tests/test-http-permissions.t
author Gregory Szorc <gregory.szorc@gmail.com>
Sun, 18 Feb 2018 17:20:38 -0800
branchstable
changeset 35849 2ecb0fc535b1
parent 35848 ff4bc0ab6740
child 36808 0b18604db95e
permissions -rw-r--r--
hgweb: always perform permissions checks on protocol commands (BC) (SEC) Previously, the HTTP request handling code would only perform permissions checking on a wire protocol command if that wire protocol command defined its permissions / operation type. This meant that commands (possibly provided by extensions) not defining their operation type would bypass permissions check. This could lead to exfiltration of data from servers and mutating repositories that were supposed to be read-only. This security issue has been present since the permissions table was introduced by d3147b4e3e8a in 2008. This commit changes the behavior of the HTTP server to always perform permissions checking for protocol requests. If an explicit permission for a wire protocol command is not defined, the server assumes the command can be used for writing and governs access accordingly. .. bc:: Wire protocol commands not defining their operation type in ``wireproto.PERMISSIONS`` are now assumed to be used for "push" operations and access control to run those commands is now enforced accordingly.
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
35844
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
     1
#require killdaemons
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
     2
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
     3
  $ cat > fakeremoteuser.py << EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
     4
  > import os
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
     5
  > from mercurial.hgweb import hgweb_mod
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
     6
  > from mercurial import wireproto
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
     7
  > class testenvhgweb(hgweb_mod.hgweb):
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
     8
  >     def __call__(self, env, respond):
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
     9
  >         # Allow REMOTE_USER to define authenticated user.
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    10
  >         if r'REMOTE_USER' in os.environ:
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    11
  >             env[r'REMOTE_USER'] = os.environ[r'REMOTE_USER']
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    12
  >         # Allow REQUEST_METHOD to override HTTP method
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    13
  >         if r'REQUEST_METHOD' in os.environ:
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    14
  >             env[r'REQUEST_METHOD'] = os.environ[r'REQUEST_METHOD']
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    15
  >         return super(testenvhgweb, self).__call__(env, respond)
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    16
  > hgweb_mod.hgweb = testenvhgweb
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    17
  > 
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    18
  > @wireproto.wireprotocommand('customreadnoperm')
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    19
  > def customread(repo, proto):
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    20
  >     return b'read-only command no defined permissions\n'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    21
  > @wireproto.wireprotocommand('customwritenoperm')
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    22
  > def customwritenoperm(repo, proto):
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    23
  >     return b'write command no defined permissions\n'
35846
742ce6fbc109 wireproto: move command permissions dict out of hgweb_mod
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35845
diff changeset
    24
  > wireproto.permissions['customreadwithperm'] = 'pull'
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    25
  > @wireproto.wireprotocommand('customreadwithperm')
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    26
  > def customreadwithperm(repo, proto):
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    27
  >     return b'read-only command w/ defined permissions\n'
35846
742ce6fbc109 wireproto: move command permissions dict out of hgweb_mod
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35845
diff changeset
    28
  > wireproto.permissions['customwritewithperm'] = 'push'
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    29
  > @wireproto.wireprotocommand('customwritewithperm')
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    30
  > def customwritewithperm(repo, proto):
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    31
  >     return b'write command w/ defined permissions\n'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    32
  > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    33
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    34
  $ cat >> $HGRCPATH << EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    35
  > [extensions]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    36
  > fakeremoteuser = $TESTTMP/fakeremoteuser.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    37
  > strip =
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    38
  > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    39
35844
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
    40
  $ hg init test
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
    41
  $ cd test
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
    42
  $ echo a > a
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
    43
  $ hg ci -Ama
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
    44
  adding a
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
    45
  $ cd ..
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
    46
  $ hg clone test test2
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
    47
  updating to branch default
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
    48
  1 files updated, 0 files merged, 0 files removed, 0 files unresolved
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
    49
  $ cd test2
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
    50
  $ echo a >> a
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
    51
  $ hg ci -mb
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    52
  $ hg book bm -r 0
35844
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
    53
  $ cd ../test
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
    54
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    55
web.deny_read=* prevents access to wire protocol for all users
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    56
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    57
  $ cat > .hg/hgrc <<EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    58
  > [web]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    59
  > deny_read = *
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    60
  > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    61
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    62
  $ hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    63
  $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    64
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    65
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=capabilities'
35847
e3c228b4510d wireproto: declare operation type for most commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35846
diff changeset
    66
  401 read not authorized
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    67
  
