Mercurial > hg
annotate tests/test-http-permissions.t @ 41163:0101a35deae2
phabricator: warn if unable to amend, instead of aborting after posting
There was a divergence in behavior here between obsolete and strip based
amending. I first noticed the abort when testing outside of the test harness,
but then had trouble recreating it here after reverting the code changes. It
turns out, strip based amend was successfully amending the public commit after
it was posted! It looks like the protection is in the `commit --amend` command,
not in the underlying code that it calls.
I considered doing a preflight check and aborting. But the locks are only
acquired at the end, if amending, and this is too large a section of code to be
wrapped in a maybe-it's-held-or-not context manager for my tastes.
Additionally, some people do post-push reviews, and amending is the default
behavior, so they shouldn't see a misleading error message.
The lack of a 'Differential Revision' entry in the commit message breaks a
{phabreview} test, so it had to be partially conditionalized.
author | Matt Harbison <matt_harbison@yahoo.com> |
---|---|
date | Sat, 05 Jan 2019 15:20:33 -0500 |
parents | c3491d3f8984 |
children | ebee234d952a |
rev | line source |
---|---|
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1 $ cat > fakeremoteuser.py << EOF |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
2 > import os |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
3 > from mercurial.hgweb import hgweb_mod |
37785
b4d85bc122bd
wireproto: rename wireproto to wireprotov1server (API)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36800
diff
changeset
|
4 > from mercurial import wireprotov1server |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
5 > class testenvhgweb(hgweb_mod.hgweb): |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
6 > def __call__(self, env, respond): |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
7 > # Allow REMOTE_USER to define authenticated user. |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
8 > if r'REMOTE_USER' in os.environ: |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
9 > env[r'REMOTE_USER'] = os.environ[r'REMOTE_USER'] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
10 > # Allow REQUEST_METHOD to override HTTP method |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
11 > if r'REQUEST_METHOD' in os.environ: |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
12 > env[r'REQUEST_METHOD'] = os.environ[r'REQUEST_METHOD'] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
13 > return super(testenvhgweb, self).__call__(env, respond) |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
14 > hgweb_mod.hgweb = testenvhgweb |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
15 > |
39430
c3491d3f8984
py3: add more missing b'' prefixes in test files
Pulkit Goyal <pulkit@yandex-team.ru>
parents:
37845
diff
changeset
|
16 > @wireprotov1server.wireprotocommand(b'customreadnoperm') |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
17 > def customread(repo, proto): |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
18 > return b'read-only command no defined permissions\n' |
39430
c3491d3f8984
py3: add more missing b'' prefixes in test files
Pulkit Goyal <pulkit@yandex-team.ru>
parents:
37845
diff
changeset
|
19 > @wireprotov1server.wireprotocommand(b'customwritenoperm') |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
20 > def customwritenoperm(repo, proto): |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
21 > return b'write command no defined permissions\n' |
39430
c3491d3f8984
py3: add more missing b'' prefixes in test files
Pulkit Goyal <pulkit@yandex-team.ru>
parents:
37845
diff
changeset
|
22 > @wireprotov1server.wireprotocommand(b'customreadwithperm', permission=b'pull') |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
23 > def customreadwithperm(repo, proto): |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
24 > return b'read-only command w/ defined permissions\n' |
39430
c3491d3f8984
py3: add more missing b'' prefixes in test files
Pulkit Goyal <pulkit@yandex-team.ru>
parents:
37845
diff
changeset
|
25 > @wireprotov1server.wireprotocommand(b'customwritewithperm', permission=b'push') |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
26 > def customwritewithperm(repo, proto): |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
27 > return b'write command w/ defined permissions\n' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
28 > EOF |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
29 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
30 $ cat >> $HGRCPATH << EOF |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
31 > [extensions] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
32 > fakeremoteuser = $TESTTMP/fakeremoteuser.py |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
33 > strip = |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
34 > EOF |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
35 |
36751
2c647da851ed
tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
36 $ hg init test |
2c647da851ed
tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
37 $ cd test |
2c647da851ed
tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
38 $ echo a > a |
2c647da851ed
tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
39 $ hg ci -Ama |
2c647da851ed
tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
40 adding a |
2c647da851ed
tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
41 $ cd .. |
2c647da851ed
tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
42 $ hg clone test test2 |
2c647da851ed
tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
43 updating to branch default |
2c647da851ed
tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
44 1 files updated, 0 files merged, 0 files removed, 0 files unresolved |
2c647da851ed
tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
45 $ cd test2 |
2c647da851ed
tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
46 $ echo a >> a |
2c647da851ed
tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
47 $ hg ci -mb |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
48 $ hg book bm -r 0 |
36751
2c647da851ed
tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
49 $ cd ../test |
2c647da851ed
tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
50 |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
51 web.deny_read=* prevents access to wire protocol for all users |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
52 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
53 $ cat > .hg/hgrc <<EOF |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
54 > [web] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
55 > deny_read = * |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
56 > EOF |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
57 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
58 $ hg serve -p $HGPORT -d --pid-file hg.pid |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
59 $ cat hg.pid > $DAEMON_PIDS |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
60 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
61 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=capabilities' |
36754
e3c228b4510d
wireproto: declare operation type for most commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36753
diff
changeset
|
62 401 read not authorized |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
63 |
36754
e3c228b4510d
wireproto: declare operation type for most commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36753
diff
changeset
|
64 0 |
e3c228b4510d
wireproto: declare operation type for most commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36753
diff
changeset
|
65 read not authorized |
e3c228b4510d
wireproto: declare operation type for most commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36753
diff
changeset
|
66 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
67 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
68 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=stream_out' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
69 401 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
70 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
71 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
72 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
73 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
74 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
75 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
76 401 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
77 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
78 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
79 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
80 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
81 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
82 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases' |
36755
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
83 401 read not authorized |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
84 |
36755
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
85 0 |
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
86 read not authorized |
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
87 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
88 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
89 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm' |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
90 401 read not authorized |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
91 |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
92 0 |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
93 read not authorized |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
94 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
95 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
96 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
97 401 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
98 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
99 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
100 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
101 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
102 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
103 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
104 401 read not authorized |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
105 |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
106 0 |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
107 read not authorized |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
108 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
109 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
110 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
111 401 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
112 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
113 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
114 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
115 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
116 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
117 $ hg --cwd ../test2 pull http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
118 pulling from http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
119 abort: authorization failed |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
120 [255] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
121 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
122 $ killdaemons.py |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
123 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
124 web.deny_read=* with REMOTE_USER set still locks out clients |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
125 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
126 $ REMOTE_USER=authed_user hg serve -p $HGPORT -d --pid-file hg.pid |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
127 $ cat hg.pid > $DAEMON_PIDS |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
128 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
129 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=capabilities' |
36754
e3c228b4510d
wireproto: declare operation type for most commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36753
diff
changeset
|
130 401 read not authorized |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
131 |
36754
e3c228b4510d
wireproto: declare operation type for most commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36753
diff
changeset
|
132 0 |
e3c228b4510d
wireproto: declare operation type for most commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36753
diff
changeset
|
133 read not authorized |
e3c228b4510d
wireproto: declare operation type for most commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36753
diff
changeset
|
134 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
135 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
136 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=stream_out' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
137 401 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
138 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
139 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
140 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
141 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
142 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
143 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases' |
36755
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
144 401 read not authorized |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
145 |
36755
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
146 0 |
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
