annotate tests/test-http-permissions.t @ 51485:2b5f4013f79f

branchcache: avoid created a `None` filter repoview when writing The repoview class is not intended to be used for unfiltered repository.
author Pierre-Yves David <pierre-yves.david@octobus.net>
date Thu, 07 Mar 2024 11:04:34 +0100
parents 9acbe30953e8
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1 $ cat > fakeremoteuser.py << EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
2 > import os
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
3 > from mercurial.hgweb import hgweb_mod
37785
b4d85bc122bd wireproto: rename wireproto to wireprotov1server (API)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36800
diff changeset
4 > from mercurial import wireprotov1server
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
5 > class testenvhgweb(hgweb_mod.hgweb):
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
6 > def __call__(self, env, respond):
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
7 > # Allow REMOTE_USER to define authenticated user.
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
8 > if r'REMOTE_USER' in os.environ:
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
9 > env[r'REMOTE_USER'] = os.environ[r'REMOTE_USER']
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
10 > # Allow REQUEST_METHOD to override HTTP method
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
11 > if r'REQUEST_METHOD' in os.environ:
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
12 > env[r'REQUEST_METHOD'] = os.environ[r'REQUEST_METHOD']
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
13 > return super(testenvhgweb, self).__call__(env, respond)
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
14 > hgweb_mod.hgweb = testenvhgweb
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
15 >
39430
c3491d3f8984 py3: add more missing b'' prefixes in test files
Pulkit Goyal <pulkit@yandex-team.ru>
parents: 37845
diff changeset
16 > @wireprotov1server.wireprotocommand(b'customreadnoperm')
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
17 > def customread(repo, proto):
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
18 > return b'read-only command no defined permissions\n'
39430
c3491d3f8984 py3: add more missing b'' prefixes in test files
Pulkit Goyal <pulkit@yandex-team.ru>
parents: 37845
diff changeset
19 > @wireprotov1server.wireprotocommand(b'customwritenoperm')
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
20 > def customwritenoperm(repo, proto):
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
21 > return b'write command no defined permissions\n'
39430
c3491d3f8984 py3: add more missing b'' prefixes in test files
Pulkit Goyal <pulkit@yandex-team.ru>
parents: 37845
diff changeset
22 > @wireprotov1server.wireprotocommand(b'customreadwithperm', permission=b'pull')
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
23 > def customreadwithperm(repo, proto):
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
24 > return b'read-only command w/ defined permissions\n'
39430
c3491d3f8984 py3: add more missing b'' prefixes in test files
Pulkit Goyal <pulkit@yandex-team.ru>
parents: 37845
diff changeset
25 > @wireprotov1server.wireprotocommand(b'customwritewithperm', permission=b'push')
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
26 > def customwritewithperm(repo, proto):
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
27 > return b'write command w/ defined permissions\n'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
28 > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
29
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
30 $ cat >> $HGRCPATH << EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
31 > [extensions]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
32 > fakeremoteuser = $TESTTMP/fakeremoteuser.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
33 > strip =
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
34 > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
35
36751
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
36 $ hg init test
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
37 $ cd test
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
38 $ echo a > a
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
39 $ hg ci -Ama
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
40 adding a
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
41 $ cd ..
