull access for host' do
-        VCR.use_cassette("ssh-pull-project-denied") do
-          access = gitlab_net.check_access('git-upload-pack', nil, project, key2, changes, 'ssh')
-          expect(access.allowed?).to be_falsey
+      where(:desc, :cassette, :message) do
+        'deny push access for host'                                        | 'ssh-push-project-denied'                | 'Git access over SSH is not allowed'
+        'deny push access for host (when 401 is returned)'                 | 'ssh-push-project-denied-401'            | 'Git access over SSH is not allowed'
+        'deny push access for host (when 401 is returned with text/html)'  | 'ssh-push-project-denied-401-text-html'  | 'API is not accessible'
+        'deny push access for host (when 401 is returned with text/plain)' | 'ssh-push-project-denied-401-text-plain' | 'API is not accessible'
+        'deny pull access for host'                                        | 'ssh-pull-project-denied'                | 'Git access over SSH is not allowed'
+        'deny pull access for host (when 401 is returned)'                 | 'ssh-pull-project-denied-401'            | 'Git access over SSH is not allowed'
+        'deny pull access for host (when 401 is returned with text/html)'  | 'ssh-pull-project-denied-401-text-html'  | 'API is not accessible'
+        'deny pull access for host (when 401 is returned with text/plain)' | 'ssh-pull-project-denied-401-text-plain' | 'API is not accessible'
+      end
+
+      with_them do
+        it 'should deny push access for host' do
+          VCR.use_cassette(cassette) do
+            access = gitlab_net.check_access('git-receive-pack', nil, project, key2, changes, 'ssh')
+            expect(access.allowed?).to be_falsey
+            expect(access.message).to eql(message)
+          end
         end
       end
 
@@ -343,6 +373,7 @@ describe GitlabNet, vcr: true do
         VCR.use_cassette("ssh-pull-project-denied-with-user") do
           access = gitlab_net.check_access('git-upload-pack', nil, project, 'user-2', changes, 'ssh')
           expect(access.allowed?).to be_falsey
+          expect(access.message).to eql('Git access over SSH is not allowed')
         end
       end
     end
diff --git a/spec/vcr_cassettes/allowed-push-project-not-found-404-text-html.yml b/spec/vcr_cassettes/allowed-push-project-not-found-404-text-html.yml
new file mode 100644
index 0000000..4adb088
--- /dev/null
+++ b/spec/vcr_cassettes/allowed-push-project-not-found-404-text-html.yml
@@ -0,0 +1,46 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: http://localhost:3000/api/v4/internal/allowed
+    body:
+      encoding: US-ASCII
+      string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=1&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A
+    headers:
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+      User-Agent:
+      - Ruby
+      Content-Type:
+      - application/x-www-form-urlencoded
+  response:
+    status:
+      code: 404
+      message: Not Found
+    headers:
+      Cache-Control:
+      - max-age=0, private, must-revalidate
+      Content-Length:
+      - '155'
+      Content-Type:
+      - text/html
+      Date:
+      - Wed, 21 Jun 2017 10:44:52 GMT
+      Etag:
+      - W/"45654cae433b5a9c5fbba1d45d382e52"
+      Vary:
+      - Origin
+      X-Frame-Options:
+      - SAMEORIGIN
+      X-Request-Id:
+      - 8d4b8b06-fb6e-4f94-832f-72f8e0afad5f
+      X-Runtime:
+      - '0.289759'
+    body:
+      encoding: UTF-8
+      string: '<p>The project you were looking for could not be found.</p>'
+    http_version:
+  recorded_at: Wed, 21 Jun 2017 10:44:52 GMT
+recorded_with: VCR 2.4.0
diff --git a/spec/vcr_cassettes/allowed-push-project-not-found-404-text-plain.yml b/spec/vcr_cassettes/allowed-push-project-not-found-404-text-plain.yml
new file mode 100644
index 0000000..a84b7d2
--- /dev/null
+++ b/spec/vcr_cassettes/allowed-push-project-not-found-404-text-plain.yml
@@ -0,0 +1,46 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: http://localhost:3000/api/v4/internal/allowed
+    body:
+      encoding: US-ASCII
+      string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=1&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A
+    headers:
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+      User-Agent:
+      - Ruby
+      Content-Type:
+      - application/x-www-form-urlencoded
+  response:
+    status:
+      code: 404
+      message: Not Found
+    headers:
+      Cache-Control:
+      - max-age=0, private, must-revalidate
+      Content-Length:
+      - '155'
+      Content-Type:
+      - text/plain
+      Date:
+      - Wed, 21 Jun 2017 10:44:52 GMT
+      Etag:
+      - W/"45654cae433b5a9c5fbba1d45d382e52"
+      Vary:
+      - Origin
+      X-Frame-Options:
+      - SAMEORIGIN
+      X-Request-Id:
+      - 8d4b8b06-fb6e-4f94-832f-72f8e0afad5f
+      X-Runtime:
+      - '0.289759'
+    body:
+      encoding: UTF-8
+      string: 'The project you were looking for could not be found.'