35847
e3c228b4510d wireproto: declare operation type for most commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35846
diff changeset
    68
  0
e3c228b4510d wireproto: declare operation type for most commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35846
diff changeset
    69
  read not authorized
e3c228b4510d wireproto: declare operation type for most commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35846
diff changeset
    70
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    71
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    72
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=stream_out'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    73
  401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    74
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    75
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    76
  read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    77
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    78
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    79
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    80
  401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    81
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    82
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    83
  read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    84
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    85
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    86
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
35848
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
    87
  401 read not authorized
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    88
  
35848
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
    89
  0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
    90
  read not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
    91
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    92
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    93
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
    94
  401 read not authorized
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    95
  
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
    96
  0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
    97
  read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
    98
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
    99
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   100
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   101
  401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   102
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   103
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   104
  read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   105
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   106
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   107
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   108
  401 read not authorized
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   109
  
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   110
  0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   111
  read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   112
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   113
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   114
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   115
  401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   116
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   117
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   118
  read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   119
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   120
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   121
  $ hg --cwd ../test2 pull http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   122
  pulling from http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   123
  abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   124
  [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   125
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   126
  $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   127
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   128
web.deny_read=* with REMOTE_USER set still locks out clients
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   129
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   130
  $ REMOTE_USER=authed_user hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   131
  $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   132
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   133
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=capabilities'
35847
e3c228b4510d wireproto: declare operation type for most commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35846
diff changeset
   134
  401 read not authorized
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   135
  
35847
e3c228b4510d wireproto: declare operation type for most commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35846
diff changeset
   136
  0
e3c228b4510d wireproto: declare operation type for most commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35846
diff changeset
   137
  read not authorized
e3c228b4510d wireproto: declare operation type for most commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35846
diff changeset
   138
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   139
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   140
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=stream_out'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   141
  401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   142
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   143
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   144
  read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   145
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   146
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   147
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
35848
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   148
  401 read not authorized
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   149
  
35848
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   150
  0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   151
  read not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   152
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   153
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   154
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   155
  401 read not authorized
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   156
  
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   157
  0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   158
  read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   159
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   160
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   161
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   162
  401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   163
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   164
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   165
  read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   166
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   167
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   168
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   169
  401 read not authorized
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   170
  
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   171
  0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   172
  read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   173
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   174
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   175
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   176
  401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   177
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   178
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   179
  read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   180
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   181
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   182
  $ hg --cwd ../test2 pull http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   183
  pulling from http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   184
  abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   185
  [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   186
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   187
  $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   188
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   189
web.deny_read=<user> denies access to unauthenticated user
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   190
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   191
  $ cat > .hg/hgrc <<EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   192
  > [web]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   193
  > deny_read = baduser1,baduser2
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   194
  > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   195
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   196
  $ hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   197
  $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   198
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   199
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   200
  401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   201
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   202
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   203
  read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   204
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   205
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   206
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
35848
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   207
  401 read not authorized
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   208
  
35848
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   209
  0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   210
  read not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   211
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   212
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   213
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   214
  401 read not authorized
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   215
  
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   216
  0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   217
  read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   218
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   219
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   220
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   221
  401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   222
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   223
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   224
  read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   225
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   226
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   227
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   228
  401 read not authorized
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   229
  
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   230
  0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   231
  read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   232
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   233
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   234
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   235
  401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   236
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   237
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   238
  read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   239
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   240
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   241
  $ hg --cwd ../test2 pull http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   242
  pulling from http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   243
  abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   244
  [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   245
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   246
  $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   247
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   248
web.deny_read=<user> denies access to users in deny list
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   249
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   250
  $ REMOTE_USER=baduser2 hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   251
  $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   252
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   253
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   254
  401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   255
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   256
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   257
  read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   258
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   259
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   260
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
35848
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   261
  401 read not authorized
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   262
  
35848
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   263
  0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   264
  read not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   265
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   266
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   267
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   268
  401 read not authorized
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   269
  