147 read not authorized |
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
148 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
149 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
150 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm' |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
151 401 read not authorized |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
152 |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
153 0 |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
154 read not authorized |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
155 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
156 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
157 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
158 401 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
159 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
160 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
161 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
162 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
163 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
164 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
165 401 read not authorized |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
166 |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
167 0 |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
168 read not authorized |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
169 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
170 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
171 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
172 401 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
173 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
174 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
175 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
176 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
177 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
178 $ hg --cwd ../test2 pull http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
179 pulling from http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
180 abort: authorization failed |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
181 [255] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
182 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
183 $ killdaemons.py |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
184 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
185 web.deny_read=<user> denies access to unauthenticated user |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
186 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
187 $ cat > .hg/hgrc <<EOF |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
188 > [web] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
189 > deny_read = baduser1,baduser2 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
190 > EOF |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
191 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
192 $ hg serve -p $HGPORT -d --pid-file hg.pid |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
193 $ cat hg.pid > $DAEMON_PIDS |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
194 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
195 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
196 401 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
197 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
198 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
199 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
200 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
201 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
202 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases' |
36755
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
203 401 read not authorized |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
204 |
36755
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
205 0 |
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
206 read not authorized |
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
207 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
208 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
209 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm' |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
210 401 read not authorized |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
211 |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
212 0 |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
213 read not authorized |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
214 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
215 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
216 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
217 401 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
218 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
219 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
220 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
221 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
222 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
223 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
224 401 read not authorized |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
225 |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
226 0 |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
227 read not authorized |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
228 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
229 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
230 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
231 401 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
232 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
233 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
234 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
235 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
236 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
237 $ hg --cwd ../test2 pull http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
238 pulling from http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
239 abort: authorization failed |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
240 [255] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
241 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
242 $ killdaemons.py |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
243 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
244 web.deny_read=<user> denies access to users in deny list |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
245 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
246 $ REMOTE_USER=baduser2 hg serve -p $HGPORT -d --pid-file hg.pid |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
247 $ cat hg.pid > $DAEMON_PIDS |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
248 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
249 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
250 401 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
251 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
252 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
253 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
254 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
255 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
256 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases' |
36755
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
257 401 read not authorized |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
258 |
36755
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
259 0 |
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
260 read not authorized |
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
261 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
262 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
263 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm' |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
264 401 read not authorized |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
265 |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
266 0 |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
267 read not authorized |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
268 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
269 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
270 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
271 401 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
272 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
273 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
274 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
275 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
276 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
277 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
278 401 read not authorized |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
279 |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
280 0 |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
281 read not authorized |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
282 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
283 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
284 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
285 401 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
286 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
287 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
288 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
289 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
290 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
291 $ hg --cwd ../test2 pull http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
292 pulling from http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
293 abort: authorization failed |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
294 [255] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
295 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
296 $ killdaemons.py |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
297 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
298 web.deny_read=<user> allows access to authenticated users not in list |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
299 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
300 $ REMOTE_USER=gooduser hg serve -p $HGPORT -d --pid-file hg.pid |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
301 $ cat hg.pid > $DAEMON_PIDS |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
302 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
303 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
304 200 Script output follows |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
305 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
306 cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
307 publishing True (no-eol) |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
308 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
309 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
310 200 Script output follows |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
311 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
312 cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
313 publishing True (no-eol) |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
314 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
315 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm' |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
316 405 push requires POST request |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
317 |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
318 0 |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
319 push requires POST request |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
320 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
321 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
322 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
323 200 Script output follows |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
324 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
325 read-only command w/ defined permissions |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
326 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
327 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
328 405 push requires POST request |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
329 |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
330 0 |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
331 push requires POST request |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
332 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
333 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
334 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
335 405 push requires POST request |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
336 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
337 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
338 push requires POST request |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
339 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
340 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
341 $ hg --cwd ../test2 pull http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
342 pulling from http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
343 searching for changes |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
344 no changes found |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
345 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
346 $ killdaemons.py |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
347 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
