Mercurial: tests/test-http-permissions.t annotate

annotate tests/test-http-permissions.t @ 37485:0b7475ea38cf

wireproto: port heads command to wire protocol v2 After much thought and consideration, wire protocol version 2's commands will be defined in different functions from the existing commands. This will make it easier to implement these commands because it won't require shoehorning things like response formatting and argument declaration into the same APIs. For example, wire protocol version 1 requires that commands declare a fixed and ordered list of argument names. It isn't really possible to insert new arguments or have optional arguments without breaking backwards compatibility. Wire protocol version 2, however, uses CBOR maps for passing arguments. So arguments a) can be optional b) can be added without BC c) can be strongly typed. This commit starts our trek towards reimplementing the wire protocol for version 2 with the heads command. It is pretty similar to the existing heads command. One added feature is it can be told to operate on only public phase changesets. This is useful for making discovery faster when a repo has tens of thousands of draft phase heads (such as Mozilla's "try" repository). The HTTPv2 server-side protocol has had its `getargs()` implementation updated to reflect that arguments are a map and not a list. Differential Revision: https://phab.mercurial-scm.org/D3179

author	Gregory Szorc <gregory.szorc@gmail.com>
date	Wed, 28 Mar 2018 14:55:13 -0700
parents	0b18604db95e
children	b4d85bc122bd

rev	line source
36751 2c647da851ed tests: extract HTTP permissions tests to own test file Gregory Szorc <gregory.szorc@gmail.com> parents: diff changeset	1 #require killdaemons
2c647da851ed tests: extract HTTP permissions tests to own test file Gregory Szorc <gregory.szorc@gmail.com> parents: diff changeset	2
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	3 $ cat > fakeremoteuser.py << EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	4 > import os
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	5 > from mercurial.hgweb import hgweb_mod
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	6 > from mercurial import wireproto
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	7 > class testenvhgweb(hgweb_mod.hgweb):
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	8 > def __call__(self, env, respond):
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	9 > # Allow REMOTE_USER to define authenticated user.
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	10 > if r'REMOTE_USER' in os.environ:
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	11 > env[r'REMOTE_USER'] = os.environ[r'REMOTE_USER']
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	12 > # Allow REQUEST_METHOD to override HTTP method
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	13 > if r'REQUEST_METHOD' in os.environ:
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	14 > env[r'REQUEST_METHOD'] = os.environ[r'REQUEST_METHOD']
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	15 > return super(testenvhgweb, self).__call__(env, respond)
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	16 > hgweb_mod.hgweb = testenvhgweb
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	17 >
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	18 > @wireproto.wireprotocommand('customreadnoperm')
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	19 > def customread(repo, proto):
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	20 > return b'read-only command no defined permissions\n'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	21 > @wireproto.wireprotocommand('customwritenoperm')
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	22 > def customwritenoperm(repo, proto):
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	23 > return b'write command no defined permissions\n'
36800 0b18604db95e wireproto: declare permissions requirements in @wireprotocommand (API) Gregory Szorc <gregory.szorc@gmail.com> parents: 36756 diff changeset	24 > @wireproto.wireprotocommand('customreadwithperm', permission='pull')
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	25 > def customreadwithperm(repo, proto):
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	26 > return b'read-only command w/ defined permissions\n'
36800 0b18604db95e wireproto: declare permissions requirements in @wireprotocommand (API) Gregory Szorc <gregory.szorc@gmail.com> parents: 36756 diff changeset	27 > @wireproto.wireprotocommand('customwritewithperm', permission='push')
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	28 > def customwritewithperm(repo, proto):
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	29 > return b'write command w/ defined permissions\n'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	30 > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	31
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	32 $ cat >> $HGRCPATH << EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	33 > [extensions]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	34 > fakeremoteuser = $TESTTMP/fakeremoteuser.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	35 > strip =
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	36 > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	37
36751 2c647da851ed tests: extract HTTP permissions tests to own test file Gregory Szorc <gregory.szorc@gmail.com> parents: diff changeset	38 $ hg init test
2c647da851ed tests: extract HTTP permissions tests to own test file Gregory Szorc <gregory.szorc@gmail.com> parents: diff changeset	39 $ cd test
2c647da851ed tests: extract HTTP permissions tests to own test file Gregory Szorc <gregory.szorc@gmail.com> parents: diff changeset	40 $ echo a > a
2c647da851ed tests: extract HTTP permissions tests to own test file Gregory Szorc <gregory.szorc@gmail.com> parents: diff changeset	41 $ hg ci -Ama
2c647da851ed tests: extract HTTP permissions tests to own test file Gregory Szorc <gregory.szorc@gmail.com> parents: diff changeset	42 adding a
2c647da851ed tests: extract HTTP permissions tests to own test file Gregory Szorc <gregory.szorc@gmail.com> parents: diff changeset	43 $ cd ..
