annotate tests/test-http-permissions.t @ 41163:0101a35deae2

phabricator: warn if unable to amend, instead of aborting after posting There was a divergence in behavior here between obsolete and strip based amending. I first noticed the abort when testing outside of the test harness, but then had trouble recreating it here after reverting the code changes. It turns out, strip based amend was successfully amending the public commit after it was posted! It looks like the protection is in the `commit --amend` command, not in the underlying code that it calls. I considered doing a preflight check and aborting. But the locks are only acquired at the end, if amending, and this is too large a section of code to be wrapped in a maybe-it's-held-or-not context manager for my tastes. Additionally, some people do post-push reviews, and amending is the default behavior, so they shouldn't see a misleading error message. The lack of a 'Differential Revision' entry in the commit message breaks a {phabreview} test, so it had to be partially conditionalized.
author Matt Harbison <matt_harbison@yahoo.com>
date Sat, 05 Jan 2019 15:20:33 -0500
parents c3491d3f8984
children ebee234d952a
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1 $ cat > fakeremoteuser.py << EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
2 > import os
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
3 > from mercurial.hgweb import hgweb_mod
37785
b4d85bc122bd wireproto: rename wireproto to wireprotov1server (API)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36800
diff changeset
4 > from mercurial import wireprotov1server
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
5 > class testenvhgweb(hgweb_mod.hgweb):
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
6 > def __call__(self, env, respond):
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
7 > # Allow REMOTE_USER to define authenticated user.
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
8 > if r'REMOTE_USER' in os.environ:
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
9 > env[r'REMOTE_USER'] = os.environ[r'REMOTE_USER']
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
10 > # Allow REQUEST_METHOD to override HTTP method
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
11 > if r'REQUEST_METHOD' in os.environ:
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
12 > env[r'REQUEST_METHOD'] = os.environ[r'REQUEST_METHOD']
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
13 > return super(testenvhgweb, self).__call__(env, respond)
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
14 > hgweb_mod.hgweb = testenvhgweb
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
15 >
39430
c3491d3f8984 py3: add more missing b'' prefixes in test files
Pulkit Goyal <pulkit@yandex-team.ru>
parents: 37845
diff changeset
16 > @wireprotov1server.wireprotocommand(b'customreadnoperm')
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
17 > def customread(repo, proto):
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
18 > return b'read-only command no defined permissions\n'
39430
c3491d3f8984 py3: add more missing b'' prefixes in test files
Pulkit Goyal <pulkit@yandex-team.ru>
parents: 37845
diff changeset
19 > @wireprotov1server.wireprotocommand(b'customwritenoperm')
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
20 > def customwritenoperm(repo, proto):
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
21 > return b'write command no defined permissions\n'
39430
c3491d3f8984 py3: add more missing b'' prefixes in test files
Pulkit Goyal <pulkit@yandex-team.ru>
parents: 37845
diff changeset
22 > @wireprotov1server.wireprotocommand(b'customreadwithperm', permission=b'pull')
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
23 > def customreadwithperm(repo, proto):
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
24 > return b'read-only command w/ defined permissions\n'
39430
c3491d3f8984 py3: add more missing b'' prefixes in test files
Pulkit Goyal <pulkit@yandex-team.ru>
parents: 37845
diff changeset
25 > @wireprotov1server.wireprotocommand(b'customwritewithperm', permission=b'push')
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
26 > def customwritewithperm(repo, proto):
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
27 > return b'write command w/ defined permissions\n'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
28 > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
29
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
30 $ cat >> $HGRCPATH << EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
31 > [extensions]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
32 > fakeremoteuser = $TESTTMP/fakeremoteuser.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
33 > strip =
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
34 > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
35
36751
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
36 $ hg init test
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
37 $ cd test
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
38 $ echo a > a
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
39 $ hg ci -Ama
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
40 adding a
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
41 $ cd ..
