API sometimes returns 2xx response code when it has failed
Seen while working on https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/15681
POST /api/v3/projects/user/:id
was failing due to a duplicate projects_pkey
error. In this case, we call render_validation_error!(project)
: https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/api/v3/projects.rb#L232
render_validation_error!
only does something if instances.errors
is non-empty: https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/api/helpers/rb#L343
In the failure case I encountered, Projects::CreateService
had returned an unsaved project with no errors, as the problem was due to the database rejecting the INSERT command, rather than a validation error on the Ruby side. As a result, I got a 201 Created
HTTP response with an application/json
content-type and null
in the response body.
What I should have gotten is either a 400 or 500 response (probably the latter in this case).
We should audit every user of render_validation_error!
(in both CE and EE) and ensure that we handle these cases appropriately.