2c647da851ed tests: extract HTTP permissions tests to own test file Gregory Szorc <gregory.szorc@gmail.com> parents: diff changeset	44 $ hg clone test test2
2c647da851ed tests: extract HTTP permissions tests to own test file Gregory Szorc <gregory.szorc@gmail.com> parents: diff changeset	45 updating to branch default
2c647da851ed tests: extract HTTP permissions tests to own test file Gregory Szorc <gregory.szorc@gmail.com> parents: diff changeset	46 1 files updated, 0 files merged, 0 files removed, 0 files unresolved
2c647da851ed tests: extract HTTP permissions tests to own test file Gregory Szorc <gregory.szorc@gmail.com> parents: diff changeset	47 $ cd test2
2c647da851ed tests: extract HTTP permissions tests to own test file Gregory Szorc <gregory.szorc@gmail.com> parents: diff changeset	48 $ echo a >> a
2c647da851ed tests: extract HTTP permissions tests to own test file Gregory Szorc <gregory.szorc@gmail.com> parents: diff changeset	49 $ hg ci -mb
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	50 $ hg book bm -r 0
36751 2c647da851ed tests: extract HTTP permissions tests to own test file Gregory Szorc <gregory.szorc@gmail.com> parents: diff changeset	51 $ cd ../test
2c647da851ed tests: extract HTTP permissions tests to own test file Gregory Szorc <gregory.szorc@gmail.com> parents: diff changeset	52
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	53 web.deny_read=* prevents access to wire protocol for all users
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	54
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	55 $ cat > .hg/hgrc <<EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	56 > [web]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	57 > deny_read = *
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	58 > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	59
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	60 $ hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	61 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	62
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	63 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=capabilities'
36754 e3c228b4510d wireproto: declare operation type for most commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36753 diff changeset	64 401 read not authorized
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	65
36754 e3c228b4510d wireproto: declare operation type for most commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36753 diff changeset	66 0
e3c228b4510d wireproto: declare operation type for most commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36753 diff changeset	67 read not authorized
e3c228b4510d wireproto: declare operation type for most commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36753 diff changeset	68 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	69
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	70 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=stream_out'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	71 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	72
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	73 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	74 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	75 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	76
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	77 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	78 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	79
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	80 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	81 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	82 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	83
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	84 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
36755 ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	85 401 read not authorized
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	86
36755 ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	87 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	88 read not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	89 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	90
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	91 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	92 401 read not authorized
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	93
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	94 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	95 read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	96 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	97
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	98 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	99 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	100
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	101 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	102 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	103 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	104
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	105 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	106 401 read not authorized
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	107
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	108 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	109 read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	110 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	111
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	112 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	113 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	114
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	115 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	116 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	117 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	118
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	119 $ hg --cwd ../test2 pull http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	120 pulling from http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	121 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	122 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	123
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	124 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	125
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	126 web.deny_read=* with REMOTE_USER set still locks out clients
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	127
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	128 $ REMOTE_USER=authed_user hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	129 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	130
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	131 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=capabilities'
36754 e3c228b4510d wireproto: declare operation type for most commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36753 diff changeset	132 401 read not authorized
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	133
36754 e3c228b4510d wireproto: declare operation type for most commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36753 diff changeset	134 0
e3c228b4510d wireproto: declare operation type for most commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36753 diff changeset	135 read not authorized
e3c228b4510d wireproto: declare operation type for most commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36753 diff changeset	136 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	137
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	138 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=stream_out'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	139 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	140
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	141 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	142 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	143 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	144
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	145 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
36755 ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	146 401 read not authorized
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	147
36755 ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	148 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	149 read not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	150 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	151
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	152 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	153 401 read not authorized
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	154
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	155 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	156 read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	157 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	158
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	159 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	160 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	161
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	162 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	163 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	164 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	165
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	166 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	167 401 read not authorized
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	168
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	169 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	170 read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	171 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	172
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	173 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	174 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	175
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	176 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	177 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	178 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	179
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	180 $ hg --cwd ../test2 pull http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	181 pulling from http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	182 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	183 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	184
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	185 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	186
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	187 web.deny_read=<user> denies access to unauthenticated user
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	188
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	189 $ cat > .hg/hgrc <<EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	190 > [web]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	191 > deny_read = baduser1,baduser2
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	192 > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	193
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	194 $ hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	195 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	196
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	197 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	198 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	199
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	200 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	201 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	202 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	203
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	204 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
36755 ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	205 401 read not authorized
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	206
36755 ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	207 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	208 read not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	209 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	210
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	211 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	212 401 read not authorized
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	213
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	214 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	215 read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	216 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	217
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	218 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	219 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	220
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	221 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	222 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	223 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	224
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	225 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	226 401 read not authorized
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	227
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	228 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	229 read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	230 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	231
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	232 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	233 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	234
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	235 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	236 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	237 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	238
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	239 $ hg --cwd ../test2 pull http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	240 pulling from http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	241 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	242 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	243