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   270
  0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   271
  read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   272
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   273
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   274
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   275
  401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   276
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   277
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   278
  read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   279
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   280
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   281
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   282
  401 read not authorized
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   283
  
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   284
  0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   285
  read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   286
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   287
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   288
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   289
  401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   290
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   291
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   292
  read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   293
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   294
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   295
  $ hg --cwd ../test2 pull http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   296
  pulling from http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   297
  abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   298
  [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   299
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   300
  $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   301
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   302
web.deny_read=<user> allows access to authenticated users not in list
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   303
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   304
  $ REMOTE_USER=gooduser hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   305
  $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   306
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   307
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   308
  200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   309
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   310
  cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b	1
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   311
  publishing	True (no-eol)
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   312
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   313
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   314
  200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   315
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   316
  cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b	1
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   317
  publishing	True (no-eol)
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   318
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   319
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   320
  405 push requires POST request
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   321
  
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   322
  0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   323
  push requires POST request
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   324
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   325
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   326
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   327
  200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   328
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   329
  read-only command w/ defined permissions
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   330
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   331
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   332
  405 push requires POST request
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   333
  
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   334
  0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   335
  push requires POST request
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   336
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   337
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   338
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   339
  405 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   340
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   341
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   342
  push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   343
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   344
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   345
  $ hg --cwd ../test2 pull http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   346
  pulling from http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   347
  searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   348
  no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   349
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   350
  $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   351
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   352
web.allow_read=* allows reads for unauthenticated users
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   353
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   354
  $ cat > .hg/hgrc <<EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   355
  > [web]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   356
  > allow_read = *
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   357
  > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   358
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   359
  $ hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   360
  $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   361
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   362
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   363
  200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   364
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   365
  cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b	1
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   366
  publishing	True (no-eol)
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   367
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   368
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   369
  200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   370
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   371
  cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b	1
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   372
  publishing	True (no-eol)
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   373
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   374
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   375
  405 push requires POST request
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   376
  
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   377
  0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   378
  push requires POST request
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   379
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   380
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   381
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   382
  200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   383
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   384
  read-only command w/ defined permissions
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   385
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   386
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   387
  405 push requires POST request
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   388
  
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   389
  0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   390
  push requires POST request
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   391
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   392
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   393
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   394
  405 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   395
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   396
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   397
  push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   398
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   399
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   400
  $ hg --cwd ../test2 pull http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   401
  pulling from http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   402
  searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   403
  no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   404
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   405
  $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   406
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   407
web.allow_read=* allows read for authenticated user
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   408
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   409
  $ REMOTE_USER=authed_user hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   410
  $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   411
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   412
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   413
  200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   414
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   415
  cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b	1
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   416
  publishing	True (no-eol)
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   417
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   418
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   419
  200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   420
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   421
  cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b	1
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   422
  publishing	True (no-eol)
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   423
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   424
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   425
  405 push requires POST request
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   426
  
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   427
  0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   428
  push requires POST request
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   429
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   430
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   431
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   432
  200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   433
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   434
  read-only command w/ defined permissions
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   435
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   436
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   437
  405 push requires POST request
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   438
  
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   439
  0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   440
  push requires POST request
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   441
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   442
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   443
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   444
  405 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   445
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   446
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   447
  push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   448
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   449
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   450
  $ hg --cwd ../test2 pull http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   451
  pulling from http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   452
  searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   453
  no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   454
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   455
  $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   456
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   457
web.allow_read=<user> does not allow unauthenticated users to read
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   458
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   459
  $ cat > .hg/hgrc <<EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   460
  > [web]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   461
  > allow_read = gooduser
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   462
  > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   463
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   464
  $ hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   465
  $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   466
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   467
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   468
  401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   469
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   470
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   471
  read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   472
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   473
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   474
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
35848
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   475
  401 read not authorized
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   476
  
35848
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   477
  0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   478
  read not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   479
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   480
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   481
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   482
  401 read not authorized
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   483
  
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   484
  0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   485
  read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   486
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   487
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   488
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   489
  401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   490
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   491
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   492
  read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   493
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   494
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   495
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   496
  401 read not authorized
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   497
  
