Custom Authentication
Simon King
simon at simonking.org.uk
Fri May 29 23:48:04 UTC 2015
> On 29 May 2015, at 13:24, Sasha <maximal at maximals.ru> wrote:
>
> Hello, guys.
>
> I’m trying to write my own authentication for mercurial.
> It need to check credentials in external program.
> That’s why I need to get user credentials in extension code.
>
> I took `textauth.py` (HTTP basic authentication for Mercurial) as a start point, but seems like `auth = req.env.get('HTTP_AUTHORIZATION')` is not working.
> https://bitbucket.org/hstuart/hg-textauth/src/2454556925aed248235a6ddda66a7bd53b6e512d/textauth.py?at=default#cl-85
> `auth = req.env.get('HTTP_AUTHORIZATION')` is always `None`.
>
> This header is empty.
> When I try to clone repository, I get user/password prompt, but I don’t know where to get them inside of extension, because `req.env` object doesn’t contain anything like base64-encoded credentials.
> I can do authentication on Apache2/nginx side, of course, but I think it’s better to be done in Mercurial plugin.
>
> I spend a couple of days investigating it, but did’t find any workaround.
>
> Please, could you help me in this question?
>
> Thanks in advance.
How are you serving your mercurial repositories? By default I don’t think Apache will pass Authorization headers to CGI or WSGI scripts, as it is a potential security hole (eg. see https://code.google.com/p/modwsgi/wiki/FrequentlyAskedQuestions#Access_Control_Mechanisms)
Simon
More information about the Mercurial
mailing list