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	244 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	245
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	246 web.deny_read=<user> denies access to users in deny list
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	247
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	248 $ REMOTE_USER=baduser2 hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	249 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	250
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	251 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	252 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	253
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	254 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	255 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	256 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	257
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	258 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
36755 ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	259 401 read not authorized
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	260
36755 ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	261 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	262 read not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	263 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	264
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	265 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	266 401 read not authorized
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	267
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	268 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	269 read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	270 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	271
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	272 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	273 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	274
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	275 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	276 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	277 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	278
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	279 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	280 401 read not authorized
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	281
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	282 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	283 read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	284 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	285
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	286 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	287 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	288
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	289 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	290 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	291 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	292
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	293 $ hg --cwd ../test2 pull http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	294 pulling from http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	295 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	296 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	297
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	298 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	299
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	300 web.deny_read=<user> allows access to authenticated users not in list
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	301
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	302 $ REMOTE_USER=gooduser hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	303 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	304
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	305 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	306 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	307
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	308 cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	309 publishing True (no-eol)
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	310
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	311 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	312 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	313
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	314 cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	315 publishing True (no-eol)
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	316
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	317 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	318 405 push requires POST request
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	319
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	320 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	321 push requires POST request
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	322 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	323
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	324 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	325 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	326
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	327 read-only command w/ defined permissions
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	328
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	329 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	330 405 push requires POST request
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	331
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	332 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	333 push requires POST request
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	334 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	335
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	336 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	337 405 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	338
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	339 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	340 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	341 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	342
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	343 $ hg --cwd ../test2 pull http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	344 pulling from http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	345 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	346 no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	347
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	348 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	349
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	350 web.allow_read=* allows reads for unauthenticated users
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	351
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	352 $ cat > .hg/hgrc <<EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	353 > [web]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	354 > allow_read = *
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	355 > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	356
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	357 $ hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	358 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	359
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	360 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	361 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	362
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	363 cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	364 publishing True (no-eol)
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	365
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	366 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	367 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	368
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	369 cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	370 publishing True (no-eol)
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	371
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	372 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	373 405 push requires POST request
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	374
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	375 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	376 push requires POST request
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	377 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	378
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	379 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	380 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	381
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	382 read-only command w/ defined permissions
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	383
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	384 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	385 405 push requires POST request
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	386
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	387 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	388 push requires POST request
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	389 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	390
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	391 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	392 405 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	393
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	394 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	395 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	396 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	397
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	398 $ hg --cwd ../test2 pull http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	399 pulling from http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	400 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	401 no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	402
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	403 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	404
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	405 web.allow_read=* allows read for authenticated user
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	406
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	407 $ REMOTE_USER=authed_user hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	408 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	409
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	410 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	411 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	412
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	413 cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	414 publishing True (no-eol)
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	415
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	416 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	417 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	418
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	419 cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	420 publishing True (no-eol)
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	421
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	422 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	423 405 push requires POST request
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	424
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	425 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	426 push requires POST request
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	427 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	428
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	429 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	430 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	431
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	432 read-only command w/ defined permissions
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	433
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	434 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	435 405 push requires POST request
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	436
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	437 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	438 push requires POST request
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	439 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	440
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	441 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	442 405 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	443
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	444 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	445 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	446 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	447
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	448 $ hg --cwd ../test2 pull http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	449 pulling from http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	450 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	451 no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	452
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	453 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	454
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	455 web.allow_read=<user> does not allow unauthenticated users to read
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	456
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	457 $ cat > .hg/hgrc <<EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	458 > [web]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	459 > allow_read = gooduser
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	460 > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	461
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	462 $ hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	463 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	464
