D2793: hgweb: transition permissions hooks to modern request type (API)
indygreg (Gregory Szorc)
phabricator at mercurial-scm.org
Mon Mar 12 21:34:14 UTC 2018
This revision was automatically updated to reflect the committed changes.
Closed by commit rHG02bea04b4c54: hgweb: transition permissions hooks to modern request type (API) (authored by indygreg, committed by ).
REPOSITORY
rHG Mercurial
CHANGES SINCE LAST UPDATE
https://phab.mercurial-scm.org/D2793?vs=6854&id=6929
REVISION DETAIL
https://phab.mercurial-scm.org/D2793
AFFECTED FILES
mercurial/hgweb/common.py
mercurial/hgweb/hgweb_mod.py
mercurial/wireprotoserver.py
tests/test-http-bundle1.t
tests/test-http.t
tests/test-largefiles-wireproto.t
CHANGE DETAILS
diff --git a/tests/test-largefiles-wireproto.t b/tests/test-largefiles-wireproto.t
--- a/tests/test-largefiles-wireproto.t
+++ b/tests/test-largefiles-wireproto.t
@@ -424,7 +424,7 @@
> import base64
> from mercurial.hgweb import common
> def perform_authentication(hgweb, req, op):
- > auth = req.env.get('HTTP_AUTHORIZATION')
+ > auth = req.headers.get('Authorization')
> if not auth:
> raise common.ErrorResponse(common.HTTP_UNAUTHORIZED, 'who',
> [('WWW-Authenticate', 'Basic Realm="mercurial"')])
diff --git a/tests/test-http.t b/tests/test-http.t
--- a/tests/test-http.t
+++ b/tests/test-http.t
@@ -168,7 +168,7 @@
> import base64
> from mercurial.hgweb import common
> def perform_authentication(hgweb, req, op):
- > auth = req.env.get('HTTP_AUTHORIZATION')
+ > auth = req.headers.get('Authorization')
> if not auth:
> raise common.ErrorResponse(common.HTTP_UNAUTHORIZED, 'who',
> [('WWW-Authenticate', 'Basic Realm="mercurial"')])
@@ -510,7 +510,7 @@
> from mercurial import util
> from mercurial.hgweb import common
> def perform_authentication(hgweb, req, op):
- > cookie = req.env.get('HTTP_COOKIE')
+ > cookie = req.headers.get('Cookie')
> if not cookie:
> raise common.ErrorResponse(common.HTTP_SERVER_ERROR, 'no-cookie')
> raise common.ErrorResponse(common.HTTP_SERVER_ERROR, 'Cookie: %s' % cookie)
diff --git a/tests/test-http-bundle1.t b/tests/test-http-bundle1.t
--- a/tests/test-http-bundle1.t
+++ b/tests/test-http-bundle1.t
@@ -177,7 +177,7 @@
> import base64
> from mercurial.hgweb import common
> def perform_authentication(hgweb, req, op):
- > auth = req.env.get('HTTP_AUTHORIZATION')
+ > auth = req.headers.get('Authorization')
> if not auth:
> raise common.ErrorResponse(common.HTTP_UNAUTHORIZED, 'who',
> [('WWW-Authenticate', 'Basic Realm="mercurial"')])
diff --git a/mercurial/wireprotoserver.py b/mercurial/wireprotoserver.py
--- a/mercurial/wireprotoserver.py
+++ b/mercurial/wireprotoserver.py
@@ -148,13 +148,12 @@
def iscmd(cmd):
return cmd in wireproto.commands
-def handlewsgirequest(rctx, wsgireq, req, res, checkperm):
+def handlewsgirequest(rctx, req, res, checkperm):
"""Possibly process a wire protocol request.
If the current request is a wire protocol request, the request is
processed by this function.
- ``wsgireq`` is a ``wsgirequest`` instance.
``req`` is a ``parsedrequest`` instance.
``res`` is a ``wsgiresponse`` instance.
@@ -197,7 +196,7 @@
return True
proto = httpv1protocolhandler(req, repo.ui,
- lambda perm: checkperm(rctx, wsgireq, perm))
+ lambda perm: checkperm(rctx, req, perm))
# The permissions checker should be the only thing that can raise an
# ErrorResponse. It is kind of a layer violation to catch an hgweb
diff --git a/mercurial/hgweb/hgweb_mod.py b/mercurial/hgweb/hgweb_mod.py
--- a/mercurial/hgweb/hgweb_mod.py
+++ b/mercurial/hgweb/hgweb_mod.py
@@ -322,7 +322,7 @@
res.headers['Content-Security-Policy'] = rctx.csp
handled = wireprotoserver.handlewsgirequest(
- rctx, wsgireq, req, res, self.check_perm)
+ rctx, req, res, self.check_perm)
if handled:
return res.sendresponse()
@@ -380,7 +380,7 @@
# check read permissions non-static content
if cmd != 'static':
- self.check_perm(rctx, wsgireq, None)
+ self.check_perm(rctx, req, None)
if cmd == '':
req.qsparams['cmd'] = tmpl.cache['default']
diff --git a/mercurial/hgweb/common.py b/mercurial/hgweb/common.py
--- a/mercurial/hgweb/common.py
+++ b/mercurial/hgweb/common.py
@@ -46,7 +46,7 @@
authentication info). Return if op allowed, else raise an ErrorResponse
exception.'''
- user = req.env.get(r'REMOTE_USER')
+ user = req.remoteuser
deny_read = hgweb.configlist('web', 'deny_read')
if deny_read and (not user or ismember(hgweb.repo.ui, user, deny_read)):
@@ -62,14 +62,13 @@
return
# enforce that you can only push using POST requests
- if req.env[r'REQUEST_METHOD'] != r'POST':
+ if req.method != 'POST':
msg = 'push requires POST request'
raise ErrorResponse(HTTP_METHOD_NOT_ALLOWED, msg)
# require ssl by default for pushing, auth info cannot be sniffed
# and replayed
- scheme = req.env.get('wsgi.url_scheme')
- if hgweb.configbool('web', 'push_ssl') and scheme != 'https':
+ if hgweb.configbool('web', 'push_ssl') and req.urlscheme != 'https':
raise ErrorResponse(HTTP_FORBIDDEN, 'ssl required')
deny = hgweb.configlist('web', 'deny_push')
To: indygreg, #hg-reviewers, durin42
Cc: mercurial-devel
More information about the Mercurial-devel
mailing list