Handle 400 Bad Request for invalid source control URLs in registry lookup

pepicrft · claude · pepicrft · commit 732de761e7f1 · 2025-12-04T17:31:54.000+01:00
When the registry server returns 400 Bad Request for the identity lookup endpoint, throw `RegistryError.invalidSourceControlURL` to provide a clear error message to the user. This handles cases where malformed URLs (e.g., containing git credential error messages) are sent to the registry. The server validates the URL and returns 400, which the client now handles appropriately instead of treating it as an unexpected error. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
diff --git a/Sources/PackageRegistry/RegistryClient.swift b/Sources/PackageRegistry/RegistryClient.swift
@@ -1066,14 +1066,19 @@ public final class RegistryClient: AsyncCancellable {
             )
             observabilityScope.emit(debug: "matched identities for \(scmURL): \(packageIdentities)")
             return Set(packageIdentities.identifiers.map(PackageIdentity.plain))
+        case 400:
+            // 400 indicates the server rejected the URL as invalid.
+            // This can happen when malformed URLs (e.g., containing git credential error messages)
+            // are passed to the registry.
+            throw RegistryError.invalidSourceControlURL(scmURL)
         case 404:
             // 404 is valid, no identities mapped
             return []
         default:
             throw RegistryError.failedIdentityLookup(
                 registry: registry,
                 scmURL: scmURL,
-                error: self.unexpectedStatusError(response, expectedStatus: [200, 404])
+                error: self.unexpectedStatusError(response, expectedStatus: [200, 400, 404])
             )
         }
     }
@@ -1503,6 +1508,7 @@ public enum RegistryError: Error, CustomStringConvertible {
     case registryNotConfigured(scope: PackageIdentity.Scope?)
     case invalidPackageIdentity(PackageIdentity)
     case invalidURL(URL)
+    case invalidSourceControlURL(SourceControlURL)
     case invalidResponseStatus(expected: [Int], actual: Int)
     case invalidContentVersion(expected: String, actual: String?)
     case invalidContentType(expected: String, actual: String?)
@@ -1580,6 +1586,8 @@ public enum RegistryError: Error, CustomStringConvertible {
             return "invalid package identifier '\(packageIdentity)'"
         case .invalidURL(let url):
             return "invalid URL '\(url)'"
+        case .invalidSourceControlURL(let scmURL):
+            return "invalid source control URL '\(scmURL)'"
         case .invalidResponseStatus(let expected, let actual):
             return "invalid registry response status '\(actual)', expected '\(expected)'"
         case .invalidContentVersion(let expected, let actual):
diff --git a/Tests/PackageRegistryTests/RegistryClientTests.swift b/Tests/PackageRegistryTests/RegistryClientTests.swift
@@ -3148,6 +3148,40 @@ fileprivate var availabilityURL = URL("\(registryURL)/availability")
         let identities = try await registryClient.lookupIdentities(scmURL: packageURL)
         #expect([PackageIdentity.plain("mona.LinkedList")] == identities)
     }
+
+    @Test func invalidSourceControlURL() async throws {
+        // Test that when the server returns 400 Bad Request for a malformed URL,
+        // the client throws invalidSourceControlURL error
+        let malformedURL = SourceControlURL("https://github.com/owner/repo.git': failed looking up identity")
+
+        let handler: HTTPClient.Implementation = { request, _ in
+            // Server returns 400 Bad Request for invalid URLs
+            let data = #"{"message": "Invalid repository URL"}"#.data(using: .utf8)!
+            return .init(
+                statusCode: 400,
+                headers: .init([
+                    .init(name: "Content-Length", value: "\(data.count)"),
+                    .init(name: "Content-Type", value: "application/json"),
+                    .init(name: "Content-Version", value: "1"),
+                ]),
+                body: data
+            )
+        }
+
+        let httpClient = HTTPClient(implementation: handler)
+        var configuration = RegistryConfiguration()
+        configuration.defaultRegistry = Registry(url: registryURL, supportsAvailability: false)
+
+        let registryClient = makeRegistryClient(configuration: configuration, httpClient: httpClient)
+        await #expect {
+            try await registryClient.lookupIdentities(scmURL: malformedURL)
+        } throws: { error in
+            if case RegistryError.invalidSourceControlURL(malformedURL) = error {
+                return true
+            }
+            return false
+        }
+    }
 }
 
 @Suite("Login") struct Login {