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	465 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	466 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	467
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	468 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	469 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	470 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	471
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	472 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
36755 ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	473 401 read not authorized
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	474
36755 ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	475 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	476 read not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	477 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	478
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	479 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	480 401 read not authorized
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	481
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	482 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	483 read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	484 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	485
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	486 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	487 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	488
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	489 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	490 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	491 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	492
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	493 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	494 401 read not authorized
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	495
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	496 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	497 read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	498 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	499
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	500 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	501 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	502
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	503 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	504 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	505 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	506
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	507 $ hg --cwd ../test2 pull http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	508 pulling from http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	509 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	510 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	511
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	512 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	513
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	514 web.allow_read=<user> does not allow user not in list to read
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	515
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	516 $ REMOTE_USER=baduser hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	517 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	518
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	519 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	520 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	521
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	522 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	523 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	524 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	525
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	526 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
36755 ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	527 401 read not authorized
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	528
36755 ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	529 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	530 read not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	531 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	532
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	533 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	534 401 read not authorized
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	535
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	536 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	537 read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	538 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	539
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	540 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	541 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	542
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	543 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	544 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	545 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	546
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	547 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	548 401 read not authorized
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	549
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	550 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	551 read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	552 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	553
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	554 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	555 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	556
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	557 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	558 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	559 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	560
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	561 $ hg --cwd ../test2 pull http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	562 pulling from http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	563 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	564 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	565
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	566 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	567
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	568 web.allow_read=<user> allows read from user in list
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	569
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	570 $ REMOTE_USER=gooduser hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	571 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	572
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	573 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	574 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	575
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	576 cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	577 publishing True (no-eol)
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	578
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	579 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	580 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	581
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	582 cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	583 publishing True (no-eol)
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	584
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	585 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	586 405 push requires POST request
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	587
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	588 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	589 push requires POST request
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	590 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	591
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	592 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	593 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	594
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	595 read-only command w/ defined permissions
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	596
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	597 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	598 405 push requires POST request
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	599
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	600 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	601 push requires POST request
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	602 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	603
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	604 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	605 405 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	606
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	607 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	608 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	609 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	610
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	611 $ hg --cwd ../test2 pull http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	612 pulling from http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	613 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	614 no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	615
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	616 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	617
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	618 web.deny_read takes precedence over web.allow_read
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	619
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	620 $ cat > .hg/hgrc <<EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	621 > [web]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	622 > allow_read = baduser
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	623 > deny_read = baduser
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	624 > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	625
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	626 $ REMOTE_USER=baduser hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	627 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	628
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	629 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	630 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	631
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	632 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	633 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	634 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	635
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	636 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
36755 ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	637 401 read not authorized
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	638
36755 ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	639 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	640 read not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	641 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	642
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	643 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	644 401 read not authorized
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	645
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	646 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	647 read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	648 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	649
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	650 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	651 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	652
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	653 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	654 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	655 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	656
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	657 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	658 401 read not authorized
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	659
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	660 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	661 read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	662 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	663
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	664 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	665 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	666
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	667 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	668 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	669 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	670
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	671 $ hg --cwd ../test2 pull http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	672 pulling from http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	673 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	674 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	675
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	676 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	677
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	678 web.allow-pull=false denies read access to repo
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	679
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	680 $ cat > .hg/hgrc <<EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	681 > [web]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	682 > allow-pull = false
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	683 > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	684
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	685 $ hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	686 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	687
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	688 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=capabilities'