348 web.allow_read=* allows reads for unauthenticated users |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
349 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
350 $ cat > .hg/hgrc <<EOF |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
351 > [web] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
352 > allow_read = * |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
353 > EOF |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
354 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
355 $ hg serve -p $HGPORT -d --pid-file hg.pid |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
356 $ cat hg.pid > $DAEMON_PIDS |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
357 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
358 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
359 200 Script output follows |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
360 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
361 cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
362 publishing True (no-eol) |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
363 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
364 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
365 200 Script output follows |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
366 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
367 cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
368 publishing True (no-eol) |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
369 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
370 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm' |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
371 405 push requires POST request |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
372 |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
373 0 |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
374 push requires POST request |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
375 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
376 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
377 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
378 200 Script output follows |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
379 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
380 read-only command w/ defined permissions |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
381 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
382 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
383 405 push requires POST request |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
384 |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
385 0 |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
386 push requires POST request |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
387 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
388 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
389 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
390 405 push requires POST request |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
391 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
392 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
393 push requires POST request |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
394 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
395 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
396 $ hg --cwd ../test2 pull http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
397 pulling from http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
398 searching for changes |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
399 no changes found |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
400 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
401 $ killdaemons.py |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
402 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
403 web.allow_read=* allows read for authenticated user |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
404 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
405 $ REMOTE_USER=authed_user hg serve -p $HGPORT -d --pid-file hg.pid |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
406 $ cat hg.pid > $DAEMON_PIDS |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
407 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
408 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
409 200 Script output follows |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
410 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
411 cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
412 publishing True (no-eol) |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
413 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
414 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
415 200 Script output follows |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
416 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
417 cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
418 publishing True (no-eol) |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
419 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
420 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm' |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
421 405 push requires POST request |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
422 |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
423 0 |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
424 push requires POST request |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
425 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
426 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
427 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
428 200 Script output follows |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
429 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
430 read-only command w/ defined permissions |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
431 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
432 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
433 405 push requires POST request |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
434 |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
435 0 |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
436 push requires POST request |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
437 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
438 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
439 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
440 405 push requires POST request |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
441 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
442 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
443 push requires POST request |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
444 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
445 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
446 $ hg --cwd ../test2 pull http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
447 pulling from http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
448 searching for changes |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
449 no changes found |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
450 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
451 $ killdaemons.py |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
452 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
453 web.allow_read=<user> does not allow unauthenticated users to read |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
454 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
455 $ cat > .hg/hgrc <<EOF |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
456 > [web] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
457 > allow_read = gooduser |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
458 > EOF |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
459 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
460 $ hg serve -p $HGPORT -d --pid-file hg.pid |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
461 $ cat hg.pid > $DAEMON_PIDS |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
462 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
463 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
464 401 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
465 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
466 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
467 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
468 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
469 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
470 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases' |
36755
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
471 401 read not authorized |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
472 |
36755
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
473 0 |
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
474 read not authorized |
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
475 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
476 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
477 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm' |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
478 401 read not authorized |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
479 |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
480 0 |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
481 read not authorized |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
482 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
483 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
484 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
485 401 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
486 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
487 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
488 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
489 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
490 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
491 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
492 401 read not authorized |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
493 |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
494 0 |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
495 read not authorized |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
496 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
497 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
498 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
499 401 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
500 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
501 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
502 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
503 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
504 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
505 $ hg --cwd ../test2 pull http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
506 pulling from http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
507 abort: authorization failed |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
508 [255] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
509 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
510 $ killdaemons.py |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
511 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
512 web.allow_read=<user> does not allow user not in list to read |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
513 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
514 $ REMOTE_USER=baduser hg serve -p $HGPORT -d --pid-file hg.pid |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
515 $ cat hg.pid > $DAEMON_PIDS |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
516 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
517 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
518 401 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
519 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
520 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
521 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
522 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
523 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
524 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases' |
36755
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
525 401 read not authorized |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
526 |
36755
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
527 0 |
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
528 read not authorized |
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
529 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
530 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
531 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm' |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
532 401 read not authorized |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
533 |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
534 0 |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
535 read not authorized |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
536 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
537 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
538 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
539 401 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
540 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
541 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
542 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
543 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
544 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
545 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