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
42 $ hg clone test test2
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
43 updating to branch default
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
44 1 files updated, 0 files merged, 0 files removed, 0 files unresolved
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
45 $ cd test2
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
46 $ echo a >> a
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
47 $ hg ci -mb
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
48 $ hg book bm -r 0
36751
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
49 $ cd ../test
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
50
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
51 web.deny_read=* prevents access to wire protocol for all users
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
52
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
53 $ cat > .hg/hgrc <<EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
54 > [web]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
55 > deny_read = *
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
56 > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
57
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
58 $ hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
59 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
60
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
61 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=capabilities'
36754
e3c228b4510d wireproto: declare operation type for most commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36753
diff changeset
62 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
63
36754
e3c228b4510d wireproto: declare operation type for most commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36753
diff changeset
64 0
e3c228b4510d wireproto: declare operation type for most commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36753
diff changeset
65 read not authorized
e3c228b4510d wireproto: declare operation type for most commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36753
diff changeset
66 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
67
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
68 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=stream_out'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
69 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
70
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
71 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
72 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
73 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
74
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
75 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
76 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
77
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
78 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
79 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
80 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
81
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
82 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
83 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
84
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
85 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
86 read not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
87 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
88
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
89 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
90 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
91
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
92 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
93 read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
94 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
95
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
96 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
97 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
98
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
99 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
100 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
101 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
102
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
103 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
104 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
105
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
106 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
107 read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
108 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
109
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
110 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
111 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
112
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
113 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
114 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
115 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
116
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
117 $ hg --cwd ../test2 pull http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
118 pulling from http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
119 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
120 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
121
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
122 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
123
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
124 web.deny_read=* with REMOTE_USER set still locks out clients
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
125
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
126 $ REMOTE_USER=authed_user hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
127 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
128
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
129 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=capabilities'
36754
e3c228b4510d wireproto: declare operation type for most commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36753
diff changeset
130 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
131
36754
e3c228b4510d wireproto: declare operation type for most commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36753
diff changeset
132 0
e3c228b4510d wireproto: declare operation type for most commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36753
diff changeset
133 read not authorized
e3c228b4510d wireproto: declare operation type for most commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36753
diff changeset
134 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
135
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
136 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=stream_out'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
137 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
138
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
139 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
140 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
141 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
142
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
143 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
144 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
145
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
146 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
147 read not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
148 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
149
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
150 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
151 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
152
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
153 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
154 read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
155 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
156
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
157 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
158 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
159
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
160 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
161 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
162 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
163
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
164 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
165 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
166
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
167 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
168 read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
169 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
170
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
171 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
172 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
173
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
174 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
175 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
176 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
177
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
178 $ hg --cwd ../test2 pull http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
179 pulling from http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
180 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
181 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
182
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
183 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
184
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
185 web.deny_read=<user> denies access to unauthenticated user
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
186
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
187 $ cat > .hg/hgrc <<EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
188 > [web]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
189 > deny_read = baduser1,baduser2
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
190 > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
191
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
192 $ hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
193 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
194
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
195 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
196 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
197
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
198 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
199 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
200 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
201
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
202 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
203 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
204
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
205 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
206 read not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
207 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
208
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
209 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
210 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
211
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
212 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
213 read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
214 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
215
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
216 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
217 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
218
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
219 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
220 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
221 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
222
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
223 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
224 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
225
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
226 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
227 read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
228 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
229
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
230 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
231 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
232
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
233 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
234 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
235 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
236
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
237 $ hg --cwd ../test2 pull http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
238 pulling from http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
239 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
240 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
241
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
242 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
243
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
244 web.deny_read=<user> denies access to users in deny list
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
245
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
246 $ REMOTE_USER=baduser2 hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
247 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
248
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
249 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
250 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
251
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
252 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
253 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
254 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
255
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
256 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
257 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
258
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
259 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
260 read not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
261 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
262
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
263 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
264 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
265
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
266 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
267 read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
268 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
269
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
270 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
271 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
272
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
273 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
274 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
275 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
276
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
277 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
278 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
279
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
280 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
281 read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
282 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
283