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   498
  0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   499
  read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   500
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   501
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   502
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   503
  401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   504
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   505
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   506
  read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   507
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   508
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   509
  $ hg --cwd ../test2 pull http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   510
  pulling from http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   511
  abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   512
  [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   513
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   514
  $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   515
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   516
web.allow_read=<user> does not allow user not in list to read
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   517
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   518
  $ REMOTE_USER=baduser hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   519
  $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   520
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   521
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   522
  401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   523
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   524
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   525
  read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   526
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   527
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   528
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
35848
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   529
  401 read not authorized
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   530
  
35848
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   531
  0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   532
  read not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   533
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   534
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   535
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   536
  401 read not authorized
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   537
  
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   538
  0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   539
  read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   540
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   541
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   542
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   543
  401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   544
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   545
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   546
  read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   547
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   548
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   549
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   550
  401 read not authorized
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   551
  
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   552
  0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   553
  read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   554
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   555
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   556
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   557
  401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   558
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   559
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   560
  read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   561
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   562
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   563
  $ hg --cwd ../test2 pull http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   564
  pulling from http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   565
  abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   566
  [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   567
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   568
  $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   569
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   570
web.allow_read=<user> allows read from user in list
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   571
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   572
  $ REMOTE_USER=gooduser hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   573
  $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   574
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   575
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   576
  200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   577
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   578
  cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b	1
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   579
  publishing	True (no-eol)
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   580
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   581
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   582
  200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   583
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   584
  cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b	1
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   585
  publishing	True (no-eol)
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   586
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   587
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   588
  405 push requires POST request
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   589
  
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   590
  0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   591
  push requires POST request
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   592
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   593
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   594
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   595
  200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   596
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   597
  read-only command w/ defined permissions
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   598
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   599
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   600
  405 push requires POST request
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   601
  
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   602
  0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   603
  push requires POST request
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   604
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   605
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   606
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   607
  405 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   608
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   609
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   610
  push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   611
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   612
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   613
  $ hg --cwd ../test2 pull http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   614
  pulling from http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   615
  searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   616
  no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   617
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   618
  $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   619
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   620
web.deny_read takes precedence over web.allow_read
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   621
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   622
  $ cat > .hg/hgrc <<EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   623
  > [web]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   624
  > allow_read = baduser
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   625
  > deny_read = baduser
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   626
  > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   627
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   628
  $ REMOTE_USER=baduser hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   629
  $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   630
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   631
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   632
  401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   633
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   634
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   635
  read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   636
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   637
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   638
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
35848
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   639
  401 read not authorized
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   640
  
35848
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   641
  0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   642
  read not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   643
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   644
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   645
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   646
  401 read not authorized
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   647
  
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   648
  0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   649
  read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   650
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   651
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   652
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   653
  401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   654
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   655
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   656
  read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   657
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   658
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   659
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   660
  401 read not authorized
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   661
  
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   662
  0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   663
  read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   664
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   665
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   666
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   667
  401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   668
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   669
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   670
  read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   671
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   672
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   673
  $ hg --cwd ../test2 pull http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   674
  pulling from http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   675
  abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   676
  [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   677
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   678
  $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   679
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   680
web.allow-pull=false denies read access to repo
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   681
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   682
  $ cat > .hg/hgrc <<EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   683
  > [web]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   684
  > allow-pull = false
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   685
  > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   686
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   687
  $ hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   688
  $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   689
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   690
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=capabilities'
35847
e3c228b4510d wireproto: declare operation type for most commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35846
diff changeset
   691
  401 pull not authorized
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   692
  
35847
e3c228b4510d wireproto: declare operation type for most commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35846
diff changeset
   693
  0
e3c228b4510d wireproto: declare operation type for most commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35846
diff changeset
   694
  pull not authorized
e3c228b4510d wireproto: declare operation type for most commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35846
diff changeset
   695
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   696
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   697
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   698
  401 pull not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   699
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   700
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   701
  pull not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   702
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   703
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   704
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
35848
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   705
  401 pull not authorized
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   706
  
35848
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   707
  0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   708
  pull not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   709
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   710
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   711
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   712
  405 push requires POST request
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   713
  
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   714
  0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   715
  push requires POST request
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   716
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   717
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   718
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   719
  401 pull not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   720
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   721
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   722
  pull not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   723
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   724
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   725
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   726
  405 push requires POST request
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   727
  
