Mercurial > hg
comparison mercurial/httpconnection.py @ 15005:4a43e23b8c55 stable 1.9.1
hgweb: do not ignore [auth] if url has a username (issue2822)
The [auth] section was ignored when handling URLs like:
http://user@example.com/foo
Instead, we look in [auth] for an entry matching the URL and supplied user
name. Entries without username can match URL with a username. Prefix length
ties are resolved in favor of entries matching the username. With:
foo.prefix = http://example.org
foo.username = user
foo.password = password
bar.prefix = http://example.org/bar
and the input URL:
http://user@example.org/bar
the 'bar' entry will be selected because of prefix length, therefore prompting
for a password. This behaviour ensure that entries selection is consistent when
looking for credentials or for certificates, and that certificates can be
picked even if their entries do no define usernames while the URL does.
Additionally, entries without a username matched against a username are
returned as if they did have requested username set to avoid prompting again
for a username if the password is not set.
v2: reparse the URL in readauthforuri() to handle HTTP and HTTPS similarly.
v3: allow unset usernames to match URL usernames to pick certificates. Resolve
prefix length ties in favor of entries with usernames.
| author | Patrick Mezard <pmezard@gmail.com> |
|---|---|
| date | Mon, 01 Aug 2011 23:58:50 +0200 |
| parents | c864f5e743ef |
| children | 0593e8f81c71 |
comparison
equal
deleted
inserted
replaced
| 15004:d06b9c55ddab | 15005:4a43e23b8c55 |
|---|---|
| 70 if setting in ('username', 'cert', 'key'): | 70 if setting in ('username', 'cert', 'key'): |
| 71 val = util.expandpath(val) | 71 val = util.expandpath(val) |
| 72 gdict[setting] = val | 72 gdict[setting] = val |
| 73 | 73 |
| 74 # Find the best match | 74 # Find the best match |
| 75 uri = util.url(uri) | |
| 76 user = uri.user | |
| 77 uri.user = uri.password = None | |
| 78 uri = str(uri) | |
| 75 scheme, hostpath = uri.split('://', 1) | 79 scheme, hostpath = uri.split('://', 1) |
| 80 bestuser = None | |
| 76 bestlen = 0 | 81 bestlen = 0 |
| 77 bestauth = None | 82 bestauth = None |
| 78 for group, auth in config.iteritems(): | 83 for group, auth in config.iteritems(): |
| 84 if user and user != auth.get('username', user): | |
| 85 # If a username was set in the URI, the entry username | |
| 86 # must either match it or be unset | |
| 87 continue | |
| 79 prefix = auth.get('prefix') | 88 prefix = auth.get('prefix') |
| 80 if not prefix: | 89 if not prefix: |
| 81 continue | 90 continue |
| 82 p = prefix.split('://', 1) | 91 p = prefix.split('://', 1) |
| 83 if len(p) > 1: | 92 if len(p) > 1: |
| 84 schemes, prefix = [p[0]], p[1] | 93 schemes, prefix = [p[0]], p[1] |
| 85 else: | 94 else: |
| 86 schemes = (auth.get('schemes') or 'https').split() | 95 schemes = (auth.get('schemes') or 'https').split() |
| 87 if (prefix == '*' or hostpath.startswith(prefix)) and \ | 96 if (prefix == '*' or hostpath.startswith(prefix)) and \ |
| 88 len(prefix) > bestlen and scheme in schemes: | 97 (len(prefix) > bestlen or (len(prefix) == bestlen and \ |
| 98 not bestuser and 'username' in auth)) \ | |
| 99 and scheme in schemes: | |
| 89 bestlen = len(prefix) | 100 bestlen = len(prefix) |
| 90 bestauth = group, auth | 101 bestauth = group, auth |
| 102 bestuser = auth.get('username') | |
| 103 if user and not bestuser: | |
| 104 auth['username'] = user | |
| 91 return bestauth | 105 return bestauth |
| 92 | 106 |
| 93 # Mercurial (at least until we can remove the old codepath) requires | 107 # Mercurial (at least until we can remove the old codepath) requires |
| 94 # that the http response object be sufficiently file-like, so we | 108 # that the http response object be sufficiently file-like, so we |
| 95 # provide a close() method here. | 109 # provide a close() method here. |