+    http_version:
+  recorded_at: Wed, 21 Jun 2017 10:44:52 GMT
+recorded_with: VCR 2.4.0
diff --git a/spec/vcr_cassettes/allowed-push-project-not-found-404.yml b/spec/vcr_cassettes/allowed-push-project-not-found-404.yml
new file mode 100644
index 0000000..e531fcb
--- /dev/null
+++ b/spec/vcr_cassettes/allowed-push-project-not-found-404.yml
@@ -0,0 +1,46 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: http://localhost:3000/api/v4/internal/allowed
+    body:
+      encoding: US-ASCII
+      string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=1&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A
+    headers:
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+      User-Agent:
+      - Ruby
+      Content-Type:
+      - application/x-www-form-urlencoded
+  response:
+    status:
+      code: 404
+      message: Not Found
+    headers:
+      Cache-Control:
+      - max-age=0, private, must-revalidate
+      Content-Length:
+      - '155'
+      Content-Type:
+      - application/json
+      Date:
+      - Wed, 21 Jun 2017 10:44:52 GMT
+      Etag:
+      - W/"45654cae433b5a9c5fbba1d45d382e52"
+      Vary:
+      - Origin
+      X-Frame-Options:
+      - SAMEORIGIN
+      X-Request-Id:
+      - 8d4b8b06-fb6e-4f94-832f-72f8e0afad5f
+      X-Runtime:
+      - '0.289759'
+    body:
+      encoding: UTF-8
+      string: '{"status":false,"message":"The project you were looking for could not be found."}'
+    http_version:
+  recorded_at: Wed, 21 Jun 2017 10:44:52 GMT
+recorded_with: VCR 2.4.0
diff --git a/spec/vcr_cassettes/allowed-push-project-not-found-text-html.yml b/spec/vcr_cassettes/allowed-push-project-not-found-text-html.yml
new file mode 100644
index 0000000..b2738fe
--- /dev/null
+++ b/spec/vcr_cassettes/allowed-push-project-not-found-text-html.yml
@@ -0,0 +1,46 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: http://localhost:3000/api/v4/internal/allowed
+    body:
+      encoding: US-ASCII
+      string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=1&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A
+    headers:
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+      User-Agent:
+      - Ruby
+      Content-Type:
+      - application/x-www-form-urlencoded
+  response:
+    status:
+      code: 200
+      message: OK
+    headers:
+      Cache-Control:
+      - max-age=0, private, must-revalidate
+      Content-Length:
+      - '155'
+      Content-Type:
+      - text/html
+      Date:
+      - Wed, 21 Jun 2017 10:44:52 GMT
+      Etag:
+      - W/"45654cae433b5a9c5fbba1d45d382e52"
+      Vary:
+      - Origin
+      X-Frame-Options:
+      - SAMEORIGIN
+      X-Request-Id:
+      - 8d4b8b06-fb6e-4f94-832f-72f8e0afad5f
+      X-Runtime:
+      - '0.289759'
+    body:
+      encoding: UTF-8
+      string: '<p>The project you were looking for could not be found.</p>'
+    http_version:
+  recorded_at: Wed, 21 Jun 2017 10:44:52 GMT
+recorded_with: VCR 2.4.0
diff --git a/spec/vcr_cassettes/allowed-push-project-not-found-text-plain.yml b/spec/vcr_cassettes/allowed-push-project-not-found-text-plain.yml
new file mode 100644
index 0000000..34532ce
--- /dev/null
+++ b/spec/vcr_cassettes/allowed-push-project-not-found-text-plain.yml
@@ -0,0 +1,46 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: http://localhost:3000/api/v4/internal/allowed
+    body:
+      encoding: US-ASCII
+      string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=1&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A
+    headers:
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+      User-Agent:
+      - Ruby
+      Content-Type:
+      - application/x-www-form-urlencoded
+  response:
+    status:
+      code: 200
+      message: OK
+    headers:
+      Cache-Control:
+      - max-age=0, private, must-revalidate
+      Content-Length:
+      - '155'
+      Content-Type:
+      - text/plain
+      Date:
+      - Wed, 21 Jun 2017 10:44:52 GMT
+      Etag:
+      - W/"45654cae433b5a9c5fbba1d45d382e52"
+      Vary:
+      - Origin
+      X-Frame-Options:
+      - SAMEORIGIN
+      X-Request-Id:
+      - 8d4b8b06-fb6e-4f94-832f-72f8e0afad5f
+      X-Runtime:
+      - '0.289759'
+    body:
+      encoding: UTF-8
+      string: 'The project you were looking for could not be found.'
+    http_version:
+  recorded_at: Wed, 21 Jun 2017 10:44:52 GMT
+recorded_with: VCR 2.4.0
diff --git a/spec/vcr_cassettes/allowed-push-project-not-found.yml b/spec/vcr_cassettes/allowed-push-project-not-found.yml
new file mode 100644
index 0000000..f25fa7e
--- /dev/null
+++ b/spec/vcr_cassettes/allowed-push-project-not-found.yml
@@ -0,0 +1,46 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: http://localhost:3000/api/v4/internal/allowed
+    body:
+      encoding: US-ASCII
+      string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=1&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A
+    headers:
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+      User-Agent:
+      - Ruby
+      Content-Type:
+      - application/x-www-form-urlencoded
+  response:
+    status:
+      code: 200
+      message: OK
+    headers:
+      Cache-Control:
+      - max-age=0, private, must-revalidate
+      Content-Length:
+      - '155'
+      Content-Type:
+      - application/json
+      Date:
+      - Wed, 21 Jun 2017 10:44:52 GMT
+      Etag:
+      - W/"45654cae433b5a9c5fbba1d45d382e52"
+      Vary:
+      - Origin
+      X-Frame-Options:
+      - SAMEORIGIN
+      X-Request-Id:
+      - 8d4b8b06-fb6e-4f94-832f-72f8e0afad5f
+      X-Runtime:
+      - '0.289759'
+    body:
+      encoding: UTF-8
+      string: '{"status":false,"message":"The project you were looking for could not be found."}'
+    http_version:
+  recorded_at: Wed, 21 Jun 2017 10:44:52 GMT
+recorded_with: VCR 2.4.0
diff --git a/spec/vcr_cassettes/ssh-pull-project-denied-401-text-html.yml b/spec/vcr_cassettes/ssh-pull-project-denied-401-text-html.yml
new file mode 100644
index 0000000..d334108
--- /dev/null
+++ b/spec/vcr_cassettes/ssh-pull-project-denied-401-text-html.yml
@@ -0,0 +1,46 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: http://localhost:3000/api/v4/internal/allowed
+    body:
+      encoding: US-ASCII
+      string: action=git-upload-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=2&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A
+    headers:
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+      User-Agent:
+      - Ruby
+      Content-Type:
+      - application/x-www-form-urlencoded
+  response:
+    status:
+      code: 401
+      message: Unauthorized
+    headers:
+      Cache-Control:
+      - max-age=0, private, must-revalidate
+      Content-Length:
+      - '63'
+      Content-Type:
+      - text/html
+      Date:
+      - Wed, 21 Jun 2017 12:24:04 GMT
+      Etag:
+      - W/"76a32010244f80700d5e1ba8a55d094c"
+      Vary:
+      - Origin
+      X-Frame-Options:
+      - SAMEORIGIN
+      X-Request-Id:
+      - 8ce54f29-9ed0-46e5-aedb-37edaa3d52da
+      X-Runtime:
+      - '0.228256'
+    body:
+      encoding: UTF-8
+      string: '<p>Git access over SSH is not allowed</p>'