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   728
  0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   729
  push requires POST request
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   730
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   731
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   732
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   733
  405 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   734
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   735
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   736
  push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   737
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   738
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   739
  $ hg --cwd ../test2 pull http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   740
  pulling from http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   741
  abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   742
  [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   743
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   744
  $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   745
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   746
Attempting a write command with HTTP GET fails
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   747
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   748
  $ cat > .hg/hgrc <<EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   749
  > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   750
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   751
  $ REQUEST_METHOD=GET hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   752
  $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   753
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   754
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   755
  405 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   756
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   757
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   758
  push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   759
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   760
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   761
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
35848
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   762
  405 push requires POST request
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   763
  
35848
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   764
  0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   765
  push requires POST request
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   766
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   767
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   768
  $ hg bookmarks
35848
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   769
  no bookmarks set
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   770
  $ hg bookmark -d bm
35848
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   771
  abort: bookmark 'bm' does not exist
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   772
  [255]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   773
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   774
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   775
  405 push requires POST request
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   776
  
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   777
  0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   778
  push requires POST request
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   779
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   780
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   781
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   782
  405 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   783
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   784
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   785
  push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   786
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   787
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   788
  $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   789
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   790
Attempting a write command with an unknown HTTP verb fails
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   791
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   792
  $ REQUEST_METHOD=someverb hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   793
  $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   794
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   795
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   796
  405 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   797
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   798
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   799
  push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   800
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   801
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   802
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
35848
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   803
  405 push requires POST request
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   804
  
35848
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   805
  0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   806
  push requires POST request
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   807
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   808
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   809
  $ hg bookmarks
35848
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   810
  no bookmarks set
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   811
  $ hg bookmark -d bm
35848
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   812
  abort: bookmark 'bm' does not exist
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   813
  [255]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   814
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   815
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   816
  405 push requires POST request
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   817
  
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   818
  0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   819
  push requires POST request
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   820
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   821
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   822
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   823
  405 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   824
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   825
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   826
  push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   827
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   828
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   829
  $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   830
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   831
Pushing on a plaintext channel is disabled by default
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   832
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   833
  $ cat > .hg/hgrc <<EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   834
  > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   835
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   836
  $ REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   837
  $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   838
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   839
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   840
  403 ssl required
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   841
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   842
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   843
  ssl required
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   844
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   846
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
35848
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   847
  403 ssl required
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   848
  
35848
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   849
  0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   850
  ssl required
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   851
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   852
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   853
  $ hg bookmarks
35848
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   854
  no bookmarks set
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   855
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   856
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   857
  403 ssl required
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   858
  
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   859
  0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   860
  ssl required
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   861
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   862
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   863
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   864
  403 ssl required
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   865
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   866
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   867
  ssl required
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   868
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   869
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   870
Reset server to remove REQUEST_METHOD hack to test hg client
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   871
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   872
  $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   873
  $ hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   874
  $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   875
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   876
  $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   877
  pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   878
  searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   879
  no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   880
  abort: HTTP Error 403: ssl required
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   881
  [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   882
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   883
  $ hg --cwd ../test2 push http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   884
  pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   885
  searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   886
  abort: HTTP Error 403: ssl required
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   887
  [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   888
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   889
  $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   890
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   891
web.deny_push=* denies pushing to unauthenticated users
35844
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
   892
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
   893
  $ cat > .hg/hgrc <<EOF
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
   894
  > [web]
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
   895
  > push_ssl = false
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
   896
  > deny_push = *
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
   897
  > EOF
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
   898
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   899
  $ REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   900
  $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   901
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   902
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   903
  401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   904
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   905
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   906
  push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   907
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   908
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   909
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
35848
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   910
  401 push not authorized
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   911
  
35848
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   912
  0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   913
  push not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   914
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   915
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   916
  $ hg bookmarks
35848
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   917
  no bookmarks set
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   918
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   919
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   920
  401 push not authorized
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   921
  