546 401 read not authorized |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
547 |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
548 0 |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
549 read not authorized |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
550 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
551 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
552 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
553 401 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
554 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
555 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
556 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
557 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
558 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
559 $ hg --cwd ../test2 pull http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
560 pulling from http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
561 abort: authorization failed |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
562 [255] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
563 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
564 $ killdaemons.py |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
565 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
566 web.allow_read=<user> allows read from user in list |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
567 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
568 $ REMOTE_USER=gooduser hg serve -p $HGPORT -d --pid-file hg.pid |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
569 $ cat hg.pid > $DAEMON_PIDS |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
570 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
571 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
572 200 Script output follows |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
573 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
574 cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
575 publishing True (no-eol) |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
576 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
577 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
578 200 Script output follows |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
579 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
580 cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
581 publishing True (no-eol) |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
582 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
583 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm' |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
584 405 push requires POST request |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
585 |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
586 0 |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
587 push requires POST request |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
588 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
589 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
590 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
591 200 Script output follows |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
592 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
593 read-only command w/ defined permissions |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
594 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
595 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
596 405 push requires POST request |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
597 |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
598 0 |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
599 push requires POST request |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
600 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
601 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
602 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
603 405 push requires POST request |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
604 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
605 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
606 push requires POST request |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
607 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
608 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
609 $ hg --cwd ../test2 pull http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
610 pulling from http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
611 searching for changes |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
612 no changes found |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
613 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
614 $ killdaemons.py |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
615 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
616 web.deny_read takes precedence over web.allow_read |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
617 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
618 $ cat > .hg/hgrc <<EOF |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
619 > [web] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
620 > allow_read = baduser |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
621 > deny_read = baduser |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
622 > EOF |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
623 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
624 $ REMOTE_USER=baduser hg serve -p $HGPORT -d --pid-file hg.pid |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
625 $ cat hg.pid > $DAEMON_PIDS |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
626 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
627 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
628 401 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
629 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
630 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
631 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
632 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
633 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
634 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases' |
36755
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
635 401 read not authorized |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
636 |
36755
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
637 0 |
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
638 read not authorized |
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
639 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
640 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
641 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm' |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
642 401 read not authorized |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
643 |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
644 0 |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
645 read not authorized |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
646 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
647 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
648 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
649 401 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
650 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
651 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
652 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
653 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
654 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
655 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
656 401 read not authorized |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
657 |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
658 0 |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
659 read not authorized |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
660 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
661 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
662 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
663 401 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
664 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
665 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
666 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
667 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
668 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
669 $ hg --cwd ../test2 pull http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
670 pulling from http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
671 abort: authorization failed |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
672 [255] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
673 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
674 $ killdaemons.py |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
675 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
676 web.allow-pull=false denies read access to repo |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
677 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
678 $ cat > .hg/hgrc <<EOF |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
679 > [web] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
680 > allow-pull = false |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
681 > EOF |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
682 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
683 $ hg serve -p $HGPORT -d --pid-file hg.pid |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
684 $ cat hg.pid > $DAEMON_PIDS |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
685 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
686 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=capabilities' |
36754
e3c228b4510d
wireproto: declare operation type for most commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36753
diff
changeset
|
687 401 pull not authorized |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
688 |
36754
e3c228b4510d
wireproto: declare operation type for most commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36753
diff
changeset
|
689 0 |
e3c228b4510d
wireproto: declare operation type for most commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36753
diff
changeset
|
690 pull not authorized |
e3c228b4510d
wireproto: declare operation type for most commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36753
diff
changeset
|
691 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
692 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
693 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
694 401 pull not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
695 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
696 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
697 pull not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
698 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
699 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
700 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases' |
36755
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
701 401 pull not authorized |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
702 |
36755
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
703 0 |
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
704 pull not authorized |
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
705 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
706 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
707 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm' |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
708 405 push requires POST request |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
709 |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
710 0 |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
711 push requires POST request |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
712 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
713 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
714 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
715 401 pull not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
716 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
717 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
718 pull not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
719 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
720 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
721 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
722 405 push requires POST request |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
723 |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
724 0 |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
725 push requires POST request |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
726 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
727 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
728 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
729 405 push requires POST request |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
730 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
731 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
732 push requires POST request |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
733 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
734 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
735 $ hg --cwd ../test2 pull http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
736 pulling from http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
737 abort: authorization failed |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
738 [255] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
739 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