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
42 $ hg clone test test2
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
43 updating to branch default
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
44 1 files updated, 0 files merged, 0 files removed, 0 files unresolved
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
45 $ cd test2
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
46 $ echo a >> a
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
47 $ hg ci -mb
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
48 $ hg book bm -r 0
36751
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
49 $ cd ../test
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
50
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
51 web.deny_read=* prevents access to wire protocol for all users
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
52
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
53 $ cat > .hg/hgrc <<EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
54 > [web]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
55 > deny_read = *
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
56 > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
57
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
58 $ hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
59 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
60
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
61 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=capabilities'
36754
e3c228b4510d wireproto: declare operation type for most commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36753
diff changeset
62 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
63
36754
e3c228b4510d wireproto: declare operation type for most commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36753
diff changeset
64 0
e3c228b4510d wireproto: declare operation type for most commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36753
diff changeset
65 read not authorized
e3c228b4510d wireproto: declare operation type for most commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36753
diff changeset
66 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
67
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
68 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=stream_out'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
69 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
70
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
71 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
72 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
73 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
74
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
75 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
76 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
77
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
78 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
79 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
80 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
81
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
82 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
83 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
84
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
85 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
86 read not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
87 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
88
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
89 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
90 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
91
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
92 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
93 read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
94 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
95
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
96 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
97 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
98
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
99 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
100 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
101 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
102
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
103 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
104 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
105
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
106 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
107 read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
108 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
109
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
110 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
111 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
112
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
113 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
114 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
115 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
116
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
117 $ hg --cwd ../test2 pull http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
118 pulling from http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
119 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
120 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
121
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
122 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
123
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
124 web.deny_read=* with REMOTE_USER set still locks out clients
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
125
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
126 $ REMOTE_USER=authed_user hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
127 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
128
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
129 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=capabilities'
36754
e3c228b4510d wireproto: declare operation type for most commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36753
diff changeset
130 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
131
36754
e3c228b4510d wireproto: declare operation type for most commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36753
diff changeset
132 0
e3c228b4510d wireproto: declare operation type for most commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36753
diff changeset
133 read not authorized
e3c228b4510d wireproto: declare operation type for most commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36753
diff changeset
134 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
135
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
136 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=stream_out'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
137 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
138
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
139 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
140 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
141 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
142
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
143 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
144 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
145
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
146 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
147 read not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
148 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
149
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
150 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
151 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
152
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
153 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
154 read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
155 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
156
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
157 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
158 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
159
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
160 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
161 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
162 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
163
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
164 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
165 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
166
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
167 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
168 read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
169 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
170
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
171 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
172 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
173
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
174 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
175 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
176 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
177
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
178 $ hg --cwd ../test2 pull http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
179 pulling from http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
180 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
181 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
182
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
183 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
184
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
185 web.deny_read=<user> denies access to unauthenticated user
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
186
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
187 $ cat > .hg/hgrc <<EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
188 > [web]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
189 > deny_read = baduser1,baduser2
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
190 > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
191
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
192 $ hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
193 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
194
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
195 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
196 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
197
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
198 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
199 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
200 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
201
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
202 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
203 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
204
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
205 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
206 read not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
207 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
208
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
209 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
210 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
211
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
212 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
213 read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
214 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
215
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
216 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
217 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
218
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
219 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
220 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
221 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
222
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
223 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
224 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
225
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
226 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
227 read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
228 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
229
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
230 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
231 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
232
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
233 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
234 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
235 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
236
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
237 $ hg --cwd ../test2 pull http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
238 pulling from http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
239 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
240 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
241
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
242 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
243
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
244 web.deny_read=<user> denies access to users in deny list
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
245
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
246 $ REMOTE_USER=baduser2 hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
247 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
248
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
249 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
250 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
251
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
252 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
253 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
254 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
255
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
256 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
257 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
258
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
259 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
260 read not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
261 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
262
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
263 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
264 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
265
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
266 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
267 read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
268 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
269
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
270 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
271 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
272
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
273 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
274 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
275 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
276
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
277 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
278 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
279
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
280 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
281 read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
282 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
283
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
284 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
285 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
286