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   922
  0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   923
  push not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   924
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   925
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   926
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   927
  401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   928
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   929
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   930
  push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   931
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   932
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   933
Reset server to remove REQUEST_METHOD hack to test hg client
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   934
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   935
  $ killdaemons.py
35844
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
   936
  $ hg serve -p $HGPORT -d --pid-file hg.pid
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
   937
  $ cat hg.pid > $DAEMON_PIDS
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
   938
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   939
  $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   940
  pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   941
  searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   942
  no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   943
  abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   944
  [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   945
35844
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
   946
  $ hg --cwd ../test2 push http://localhost:$HGPORT/
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
   947
  pushing to http://localhost:$HGPORT/
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
   948
  searching for changes
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
   949
  abort: authorization failed
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
   950
  [255]
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
   951
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
   952
  $ killdaemons.py
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
   953
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   954
web.deny_push=* denies pushing to authenticated users
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   955
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   956
  $ REMOTE_USER=someuser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   957
  $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   958
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   959
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   960
  401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   961
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   962
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   963
  push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   964
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   965
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   966
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
35848
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   967
  401 push not authorized
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   968
  
35848
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   969
  0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   970
  push not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   971
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   972
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   973
  $ hg bookmarks
35848
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
   974
  no bookmarks set
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   975
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   976
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   977
  401 push not authorized
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   978
  
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   979
  0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   980
  push not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
   981
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   982
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   983
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   984
  401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   985
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   986
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   987
  push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   988
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   989
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   990
Reset server to remove REQUEST_METHOD hack to test hg client
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   991
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   992
  $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   993
  $ REMOTE_USER=someuser hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   994
  $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   995
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   996
  $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   997
  pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   998
  searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
   999
  no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1000
  abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1001
  [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1002
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1003
  $ hg --cwd ../test2 push http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1004
  pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1005
  searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1006
  abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1007
  [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1008
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1009
  $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1010
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1011
web.deny_push=<user> denies pushing to user in list
35844
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
  1012
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
  1013
  $ cat > .hg/hgrc <<EOF
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
  1014
  > [web]
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
  1015
  > push_ssl = false
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1016
  > deny_push = baduser
35844
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
  1017
  > EOF
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
  1018
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1019
  $ REMOTE_USER=baduser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1020
  $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1021
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1022
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1023
  401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1024
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1025
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1026
  push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1027
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1028
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1029
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
35848
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
  1030
  401 push not authorized
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1031
  
35848
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
  1032
  0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
  1033
  push not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
  1034
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1035
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1036
  $ hg bookmarks
35848
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
  1037
  no bookmarks set
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1038
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1039
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
  1040
  401 push not authorized
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1041
  
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
  1042
  0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
  1043
  push not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
  1044
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1045
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1046
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1047
  401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1048
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1049
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1050
  push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1051
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1052
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1053
Reset server to remove REQUEST_METHOD hack to test hg client
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1054
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1055
  $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1056
  $ REMOTE_USER=baduser hg serve -p $HGPORT -d --pid-file hg.pid
35844
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
  1057
  $ cat hg.pid > $DAEMON_PIDS
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1058
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1059
  $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1060
  pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1061
  searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1062
  no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1063
  abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1064
  [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1065
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1066
  $ hg --cwd ../test2 push http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1067
  pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1068
  searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1069
  abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1070
  [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1071
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1072
  $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1073
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1074
web.deny_push=<user> denies pushing to user not in list because allow-push isn't set
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1075
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1076
  $ REMOTE_USER=gooduser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1077
  $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1078
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1079
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1080
  401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1081
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1082
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1083
  push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1084
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1085
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1086
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
35848
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
  1087
  401 push not authorized
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1088
  
35848
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
  1089
  0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
  1090
  push not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
  1091
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1092
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1093
  $ hg bookmarks
35848
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
  1094
  no bookmarks set
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1095
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1096
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
  1097
  401 push not authorized
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1098
  
