Properly reply when "go get" gets a user that needs a 2factor authentication

Summary

The Go middleware may authenticate the user.
During this authentication, a Gitlab::Auth::MissingPersonalAccessTokenError can be thrown.
This error is not handled by the middleware, which ultimately causes a 500 Internal Server Error response.

Steps to reproduce

$ go get with a user where the 2-factor authentication is enabled.

Note: From trying to reproduce the issue, the error only happens if when sending the password, the GitLab account password is used instead of a personal access token.

What is the current bug behavior?

Return a 500 Internal Server Error.

What is the expected correct behavior?

Return a 401 Unauthorized.

Relevant logs and/or screenshots

https://log.gprd.gitlab.net/goto/e44beceb2ec218e270f1e3a3ba13ceda
https://sentry.gitlab.net/gitlab/gitlabcom/issues/2090528/
Production incident: gitlab-com/gl-infra/production#3174 (closed)

Possible fixes

Return a 401 Unauthorized on Gitlab::Auth::MissingPersonalAccessTokenError in the Go proxy middleware.

Edited Oct 20, 2021 by Hugo Ortiz