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
287 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
288 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
289 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
290
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
291 $ hg --cwd ../test2 pull http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
292 pulling from http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
293 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
294 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
295
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
296 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
297
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
298 web.deny_read=<user> allows access to authenticated users not in list
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
299
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
300 $ REMOTE_USER=gooduser hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
301 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
302
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
303 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
304 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
305
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
306 cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
307 publishing True (no-eol)
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
308
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
309 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
310 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
311
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
312 cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
313 publishing True (no-eol)
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
314
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
315 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
316 405 push requires POST request
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
317
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
318 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
319 push requires POST request
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
320 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
321
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
322 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
323 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
324
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
325 read-only command w/ defined permissions
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
326
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
327 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
328 405 push requires POST request
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
329
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
330 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
331 push requires POST request
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
332 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
333
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
334 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
335 405 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
336
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
337 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
338 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
339 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
340
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
341 $ hg --cwd ../test2 pull http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
342 pulling from http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
343 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
344 no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
345
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
346 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
347
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
348 web.allow_read=* allows reads for unauthenticated users
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
349
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
350 $ cat > .hg/hgrc <<EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
351 > [web]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
352 > allow_read = *
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
353 > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
354
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
355 $ hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
356 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
357
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
358 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
359 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
360
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
361 cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
362 publishing True (no-eol)
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
363
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
364 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
365 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
366
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
367 cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
368 publishing True (no-eol)
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
369
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
370 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
371 405 push requires POST request
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
372
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
373 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
374 push requires POST request
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
375 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
376
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
377 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
378 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
379
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
380 read-only command w/ defined permissions
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
381
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
382 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
383 405 push requires POST request
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
384
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
385 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
386 push requires POST request
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
387 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
388
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
389 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
390 405 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
391
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
392 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
393 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
394 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
395
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
396 $ hg --cwd ../test2 pull http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
397 pulling from http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
398 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
399 no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
400
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
401 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
402
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
403 web.allow_read=* allows read for authenticated user
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
404
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
405 $ REMOTE_USER=authed_user hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
406 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
407
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
408 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
409 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
410
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
411 cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
412 publishing True (no-eol)
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
413
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
414 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
415 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
416
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
417 cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
418 publishing True (no-eol)
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
419
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
420 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
421 405 push requires POST request
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
422
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
423 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
424 push requires POST request
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
425 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
426
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
427 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
428 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
429
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
430 read-only command w/ defined permissions
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
431
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
432 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
433 405 push requires POST request
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
434
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
435 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
436 push requires POST request
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
437 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
438
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
439 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
440 405 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
441
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
442 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
443 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
444 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
445
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
446 $ hg --cwd ../test2 pull http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
447 pulling from http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
448 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
449 no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
450
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
451 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
452
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
453 web.allow_read=<user> does not allow unauthenticated users to read
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
454
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
455 $ cat > .hg/hgrc <<EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
456 > [web]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
457 > allow_read = gooduser
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
458 > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
459
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
460 $ hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
461 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
462
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
463 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
464 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
465
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
466 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
467 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
468 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
469
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
470 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
471 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
472
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
473 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
474 read not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
475 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
476
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
477 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
478 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
479
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
480 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
481 read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
482 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
483
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
484 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
485 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
486
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
487 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
488 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
489 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
490
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
491 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
492 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
493
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
494 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
495 read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
496 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
497
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
498 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
499 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
500
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
501 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
502 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
503 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
504
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
505 $ hg --cwd ../test2 pull http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
506 pulling from http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
507 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
508 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
509
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
510 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
511
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
512 web.allow_read=<user> does not allow user not in list to read
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
513
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
514 $ REMOTE_USER=baduser hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
515 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
516
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
517 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
518 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
519
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
520 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
521 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
522 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
523
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
524 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
525 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
526
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
527 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
528 read not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
529 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
530
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
531 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
532 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
533
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
534 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
535 read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
536 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