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
  1099
  0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
  1100
  push not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
  1101
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1102
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1103
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1104
  401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1105
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1106
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1107
  push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1108
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1109
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1110
Reset server to remove REQUEST_METHOD hack to test hg client
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1111
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1112
  $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1113
  $ REMOTE_USER=gooduser hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1114
  $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1115
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1116
  $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1117
  pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1118
  searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1119
  no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1120
  abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1121
  [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1122
35844
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
  1123
  $ hg --cwd ../test2 push http://localhost:$HGPORT/
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
  1124
  pushing to http://localhost:$HGPORT/
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
  1125
  searching for changes
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
  1126
  abort: authorization failed
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
  1127
  [255]
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
  1128
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
  1129
  $ killdaemons.py
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1130
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1131
web.allow-push=* allows pushes from unauthenticated users
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1132
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1133
  $ cat > .hg/hgrc <<EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1134
  > [web]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1135
  > push_ssl = false
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1136
  > allow-push = *
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1137
  > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1138
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1139
  $ REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1140
  $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1141
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1142
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1143
  200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1144
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1145
  1
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1146
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1147
  $ hg bookmarks
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1148
     bm                        0:cb9a9f314b8b
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1149
  $ hg book -d bm
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1150
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1151
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1152
  200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1153
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1154
  write command no defined permissions
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1155
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1156
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1157
  200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1158
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1159
  write command w/ defined permissions
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1160
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1161
Reset server to remove REQUEST_METHOD hack to test hg client
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1162
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1163
  $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1164
  $ hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1165
  $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1166
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1167
  $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1168
  pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1169
  searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1170
  no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1171
  exporting bookmark bm
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1172
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1173
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1174
  $ hg book -d bm
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1175
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1176
  $ hg --cwd ../test2 push http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1177
  pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1178
  searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1179
  remote: adding changesets
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1180
  remote: adding manifests
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1181
  remote: adding file changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1182
  remote: added 1 changesets with 1 changes to 1 files
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1183
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1184
  $ hg strip -r 1:
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1185
  saved backup bundle to $TESTTMP/test/.hg/strip-backup/ba677d0156c1-eea704d7-backup.hg
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1186
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1187
  $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1188
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1189
web.allow-push=* allows pushes from authenticated users
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1190
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1191
  $ REMOTE_USER=someuser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1192
  $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1193
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1194
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1195
  200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1196
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1197
  1
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1198
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1199
  $ hg bookmarks
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1200
     bm                        0:cb9a9f314b8b
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1201
  $ hg book -d bm
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1202
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1203
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1204
  200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1205
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1206
  write command no defined permissions
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1207
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1208
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1209
  200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1210
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1211
  write command w/ defined permissions
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1212
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1213
Reset server to remove REQUEST_METHOD hack to test hg client
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1214
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1215
  $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1216
  $ REMOTE_USER=someuser hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1217
  $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1218
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1219
  $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1220
  pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1221
  searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1222
  no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1223
  exporting bookmark bm
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1224
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1225
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1226
  $ hg book -d bm
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1227
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1228
  $ hg --cwd ../test2 push http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1229
  pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1230
  searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1231
  remote: adding changesets
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1232
  remote: adding manifests
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1233
  remote: adding file changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1234
  remote: added 1 changesets with 1 changes to 1 files
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1235
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1236
  $ hg strip -r 1:
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1237
  saved backup bundle to $TESTTMP/test/.hg/strip-backup/ba677d0156c1-eea704d7-backup.hg
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1238
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1239
  $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1240
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1241
web.allow-push=<user> denies push to user not in list
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1242
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1243
  $ cat > .hg/hgrc <<EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1244
  > [web]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1245
  > push_ssl = false
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1246
  > allow-push = gooduser
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1247
  > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1248
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1249
  $ REMOTE_USER=baduser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1250
  $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1251
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1252
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1253
  401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1254
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1255
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1256
  push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1257
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1258
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1259
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
35848
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
  1260
  401 push not authorized
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1261
  
35848
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
  1262
  0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
  1263
  push not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
  1264
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1265
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1266
  $ hg bookmarks
35848
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
  1267
  no bookmarks set
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1268
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1269
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
  1270
  401 push not authorized
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1271
  