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
284 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
285 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
286
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
287 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
288 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
289 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
290
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
291 $ hg --cwd ../test2 pull http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
292 pulling from http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
293 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
294 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
295
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
296 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
297
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
298 web.deny_read=<user> allows access to authenticated users not in list
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
299
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
300 $ REMOTE_USER=gooduser hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
301 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
302
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
303 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
304 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
305
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
306 cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
307 publishing True (no-eol)
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
308
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
309 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
310 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
311
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
312 cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
313 publishing True (no-eol)
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
314
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
315 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
316 405 push requires POST request
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
317
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
318 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
319 push requires POST request
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
320 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
321
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
322 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
323 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
324
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
325 read-only command w/ defined permissions
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
326
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
327 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
328 405 push requires POST request
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
329
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
330 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
331 push requires POST request
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
332 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
333
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
334 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
335 405 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
336
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
337 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
338 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
339 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
340
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
341 $ hg --cwd ../test2 pull http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
342 pulling from http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
343 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
344 no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
345
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
346 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
347
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
348 web.allow_read=* allows reads for unauthenticated users
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
349
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
350 $ cat > .hg/hgrc <<EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
351 > [web]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
352 > allow_read = *
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
353 > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
354
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
355 $ hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
356 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
357
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
358 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
359 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
360
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
361 cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
362 publishing True (no-eol)
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
363
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
364 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
365 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
366
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
367 cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
368 publishing True (no-eol)
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
369
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
370 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
371 405 push requires POST request
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
372
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
373 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
374 push requires POST request
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
375 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
376
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
377 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
378 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
379
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
380 read-only command w/ defined permissions
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
381
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
382 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
383 405 push requires POST request
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
384
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
385 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
386 push requires POST request
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
387 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
388
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
389 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
390 405 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
391
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
392 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
393 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
394 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
395
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
396 $ hg --cwd ../test2 pull http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
397 pulling from http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
398 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
399 no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
400
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
401 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
402
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
403 web.allow_read=* allows read for authenticated user
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
404
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
405 $ REMOTE_USER=authed_user hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
406 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
407
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
408 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
409 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
410
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
411 cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
412 publishing True (no-eol)
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
413
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
414 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
415 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
416
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
417 cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
418 publishing True (no-eol)
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
419
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
420 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
421 405 push requires POST request
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
422
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
423 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
424 push requires POST request
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
425 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
426
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
427 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
428 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
429
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
430 read-only command w/ defined permissions
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
431
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
432 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
433 405 push requires POST request
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
434
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
435 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
436 push requires POST request
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
437 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
438
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
439 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
440 405 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
441
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
442 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
443 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
444 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
445
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
446 $ hg --cwd ../test2 pull http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
447 pulling from http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
448 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
449 no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
450
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
451 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
452
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
453 web.allow_read=<user> does not allow unauthenticated users to read
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
454
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
455 $ cat > .hg/hgrc <<EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
456 > [web]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
457 > allow_read = gooduser
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
458 > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
459
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
460 $ hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
461 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
462
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
463 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
464 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
465
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
466 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
467 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
468 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
469
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
470 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
471 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
472
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
473 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
474 read not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
475 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
476
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
477 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
478 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
479
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
480 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
481 read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
482 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
483
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
484 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
485 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
486
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
487 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
488 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
489 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
490
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
491 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
492 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
493
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
494 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
495 read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
496 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
497
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
498 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
499 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
500
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
501 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
502 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
503 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
504
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
505 $ hg --cwd ../test2 pull http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
506 pulling from http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
507 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
508 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
509
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
510 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
511
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
512 web.allow_read=<user> does not allow user not in list to read
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
513
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
514 $ REMOTE_USER=baduser hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
515 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
516
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
517 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
518 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
519
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
520 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
521 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
522 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
523
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
524 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
525 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
526
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
527 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
528 read not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
529 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
530
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