36754 e3c228b4510d wireproto: declare operation type for most commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36753 diff changeset	689 401 pull not authorized
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	690
36754 e3c228b4510d wireproto: declare operation type for most commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36753 diff changeset	691 0
e3c228b4510d wireproto: declare operation type for most commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36753 diff changeset	692 pull not authorized
e3c228b4510d wireproto: declare operation type for most commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36753 diff changeset	693 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	694
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	695 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	696 401 pull not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	697
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	698 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	699 pull not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	700 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	701
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	702 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
36755 ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	703 401 pull not authorized
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	704
36755 ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	705 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	706 pull not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	707 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	708
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	709 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	710 405 push requires POST request
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	711
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	712 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	713 push requires POST request
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	714 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	715
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	716 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	717 401 pull not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	718
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	719 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	720 pull not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	721 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	722
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	723 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	724 405 push requires POST request
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	725
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	726 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	727 push requires POST request
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	728 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	729
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	730 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	731 405 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	732
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	733 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	734 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	735 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	736
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	737 $ hg --cwd ../test2 pull http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	738 pulling from http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	739 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	740 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	741
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	742 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	743
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	744 Attempting a write command with HTTP GET fails
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	745
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	746 $ cat > .hg/hgrc <<EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	747 > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	748
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	749 $ REQUEST_METHOD=GET hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	750 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	751
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	752 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	753 405 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	754
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	755 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	756 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	757 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	758
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	759 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
36755 ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	760 405 push requires POST request
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	761
36755 ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	762 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	763 push requires POST request
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	764 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	765
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	766 $ hg bookmarks
36755 ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	767 no bookmarks set
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	768 $ hg bookmark -d bm
36755 ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	769 abort: bookmark 'bm' does not exist
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	770 [255]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	771
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	772 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	773 405 push requires POST request
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	774
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	775 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	776 push requires POST request
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	777 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	778
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	779 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	780 405 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	781
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	782 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	783 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	784 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	785
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	786 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	787
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	788 Attempting a write command with an unknown HTTP verb fails
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	789
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	790 $ REQUEST_METHOD=someverb hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	791 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	792
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	793 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	794 405 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	795
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	796 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	797 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	798 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	799
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	800 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
36755 ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	801 405 push requires POST request
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	802
36755 ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	803 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	804 push requires POST request
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	805 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	806
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	807 $ hg bookmarks
36755 ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	808 no bookmarks set
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	809 $ hg bookmark -d bm
36755 ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	810 abort: bookmark 'bm' does not exist
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	811 [255]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	812
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	813 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	814 405 push requires POST request
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	815
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	816 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	817 push requires POST request
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	818 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	819
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	820 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	821 405 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	822
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	823 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	824 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	825 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	826
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	827 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	828
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	829 Pushing on a plaintext channel is disabled by default
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	830
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	831 $ cat > .hg/hgrc <<EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	832 > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	833
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	834 $ REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	835 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	836
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	837 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	838 403 ssl required
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	839
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	840 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	841 ssl required
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	842 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	843
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	844 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
36755 ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	845 403 ssl required
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	846
36755 ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	847 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	848 ssl required
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	849 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	850
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	851 $ hg bookmarks
36755 ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	852 no bookmarks set
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	853
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	854 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	855 403 ssl required
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	856
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	857 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	858 ssl required
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	859 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	860
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	861 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	862 403 ssl required
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	863
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	864 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	865 ssl required
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	866 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	867
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	868 Reset server to remove REQUEST_METHOD hack to test hg client
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	869
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	870 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	871 $ hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	872 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	873
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	874 $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	875 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	876 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	877 no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	878 abort: HTTP Error 403: ssl required
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	879 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	880
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	881 $ hg --cwd ../test2 push http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	882 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	883 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	884 abort: HTTP Error 403: ssl required
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	885 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	886
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	887 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	888
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	889 web.deny_push=* denies pushing to unauthenticated users
36751 2c647da851ed tests: extract HTTP permissions tests to own test file Gregory Szorc <gregory.szorc@gmail.com> parents: diff changeset	890
2c647da851ed tests: extract HTTP permissions tests to own test file Gregory Szorc <gregory.szorc@gmail.com> parents: diff changeset	891 $ cat > .hg/hgrc <<EOF
2c647da851ed tests: extract HTTP permissions tests to own test file Gregory Szorc <gregory.szorc@gmail.com> parents: diff changeset	892 > [web]
2c647da851ed tests: extract HTTP permissions tests to own test file Gregory Szorc <gregory.szorc@gmail.com> parents: diff changeset	893 > push_ssl = false
