Mercurial > hg
annotate tests/test-pull-r.t @ 36754:e3c228b4510d stable
wireproto: declare operation type for most commands (BC) (SEC)
The permissions model of hgweb relies on a dictionary to declare
the operation associated with each command - either "pull" or
"push." This dictionary was established by d3147b4e3e8a in 2008.
Unfortunately, we neglected to update this dictionary as new
wire protocol commands were introduced.
This commit defines the operations of most wire protocol commands
in the permissions dictionary. The "batch" command is omitted because
it is special and requires a more complex solution.
Since permissions checking is skipped unless a command has an entry in
this dictionary (this security issue will be addressed in a subsequent
commit), the practical effect of this change is that various wire
protocol commands now HTTP 401 if web.deny_read or web.allow-pull,
etc are set to deny access. This is reflected by test changes. Note
how various `hg pull` and `hg push` operations now fail before
discovery. (They fail during the initial "capabilities" request.)
This change fixes a security issue where built-in wire protocol
commands would return repository data even if the web config were
configured to deny access to that data.
I'm on the fence as to whether we should HTTP 401 the capabilities
request. On one hand, it can expose repository metadata and can tell
callers things like what version of Mercurial the server is running.
On the other hand, a client may need to know the capabilities in order
to authenticate in a follow-up request. It appears that Mercurial
clients handle the HTTP 401 on *any* protocol request, so we should
be OK sending a 401 for "capabilities." But if this causes problems,
it should be possible to allow "capabilities" to always work.
.. bc::
Various read-only wire protocol commands now return HTTP 401
Unauthorized if the hgweb configuration denies read/pull access to
the repository.
Previously, various wire protocol commands would still work and
return data if read access was disabled.
author | Gregory Szorc <gregory.szorc@gmail.com> |
---|---|
date | Tue, 20 Feb 2018 18:54:27 -0800 |
parents | edf52be98978 |
children | bd7b2c8d06cc |
rev | line source |
---|---|
12279 | 1 $ hg init repo |
2 $ cd repo | |
3 $ echo foo > foo | |
4 $ hg ci -qAm 'add foo' | |
5 $ echo >> foo | |
6 $ hg ci -m 'change foo' | |
7 $ hg up -qC 0 | |
8 $ echo bar > bar | |
9 $ hg ci -qAm 'add bar' | |
5221
8ede77c2d008
pull -r: pass the revisions as the heads argument of findincoming
Alexis S. L. Carvalho <alexis@cecm.usp.br>
parents:
diff
changeset
|
10 |
12279 | 11 $ hg log |
12 changeset: 2:effea6de0384 | |
13 tag: tip | |
14 parent: 0:bbd179dfa0a7 | |
15 user: test | |
16 date: Thu Jan 01 00:00:00 1970 +0000 | |
17 summary: add bar | |
18 | |
19 changeset: 1:ed1b79f46b9a | |
20 user: test | |
21 date: Thu Jan 01 00:00:00 1970 +0000 | |
22 summary: change foo | |
23 | |
24 changeset: 0:bbd179dfa0a7 | |
25 user: test | |
26 date: Thu Jan 01 00:00:00 1970 +0000 | |
27 summary: add foo | |
28 | |
29 $ cd .. | |
14036
90d997a812dc
changegroup: do not count closed new heads (issue2697)
Adrian Buehlmann <adrian@cadifra.com>
parents:
13446
diff
changeset
|
30 |
90d997a812dc
changegroup: do not count closed new heads (issue2697)
Adrian Buehlmann <adrian@cadifra.com>
parents:
13446
diff
changeset
|
31 don't show "(+1 heads)" message when pulling closed head |
90d997a812dc
changegroup: do not count closed new heads (issue2697)
Adrian Buehlmann <adrian@cadifra.com>
parents:
13446
diff
changeset
|
32 |
90d997a812dc
changegroup: do not count closed new heads (issue2697)
Adrian Buehlmann <adrian@cadifra.com>
parents:
13446
diff
changeset
|
33 $ hg clone -q repo repo2 |
