Uploading snap as click breaks the world

We currently return a 401 from click updown's /download/ url when

a) supplied X-Click-Token is invalid
b) no auth data is supplied (as /download requires it)
c) the check to SCA indicates returns "allowed": ''false" in it's json.

The allowed: false could be because the supplied creds are invalid, in
which case 401 makes sense. But it could also be for other reasons
like unpublished state, or something else as above, in which a 401 is
not a correct response (perhaps a 409 Conflict, which indicates an
external resolution is needed).

I think we need CUD to be smarter about determining the cause of the
SCA acl check failure, and respond with the correct kind of code. This
might mean enhancing the acl check with more info.

On Tue, May 24, 2016 at 8:21 PM, Rodney Dawes
<email address hidden> wrote:
> Public bug reported:
>
> I got pinged today that attempts to install the
> com.ubuntu.developer.1bsyl.mahjong on phones was causing the U1 account
> be deleted (because the server is returning a 401, indicating invalid
> credentials, when attempting to get the X-Click-Token for it).
>
> Apparently, the developer had uploaded a snap for this package, which
> caused the servers to misbehave, and return a 401, because various parts
> are apparently in an invalid state.
>
> ** Affects: software-center-agent
> Importance: Undecided
> Status: New
>
> --
> You received this bug notification because you are a member of Buy-
> something hackers, which is subscribed to Software Center Agent.
> https://bugs.launchpad.net/bugs/1585337
>
> Title:
> Uploading snap as click breaks the world
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/software-center-agent/+bug/1585337/+subscriptions