Registry event endpoint raises a 500 when the repository field contains one segment

Summary

The endpoint /api/v4/container_registry_event/events raises a 500 error when the repository field contains only one segment. E.g. unknown-repository fails but root/unknown-repository works.

Steps to reproduce

Send a notification event with an unknown project in the repository

curl -XPOST --header "Authorization: $notification_secret" "http://gdk.test:3000/api/v4/container_registry_event/events" --upload-file event.json

The event.json

{
   "events": [
      {
         "id": "1aa3d563-84f0-4c24-a4d7-069700f9f73f",
         "timestamp": "2022-01-18T12:53:32.093331+11:00",
         "action": "push",
         "target": {
            "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
            "size": 528,
            "digest": "sha256:5e604d3358ab7b6b734402ce2e19ddd822a354dc14843f34d36c603521dbb4f9",
            "length": 528,
            "repository": "unknown-repository",
            "url": "http://registry.test:5000/v2/unknown-repository/manifests/sha256:5e604d3358ab7b6b734402ce2e19ddd822a354dc14843f34d36c603521dbb4f9",
            "tag": "alpine"
         },
         "request": {
            "id": "a0f4d5a5-424a-4dca-86d1-99e6477f7b37",
            "addr": "172.16.123.1:57699",
            "host": "registry.test:5000",
            "method": "PUT",
            "useragent": "docker/20.10.11 go/go1.16.9 git-commit/847da18 kernel/5.10.76-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/20.10.11 \\(darwin\\))"
         },
         "actor": {},
         "source": {
            "addr": "Jaimes-MacBook-Pro.local:5000",
            "instanceID": "9c9280d4-4e0d-4c4b-b25a-af1b22b67b1a"
         }
      }
   ]
}

The response comes back as a 500 error

HTTP/1.1 500 Internal Server Error
Content-Length: 39
Cache-Control: no-cache
Content-Type: application/vnd.docker.distribution.events.v1+json
Date: Tue, 18 Jan 2022 01:25:13 GMT
Server: thin
Vary: Origin
X-Request-Id: 01FSNCKE6TRKC7S6Y1RB36B09Z
X-Runtime: 1.573648

{"message":"500 Internal Server Error"}

I tested this multiple times and it only fails when the repository field of the JSON request body is a single segment like unknown-repository. However, using at least one slash works fine e.g. root/unknown-repository. The event is received even if the project doesn't exist.

The problem might be due to some string splitting looking for a forward slash / but it fails if it can't find it.

Example Project

What is the current bug behavior?

A 500 is raised when the project doesn't exist.

What is the expected correct behavior?

Expect a user error response code, for example 400 or 404.

Relevant logs and/or screenshots

Possible fixes

The exception InvalidRegistryPathError is raised but it's not handled appropriately.

https://gitlab.com/gitlab-org/gitlab/-/blob/7d0232c5e6b5f84b508f7ee3d13b73233f44a2c2/app/services/auth/container_registry_authentication_service.rb#L149