The source project of this merge request has been removed.
Allow anonymous access to public Conan packages
What does this MR do?
For Conan API endpoints:
- Allow access to ping endpoint without a token
- Allow access to download endpoints without a token, if the project is public
- Instead of throwing UnauthorizedError when no token is provided, continue with anonymous privileges
- Update tests to reflect the above changes
- Add test for downloading without a token
See #294482 (closed) for details.
Screenshots
(no visual changes)
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry -
Documentation (if required) -
Code review guidelines -
[ ] Merge request performance guidelines— no expected performance changes -
Style guides [ ] Database guides[ ] Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. [ ] Tested in all supported browsers[ ] Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
-
Label as security and @ mention @gitlab-com/gl-security/appsec -
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team
Related to #294482 (closed)
Edited by Steve Mokris