90d997a812dc
changegroup: do not count closed new heads (issue2697)
Adrian Buehlmann <adrian@cadifra.com>
parents:
13446
diff
changeset
|
34 $ hg clone -q repo2 repo3 |
90d997a812dc
changegroup: do not count closed new heads (issue2697)
Adrian Buehlmann <adrian@cadifra.com>
parents:
13446
diff
changeset
|
35 $ cd repo2 |
90d997a812dc
changegroup: do not count closed new heads (issue2697)
Adrian Buehlmann <adrian@cadifra.com>
parents:
13446
diff
changeset
|
36 $ hg up -q 0 |
90d997a812dc
changegroup: do not count closed new heads (issue2697)
Adrian Buehlmann <adrian@cadifra.com>
parents:
13446
diff
changeset
|
37 $ echo hello >> foo |
90d997a812dc
changegroup: do not count closed new heads (issue2697)
Adrian Buehlmann <adrian@cadifra.com>
parents:
13446
diff
changeset
|
38 $ hg ci -mx1 |
90d997a812dc
changegroup: do not count closed new heads (issue2697)
Adrian Buehlmann <adrian@cadifra.com>
parents:
13446
diff
changeset
|
39 created new head |
90d997a812dc
changegroup: do not count closed new heads (issue2697)
Adrian Buehlmann <adrian@cadifra.com>
parents:
13446
diff
changeset
|
40 $ hg ci -mx2 --close-branch |
90d997a812dc
changegroup: do not count closed new heads (issue2697)
Adrian Buehlmann <adrian@cadifra.com>
parents:
13446
diff
changeset
|
41 $ cd ../repo3 |
90d997a812dc
changegroup: do not count closed new heads (issue2697)
Adrian Buehlmann <adrian@cadifra.com>
parents:
13446
diff
changeset
|
42 $ hg heads -q --closed |
90d997a812dc
changegroup: do not count closed new heads (issue2697)
Adrian Buehlmann <adrian@cadifra.com>
parents:
13446
diff
changeset
|
43 2:effea6de0384 |
90d997a812dc
changegroup: do not count closed new heads (issue2697)
Adrian Buehlmann <adrian@cadifra.com>
parents:
13446
diff
changeset
|
44 1:ed1b79f46b9a |
90d997a812dc
changegroup: do not count closed new heads (issue2697)
Adrian Buehlmann <adrian@cadifra.com>
parents:
13446
diff
changeset
|
45 $ hg pull |
35393
4441705b7111
tests: remove (glob) annotations that were only for '\' matches
Matt Harbison <matt_harbison@yahoo.com>
parents:
34661
diff
changeset
|
46 pulling from $TESTTMP/repo2 |
14036
90d997a812dc
changegroup: do not count closed new heads (issue2697)
Adrian Buehlmann <adrian@cadifra.com>
parents:
13446
diff
changeset
|
47 searching for changes |
90d997a812dc
changegroup: do not count closed new heads (issue2697)
Adrian Buehlmann <adrian@cadifra.com>
parents:
13446
diff
changeset
|
48 adding changesets |
90d997a812dc
changegroup: do not count closed new heads (issue2697)
Adrian Buehlmann <adrian@cadifra.com>
parents:
13446
diff
changeset
|
49 adding manifests |
90d997a812dc
changegroup: do not count closed new heads (issue2697)
Adrian Buehlmann <adrian@cadifra.com>
parents:
13446
diff
changeset
|
50 adding file changes |
90d997a812dc
changegroup: do not count closed new heads (issue2697)
Adrian Buehlmann <adrian@cadifra.com>
parents:
13446
diff
changeset
|
51 added 2 changesets with 1 changes to 1 files |
34661
eb586ed5d8ce
transaction-summary: show the range of new revisions upon pull/unbundle (BC)
Denis Laxalde <denis.laxalde@logilab.fr>
parents:
28549
diff
changeset
|
52 new changesets 8c900227dd5d:00cfe9073916 |
14036
90d997a812dc
changegroup: do not count closed new heads (issue2697)
Adrian Buehlmann <adrian@cadifra.com>
parents:
13446
diff
changeset
|
53 (run 'hg update' to get a working copy) |
90d997a812dc
changegroup: do not count closed new heads (issue2697)
Adrian Buehlmann <adrian@cadifra.com>
parents:
13446
diff
changeset
|
54 $ hg heads -q --closed |
14162
301725c3df9a
localrepo: reuse parent manifest in commitctx if no files have changed
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
14036
diff
changeset
|
55 4:00cfe9073916 |
14036
90d997a812dc
