#2311 improve HTTP auth error message

2 files changed, 10 insertions, 7 deletions

diff --git a/cmd/serve.go b/cmd/serve.go
index 7a24fc2597..d8e77dcd50 100644
--- a/cmd/serve.go
+++ b/cmd/serve.go
@@ -209,7 +209,7 @@ func runServ(c *cli.Context) {
 			}
 			// Check if this deploy key belongs to current repository.
 			if !models.HasDeployKey(key.ID, repo.ID) {
-				fail("Key access denied", "Key access denied: [key_id: %d, repo_id: %d]", key.ID, repo.ID)
+				fail("Key access denied", "Deploy key access denied: [key_id: %d, repo_id: %d]", key.ID, repo.ID)
 			}
 
 			// Update deploy key activity.
diff --git a/routers/repo/http.go b/routers/repo/http.go
index 8164f80962..c42f751572 100644
--- a/routers/repo/http.go
+++ b/routers/repo/http.go
@@ -131,7 +131,7 @@ func HTTP(ctx *middleware.Context) {
 			}
 			authUser, err = models.GetUserByID(token.UID)
 			if err != nil {
-				ctx.Handle(500, "GetUserById", err)
+				ctx.Handle(500, "GetUserByID", err)
 				return
 			}
 			authUsername = authUser.Name
@@ -145,23 +145,26 @@ func HTTP(ctx *middleware.Context) {
 
 			has, err := models.HasAccess(authUser, repo, tp)
 			if err != nil {
-				ctx.HandleText(401, "no basic auth and digit auth")
+				ctx.Handle(500, "HasAccess", err)
 				return
 			} else if !has {
 				if tp == models.ACCESS_MODE_READ {
 					has, err = models.HasAccess(authUser, repo, models.ACCESS_MODE_WRITE)
-					if err != nil || !has {
-						ctx.HandleText(401, "no basic auth and digit auth")
+					if err != nil {
+						ctx.Handle(500, "HasAccess2", err)
+						return
+					} else if !has {
+						ctx.HandleText(403, "User permission denied")
 						return
 					}
 				} else {
-					ctx.HandleText(401, "no basic auth and digit auth")
+					ctx.HandleText(403, "User permission denied")
 					return
 				}
 			}
 
 			if !isPull && repo.IsMirror {
-				ctx.HandleText(401, "mirror repository is read-only")
+				ctx.HandleText(403, "mirror repository is read-only")
 				return
 			}
 		}