531 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
532 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
533
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
534 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
535 read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
536 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
537
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
538 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
539 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
540
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
541 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
542 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
543 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
544
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
545 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
546 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
547
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
548 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
549 read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
550 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
551
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
552 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
553 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
554
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
555 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
556 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
557 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
558
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
559 $ hg --cwd ../test2 pull http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
560 pulling from http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
561 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
562 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
563
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
564 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
565
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
566 web.allow_read=<user> allows read from user in list
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
567
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
568 $ REMOTE_USER=gooduser hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
569 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
570
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
571 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
572 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
573
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
574 cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
575 publishing True (no-eol)
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
576
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
577 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
578 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
579
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
580 cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
581 publishing True (no-eol)
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
582
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
583 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
584 405 push requires POST request
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
585
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
586 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
587 push requires POST request
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
588 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
589
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
590 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
591 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
592
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
593 read-only command w/ defined permissions
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
594
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
595 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
596 405 push requires POST request
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
597
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
598 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
599 push requires POST request
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
600 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
601
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
602 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
603 405 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
604
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
605 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
606 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
607 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
608
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
609 $ hg --cwd ../test2 pull http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
610 pulling from http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
611 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
612 no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
613
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
614 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
615
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
616 web.deny_read takes precedence over web.allow_read
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
617
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
618 $ cat > .hg/hgrc <<EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
619 > [web]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
620 > allow_read = baduser
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
621 > deny_read = baduser
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
622 > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
623
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
624 $ REMOTE_USER=baduser hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
625 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
626
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
627 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
628 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
629
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
630 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
631 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
632 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
633
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
634 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
635 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
636
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
637 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
638 read not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
639 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
640
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
641 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
642 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
643
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
644 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
645 read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
646 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
647
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
648 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
649 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
650
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
651 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
652 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
653 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
654
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
655 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
656 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
657
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
658 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
659 read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
660 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
661
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
662 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
663 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
664
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
665 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
666 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
667 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
668
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
669 $ hg --cwd ../test2 pull http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
670 pulling from http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
671 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
672 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
673
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
674 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
675
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
676 web.allow-pull=false denies read access to repo
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
677
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
678 $ cat > .hg/hgrc <<EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
679 > [web]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
680 > allow-pull = false
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
681 > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
682
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
683 $ hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
684 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
685
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
686 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=capabilities'
36754
e3c228b4510d wireproto: declare operation type for most commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36753
diff changeset
687 401 pull not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
688
36754
e3c228b4510d wireproto: declare operation type for most commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36753
diff changeset
689 0
e3c228b4510d wireproto: declare operation type for most commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36753
diff changeset
690 pull not authorized
e3c228b4510d wireproto: declare operation type for most commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36753
diff changeset
691 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
692
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
693 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
694 401 pull not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
695
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
696 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
697 pull not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
698 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
699
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
700 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
701 401 pull not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
702
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
703 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
704 pull not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
705 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
706
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
707 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
708 405 push requires POST request
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
709
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
710 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
711 push requires POST request
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
712 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
713
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
714 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
715 401 pull not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
716
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
717 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
718 pull not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
719 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
720
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
721 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
722 405 push requires POST request
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
723
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
724 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
725 push requires POST request
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
726 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
727
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
728 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
729 405 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
730
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
731 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
732 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
733 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
734
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
735 $ hg --cwd ../test2 pull http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
736 pulling from http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
737 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
738 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
739
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
740 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
741
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
742 Attempting a write command with HTTP GET fails
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
743
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
744 $ cat > .hg/hgrc <<EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
745 > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
746
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
747 $ REQUEST_METHOD=GET hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
748 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
749
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
750 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
751 405 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
753 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
754 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
755 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
756
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
757 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
758 405 push requires POST request
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
759
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
760 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
761 push requires POST request
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
762 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
763
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
764 $ hg bookmarks
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
765 no bookmarks set
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
766 $ hg bookmark -d bm
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
767 abort: bookmark 'bm' does not exist
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
768 [255]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
769
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
770 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
771 405 push requires POST request
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
772
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
773 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
774 push requires POST request