2c647da851ed tests: extract HTTP permissions tests to own test file Gregory Szorc <gregory.szorc@gmail.com> parents: diff changeset	894 > deny_push = *
2c647da851ed tests: extract HTTP permissions tests to own test file Gregory Szorc <gregory.szorc@gmail.com> parents: diff changeset	895 > EOF
2c647da851ed tests: extract HTTP permissions tests to own test file Gregory Szorc <gregory.szorc@gmail.com> parents: diff changeset	896
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	897 $ REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	898 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	899
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	900 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	901 401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	902
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	903 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	904 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	905 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	906
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	907 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
36755 ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	908 401 push not authorized
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	909
36755 ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	910 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	911 push not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	912 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	913
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	914 $ hg bookmarks
36755 ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	915 no bookmarks set
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	916
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	917 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	918 401 push not authorized
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	919
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	920 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	921 push not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	922 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	923
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	924 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	925 401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	926
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	927 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	928 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	929 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	930
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	931 Reset server to remove REQUEST_METHOD hack to test hg client
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	932
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	933 $ killdaemons.py
36751 2c647da851ed tests: extract HTTP permissions tests to own test file Gregory Szorc <gregory.szorc@gmail.com> parents: diff changeset	934 $ hg serve -p $HGPORT -d --pid-file hg.pid
2c647da851ed tests: extract HTTP permissions tests to own test file Gregory Szorc <gregory.szorc@gmail.com> parents: diff changeset	935 $ cat hg.pid > $DAEMON_PIDS
2c647da851ed tests: extract HTTP permissions tests to own test file Gregory Szorc <gregory.szorc@gmail.com> parents: diff changeset	936
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	937 $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	938 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	939 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	940 no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	941 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	942 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	943
36751 2c647da851ed tests: extract HTTP permissions tests to own test file Gregory Szorc <gregory.szorc@gmail.com> parents: diff changeset	944 $ hg --cwd ../test2 push http://localhost:$HGPORT/
2c647da851ed tests: extract HTTP permissions tests to own test file Gregory Szorc <gregory.szorc@gmail.com> parents: diff changeset	945 pushing to http://localhost:$HGPORT/
2c647da851ed tests: extract HTTP permissions tests to own test file Gregory Szorc <gregory.szorc@gmail.com> parents: diff changeset	946 searching for changes
2c647da851ed tests: extract HTTP permissions tests to own test file Gregory Szorc <gregory.szorc@gmail.com> parents: diff changeset	947 abort: authorization failed
2c647da851ed tests: extract HTTP permissions tests to own test file Gregory Szorc <gregory.szorc@gmail.com> parents: diff changeset	948 [255]
2c647da851ed tests: extract HTTP permissions tests to own test file Gregory Szorc <gregory.szorc@gmail.com> parents: diff changeset	949
2c647da851ed tests: extract HTTP permissions tests to own test file Gregory Szorc <gregory.szorc@gmail.com> parents: diff changeset	950 $ killdaemons.py
2c647da851ed tests: extract HTTP permissions tests to own test file Gregory Szorc <gregory.szorc@gmail.com> parents: diff changeset	951
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	952 web.deny_push=* denies pushing to authenticated users
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	953
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	954 $ REMOTE_USER=someuser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	955 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	956
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	957 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	958 401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	959
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	960 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	961 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	962 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	963
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	964 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
36755 ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	965 401 push not authorized
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	966
36755 ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	967 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	968 push not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	969 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	970
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	971 $ hg bookmarks
36755 ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	972 no bookmarks set
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	973
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	974 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	975 401 push not authorized
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	976
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	977 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	978 push not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	979 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	980
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	981 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	982 401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	983
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	984 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	985 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	986 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	987
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	988 Reset server to remove REQUEST_METHOD hack to test hg client
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	989
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	990 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	991 $ REMOTE_USER=someuser hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	992 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	993
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	994 $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	995 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	996 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	997 no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	998 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	999 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1000
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1001 $ hg --cwd ../test2 push http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1002 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1003 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1004 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1005 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1006
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1007 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1008
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1009 web.deny_push=<user> denies pushing to user in list
36751 2c647da851ed tests: extract HTTP permissions tests to own test file Gregory Szorc <gregory.szorc@gmail.com> parents: diff changeset	1010
2c647da851ed tests: extract HTTP permissions tests to own test file Gregory Szorc <gregory.szorc@gmail.com> parents: diff changeset	1011 $ cat > .hg/hgrc <<EOF
2c647da851ed tests: extract HTTP permissions tests to own test file Gregory Szorc <gregory.szorc@gmail.com> parents: diff changeset	1012 > [web]
2c647da851ed tests: extract HTTP permissions tests to own test file Gregory Szorc <gregory.szorc@gmail.com> parents: diff changeset	1013 > push_ssl = false
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1014 > deny_push = baduser
36751 2c647da851ed tests: extract HTTP permissions tests to own test file Gregory Szorc <gregory.szorc@gmail.com> parents: diff changeset	1015 > EOF
2c647da851ed tests: extract HTTP permissions tests to own test file Gregory Szorc <gregory.szorc@gmail.com> parents: diff changeset	1016
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1017 $ REMOTE_USER=baduser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1018 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1019
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1020 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1021 401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1022
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1023 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1024 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1025 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1026
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1027 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
36755 ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	1028 401 push not authorized
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1029
36755 ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	1030 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	1031 push not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	1032 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1033
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1034 $ hg bookmarks
36755 ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	1035 no bookmarks set
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1036
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1037 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	1038 401 push not authorized
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1039
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	1040 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	1041 push not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	1042 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1043
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1044 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1045 401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1046
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1047 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1048 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1049 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1050
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1051 Reset server to remove REQUEST_METHOD hack to test hg client
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1052
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1053 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1054 $ REMOTE_USER=baduser hg serve -p $HGPORT -d --pid-file hg.pid
36751 2c647da851ed tests: extract HTTP permissions tests to own test file Gregory Szorc <gregory.szorc@gmail.com> parents: diff changeset	1055 $ cat hg.pid > $DAEMON_PIDS
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1056
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1057 $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1058 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1059 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1060 no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1061 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1062 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1063
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1064 $ hg --cwd ../test2 push http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1065 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1066 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1067 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1068 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1069
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1070 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1071
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1072 web.deny_push=<user> denies pushing to user not in list because allow-push isn't set
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1073
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1074 $ REMOTE_USER=gooduser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1075 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1076
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1077 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1078 401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1079
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1080 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1081 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1082 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1083
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1084 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