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
  1272
  0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
  1273
  push not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
  1274
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1275
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1276
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1277
  401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1278
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1279
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1280
  push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1281
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1282
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1283
Reset server to remove REQUEST_METHOD hack to test hg client
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1284
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1285
  $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1286
  $ REMOTE_USER=baduser hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1287
  $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1288
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1289
  $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1290
  pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1291
  searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1292
  no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1293
  abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1294
  [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1295
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1296
  $ hg --cwd ../test2 push http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1297
  pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1298
  searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1299
  abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1300
  [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1301
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1302
  $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1303
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1304
web.allow-push=<user> allows push from user in list
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1305
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1306
  $ REMOTE_USER=gooduser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1307
  $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1308
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1309
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1310
  200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1311
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1312
  1
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1313
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1314
  $ hg bookmarks
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1315
     bm                        0:cb9a9f314b8b
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1316
  $ hg book -d bm
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1317
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1318
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1319
  200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1320
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1321
  1
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1322
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1323
  $ hg bookmarks
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1324
     bm                        0:cb9a9f314b8b
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1325
  $ hg book -d bm
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1326
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1327
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1328
  200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1329
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1330
  write command no defined permissions
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1331
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1332
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1333
  200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1334
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1335
  write command w/ defined permissions
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1336
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1337
Reset server to remove REQUEST_METHOD hack to test hg client
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1338
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1339
  $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1340
  $ REMOTE_USER=gooduser hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1341
  $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1342
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1343
  $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1344
  pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1345
  searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1346
  no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1347
  exporting bookmark bm
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1348
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1349
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1350
  $ hg book -d bm
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1351
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1352
  $ hg --cwd ../test2 push http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1353
  pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1354
  searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1355
  remote: adding changesets
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1356
  remote: adding manifests
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1357
  remote: adding file changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1358
  remote: added 1 changesets with 1 changes to 1 files
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1359
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1360
  $ hg strip -r 1:
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1361
  saved backup bundle to $TESTTMP/test/.hg/strip-backup/ba677d0156c1-eea704d7-backup.hg
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1362
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1363
  $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1364
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1365
web.deny_push takes precedence over web.allow_push
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1366
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1367
  $ cat > .hg/hgrc <<EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1368
  > [web]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1369
  > push_ssl = false
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1370
  > allow-push = someuser
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1371
  > deny_push = someuser
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1372
  > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1373
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1374
  $ REMOTE_USER=someuser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1375
  $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1376
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1377
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1378
  401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1379
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1380
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1381
  push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1382
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1383
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1384
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
35848
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
  1385
  401 push not authorized
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1386
  
35848
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
  1387
  0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
  1388
  push not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
  1389
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1390
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1391
  $ hg bookmarks
35848
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
  1392
  no bookmarks set
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1393
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1394
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
  1395
  401 push not authorized
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1396
  
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
  1397
  0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
  1398
  push not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
  1399
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1400
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1401
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1402
  401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1403
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1404
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1405
  push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1406
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1407
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1408
Reset server to remove REQUEST_METHOD hack to test hg client
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1409
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1410
  $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1411
  $ REMOTE_USER=someuser hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1412
  $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1413
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1414
  $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1415
  pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1416
  searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1417
  no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1418
  abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1419
  [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1420
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1421
  $ hg --cwd ../test2 push http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1422
  pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1423
  searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1424
  abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1425
  [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1426
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1427
  $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1428
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1429
web.allow-push has no effect if web.deny_read is set
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1430
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1431
  $ cat > .hg/hgrc <<EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1432
  > [web]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1433
  > push_ssl = false
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1434
  > allow-push = *
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1435
  > deny_read = *
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1436
  > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1437
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1438
  $ REQUEST_METHOD=POST REMOTE_USER=someuser hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1439
  $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1440
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1441
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1442
  401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1443
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1444
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1445
  read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1446
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1447
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1448
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
35848
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
  1449
  401 read not authorized
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1450
  
35848
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
  1451
  0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
  1452
  read not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
  1453
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1454
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1455
  $ hg bookmarks
35848
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35847
diff changeset
  1456
  no bookmarks set
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1457
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1458
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
  1459
  401 read not authorized
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1460
  
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
  1461
  0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
  1462
  read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
  1463
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1464
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1465
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1466
  401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1467
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1468
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1469
  read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1470
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1471
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1472
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
  1473
  401 read not authorized
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1474
  
35849
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
  1475
  0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
  1476
  read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35848
diff changeset
  1477
  [1]
35845
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1478
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1479
  $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1480
  401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1481
  
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1482
  0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1483
  read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1484
  [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1485
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1486
Reset server to remove REQUEST_METHOD hack to test hg client
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1487
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1488
  $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1489
  $ REMOTE_USER=someuser hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1490
  $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1491
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1492
  $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1493
  pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1494
  abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1495
  [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1496
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1497
  $ hg --cwd ../test2 push http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1498
  pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1499
  abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1500
  [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1501
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 35844
diff changeset
  1502
  $ killdaemons.py