537
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
538 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
539 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
540
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
541 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
542 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
543 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
544
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
545 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
546 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
547
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
548 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
549 read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
550 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
551
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
552 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
553 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
554
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
555 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
556 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
557 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
558
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
559 $ hg --cwd ../test2 pull http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
560 pulling from http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
561 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
562 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
563
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
564 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
565
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
566 web.allow_read=<user> allows read from user in list
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
567
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
568 $ REMOTE_USER=gooduser hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
569 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
570
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
571 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
572 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
573
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
574 cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
575 publishing True (no-eol)
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
576
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
577 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
578 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
579
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
580 cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
581 publishing True (no-eol)
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
582
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
583 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
584 405 push requires POST request
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
585
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
586 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
587 push requires POST request
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
588 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
589
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
590 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
591 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
592
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
593 read-only command w/ defined permissions
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
594
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
595 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
596 405 push requires POST request
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
597
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
598 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
599 push requires POST request
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
600 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
601
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
602 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
603 405 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
604
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
605 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
606 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
607 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
608
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
609 $ hg --cwd ../test2 pull http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
610 pulling from http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
611 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
612 no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
613
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
614 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
615
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
616 web.deny_read takes precedence over web.allow_read
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
617
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
618 $ cat > .hg/hgrc <<EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
619 > [web]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
620 > allow_read = baduser
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
621 > deny_read = baduser
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
622 > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
623
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
624 $ REMOTE_USER=baduser hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
625 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
626
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
627 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
628 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
629
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
630 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
631 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
632 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
633
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
634 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
635 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
636
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
637 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
638 read not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
639 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
640
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
641 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
642 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
643
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
644 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
645 read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
646 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
647
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
648 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
649 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
650
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
651 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
652 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
653 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
654
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
655 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
656 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
657
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
658 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
659 read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
660 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
661
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
662 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
663 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
664
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
665 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
666 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
667 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
668
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
669 $ hg --cwd ../test2 pull http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
670 pulling from http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
671 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
672 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
673
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
674 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
675
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
676 web.allow-pull=false denies read access to repo
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
677
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
678 $ cat > .hg/hgrc <<EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
679 > [web]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
680 > allow-pull = false
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
681 > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
682
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
683 $ hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
684 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
685
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
686 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=capabilities'
36754
e3c228b4510d wireproto: declare operation type for most commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36753
diff changeset
687 401 pull not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
688
36754
e3c228b4510d wireproto: declare operation type for most commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36753
diff changeset
689 0
e3c228b4510d wireproto: declare operation type for most commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36753
diff changeset
690 pull not authorized
e3c228b4510d wireproto: declare operation type for most commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36753
diff changeset
691 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
692
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
693 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
694 401 pull not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
695
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
696 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
697 pull not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
698 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
699
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
700 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
701 401 pull not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
702
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
703 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
704 pull not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
705 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
706
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
707 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
708 405 push requires POST request
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
709
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
710 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
711 push requires POST request
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
712 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
713
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
714 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
715 401 pull not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
716
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
717 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
718 pull not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
719 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
720
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
721 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
722 405 push requires POST request
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
723
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
724 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
725 push requires POST request
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
726 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
727
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
728 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
729 405 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
730
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
731 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
732 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
733 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
734
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
735 $ hg --cwd ../test2 pull http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
736 pulling from http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
737 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
738 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
739
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
740 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
741
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
742 Attempting a write command with HTTP GET fails
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
743
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
744 $ cat > .hg/hgrc <<EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
745 > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
746
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
747 $ REQUEST_METHOD=GET hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
748 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
749
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
750 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
751 405 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
753 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
754 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
755 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
756
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
757 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
758 405 push requires POST request
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
759
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
760 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
761 push requires POST request
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
762 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
763
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
764 $ hg bookmarks
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
765 no bookmarks set
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
766 $ hg bookmark -d bm
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
767 abort: bookmark 'bm' does not exist
45913
9acbe30953e8 errors: raise InputError on bad bookmark argument
Martin von Zweigbergk <martinvonz@google.com>
parents: 45839
diff changeset
768 [10]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
769
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
770 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
771 405 push requires POST request
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
772
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
773 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
774 push requires POST request
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
775 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
776
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
777 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
778 405 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
779
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
780 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
781 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