changegroup: do not count closed new heads (issue2697)
Adrian Buehlmann <adrian@cadifra.com>
parents:
13446
diff
changeset
|
56 2:effea6de0384 |
90d997a812dc
changegroup: do not count closed new heads (issue2697)
Adrian Buehlmann <adrian@cadifra.com>
parents:
13446
diff
changeset
|
57 1:ed1b79f46b9a |
90d997a812dc
changegroup: do not count closed new heads (issue2697)
Adrian Buehlmann <adrian@cadifra.com>
parents:
13446
diff
changeset
|
58 |
90d997a812dc
changegroup: do not count closed new heads (issue2697)
Adrian Buehlmann <adrian@cadifra.com>
parents:
13446
diff
changeset
|
59 $ cd .. |
90d997a812dc
changegroup: do not count closed new heads (issue2697)
Adrian Buehlmann <adrian@cadifra.com>
parents:
13446
diff
changeset
|
60 |
12279 | 61 $ hg init copy |
62 $ cd copy | |
63 | |
64 Pull a missing revision: | |
5221
8ede77c2d008
pull -r: pass the revisions as the heads argument of findincoming
Alexis S. L. Carvalho <alexis@cecm.usp.br>
parents:
diff
changeset
|
65 |
12279 | 66 $ hg pull -qr missing ../repo |
67 abort: unknown revision 'missing'! | |
12316
4134686b83e1
tests: add exit codes to unified tests
Matt Mackall <mpm@selenic.com>
parents:
12279
diff
changeset
|
68 [255] |
12279 | 69 |
70 Pull multiple revisions with update: | |
6405
b8346ae5d64b
commands: fix shadowed repo module
Patrick Mezard <pmezard@gmail.com>
parents:
5221
diff
changeset
|
71 |
12279 | 72 $ hg pull -qu -r 0 -r 1 ../repo |
73 $ hg -q parents | |
74 0:bbd179dfa0a7 | |
75 $ hg rollback | |
13446
1e497df514e2
rollback: clarifies the message about the reverted state (issue2628)
Gilles Moris <gilles.moris@free.fr>
parents:
12316
diff
changeset
|
76 repository tip rolled back to revision -1 (undo pull) |
1e497df514e2
rollback: clarifies the message about the reverted state (issue2628)
Gilles Moris <gilles.moris@free.fr>
parents:
12316
diff
changeset
|
77 working directory now based on revision -1 |
10358
d42821cd5c96
pull: with -u and -r, update to the first revision given
Sune Foldager <cryo@cyanite.org>
parents:
8167
diff
changeset
|
78 |
12279 | 79 $ hg pull -qr 0 ../repo |
80 $ hg log | |
81 changeset: 0:bbd179dfa0a7 | |
82 tag: tip | |
83 user: test | |
84 date: Thu Jan 01 00:00:00 1970 +0000 | |
85 summary: add foo | |
86 | |
87 $ hg pull -qr 1 ../repo | |
88 $ hg log | |
89 changeset: 1:ed1b79f46b9a | |
90 tag: tip | |
91 user: test | |
92 date: Thu Jan 01 00:00:00 1970 +0000 | |
93 summary: change foo | |
94 | |
95 changeset: 0:bbd179dfa0a7 | |
96 user: test | |
97 date: Thu Jan 01 00:00:00 1970 +0000 | |
98 summary: add foo | |
99 | |
5221
8ede77c2d008
pull -r: pass the revisions as the heads argument of findincoming
Alexis S. L. Carvalho <alexis@cecm.usp.br>
parents:
diff
changeset
|
100 |
12279 | 101 This used to abort: received changelog group is empty: |
5221
8ede77c2d008
pull -r: pass the revisions as the heads argument of findincoming
Alexis S. L. Carvalho <alexis@cecm.usp.br>
parents:
diff
changeset
|
102 |
12279 | 103 $ hg pull -qr 1 ../repo |
104 | |
25425
9263f86b9681
pull: avoid race condition with 'hg pull --rev name --update' (issue4706)
Pierre-Yves David <pierre-yves.david@fb.com>
parents:
16913
diff
changeset
|
105 Test race condition with -r and -U (issue4707) |
9263f86b9681
pull: avoid race condition with 'hg pull --rev name --update' (issue4706)
Pierre-Yves David <pierre-yves.david@fb.com>
parents:
16913
diff
changeset
|
106 |
9263f86b9681
pull: avoid race condition with 'hg pull --rev name --update' (issue4706)
Pierre-Yves David <pierre-yves.david@fb.com>
parents:
16913
diff
changeset
|
107 We pull '-U -r <name>' and the name change right after/during the changegroup emission. |
9263f86b9681
pull: avoid race condition with 'hg pull --rev name --update' (issue4706)
Pierre-Yves David <pierre-yves.david@fb.com>