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
775 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
776
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
777 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
778 405 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
779
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
780 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
781 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
782 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
783
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
784 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
785
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
786 Attempting a write command with an unknown HTTP verb fails
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
787
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
788 $ REQUEST_METHOD=someverb hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
789 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
790
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
791 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
792 405 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
793
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
794 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
795 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
796 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
797
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
798 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
799 405 push requires POST request
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
800
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
801 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
802 push requires POST request
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
803 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
804
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
805 $ hg bookmarks
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
806 no bookmarks set
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
807 $ hg bookmark -d bm
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
808 abort: bookmark 'bm' does not exist
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
809 [255]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
810
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
811 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
812 405 push requires POST request
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
813
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
814 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
815 push requires POST request
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
816 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
817
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
818 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
819 405 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
820
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
821 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
822 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
823 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
824
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
825 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
826
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
827 Pushing on a plaintext channel is disabled by default
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
828
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
829 $ cat > .hg/hgrc <<EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
830 > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
831
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
832 $ REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
833 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
834
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
835 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
836 403 ssl required
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
837
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
838 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
839 ssl required
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
840 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
841
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
842 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
843 403 ssl required
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
844
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
845 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
846 ssl required
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
847 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
848
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
849 $ hg bookmarks
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
850 no bookmarks set
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
851
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
852 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
853 403 ssl required
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
854
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
855 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
856 ssl required
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
857 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
858
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
859 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
860 403 ssl required
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
861
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
862 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
863 ssl required
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
864 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
865
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
866 Reset server to remove REQUEST_METHOD hack to test hg client
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
867
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
868 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
869 $ hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
870 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
871
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
872 $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
873 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
874 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
875 no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
876 abort: HTTP Error 403: ssl required
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
877 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
878
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
879 $ hg --cwd ../test2 push http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
880 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
881 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
882 abort: HTTP Error 403: ssl required
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
883 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
884
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
885 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
886
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
887 web.deny_push=* denies pushing to unauthenticated users
36751
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
888
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
889 $ cat > .hg/hgrc <<EOF
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
890 > [web]
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
891 > push_ssl = false
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
892 > deny_push = *
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
893 > EOF
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
894
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
895 $ REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
896 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
897
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
898 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
899 401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
900
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
901 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
902 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
903 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
904
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
905 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
906 401 push not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
907
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
908 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
909 push not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
910 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
911
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
912 $ hg bookmarks
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
913 no bookmarks set
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
914
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
915 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
916 401 push not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
917
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
918 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
919 push not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
920 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
921
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
922 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
923 401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
924
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
925 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
926 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
927 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
928
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
929 Reset server to remove REQUEST_METHOD hack to test hg client
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
930
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
931 $ killdaemons.py
36751
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
932 $ hg serve -p $HGPORT -d --pid-file hg.pid
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
933 $ cat hg.pid > $DAEMON_PIDS
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
934
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
935 $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
936 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
937 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
938 no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
939 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
940 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
941
36751
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
942 $ hg --cwd ../test2 push http://localhost:$HGPORT/
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
943 pushing to http://localhost:$HGPORT/
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
944 searching for changes
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
945 abort: authorization failed
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
946 [255]
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
947
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
948 $ killdaemons.py
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
949
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
950 web.deny_push=* denies pushing to authenticated users
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
951
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
952 $ REMOTE_USER=someuser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
953 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
954
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
955 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
956 401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
957
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
958 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
959 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
960 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
961
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
962 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
963 401 push not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
964
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
965 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
966 push not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
967 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
968
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
969 $ hg bookmarks
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
970 no bookmarks set
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
971
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
972 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
973 401 push not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
974
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
975 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
976 push not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
977 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
978
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
979 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
980 401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
981
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
982 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
983 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
984 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
985
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
986 Reset server to remove REQUEST_METHOD hack to test hg client
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
987
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
988 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
989 $ REMOTE_USER=someuser hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
990 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
991
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
992 $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
993 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
994 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
995 no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
996 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
997 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
998
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
999 $ hg --cwd ../test2 push http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1000 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1001 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1002 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1003 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1004
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1005 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1006
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1007 web.deny_push=<user> denies pushing to user in list
36751
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
1008
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
1009 $ cat > .hg/hgrc <<EOF
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
1010 > [web]
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
1011 > push_ssl = false
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1012 > deny_push = baduser
36751
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
1013 > EOF
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
1014
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1015 $ REMOTE_USER=baduser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1016 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1017