782 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
783
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
784 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
785
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
786 Attempting a write command with an unknown HTTP verb fails
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
787
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
788 $ REQUEST_METHOD=someverb hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
789 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
790
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
791 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
792 405 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
793
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
794 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
795 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
796 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
797
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
798 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
799 405 push requires POST request
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
800
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
801 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
802 push requires POST request
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
803 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
804
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
805 $ hg bookmarks
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
806 no bookmarks set
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
807 $ hg bookmark -d bm
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
808 abort: bookmark 'bm' does not exist
45913
9acbe30953e8 errors: raise InputError on bad bookmark argument
Martin von Zweigbergk <martinvonz@google.com>
parents: 45839
diff changeset
809 [10]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
810
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
811 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
812 405 push requires POST request
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
813
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
814 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
815 push requires POST request
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
816 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
817
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
818 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
819 405 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
820
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
821 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
822 push requires POST request
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
823 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
824
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
825 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
826
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
827 Pushing on a plaintext channel is disabled by default
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
828
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
829 $ cat > .hg/hgrc <<EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
830 > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
831
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
832 $ REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
833 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
834
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
835 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
836 403 ssl required
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
837
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
838 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
839 ssl required
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
840 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
841
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
842 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
843 403 ssl required
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
844
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
845 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
846 ssl required
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
847 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
848
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
849 $ hg bookmarks
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
850 no bookmarks set
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
851
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
852 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
853 403 ssl required
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
854
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
855 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
856 ssl required
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
857 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
858
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
859 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
860 403 ssl required
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
861
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
862 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
863 ssl required
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
864 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
865
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
866 Reset server to remove REQUEST_METHOD hack to test hg client
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
867
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
868 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
869 $ hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
870 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
871
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
872 $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
873 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
874 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
875 no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
876 abort: HTTP Error 403: ssl required
45839
ebee234d952a errors: set detailed exit code to 100 for some remote errors
Martin von Zweigbergk <martinvonz@google.com>
parents: 39430
diff changeset
877 [100]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
878
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
879 $ hg --cwd ../test2 push http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
880 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
881 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
882 abort: HTTP Error 403: ssl required
45839
ebee234d952a errors: set detailed exit code to 100 for some remote errors
Martin von Zweigbergk <martinvonz@google.com>
parents: 39430
diff changeset
883 [100]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
884
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
885 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
886
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
887 web.deny_push=* denies pushing to unauthenticated users
36751
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
888
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
889 $ cat > .hg/hgrc <<EOF
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
890 > [web]
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
891 > push_ssl = false
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
892 > deny_push = *
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
893 > EOF
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
894
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
895 $ REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
896 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
897
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
898 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
899 401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
900
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
901 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
902 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
903 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
904
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
905 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
906 401 push not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
907
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
908 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
909 push not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
910 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
911
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
912 $ hg bookmarks
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
913 no bookmarks set
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
914
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
915 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
916 401 push not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
917
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
918 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
919 push not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
920 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
921
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
922 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
923 401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
924
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
925 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
926 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
927 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
928
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
929 Reset server to remove REQUEST_METHOD hack to test hg client
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
930
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
931 $ killdaemons.py
36751
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
932 $ hg serve -p $HGPORT -d --pid-file hg.pid
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
933 $ cat hg.pid > $DAEMON_PIDS
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
934
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
935 $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
936 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
937 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
938 no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
939 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
940 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
941
36751
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
942 $ hg --cwd ../test2 push http://localhost:$HGPORT/
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
943 pushing to http://localhost:$HGPORT/
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
944 searching for changes
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
945 abort: authorization failed
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
946 [255]
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
947
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
948 $ killdaemons.py
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
949
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
950 web.deny_push=* denies pushing to authenticated users
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
951
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
952 $ REMOTE_USER=someuser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
953 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
954
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
955 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
956 401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
957
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
958 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
959 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
960 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
961
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
962 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
963 401 push not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
964
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
965 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
966 push not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
967 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
968
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
969 $ hg bookmarks
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
970 no bookmarks set
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
971
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
972 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
973 401 push not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
974
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
975 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
976 push not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
977 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
978
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
979 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
980 401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
981
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
982 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
983 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
984 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
985
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
986 Reset server to remove REQUEST_METHOD hack to test hg client
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
987
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
988 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
989 $ REMOTE_USER=someuser hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
990 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
991
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
992 $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
993 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
994 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
995 no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
996 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
997 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
998
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
999 $ hg --cwd ../test2 push http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1000 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1001 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1002 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1003 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1004
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1005 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1006
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1007 web.deny_push=<user> denies pushing to user in list
36751
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
1008
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
1009 $ cat > .hg/hgrc <<EOF
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
1010 > [web]
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
1011 > push_ssl = false
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1012 > deny_push = baduser
36751
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
1013 > EOF
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
1014
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1015 $ REMOTE_USER=baduser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1016 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1017
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1018 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1019 401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1020
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1021 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1022 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1023 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1024