740 $ killdaemons.py |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
741 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
742 Attempting a write command with HTTP GET fails |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
743 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
744 $ cat > .hg/hgrc <<EOF |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
745 > EOF |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
746 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
747 $ REQUEST_METHOD=GET hg serve -p $HGPORT -d --pid-file hg.pid |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
748 $ cat hg.pid > $DAEMON_PIDS |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
749 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
750 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
751 405 push requires POST request |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
752 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
753 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
754 push requires POST request |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
755 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
756 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
757 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' |
36755
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
758 405 push requires POST request |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
759 |
36755
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
760 0 |
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
761 push requires POST request |
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
762 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
763 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
764 $ hg bookmarks |
36755
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
765 no bookmarks set |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
766 $ hg bookmark -d bm |
36755
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
767 abort: bookmark 'bm' does not exist |
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
768 [255] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
769 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
770 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
771 405 push requires POST request |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
772 |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
773 0 |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
774 push requires POST request |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
775 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
776 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
777 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
778 405 push requires POST request |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
779 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
780 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
781 push requires POST request |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
782 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
783 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
784 $ killdaemons.py |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
785 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
786 Attempting a write command with an unknown HTTP verb fails |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
787 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
788 $ REQUEST_METHOD=someverb hg serve -p $HGPORT -d --pid-file hg.pid |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
789 $ cat hg.pid > $DAEMON_PIDS |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
790 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
791 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
792 405 push requires POST request |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
793 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
794 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
795 push requires POST request |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
796 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
797 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
798 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' |
36755
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
799 405 push requires POST request |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
800 |
36755
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
801 0 |
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
802 push requires POST request |
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
803 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
804 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
805 $ hg bookmarks |
36755
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
806 no bookmarks set |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
807 $ hg bookmark -d bm |
36755
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
808 abort: bookmark 'bm' does not exist |
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
809 [255] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
810 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
811 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
812 405 push requires POST request |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
813 |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
814 0 |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
815 push requires POST request |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
816 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
817 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
818 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
819 405 push requires POST request |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
820 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
821 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
822 push requires POST request |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
823 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
824 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
825 $ killdaemons.py |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
826 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
827 Pushing on a plaintext channel is disabled by default |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
828 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
829 $ cat > .hg/hgrc <<EOF |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
830 > EOF |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
831 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
832 $ REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
833 $ cat hg.pid > $DAEMON_PIDS |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
834 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
835 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
836 403 ssl required |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
837 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
838 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
839 ssl required |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
840 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
841 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
842 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' |
36755
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
843 403 ssl required |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
844 |
36755
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
845 0 |
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
846 ssl required |
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
847 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
848 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
849 $ hg bookmarks |
36755
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
850 no bookmarks set |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
851 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
852 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
853 403 ssl required |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
854 |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
855 0 |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
856 ssl required |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
857 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
858 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
859 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
860 403 ssl required |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
861 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
862 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
863 ssl required |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
864 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
865 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
866 Reset server to remove REQUEST_METHOD hack to test hg client |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
867 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
868 $ killdaemons.py |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
869 $ hg serve -p $HGPORT -d --pid-file hg.pid |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
870 $ cat hg.pid > $DAEMON_PIDS |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
871 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
872 $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
873 pushing to http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
874 searching for changes |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
875 no changes found |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
876 abort: HTTP Error 403: ssl required |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
877 [255] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
878 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
879 $ hg --cwd ../test2 push http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
880 pushing to http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
881 searching for changes |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
882 abort: HTTP Error 403: ssl required |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
883 [255] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
884 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
885 $ killdaemons.py |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
886 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
887 web.deny_push=* denies pushing to unauthenticated users |
36751
2c647da851ed
tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
888 |
2c647da851ed
tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
889 $ cat > .hg/hgrc <<EOF |
2c647da851ed
tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
890 > [web] |
2c647da851ed
tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
891 > push_ssl = false |
2c647da851ed
tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
892 > deny_push = * |
2c647da851ed
tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
893 > EOF |
2c647da851ed
tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
894 |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
895 $ REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
896 $ cat hg.pid > $DAEMON_PIDS |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
897 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
898 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
899 401 push not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
900 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
901 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
902 push not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
903 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
904 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
905 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' |
36755
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
906 401 push not authorized |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
907 |
36755
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
908 0 |
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
909 push not authorized |
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
910 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
911 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
912 $ hg bookmarks |
36755
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
913 no bookmarks set |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
914 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
915 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
916 401 push not authorized |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
917 |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
918 0 |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
919 push not authorized |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
920 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
921 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
922 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
923 401 push not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
924 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
925 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
926 push not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
927 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
928 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
929 Reset server to remove REQUEST_METHOD hack to test hg client |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
930 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
931 $ killdaemons.py |
36751
2c647da851ed
tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
932 $ hg serve -p $HGPORT -d --pid-file hg.pid |
2c647da851ed
tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