parents:
16913
diff
changeset
|
108 We use http because http is better is our racy-est option. |
9263f86b9681
pull: avoid race condition with 'hg pull --rev name --update' (issue4706)
Pierre-Yves David <pierre-yves.david@fb.com>
parents:
16913
diff
changeset
|
109 |
9263f86b9681
pull: avoid race condition with 'hg pull --rev name --update' (issue4706)
Pierre-Yves David <pierre-yves.david@fb.com>
parents:
16913
diff
changeset
|
110 |
9263f86b9681
pull: avoid race condition with 'hg pull --rev name --update' (issue4706)
Pierre-Yves David <pierre-yves.david@fb.com>
parents:
16913
diff
changeset
|
111 $ echo babar > ../repo/jungle |
9263f86b9681
pull: avoid race condition with 'hg pull --rev name --update' (issue4706)
Pierre-Yves David <pierre-yves.david@fb.com>
parents:
16913
diff
changeset
|
112 $ cat <<EOF > ../repo/.hg/hgrc |
9263f86b9681
pull: avoid race condition with 'hg pull --rev name --update' (issue4706)
Pierre-Yves David <pierre-yves.david@fb.com>
parents:
16913
diff
changeset
|
113 > [hooks] |
9263f86b9681
pull: avoid race condition with 'hg pull --rev name --update' (issue4706)
Pierre-Yves David <pierre-yves.david@fb.com>
parents:
16913
diff
changeset
|
114 > outgoing.makecommit = hg ci -Am 'racy commit'; echo committed in pull-race |
9263f86b9681
pull: avoid race condition with 'hg pull --rev name --update' (issue4706)
Pierre-Yves David <pierre-yves.david@fb.com>
parents:
16913
diff
changeset
|
115 > EOF |
28549 | 116 $ hg serve -R ../repo -p $HGPORT2 -d --pid-file=../repo.pid |
25425
9263f86b9681
pull: avoid race condition with 'hg pull --rev name --update' (issue4706)
Pierre-Yves David <pierre-yves.david@fb.com>
parents:
16913
diff
changeset
|
117 $ cat ../repo.pid >> $DAEMON_PIDS |
9263f86b9681
pull: avoid race condition with 'hg pull --rev name --update' (issue4706)
Pierre-Yves David <pierre-yves.david@fb.com>
parents:
16913
diff
changeset
|
118 $ hg pull --rev default --update http://localhost:$HGPORT2/ |
9263f86b9681
pull: avoid race condition with 'hg pull --rev name --update' (issue4706)
Pierre-Yves David <pierre-yves.david@fb.com>
parents:
16913
diff
changeset
|
119 pulling from http://localhost:$HGPORT2/ |
9263f86b9681
pull: avoid race condition with 'hg pull --rev name --update' (issue4706)
Pierre-Yves David <pierre-yves.david@fb.com>
parents:
16913
diff
changeset
|
120 searching for changes |
9263f86b9681
pull: avoid race condition with 'hg pull --rev name --update' (issue4706)
Pierre-Yves David <pierre-yves.david@fb.com>
parents:
16913
diff
changeset
|
121 adding changesets |
9263f86b9681
pull: avoid race condition with 'hg pull --rev name --update' (issue4706)
Pierre-Yves David <pierre-yves.david@fb.com>
parents:
16913
diff
changeset
|
122 adding manifests |
9263f86b9681
pull: avoid race condition with 'hg pull --rev name --update' (issue4706)
Pierre-Yves David <pierre-yves.david@fb.com>
parents:
16913
diff
changeset
|
123 adding file changes |
9263f86b9681
pull: avoid race condition with 'hg pull --rev name --update' (issue4706)
Pierre-Yves David <pierre-yves.david@fb.com>
parents:
16913
diff
changeset
|
124 added 1 changesets with 1 changes to 1 files (+1 heads) |
34661
eb586ed5d8ce
transaction-summary: show the range of new revisions upon pull/unbundle (BC)
Denis Laxalde <denis.laxalde@logilab.fr>
parents:
28549
diff
changeset
|
125 new changesets effea6de0384 |
25425
9263f86b9681
pull: avoid race condition with 'hg pull --rev name --update' (issue4706)
Pierre-Yves David <pierre-yves.david@fb.com>
parents:
16913
diff
changeset
|
126 2 files updated, 0 files merged, 0 files removed, 0 files unresolved |
9263f86b9681
pull: avoid race condition with 'hg pull --rev name --update' (issue4706)
Pierre-Yves David <pierre-yves.david@fb.com>