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1018 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1019 401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1020
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1021 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1022 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1023 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1024
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1025 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1026 401 push not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1027
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1028 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1029 push not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1030 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1031
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1032 $ hg bookmarks
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1033 no bookmarks set
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1034
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1035 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
1036 401 push not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1037
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
1038 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
1039 push not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
1040 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1041
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1042 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1043 401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1044
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1045 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1046 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1047 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1048
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1049 Reset server to remove REQUEST_METHOD hack to test hg client
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1050
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1051 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1052 $ REMOTE_USER=baduser hg serve -p $HGPORT -d --pid-file hg.pid
36751
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
1053 $ cat hg.pid > $DAEMON_PIDS
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1054
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1055 $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1056 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1057 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1058 no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1059 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1060 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1061
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1062 $ hg --cwd ../test2 push http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1063 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1064 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1065 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1066 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1067
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1068 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1069
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1070 web.deny_push=<user> denies pushing to user not in list because allow-push isn't set
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1071
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1072 $ REMOTE_USER=gooduser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1073 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1074
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1075 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1076 401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1077
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1078 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1079 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1080 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1081
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1082 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1083 401 push not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1084
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1085 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1086 push not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1087 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1088
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1089 $ hg bookmarks
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1090 no bookmarks set
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1091
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1092 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
1093 401 push not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1094
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
1095 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
1096 push not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
1097 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1098
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1099 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1100 401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1101
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1102 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1103 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1104 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1105
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1106 Reset server to remove REQUEST_METHOD hack to test hg client
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1107
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1108 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1109 $ REMOTE_USER=gooduser hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1110 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1111
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1112 $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1113 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1114 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1115 no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1116 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1117 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1118
36751
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
1119 $ hg --cwd ../test2 push http://localhost:$HGPORT/
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
1120 pushing to http://localhost:$HGPORT/
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
1121 searching for changes
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
1122 abort: authorization failed
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
1123 [255]
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
1124
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
1125 $ killdaemons.py
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1126
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1127 web.allow-push=* allows pushes from unauthenticated users
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1128
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1129 $ cat > .hg/hgrc <<EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1130 > [web]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1131 > push_ssl = false
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1132 > allow-push = *
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1133 > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1134
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1135 $ REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1136 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1137
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1138 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1139 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1140
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1141 1
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1142
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1143 $ hg bookmarks
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1144 bm 0:cb9a9f314b8b
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1145 $ hg book -d bm
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1146
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1147 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1148 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1149
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1150 write command no defined permissions
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1151
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1152 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1153 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1154
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1155 write command w/ defined permissions
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1156
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1157 Reset server to remove REQUEST_METHOD hack to test hg client
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1158
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1159 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1160 $ hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1161 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1162
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1163 $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1164 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1165 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1166 no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1167 exporting bookmark bm
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1168 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1169
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1170 $ hg book -d bm
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1171
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1172 $ hg --cwd ../test2 push http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1173 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1174 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1175 remote: adding changesets
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1176 remote: adding manifests
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1177 remote: adding file changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1178 remote: added 1 changesets with 1 changes to 1 files
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1179
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1180 $ hg strip -r 1:
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1181 saved backup bundle to $TESTTMP/test/.hg/strip-backup/ba677d0156c1-eea704d7-backup.hg
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1182
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1183 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1184
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1185 web.allow-push=* allows pushes from authenticated users
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1186
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1187 $ REMOTE_USER=someuser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1188 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1189
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1190 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1191 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1192
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1193 1
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1194
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1195 $ hg bookmarks
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1196 bm 0:cb9a9f314b8b
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1197 $ hg book -d bm
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1198
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1199 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1200 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1201
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1202 write command no defined permissions
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1203
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1204 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1205 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1206
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1207 write command w/ defined permissions
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1208
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1209 Reset server to remove REQUEST_METHOD hack to test hg client
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1210
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1211 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1212 $ REMOTE_USER=someuser hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1213 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1214
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1215 $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1216 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1217 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1218 no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1219 exporting bookmark bm
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1220 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1221
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1222 $ hg book -d bm
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1223
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1224 $ hg --cwd ../test2 push http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1225 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1226 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1227 remote: adding changesets
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1228 remote: adding manifests
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1229 remote: adding file changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1230 remote: added 1 changesets with 1 changes to 1 files
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1231
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1232 $ hg strip -r 1:
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1233 saved backup bundle to $TESTTMP/test/.hg/strip-backup/ba677d0156c1-eea704d7-backup.hg
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1234
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1235 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1236
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1237 web.allow-push=<user> denies push to user not in list
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1238
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1239 $ cat > .hg/hgrc <<EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1240 > [web]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1241 > push_ssl = false
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1242 > allow-push = gooduser
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1243 > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1244
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1245 $ REMOTE_USER=baduser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1246 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1247
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1248 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1249 401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1250
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1251 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1252 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1253 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1254