933 $ cat hg.pid > $DAEMON_PIDS |
2c647da851ed
tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
934 |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
935 $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
936 pushing to http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
937 searching for changes |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
938 no changes found |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
939 abort: authorization failed |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
940 [255] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
941 |
36751
2c647da851ed
tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
942 $ hg --cwd ../test2 push http://localhost:$HGPORT/ |
2c647da851ed
tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
943 pushing to http://localhost:$HGPORT/ |
2c647da851ed
tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
944 searching for changes |
2c647da851ed
tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
945 abort: authorization failed |
2c647da851ed
tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
946 [255] |
2c647da851ed
tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
947 |
2c647da851ed
tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
948 $ killdaemons.py |
2c647da851ed
tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
949 |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
950 web.deny_push=* denies pushing to authenticated users |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
951 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
952 $ REMOTE_USER=someuser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
953 $ cat hg.pid > $DAEMON_PIDS |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
954 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
955 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
956 401 push not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
957 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
958 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
959 push not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
960 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
961 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
962 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' |
36755
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
963 401 push not authorized |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
964 |
36755
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
965 0 |
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
966 push not authorized |
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
967 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
968 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
969 $ hg bookmarks |
36755
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
970 no bookmarks set |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
971 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
972 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
973 401 push not authorized |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
974 |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
975 0 |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
976 push not authorized |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
977 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
978 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
979 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
980 401 push not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
981 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
982 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
983 push not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
984 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
985 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
986 Reset server to remove REQUEST_METHOD hack to test hg client |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
987 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
988 $ killdaemons.py |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
989 $ REMOTE_USER=someuser hg serve -p $HGPORT -d --pid-file hg.pid |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
990 $ cat hg.pid > $DAEMON_PIDS |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
991 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
992 $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
993 pushing to http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
994 searching for changes |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
995 no changes found |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
996 abort: authorization failed |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
997 [255] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
998 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
999 $ hg --cwd ../test2 push http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1000 pushing to http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1001 searching for changes |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1002 abort: authorization failed |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1003 [255] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1004 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1005 $ killdaemons.py |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1006 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1007 web.deny_push=<user> denies pushing to user in list |
36751
2c647da851ed
tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
1008 |
2c647da851ed
tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
1009 $ cat > .hg/hgrc <<EOF |
2c647da851ed
tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
1010 > [web] |
2c647da851ed
tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
1011 > push_ssl = false |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1012 > deny_push = baduser |
36751
2c647da851ed
tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
1013 > EOF |
2c647da851ed
tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
1014 |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1015 $ REMOTE_USER=baduser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1016 $ cat hg.pid > $DAEMON_PIDS |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1017 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1018 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1019 401 push not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1020 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1021 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1022 push not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1023 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1024 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1025 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' |
36755
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
1026 401 push not authorized |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1027 |
36755
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
1028 0 |
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
1029 push not authorized |
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
1030 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1031 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1032 $ hg bookmarks |
36755
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
1033 no bookmarks set |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1034 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1035 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
1036 401 push not authorized |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1037 |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
1038 0 |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
1039 push not authorized |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
1040 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1041 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1042 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1043 401 push not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1044 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1045 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1046 push not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1047 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1048 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1049 Reset server to remove REQUEST_METHOD hack to test hg client |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1050 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1051 $ killdaemons.py |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1052 $ REMOTE_USER=baduser hg serve -p $HGPORT -d --pid-file hg.pid |
36751
2c647da851ed
tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
1053 $ cat hg.pid > $DAEMON_PIDS |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1054 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1055 $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1056 pushing to http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1057 searching for changes |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1058 no changes found |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1059 abort: authorization failed |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1060 [255] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1061 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1062 $ hg --cwd ../test2 push http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1063 pushing to http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1064 searching for changes |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1065 abort: authorization failed |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1066 [255] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1067 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1068 $ killdaemons.py |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1069 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1070 web.deny_push=<user> denies pushing to user not in list because allow-push isn't set |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1071 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1072 $ REMOTE_USER=gooduser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1073 $ cat hg.pid > $DAEMON_PIDS |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1074 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1075 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1076 401 push not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1077 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1078 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1079 push not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1080 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1081 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1082 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' |
36755
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
1083 401 push not authorized |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1084 |
36755
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
1085 0 |
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
1086 push not authorized |
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
1087 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1088 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1089 $ hg bookmarks |
36755
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
1090 no bookmarks set |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1091 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1092 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
1093 401 push not authorized |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1094 |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
1095 0 |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
1096 push not authorized |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
1097 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1098 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1099 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1100 401 push not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1101 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1102 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1103 push not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1104 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1105 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1106 Reset server to remove REQUEST_METHOD hack to test hg client |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1107 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1108 $ killdaemons.py |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1109 $ REMOTE_USER=gooduser hg serve -p $HGPORT -d --pid-file hg.pid |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1110 $ cat hg.pid > $DAEMON_PIDS |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1111 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1112 $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1113 pushing to http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1114 searching for changes |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1115 no changes found |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1116 abort: authorization failed |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1117 [255] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1118 |
36751
2c647da851ed
tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
1119 $ hg --cwd ../test2 push http://localhost:$HGPORT/ |
2c647da851ed
tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
1120 pushing to http://localhost:$HGPORT/ |
2c647da851ed
tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