36755 ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	1085 401 push not authorized
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1086
36755 ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	1087 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	1088 push not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	1089 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1090
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1091 $ hg bookmarks
36755 ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	1092 no bookmarks set
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1093
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1094 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	1095 401 push not authorized
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1096
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	1097 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	1098 push not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	1099 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1100
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1101 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1102 401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1103
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1104 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1105 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1106 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1107
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1108 Reset server to remove REQUEST_METHOD hack to test hg client
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1109
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1110 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1111 $ REMOTE_USER=gooduser hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1112 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1113
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1114 $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1115 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1116 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1117 no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1118 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1119 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1120
36751 2c647da851ed tests: extract HTTP permissions tests to own test file Gregory Szorc <gregory.szorc@gmail.com> parents: diff changeset	1121 $ hg --cwd ../test2 push http://localhost:$HGPORT/
2c647da851ed tests: extract HTTP permissions tests to own test file Gregory Szorc <gregory.szorc@gmail.com> parents: diff changeset	1122 pushing to http://localhost:$HGPORT/
2c647da851ed tests: extract HTTP permissions tests to own test file Gregory Szorc <gregory.szorc@gmail.com> parents: diff changeset	1123 searching for changes
2c647da851ed tests: extract HTTP permissions tests to own test file Gregory Szorc <gregory.szorc@gmail.com> parents: diff changeset	1124 abort: authorization failed
2c647da851ed tests: extract HTTP permissions tests to own test file Gregory Szorc <gregory.szorc@gmail.com> parents: diff changeset	1125 [255]
2c647da851ed tests: extract HTTP permissions tests to own test file Gregory Szorc <gregory.szorc@gmail.com> parents: diff changeset	1126
2c647da851ed tests: extract HTTP permissions tests to own test file Gregory Szorc <gregory.szorc@gmail.com> parents: diff changeset	1127 $ killdaemons.py
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1128
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1129 web.allow-push=* allows pushes from unauthenticated users
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1130
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1131 $ cat > .hg/hgrc <<EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1132 > [web]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1133 > push_ssl = false
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1134 > allow-push = *
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1135 > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1136
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1137 $ REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1138 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1139
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1140 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1141 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1142
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1143 1
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1144
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1145 $ hg bookmarks
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1146 bm 0:cb9a9f314b8b
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1147 $ hg book -d bm
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1148
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1149 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1150 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1151
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1152 write command no defined permissions
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1153
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1154 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1155 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1156
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1157 write command w/ defined permissions
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1158
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1159 Reset server to remove REQUEST_METHOD hack to test hg client
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1160
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1161 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1162 $ hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1163 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1164
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1165 $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1166 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1167 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1168 no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1169 exporting bookmark bm
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1170 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1171
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1172 $ hg book -d bm
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1173
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1174 $ hg --cwd ../test2 push http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1175 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1176 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1177 remote: adding changesets
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1178 remote: adding manifests
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1179 remote: adding file changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1180 remote: added 1 changesets with 1 changes to 1 files
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1181
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1182 $ hg strip -r 1:
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1183 saved backup bundle to $TESTTMP/test/.hg/strip-backup/ba677d0156c1-eea704d7-backup.hg
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1184
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1185 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1186
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1187 web.allow-push=* allows pushes from authenticated users
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1188
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1189 $ REMOTE_USER=someuser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1190 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1191
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1192 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1193 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1194
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1195 1
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1196
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1197 $ hg bookmarks
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1198 bm 0:cb9a9f314b8b
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1199 $ hg book -d bm
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1200
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1201 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1202 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1203
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1204 write command no defined permissions
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1205
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1206 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1207 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1208
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1209 write command w/ defined permissions
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1210
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1211 Reset server to remove REQUEST_METHOD hack to test hg client
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1212
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1213 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1214 $ REMOTE_USER=someuser hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1215 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1216
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1217 $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1218 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1219 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1220 no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1221 exporting bookmark bm
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1222 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1223
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1224 $ hg book -d bm
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1225
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1226 $ hg --cwd ../test2 push http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1227 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1228 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1229 remote: adding changesets
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1230 remote: adding manifests
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1231 remote: adding file changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1232 remote: added 1 changesets with 1 changes to 1 files
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1233
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1234 $ hg strip -r 1:
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1235 saved backup bundle to $TESTTMP/test/.hg/strip-backup/ba677d0156c1-eea704d7-backup.hg
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1236
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1237 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1238
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1239 web.allow-push=<user> denies push to user not in list
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1240
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1241 $ cat > .hg/hgrc <<EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1242 > [web]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1243 > push_ssl = false
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1244 > allow-push = gooduser
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1245 > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1246
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1247 $ REMOTE_USER=baduser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1248 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1249
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1250 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1251 401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1252
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1253 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1254 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1255 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1256
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1257 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
36755 ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	1258 401 push not authorized
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1259
36755 ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	1260 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	1261 push not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	1262 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1263
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1264 $ hg bookmarks
36755 ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	1265 no bookmarks set
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1266
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1267 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	1268 401 push not authorized
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1269
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	1270 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	1271 push not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	1272 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1273
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1274 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1275 401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1276
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1277 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1278 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1279 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1280
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1281 Reset server to remove REQUEST_METHOD hack to test hg client
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1282
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1283 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1284 $ REMOTE_USER=baduser hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1285 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1286