+    http_version:
+  recorded_at: Wed, 21 Jun 2017 12:24:04 GMT
+recorded_with: VCR 2.4.0
diff --git a/spec/vcr_cassettes/ssh-pull-project-denied-401-text-plain.yml b/spec/vcr_cassettes/ssh-pull-project-denied-401-text-plain.yml
new file mode 100644
index 0000000..e072493
--- /dev/null
+++ b/spec/vcr_cassettes/ssh-pull-project-denied-401-text-plain.yml
@@ -0,0 +1,46 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: http://localhost:3000/api/v4/internal/allowed
+    body:
+      encoding: US-ASCII
+      string: action=git-upload-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=2&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A
+    headers:
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+      User-Agent:
+      - Ruby
+      Content-Type:
+      - application/x-www-form-urlencoded
+  response:
+    status:
+      code: 401
+      message: Unauthorized
+    headers:
+      Cache-Control:
+      - max-age=0, private, must-revalidate
+      Content-Length:
+      - '63'
+      Content-Type:
+      - text/plain
+      Date:
+      - Wed, 21 Jun 2017 12:24:04 GMT
+      Etag:
+      - W/"76a32010244f80700d5e1ba8a55d094c"
+      Vary:
+      - Origin
+      X-Frame-Options:
+      - SAMEORIGIN
+      X-Request-Id:
+      - 8ce54f29-9ed0-46e5-aedb-37edaa3d52da
+      X-Runtime:
+      - '0.228256'
+    body:
+      encoding: UTF-8
+      string: 'Git access over SSH is not allowed'
+    http_version:
+  recorded_at: Wed, 21 Jun 2017 12:24:04 GMT
+recorded_with: VCR 2.4.0
diff --git a/spec/vcr_cassettes/ssh-pull-project-denied-401.yml b/spec/vcr_cassettes/ssh-pull-project-denied-401.yml
new file mode 100644
index 0000000..4a9305a
--- /dev/null
+++ b/spec/vcr_cassettes/ssh-pull-project-denied-401.yml
@@ -0,0 +1,46 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: http://localhost:3000/api/v4/internal/allowed
+    body:
+      encoding: US-ASCII
+      string: action=git-upload-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=2&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A
+    headers:
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+      User-Agent:
+      - Ruby
+      Content-Type:
+      - application/x-www-form-urlencoded
+  response:
+    status:
+      code: 401
+      message: Unauthorized
+    headers:
+      Cache-Control:
+      - max-age=0, private, must-revalidate
+      Content-Length:
+      - '63'
+      Content-Type:
+      - application/json
+      Date:
+      - Wed, 21 Jun 2017 12:24:04 GMT
+      Etag:
+      - W/"76a32010244f80700d5e1ba8a55d094c"
+      Vary:
+      - Origin
+      X-Frame-Options:
+      - SAMEORIGIN
+      X-Request-Id:
+      - 8ce54f29-9ed0-46e5-aedb-37edaa3d52da
+      X-Runtime:
+      - '0.228256'
+    body:
+      encoding: UTF-8
+      string: '{"status":false,"message":"Git access over SSH is not allowed"}'
+    http_version:
+  recorded_at: Wed, 21 Jun 2017 12:24:04 GMT
+recorded_with: VCR 2.4.0
diff --git a/spec/vcr_cassettes/ssh-push-project-denied-401-text-html.yml b/spec/vcr_cassettes/ssh-push-project-denied-401-text-html.yml
new file mode 100644
index 0000000..08dea91
--- /dev/null
+++ b/spec/vcr_cassettes/ssh-push-project-denied-401-text-html.yml
@@ -0,0 +1,46 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: http://localhost:3000/api/v4/internal/allowed
+    body:
+      encoding: US-ASCII
+      string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=2&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A
+    headers:
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+      User-Agent:
+      - Ruby