parents:
16913
diff
changeset
|
127 $ hg log -G |
9263f86b9681
pull: avoid race condition with 'hg pull --rev name --update' (issue4706)
Pierre-Yves David <pierre-yves.david@fb.com>
parents:
16913
diff
changeset
|
128 @ changeset: 2:effea6de0384 |
9263f86b9681
pull: avoid race condition with 'hg pull --rev name --update' (issue4706)
Pierre-Yves David <pierre-yves.david@fb.com>
parents:
16913
diff
changeset
|
129 | tag: tip |
9263f86b9681
pull: avoid race condition with 'hg pull --rev name --update' (issue4706)
Pierre-Yves David <pierre-yves.david@fb.com>
parents:
16913
diff
changeset
|
130 | parent: 0:bbd179dfa0a7 |
9263f86b9681
pull: avoid race condition with 'hg pull --rev name --update' (issue4706)
Pierre-Yves David <pierre-yves.david@fb.com>
parents:
16913
diff
changeset
|
131 | user: test |
9263f86b9681
pull: avoid race condition with 'hg pull --rev name --update' (issue4706)
Pierre-Yves David <pierre-yves.david@fb.com>
parents:
16913
diff
changeset
|
132 | date: Thu Jan 01 00:00:00 1970 +0000 |
9263f86b9681
pull: avoid race condition with 'hg pull --rev name --update' (issue4706)
Pierre-Yves David <pierre-yves.david@fb.com>
parents:
16913
diff
changeset
|
133 | summary: add bar |
9263f86b9681
pull: avoid race condition with 'hg pull --rev name --update' (issue4706)
Pierre-Yves David <pierre-yves.david@fb.com>
parents:
16913
diff
changeset
|
134 | |
9263f86b9681
pull: avoid race condition with 'hg pull --rev name --update' (issue4706)
Pierre-Yves David <pierre-yves.david@fb.com>
parents:
16913
diff
changeset
|
135 | o changeset: 1:ed1b79f46b9a |
9263f86b9681
pull: avoid race condition with 'hg pull --rev name --update' (issue4706)
Pierre-Yves David <pierre-yves.david@fb.com>
parents:
16913
diff
changeset
|
136 |/ user: test |
9263f86b9681
pull: avoid race condition with 'hg pull --rev name --update' (issue4706)
Pierre-Yves David <pierre-yves.david@fb.com>
parents:
16913
diff
changeset
|
137 | date: Thu Jan 01 00:00:00 1970 +0000 |
9263f86b9681
pull: avoid race condition with 'hg pull --rev name --update' (issue4706)
Pierre-Yves David <pierre-yves.david@fb.com>
parents:
16913
diff
changeset
|
138 | summary: change foo |
9263f86b9681
pull: avoid race condition with 'hg pull --rev name --update' (issue4706)
Pierre-Yves David <pierre-yves.david@fb.com>
parents:
16913
diff
changeset
|
139 | |
9263f86b9681
pull: avoid race condition with 'hg pull --rev name --update' (issue4706)
Pierre-Yves David <pierre-yves.david@fb.com>
parents:
16913
diff
changeset
|
140 o changeset: 0:bbd179dfa0a7 |
9263f86b9681
pull: avoid race condition with 'hg pull --rev name --update' (issue4706)
Pierre-Yves David <pierre-yves.david@fb.com>
parents:
16913
diff
changeset
|
141 user: test |
9263f86b9681
pull: avoid race condition with 'hg pull --rev name --update' (issue4706)
Pierre-Yves David <pierre-yves.david@fb.com>
parents:
16913
diff
changeset
|
142 date: Thu Jan 01 00:00:00 1970 +0000 |
9263f86b9681
pull: avoid race condition with 'hg pull --rev name --update' (issue4706)
Pierre-Yves David <pierre-yves.david@fb.com>
parents:
16913
diff
changeset
|
143 summary: add foo |
9263f86b9681
pull: avoid race condition with 'hg pull --rev name --update' (issue4706)
Pierre-Yves David <pierre-yves.david@fb.com>
parents:
16913
diff
changeset
|
144 |
9263f86b9681
pull: avoid race condition with 'hg pull --rev name --update' (issue4706)
Pierre-Yves David <pierre-yves.david@fb.com>
parents:
16913
diff
changeset
|
145 |
16913
f2719b387380
tests: add missing trailing 'cd ..'
Mads Kiilerich <mads@kiilerich.com>
parents:
16107
diff
changeset
|
146 $ cd .. |
35612
edf52be98978
test-pull-r: explicitly kill server processes
Joerg Sonnenberger <joerg@bec.de>
parents:
35393
diff
changeset
|
147 $ killdaemons.py |