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1287 $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1288 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1289 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1290 no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1291 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1292 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1293
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1294 $ hg --cwd ../test2 push http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1295 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1296 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1297 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1298 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1299
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1300 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1301
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1302 web.allow-push=<user> allows push from user in list
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1303
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1304 $ REMOTE_USER=gooduser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1305 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1306
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1307 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1308 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1309
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1310 1
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1311
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1312 $ hg bookmarks
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1313 bm 0:cb9a9f314b8b
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1314 $ hg book -d bm
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1315
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1316 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1317 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1318
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1319 1
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1320
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1321 $ hg bookmarks
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1322 bm 0:cb9a9f314b8b
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1323 $ hg book -d bm
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1324
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1325 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1326 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1327
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1328 write command no defined permissions
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1329
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1330 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1331 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1332
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1333 write command w/ defined permissions
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1334
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1335 Reset server to remove REQUEST_METHOD hack to test hg client
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1336
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1337 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1338 $ REMOTE_USER=gooduser hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1339 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1340
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1341 $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1342 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1343 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1344 no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1345 exporting bookmark bm
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1346 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1347
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1348 $ hg book -d bm
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1349
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1350 $ hg --cwd ../test2 push http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1351 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1352 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1353 remote: adding changesets
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1354 remote: adding manifests
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1355 remote: adding file changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1356 remote: added 1 changesets with 1 changes to 1 files
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1357
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1358 $ hg strip -r 1:
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1359 saved backup bundle to $TESTTMP/test/.hg/strip-backup/ba677d0156c1-eea704d7-backup.hg
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1360
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1361 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1362
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1363 web.deny_push takes precedence over web.allow_push
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1364
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1365 $ cat > .hg/hgrc <<EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1366 > [web]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1367 > push_ssl = false
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1368 > allow-push = someuser
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1369 > deny_push = someuser
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1370 > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1371
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1372 $ REMOTE_USER=someuser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1373 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1374
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1375 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1376 401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1377
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1378 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1379 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1380 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1381
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1382 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
36755 ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	1383 401 push not authorized
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1384
36755 ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	1385 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	1386 push not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	1387 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1388
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1389 $ hg bookmarks
36755 ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	1390 no bookmarks set
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1391
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1392 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	1393 401 push not authorized
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1394
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	1395 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	1396 push not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	1397 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1398
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1399 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1400 401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1401
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1402 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1403 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1404 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1405
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1406 Reset server to remove REQUEST_METHOD hack to test hg client
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1407
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1408 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1409 $ REMOTE_USER=someuser hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1410 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1411
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1412 $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1413 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1414 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1415 no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1416 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1417 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1418
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1419 $ hg --cwd ../test2 push http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1420 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1421 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1422 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1423 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1424
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1425 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1426
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1427 web.allow-push has no effect if web.deny_read is set
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1428
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1429 $ cat > .hg/hgrc <<EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1430 > [web]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1431 > push_ssl = false
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1432 > allow-push = *
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1433 > deny_read = *
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1434 > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1435
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1436 $ REQUEST_METHOD=POST REMOTE_USER=someuser hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1437 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1438
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1439 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1440 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1441
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1442 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1443 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1444 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1445
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1446 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
36755 ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	1447 401 read not authorized
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1448
36755 ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	1449 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	1450 read not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	1451 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1452
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1453 $ hg bookmarks
36755 ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36754 diff changeset	1454 no bookmarks set
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1455
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1456 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	1457 401 read not authorized
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1458
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	1459 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	1460 read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	1461 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1462
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1463 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1464 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1465
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1466 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1467 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1468 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1469
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1470 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	1471 401 read not authorized
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1472
36756 2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	1473 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	1474 read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC) Gregory Szorc <gregory.szorc@gmail.com> parents: 36755 diff changeset	1475 [1]
36752 bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1476
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1477 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1478 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1479
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1480 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1481 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1482 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1483
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1484 Reset server to remove REQUEST_METHOD hack to test hg client
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1485
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1486 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1487 $ REMOTE_USER=someuser hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1488 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1489
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1490 $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1491 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1492 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1493 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1494
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1495 $ hg --cwd ../test2 push http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1496 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1497 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1498 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1499
bbd4027b019b tests: comprehensively test HTTP server permissions checking Gregory Szorc <gregory.szorc@gmail.com> parents: 36751 diff changeset	1500 $ killdaemons.py

Mercurial > hg

annotate tests/test-http-permissions.t @ 37485:0b7475ea38cf