Fix NPM specs
From !105498 (comment 1196023040)
🔥 Problem
It seems that the NPM specs go through the cases where anonymous
is used but the response code is not the expected one. As such, I think we don't really have an anonymous request.
Example:
https://gitlab.com/gitlab-org/gitlab/-/blob/d855fd7a2b88fe4009f80d5b8d982a9d08ed8fcc/spec/support/shared_examples/requests/api/npm_packages_shared_examples.rb#L622 is expected :forbidden
but the code actually goes through https://gitlab.com/gitlab-org/gitlab/-/blob/d855fd7a2b88fe4009f80d5b8d982a9d08ed8fcc/lib/api/helpers.rb#L282 which should return :unauthorized
.
That is why, I suspect that the spec is still sending credentials ( != anonymous ).
🚒 Solution
- Update the specs for
anonymous
to make sure that no credentials are sent. - Update the expected status to
unauthorized