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1025 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1026 401 push not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1027
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1028 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1029 push not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1030 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1031
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1032 $ hg bookmarks
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1033 no bookmarks set
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1034
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1035 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
1036 401 push not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1037
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
1038 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
1039 push not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
1040 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1041
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1042 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1043 401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1044
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1045 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1046 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1047 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1048
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1049 Reset server to remove REQUEST_METHOD hack to test hg client
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1050
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1051 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1052 $ REMOTE_USER=baduser hg serve -p $HGPORT -d --pid-file hg.pid
36751
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
1053 $ cat hg.pid > $DAEMON_PIDS
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1054
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1055 $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1056 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1057 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1058 no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1059 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1060 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1061
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1062 $ hg --cwd ../test2 push http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1063 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1064 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1065 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1066 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1067
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1068 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1069
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1070 web.deny_push=<user> denies pushing to user not in list because allow-push isn't set
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1071
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1072 $ REMOTE_USER=gooduser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1073 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1074
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1075 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1076 401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1077
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1078 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1079 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1080 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1081
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1082 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1083 401 push not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1084
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1085 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1086 push not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1087 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1088
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1089 $ hg bookmarks
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1090 no bookmarks set
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1091
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1092 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
1093 401 push not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1094
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
1095 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
1096 push not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
1097 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1098
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1099 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1100 401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1101
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1102 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1103 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1104 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1105
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1106 Reset server to remove REQUEST_METHOD hack to test hg client
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1107
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1108 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1109 $ REMOTE_USER=gooduser hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1110 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1111
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1112 $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1113 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1114 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1115 no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1116 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1117 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1118
36751
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
1119 $ hg --cwd ../test2 push http://localhost:$HGPORT/
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
1120 pushing to http://localhost:$HGPORT/
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
1121 searching for changes
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
1122 abort: authorization failed
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
1123 [255]
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
1124
2c647da851ed tests: extract HTTP permissions tests to own test file
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset
1125 $ killdaemons.py
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1126
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1127 web.allow-push=* allows pushes from unauthenticated users
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1128
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1129 $ cat > .hg/hgrc <<EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1130 > [web]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1131 > push_ssl = false
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1132 > allow-push = *
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1133 > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1134
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1135 $ REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1136 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1137
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1138 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1139 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1140
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1141 1
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1142
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1143 $ hg bookmarks
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1144 bm 0:cb9a9f314b8b
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1145 $ hg book -d bm
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1146
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1147 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1148 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1149
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1150 write command no defined permissions
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1151
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1152 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1153 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1154
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1155 write command w/ defined permissions
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1156
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1157 Reset server to remove REQUEST_METHOD hack to test hg client
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1158
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1159 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1160 $ hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1161 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1162
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1163 $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1164 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1165 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1166 no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1167 exporting bookmark bm
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1168 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1169
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1170 $ hg book -d bm
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1171
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1172 $ hg --cwd ../test2 push http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1173 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1174 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1175 remote: adding changesets
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1176 remote: adding manifests
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1177 remote: adding file changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1178 remote: added 1 changesets with 1 changes to 1 files
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1179
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1180 $ hg strip -r 1:
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1181 saved backup bundle to $TESTTMP/test/.hg/strip-backup/ba677d0156c1-eea704d7-backup.hg
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1182
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1183 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1184
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1185 web.allow-push=* allows pushes from authenticated users
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1186
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1187 $ REMOTE_USER=someuser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1188 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1189
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1190 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1191 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1192
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1193 1
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1194
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1195 $ hg bookmarks
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1196 bm 0:cb9a9f314b8b
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1197 $ hg book -d bm
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1198
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1199 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1200 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1201
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1202 write command no defined permissions
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1203
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1204 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1205 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1206
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1207 write command w/ defined permissions
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1208
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1209 Reset server to remove REQUEST_METHOD hack to test hg client
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1210
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1211 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1212 $ REMOTE_USER=someuser hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1213 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1214
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1215 $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1216 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1217 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1218 no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1219 exporting bookmark bm
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1220 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1221
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1222 $ hg book -d bm
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1223
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1224 $ hg --cwd ../test2 push http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1225 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1226 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1227 remote: adding changesets
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1228 remote: adding manifests
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1229 remote: adding file changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1230 remote: added 1 changesets with 1 changes to 1 files
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1231
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1232 $ hg strip -r 1:
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1233 saved backup bundle to $TESTTMP/test/.hg/strip-backup/ba677d0156c1-eea704d7-backup.hg
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1234
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1235 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1236
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1237 web.allow-push=<user> denies push to user not in list
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1238
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1239 $ cat > .hg/hgrc <<EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1240 > [web]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1241 > push_ssl = false
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1242 > allow-push = gooduser
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1243 > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1244
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1245 $ REMOTE_USER=baduser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1246 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1247
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1248 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1249 401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1250
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1251 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1252 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1253 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1254
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1255 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1256 401 push not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1257
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1258 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1259 push not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1260 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1261
