Pipeline API fails with 401 Unauthorized on public project without token.

Summary

Trying to get a public project's pipelines through the API fails with 401 Unauthorized when not authenticated.

Steps to reproduce

$ curl  "https://salsa.debian.org/api/v4/projects/18514/pipelines"
{"message":"401 Unauthorized"}

$ curl  "https://gitlab.com/api/v4/projects/13176136/pipelines"
{"message":"401 Unauthorized"}

You can also test it using the python-gitlab lib.


In [13]: gl = gitlab.Gitlab('https://gitlab.com', private_token=None, api_version=4)

In [14]: project = gl.projects.get(13176136)

In [15]: project.pipelines.list()
---------------------------------------------------------------------------
GitlabAuthenticationError                 Traceback (most recent call last)
<ipython-input-15-142d18e5cecb> in <module>()
----> 1 project.pipelines.list()

(...)

GitlabAuthenticationError: 401: 401 Unauthorized

Example Project

https://gitlab.com/inakimalerba/test-project

What is the current bug behavior?

You cannot access public projects' pipelines using the API without a token.

What is the expected correct behavior?

You should be able to do it. They're public.

Output of checks

This bug happens on GitLab.com

Edited Jul 11, 2019 by Iñaki Malerba