# HG changeset patch # User Gregory Szorc # Date 1520734767 28800 # Node ID 02bea04b4c548bd5154ae827c58edf3b39bea2e9 # Parent 97f44b0720e210cd9a1c88031deafc00feb933b6 hgweb: transition permissions hooks to modern request type (API) We're trying to remove ``wsgirequest``. The permissions hooks don't do anything they can't do with our new request type. So let's pass that in. This was the last use of ``wsgirequest`` in the wire protocol code! .. api:: hgweb.hgweb_mod.permhooks no longer take a ``wsgirequest`` instance as an argument. Differential Revision: https://phab.mercurial-scm.org/D2793 diff -r 97f44b0720e2 -r 02bea04b4c54 mercurial/hgweb/common.py --- a/mercurial/hgweb/common.py Sat Mar 10 20:16:20 2018 -0800 +++ b/mercurial/hgweb/common.py Sat Mar 10 18:19:27 2018 -0800 @@ -46,7 +46,7 @@ authentication info). Return if op allowed, else raise an ErrorResponse exception.''' - user = req.env.get(r'REMOTE_USER') + user = req.remoteuser deny_read = hgweb.configlist('web', 'deny_read') if deny_read and (not user or ismember(hgweb.repo.ui, user, deny_read)): @@ -62,14 +62,13 @@ return # enforce that you can only push using POST requests - if req.env[r'REQUEST_METHOD'] != r'POST': + if req.method != 'POST': msg = 'push requires POST request' raise ErrorResponse(HTTP_METHOD_NOT_ALLOWED, msg) # require ssl by default for pushing, auth info cannot be sniffed # and replayed - scheme = req.env.get('wsgi.url_scheme') - if hgweb.configbool('web', 'push_ssl') and scheme != 'https': + if hgweb.configbool('web', 'push_ssl') and req.urlscheme != 'https': raise ErrorResponse(HTTP_FORBIDDEN, 'ssl required') deny = hgweb.configlist('web', 'deny_push') diff -r 97f44b0720e2 -r 02bea04b4c54 mercurial/hgweb/hgweb_mod.py --- a/mercurial/hgweb/hgweb_mod.py Sat Mar 10 20:16:20 2018 -0800 +++ b/mercurial/hgweb/hgweb_mod.py Sat Mar 10 18:19:27 2018 -0800 @@ -322,7 +322,7 @@ res.headers['Content-Security-Policy'] = rctx.csp handled = wireprotoserver.handlewsgirequest( - rctx, wsgireq, req, res, self.check_perm) + rctx, req, res, self.check_perm) if handled: return res.sendresponse() @@ -380,7 +380,7 @@ # check read permissions non-static content if cmd != 'static': - self.check_perm(rctx, wsgireq, None) + self.check_perm(rctx, req, None) if cmd == '': req.qsparams['cmd'] = tmpl.cache['default'] diff -r 97f44b0720e2 -r 02bea04b4c54 mercurial/wireprotoserver.py --- a/mercurial/wireprotoserver.py Sat Mar 10 20:16:20 2018 -0800 +++ b/mercurial/wireprotoserver.py Sat Mar 10 18:19:27 2018 -0800 @@ -148,13 +148,12 @@ def iscmd(cmd): return cmd in wireproto.commands -def handlewsgirequest(rctx, wsgireq, req, res, checkperm): +def handlewsgirequest(rctx, req, res, checkperm): """Possibly process a wire protocol request. If the current request is a wire protocol request, the request is processed by this function. - ``wsgireq`` is a ``wsgirequest`` instance. ``req`` is a ``parsedrequest`` instance. ``res`` is a ``wsgiresponse`` instance. @@ -197,7 +196,7 @@ return True proto = httpv1protocolhandler(req, repo.ui, - lambda perm: checkperm(rctx, wsgireq, perm)) + lambda perm: checkperm(rctx, req, perm)) # The permissions checker should be the only thing that can raise an # ErrorResponse. It is kind of a layer violation to catch an hgweb diff -r 97f44b0720e2 -r 02bea04b4c54 tests/test-http-bundle1.t --- a/tests/test-http-bundle1.t Sat Mar 10 20:16:20 2018 -0800 +++ b/tests/test-http-bundle1.t Sat Mar 10 18:19:27 2018 -0800 @@ -177,7 +177,7 @@ > import base64 > from mercurial.hgweb import common > def perform_authentication(hgweb, req, op): - > auth = req.env.get('HTTP_AUTHORIZATION') + > auth = req.headers.get('Authorization') > if not auth: > raise common.ErrorResponse(common.HTTP_UNAUTHORIZED, 'who', > [('WWW-Authenticate', 'Basic Realm="mercurial"')]) diff -r 97f44b0720e2 -r 02bea04b4c54 tests/test-http.t --- a/tests/test-http.t Sat Mar 10 20:16:20 2018 -0800 +++ b/tests/test-http.t Sat Mar 10 18:19:27 2018 -0800 @@ -168,7 +168,7 @@ > import base64 > from mercurial.hgweb import common > def perform_authentication(hgweb, req, op): - > auth = req.env.get('HTTP_AUTHORIZATION') + > auth = req.headers.get('Authorization') > if not auth: > raise common.ErrorResponse(common.HTTP_UNAUTHORIZED, 'who', > [('WWW-Authenticate', 'Basic Realm="mercurial"')]) @@ -510,7 +510,7 @@ > from mercurial import util > from mercurial.hgweb import common > def perform_authentication(hgweb, req, op): - > cookie = req.env.get('HTTP_COOKIE') + > cookie = req.headers.get('Cookie') > if not cookie: > raise common.ErrorResponse(common.HTTP_SERVER_ERROR, 'no-cookie') > raise common.ErrorResponse(common.HTTP_SERVER_ERROR, 'Cookie: %s' % cookie) diff -r 97f44b0720e2 -r 02bea04b4c54 tests/test-largefiles-wireproto.t --- a/tests/test-largefiles-wireproto.t Sat Mar 10 20:16:20 2018 -0800 +++ b/tests/test-largefiles-wireproto.t Sat Mar 10 18:19:27 2018 -0800 @@ -424,7 +424,7 @@ > import base64 > from mercurial.hgweb import common > def perform_authentication(hgweb, req, op): - > auth = req.env.get('HTTP_AUTHORIZATION') + > auth = req.headers.get('Authorization') > if not auth: > raise common.ErrorResponse(common.HTTP_UNAUTHORIZED, 'who', > [('WWW-Authenticate', 'Basic Realm="mercurial"')])