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1255 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1256 401 push not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1257
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1258 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1259 push not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1260 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1261
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1262 $ hg bookmarks
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1263 no bookmarks set
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1264
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1265 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
1266 401 push not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1267
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
1268 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
1269 push not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
1270 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1271
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1272 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1273 401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1274
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1275 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1276 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1277 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1278
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1279 Reset server to remove REQUEST_METHOD hack to test hg client
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1280
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1281 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1282 $ REMOTE_USER=baduser hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1283 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1284
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1285 $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1286 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1287 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1288 no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1289 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1290 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1291
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1292 $ hg --cwd ../test2 push http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1293 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1294 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1295 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1296 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1297
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1298 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1299
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1300 web.allow-push=<user> allows push from user in list
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1301
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1302 $ REMOTE_USER=gooduser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1303 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1304
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1305 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1306 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1307
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1308 1
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1309
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1310 $ hg bookmarks
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1311 bm 0:cb9a9f314b8b
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1312 $ hg book -d bm
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1313
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1314 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1315 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1316
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1317 1
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1318
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1319 $ hg bookmarks
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1320 bm 0:cb9a9f314b8b
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1321 $ hg book -d bm
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1322
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1323 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1324 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1325
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1326 write command no defined permissions
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1327
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1328 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1329 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1330
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1331 write command w/ defined permissions
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1332
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1333 Reset server to remove REQUEST_METHOD hack to test hg client
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1334
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1335 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1336 $ REMOTE_USER=gooduser hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1337 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1338
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1339 $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1340 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1341 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1342 no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1343 exporting bookmark bm
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1344 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1345
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1346 $ hg book -d bm
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1347
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1348 $ hg --cwd ../test2 push http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1349 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1350 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1351 remote: adding changesets
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1352 remote: adding manifests
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1353 remote: adding file changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1354 remote: added 1 changesets with 1 changes to 1 files
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1355
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1356 $ hg strip -r 1:
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1357 saved backup bundle to $TESTTMP/test/.hg/strip-backup/ba677d0156c1-eea704d7-backup.hg
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1358
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1359 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1360
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1361 web.deny_push takes precedence over web.allow_push
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1362
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1363 $ cat > .hg/hgrc <<EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1364 > [web]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1365 > push_ssl = false
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1366 > allow-push = someuser
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1367 > deny_push = someuser
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1368 > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1369
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1370 $ REMOTE_USER=someuser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1371 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1372
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1373 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1374 401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1375
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1376 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1377 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1378 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1379
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1380 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1381 401 push not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1382
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1383 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1384 push not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1385 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1386
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1387 $ hg bookmarks
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1388 no bookmarks set
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1389
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1390 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
1391 401 push not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1392
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
1393 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
1394 push not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
1395 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1396
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1397 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1398 401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1399
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1400 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1402 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1403
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1404 Reset server to remove REQUEST_METHOD hack to test hg client
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1405
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1406 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1407 $ REMOTE_USER=someuser hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1408 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1409
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1410 $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1411 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1412 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1413 no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1414 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1415 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1416
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1417 $ hg --cwd ../test2 push http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1418 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1419 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1420 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1421 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1422
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1423 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1424
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1425 web.allow-push has no effect if web.deny_read is set
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1426
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1427 $ cat > .hg/hgrc <<EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1428 > [web]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1429 > push_ssl = false
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1430 > allow-push = *
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1431 > deny_read = *
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1432 > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1433
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1434 $ REQUEST_METHOD=POST REMOTE_USER=someuser hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1435 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1436
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1437 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1438 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1439
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1440 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1441 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1442 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1443
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1444 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1445 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1446
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1447 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1448 read not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1449 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1450
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1451 $ hg bookmarks
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1452 no bookmarks set
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1453
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1454 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
1455 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1456
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
1457 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
1458 read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
1459 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1460
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1461 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1462 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1463
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1464 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1465 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1466 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1467
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1468 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
1469 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1470
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
1471 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
1472 read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
1473 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1474
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1475 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1476 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1477
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1478 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1479 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1480 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1481
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1482 Reset server to remove REQUEST_METHOD hack to test hg client
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1483
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1484 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1485 $ REMOTE_USER=someuser hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1486 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1487
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1488 $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1489 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1490 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1491 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1492
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1493 $ hg --cwd ../test2 push http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1494 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1495 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1496 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1497
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1498 $ killdaemons.py