1121 searching for changes |
2c647da851ed
tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
1122 abort: authorization failed |
2c647da851ed
tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
1123 [255] |
2c647da851ed
tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
1124 |
2c647da851ed
tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
1125 $ killdaemons.py |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1126 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1127 web.allow-push=* allows pushes from unauthenticated users |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1128 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1129 $ cat > .hg/hgrc <<EOF |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1130 > [web] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1131 > push_ssl = false |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1132 > allow-push = * |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1133 > EOF |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1134 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1135 $ REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1136 $ cat hg.pid > $DAEMON_PIDS |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1137 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1138 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1139 200 Script output follows |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1140 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1141 1 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1142 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1143 $ hg bookmarks |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1144 bm 0:cb9a9f314b8b |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1145 $ hg book -d bm |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1146 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1147 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1148 200 Script output follows |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1149 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1150 write command no defined permissions |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1151 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1152 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1153 200 Script output follows |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1154 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1155 write command w/ defined permissions |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1156 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1157 Reset server to remove REQUEST_METHOD hack to test hg client |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1158 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1159 $ killdaemons.py |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1160 $ hg serve -p $HGPORT -d --pid-file hg.pid |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1161 $ cat hg.pid > $DAEMON_PIDS |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1162 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1163 $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1164 pushing to http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1165 searching for changes |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1166 no changes found |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1167 exporting bookmark bm |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1168 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1169 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1170 $ hg book -d bm |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1171 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1172 $ hg --cwd ../test2 push http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1173 pushing to http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1174 searching for changes |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1175 remote: adding changesets |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1176 remote: adding manifests |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1177 remote: adding file changes |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1178 remote: added 1 changesets with 1 changes to 1 files |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1179 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1180 $ hg strip -r 1: |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1181 saved backup bundle to $TESTTMP/test/.hg/strip-backup/ba677d0156c1-eea704d7-backup.hg |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1182 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1183 $ killdaemons.py |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1184 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1185 web.allow-push=* allows pushes from authenticated users |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1186 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1187 $ REMOTE_USER=someuser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1188 $ cat hg.pid > $DAEMON_PIDS |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1189 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1190 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1191 200 Script output follows |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1192 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1193 1 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1194 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1195 $ hg bookmarks |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1196 bm 0:cb9a9f314b8b |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1197 $ hg book -d bm |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1198 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1199 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1200 200 Script output follows |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1201 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1202 write command no defined permissions |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1203 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1204 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1205 200 Script output follows |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1206 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1207 write command w/ defined permissions |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1208 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1209 Reset server to remove REQUEST_METHOD hack to test hg client |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1210 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1211 $ killdaemons.py |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1212 $ REMOTE_USER=someuser hg serve -p $HGPORT -d --pid-file hg.pid |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1213 $ cat hg.pid > $DAEMON_PIDS |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1214 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1215 $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1216 pushing to http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1217 searching for changes |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1218 no changes found |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1219 exporting bookmark bm |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1220 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1221 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1222 $ hg book -d bm |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1223 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1224 $ hg --cwd ../test2 push http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1225 pushing to http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1226 searching for changes |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1227 remote: adding changesets |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1228 remote: adding manifests |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1229 remote: adding file changes |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1230 remote: added 1 changesets with 1 changes to 1 files |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1231 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1232 $ hg strip -r 1: |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1233 saved backup bundle to $TESTTMP/test/.hg/strip-backup/ba677d0156c1-eea704d7-backup.hg |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1234 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1235 $ killdaemons.py |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1236 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1237 web.allow-push=<user> denies push to user not in list |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1238 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1239 $ cat > .hg/hgrc <<EOF |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1240 > [web] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1241 > push_ssl = false |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1242 > allow-push = gooduser |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1243 > EOF |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1244 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1245 $ REMOTE_USER=baduser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1246 $ cat hg.pid > $DAEMON_PIDS |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1247 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1248 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1249 401 push not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1250 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1251 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1252 push not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1253 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1254 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1255 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' |
36755
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
1256 401 push not authorized |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1257 |
36755
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
1258 0 |
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
1259 push not authorized |
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
1260 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1261 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1262 $ hg bookmarks |
36755
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
1263 no bookmarks set |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1264 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1265 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
1266 401 push not authorized |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1267 |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
1268 0 |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
1269 push not authorized |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
1270 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1271 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1272 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1273 401 push not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1274 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1275 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1276 push not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1277 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1278 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1279 Reset server to remove REQUEST_METHOD hack to test hg client |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1280 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1281 $ killdaemons.py |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1282 $ REMOTE_USER=baduser hg serve -p $HGPORT -d --pid-file hg.pid |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1283 $ cat hg.pid > $DAEMON_PIDS |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1284 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1285 $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1286 pushing to http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1287 searching for changes |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1288 no changes found |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1289 abort: authorization failed |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1290 [255] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1291 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1292 $ hg --cwd ../test2 push http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1293 pushing to http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1294 searching for changes |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1295 abort: authorization failed |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1296 [255] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1297 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1298 $ killdaemons.py |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1299 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1300 web.allow-push=<user> allows push from user in list |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1301 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1302 $ REMOTE_USER=gooduser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1303 $ cat hg.pid > $DAEMON_PIDS |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1304 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1305 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1306 200 Script output follows |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1307 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1308 1 