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1262 $ hg bookmarks
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1263 no bookmarks set
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1264
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1265 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
1266 401 push not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1267
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
1268 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
1269 push not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
1270 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1271
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1272 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1273 401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1274
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1275 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1276 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1277 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1278
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1279 Reset server to remove REQUEST_METHOD hack to test hg client
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1280
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1281 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1282 $ REMOTE_USER=baduser hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1283 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1284
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1285 $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1286 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1287 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1288 no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1289 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1290 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1291
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1292 $ hg --cwd ../test2 push http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1293 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1294 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1295 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1296 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1297
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1298 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1299
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1300 web.allow-push=<user> allows push from user in list
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1301
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1302 $ REMOTE_USER=gooduser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1303 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1304
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1305 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1306 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1307
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1308 1
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1309
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1310 $ hg bookmarks
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1311 bm 0:cb9a9f314b8b
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1312 $ hg book -d bm
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1313
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1314 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1315 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1316
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1317 1
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1318
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1319 $ hg bookmarks
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1320 bm 0:cb9a9f314b8b
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1321 $ hg book -d bm
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1322
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1323 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1324 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1325
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1326 write command no defined permissions
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1327
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1328 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1329 200 Script output follows
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1330
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1331 write command w/ defined permissions
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1332
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1333 Reset server to remove REQUEST_METHOD hack to test hg client
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1334
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1335 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1336 $ REMOTE_USER=gooduser hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1337 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1338
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1339 $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1340 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1341 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1342 no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1343 exporting bookmark bm
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1344 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1345
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1346 $ hg book -d bm
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1347
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1348 $ hg --cwd ../test2 push http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1349 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1350 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1351 remote: adding changesets
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1352 remote: adding manifests
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1353 remote: adding file changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1354 remote: added 1 changesets with 1 changes to 1 files
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1355
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1356 $ hg strip -r 1:
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1357 saved backup bundle to $TESTTMP/test/.hg/strip-backup/ba677d0156c1-eea704d7-backup.hg
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1358
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1359 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1360
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1361 web.deny_push takes precedence over web.allow_push
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1362
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1363 $ cat > .hg/hgrc <<EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1364 > [web]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1365 > push_ssl = false
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1366 > allow-push = someuser
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1367 > deny_push = someuser
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1368 > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1369
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1370 $ REMOTE_USER=someuser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1371 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1372
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1373 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1374 401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1375
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1376 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1377 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1378 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1379
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1380 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1381 401 push not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1382
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1383 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1384 push not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1385 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1386
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1387 $ hg bookmarks
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1388 no bookmarks set
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1389
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1390 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
1391 401 push not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1392
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
1393 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
1394 push not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
1395 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1396
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1397 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1398 401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1399
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1400 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1401 push not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1402 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1403
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1404 Reset server to remove REQUEST_METHOD hack to test hg client
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1405
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1406 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1407 $ REMOTE_USER=someuser hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1408 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1409
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1410 $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1411 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1412 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1413 no changes found
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1414 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1415 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1416
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1417 $ hg --cwd ../test2 push http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1418 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1419 searching for changes
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1420 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1421 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1422
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1423 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1424
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1425 web.allow-push has no effect if web.deny_read is set
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1426
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1427 $ cat > .hg/hgrc <<EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1428 > [web]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1429 > push_ssl = false
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1430 > allow-push = *
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1431 > deny_read = *
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1432 > EOF
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1433
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1434 $ REQUEST_METHOD=POST REMOTE_USER=someuser hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1435 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1436
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1437 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1438 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1439
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1440 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1441 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1442 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1443
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1444 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1445 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1446
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1447 0
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1448 read not authorized
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1449 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1450
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1451 $ hg bookmarks
36755
ff4bc0ab6740 wireproto: check permissions when executing "batch" command (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36754
diff changeset
1452 no bookmarks set
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1453
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1454 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
1455 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1456
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
1457 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
1458 read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
1459 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1460
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1461 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1462 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1463
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1464 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1465 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1466 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1467
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1468 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
1469 401 read not authorized
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1470
36756
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
1471 0
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
1472 read not authorized
2ecb0fc535b1 hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36755
diff changeset
1473 [1]
36752
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1474
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1475 $ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1476 401 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1477
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1478 0
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1479 read not authorized
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1480 [1]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1481
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1482 Reset server to remove REQUEST_METHOD hack to test hg client
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1483
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1484 $ killdaemons.py
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1485 $ REMOTE_USER=someuser hg serve -p $HGPORT -d --pid-file hg.pid
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1486 $ cat hg.pid > $DAEMON_PIDS
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1487
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1488 $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1489 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1490 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1491 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1492
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1493 $ hg --cwd ../test2 push http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1494 pushing to http://localhost:$HGPORT/
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1495 abort: authorization failed
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1496 [255]
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1497
bbd4027b019b tests: comprehensively test HTTP server permissions checking
Gregory Szorc <gregory.szorc@gmail.com>
parents: 36751
diff changeset
1498 $ killdaemons.py