Send explicit error if no token supplied (#2406)

* Send explicit error if no token supplied

* Send an explicit error that no token has been
supplied for an authenticated endpoint

* Update pkg/http/transport.go

Co-authored-by: Nikhil Sinha <[email protected]>
Signed-off-by: Will Sackfield <[email protected]>

---------

Signed-off-by: Will Sackfield <[email protected]>
Co-authored-by: Nikhil Sinha <[email protected]>

Author: 8W9aG

pkg/http/client.go

@@ -10,6 +10,7 @@ import (
 )
 
 const UserAgentHeader = "User-Agent"
+const BearerHeaderPrefix = "Bearer "
 
 func ProvideHTTPClient(ctx context.Context, dockerCommand command.Command) (*http.Client, error) {
 	userInfo, err := dockerCommand.LoadUserInformation(ctx, global.ReplicateRegistryHost)
@@ -24,8 +25,8 @@ func ProvideHTTPClient(ctx context.Context, dockerCommand command.Command) (*htt
 				"Content-Type":  "application/json",
 			},
 			authentication: map[string]string{
-				env.MonobeamHostFromEnvironment(): "Bearer " + userInfo.Token,
-				env.WebHostFromEnvironment():      "Bearer " + userInfo.Token,
+				env.MonobeamHostFromEnvironment(): BearerHeaderPrefix + userInfo.Token,
+				env.WebHostFromEnvironment():      BearerHeaderPrefix + userInfo.Token,
 			},
 		},
 	}

pkg/http/transport.go

@@ -1,6 +1,9 @@
 package http
 
-import "net/http"
+import (
+	"errors"
+	"net/http"
+)
 
 const AuthorizationHeader = "Authorization"
 
@@ -22,6 +25,9 @@ func (t *Transport) RoundTrip(req *http.Request) (*http.Response, error) {
 	if req.Header.Get(AuthorizationHeader) == "" {
 		authorisation, ok := t.authentication[req.URL.Host]
 		if ok {
+			if authorisation == BearerHeaderPrefix {
+				return nil, errors.New("No token supplied for HTTP authorization. Have you run 'cog login'?")
+			}
 			req.Header.Set(AuthorizationHeader, authorisation)
 		}
 	}

pkg/http/transport_test.go

@@ -3,6 +3,7 @@ package http
 import (
 	"net/http"
 	"net/http/httptest"
+	"net/url"
 	"testing"
 
 	"github.com/stretchr/testify/require"
@@ -51,3 +52,24 @@ func TestTransportOnlyAddsHeaderIfMissing(t *testing.T) {
 	require.NoError(t, err)
 	require.Equal(t, resp.Request.Header.Get(testHeader), expectedValue)
 }
+
+func TestTransportSendsErrorWithMissingToken(t *testing.T) {
+	// Setup mock http server
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(http.StatusOK)
+	}))
+	defer server.Close()
+	u, err := url.Parse(server.URL)
+	require.NoError(t, err)
+
+	transport := Transport{
+		authentication: map[string]string{
+			u.Host: BearerHeaderPrefix + "",
+		},
+	}
+	req, err := http.NewRequest("GET", server.URL, nil)
+	require.NoError(t, err)
+	resp, err := transport.RoundTrip(req)
+	require.Error(t, err)
+	require.Nil(t, resp)
+}