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1309 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1310 $ hg bookmarks |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1311 bm 0:cb9a9f314b8b |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1312 $ hg book -d bm |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1313 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1314 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1315 200 Script output follows |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1316 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1317 1 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1318 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1319 $ hg bookmarks |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1320 bm 0:cb9a9f314b8b |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1321 $ hg book -d bm |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1322 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1323 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1324 200 Script output follows |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1325 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1326 write command no defined permissions |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1327 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1328 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1329 200 Script output follows |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1330 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1331 write command w/ defined permissions |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1332 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1333 Reset server to remove REQUEST_METHOD hack to test hg client |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1334 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1335 $ killdaemons.py |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1336 $ REMOTE_USER=gooduser hg serve -p $HGPORT -d --pid-file hg.pid |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1337 $ cat hg.pid > $DAEMON_PIDS |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1338 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1339 $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1340 pushing to http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1341 searching for changes |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1342 no changes found |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1343 exporting bookmark bm |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1344 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1345 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1346 $ hg book -d bm |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1347 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1348 $ hg --cwd ../test2 push http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1349 pushing to http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1350 searching for changes |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1351 remote: adding changesets |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1352 remote: adding manifests |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1353 remote: adding file changes |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1354 remote: added 1 changesets with 1 changes to 1 files |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1355 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1356 $ hg strip -r 1: |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1357 saved backup bundle to $TESTTMP/test/.hg/strip-backup/ba677d0156c1-eea704d7-backup.hg |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1358 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1359 $ killdaemons.py |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1360 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1361 web.deny_push takes precedence over web.allow_push |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1362 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1363 $ cat > .hg/hgrc <<EOF |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1364 > [web] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1365 > push_ssl = false |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1366 > allow-push = someuser |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1367 > deny_push = someuser |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1368 > EOF |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1369 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1370 $ REMOTE_USER=someuser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1371 $ cat hg.pid > $DAEMON_PIDS |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1372 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1373 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1374 401 push not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1375 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1376 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1377 push not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1378 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1379 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1380 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' |
36755
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
1381 401 push not authorized |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1382 |
36755
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
1383 0 |
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
1384 push not authorized |
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
1385 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1386 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1387 $ hg bookmarks |
36755
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
1388 no bookmarks set |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1389 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1390 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
1391 401 push not authorized |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1392 |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
1393 0 |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
1394 push not authorized |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
1395 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1396 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1397 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1398 401 push not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1399 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1400 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1401 push not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1402 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1403 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1404 Reset server to remove REQUEST_METHOD hack to test hg client |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1405 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1406 $ killdaemons.py |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1407 $ REMOTE_USER=someuser hg serve -p $HGPORT -d --pid-file hg.pid |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1408 $ cat hg.pid > $DAEMON_PIDS |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1409 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1410 $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1411 pushing to http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1412 searching for changes |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1413 no changes found |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1414 abort: authorization failed |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1415 [255] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1416 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1417 $ hg --cwd ../test2 push http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1418 pushing to http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1419 searching for changes |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1420 abort: authorization failed |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1421 [255] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1422 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1423 $ killdaemons.py |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1424 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1425 web.allow-push has no effect if web.deny_read is set |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1426 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1427 $ cat > .hg/hgrc <<EOF |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1428 > [web] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1429 > push_ssl = false |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1430 > allow-push = * |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1431 > deny_read = * |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1432 > EOF |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1433 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1434 $ REQUEST_METHOD=POST REMOTE_USER=someuser hg serve -p $HGPORT -d --pid-file hg.pid |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1435 $ cat hg.pid > $DAEMON_PIDS |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1436 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1437 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1438 401 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1439 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1440 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1441 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1442 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1443 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1444 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' |
36755
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
1445 401 read not authorized |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1446 |
36755
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
1447 0 |
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
1448 read not authorized |
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
1449 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1450 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1451 $ hg bookmarks |
36755
ff4bc0ab6740
wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36754
diff
changeset
|
1452 no bookmarks set |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1453 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1454 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm' |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
1455 401 read not authorized |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1456 |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
1457 0 |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
1458 read not authorized |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
1459 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1460 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1461 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1462 401 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1463 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1464 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1465 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1466 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1467 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1468 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
1469 401 read not authorized |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1470 |
36756
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
1471 0 |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
1472 read not authorized |
2ecb0fc535b1
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36755
diff
changeset
|
1473 [1] |
36752
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1474 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1475 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1476 401 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1477 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1478 0 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1479 read not authorized |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1480 [1] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1481 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1482 Reset server to remove REQUEST_METHOD hack to test hg client |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1483 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1484 $ killdaemons.py |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1485 $ REMOTE_USER=someuser hg serve -p $HGPORT -d --pid-file hg.pid |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1486 $ cat hg.pid > $DAEMON_PIDS |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1487 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1488 $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1489 pushing to http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1490 abort: authorization failed |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1491 [255] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1492 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1493 $ hg --cwd ../test2 push http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1494 pushing to http://localhost:$HGPORT/ |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1495 abort: authorization failed |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1496 [255] |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1497 |
bbd4027b019b
tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents:
36751
diff
changeset
|
1498 $ killdaemons.py |