+      Content-Type:
+      - application/x-www-form-urlencoded
+  response:
+    status:
+      code: 401
+      message: Unauthorized
+    headers:
+      Cache-Control:
+      - max-age=0, private, must-revalidate
+      Content-Length:
+      - '63'
+      Content-Type:
+      - text/html
+      Date:
+      - Wed, 21 Jun 2017 12:24:04 GMT
+      Etag:
+      - W/"76a32010244f80700d5e1ba8a55d094c"
+      Vary:
+      - Origin
+      X-Frame-Options:
+      - SAMEORIGIN
+      X-Request-Id:
+      - c843a5a3-fc08-46eb-aa45-caceae515638
+      X-Runtime:
+      - '7.359835'
+    body:
+      encoding: UTF-8
+      string: '<p>Git access over SSH is not allowed</p>'
+    http_version:
+  recorded_at: Wed, 21 Jun 2017 12:24:04 GMT
+recorded_with: VCR 2.4.0
diff --git a/spec/vcr_cassettes/ssh-push-project-denied-401-text-plain.yml b/spec/vcr_cassettes/ssh-push-project-denied-401-text-plain.yml
new file mode 100644
index 0000000..46d9a1d
--- /dev/null
+++ b/spec/vcr_cassettes/ssh-push-project-denied-401-text-plain.yml
@@ -0,0 +1,46 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: http://localhost:3000/api/v4/internal/allowed
+    body:
+      encoding: US-ASCII
+      string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=2&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A
+    headers:
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+      User-Agent:
+      - Ruby
+      Content-Type:
+      - application/x-www-form-urlencoded
+  response:
+    status:
+      code: 401
+      message: Unauthorized
+    headers:
+      Cache-Control:
+      - max-age=0, private, must-revalidate
+      Content-Length:
+      - '63'
+      Content-Type:
+      - text/plain
+      Date:
+      - Wed, 21 Jun 2017 12:24:04 GMT
+      Etag:
+      - W/"76a32010244f80700d5e1ba8a55d094c"
+      Vary:
+      - Origin
+      X-Frame-Options:
+      - SAMEORIGIN
+      X-Request-Id:
+      - c843a5a3-fc08-46eb-aa45-caceae515638
+      X-Runtime:
+      - '7.359835'
+    body:
+      encoding: UTF-8
+      string: 'Git access over SSH is not allowed'
+    http_version:
+  recorded_at: Wed, 21 Jun 2017 12:24:04 GMT
+recorded_with: VCR 2.4.0
diff --git a/spec/vcr_cassettes/ssh-push-project-denied-401.yml b/spec/vcr_cassettes/ssh-push-project-denied-401.yml
new file mode 100644
index 0000000..77248e2
--- /dev/null
+++ b/spec/vcr_cassettes/ssh-push-project-denied-401.yml
@@ -0,0 +1,46 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: http://localhost:3000/api/v4/internal/allowed
+    body:
+      encoding: US-ASCII
+      string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=2&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A
+    headers:
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+      User-Agent:
+      - Ruby
+      Content-Type:
+      - application/x-www-form-urlencoded
+  response:
+    status:
+      code: 401
+      message: Unauthorized
+    headers:
+      Cache-Control:
+      - max-age=0, private, must-revalidate
+      Content-Length:
+      - '63'
+      Content-Type:
+      - application/json
+      Date:
+      - Wed, 21 Jun 2017 12:24:04 GMT
+      Etag:
+      - W/"76a32010244f80700d5e1ba8a55d094c"
+      Vary:
+      - Origin
+      X-Frame-Options:
+      - SAMEORIGIN
+      X-Request-Id:
+      - c843a5a3-fc08-46eb-aa45-caceae515638
+      X-Runtime:
+      - '7.359835'
+    body:
+      encoding: UTF-8
+      string: '{"status":false,"message":"Git access over SSH is not allowed"}'
+    http_version:
+  recorded_at: Wed, 21 Jun 2017 12:24:04 GMT
+recorded_with: VCR 2.4.0