Mercurial > hg

comparison tests/test-http.t @ 31936:806f9a883b4f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
url: support auth.cookiesfile for adding cookies to HTTP requests Mercurial can't currently send cookies as part of HTTP requests. Some authentication systems use cookies. So, it seems like adding support for sending cookies seems like a useful feature. This patch implements support for reading cookies from a file and automatically sending them as part of the request. We rely on the "cookiejar" Python module to do the heavy lifting of parsing cookies files. We currently only support the Mozilla (really Netscape-era) cookie format. There is another format supported by cookielib and we may want to consider using that, especially since the Netscape cookie parser can't parse ports. It wasn't immediately obvious to me what the format of the other parser is, so I didn't know how to test it. I /think/ it might be literal "Cookie" header values, but I'm not sure. If it is more robust than the Netscape format, we may want to just support it.
author Gregory Szorc <gregory.szorc@gmail.com>
date Thu, 09 Mar 2017 22:40:52 -0800
parents 49e9124cfc23
children 9a782e7e651e
comparison
equal deleted inserted replaced
31935:566cb89050b7 31936:806f9a883b4f
1 #require serve 1 #require killdaemons serve
2 2
3 $ hg init test 3 $ hg init test
4 $ cd test 4 $ cd test
5 $ echo foo>foo 5 $ echo foo>foo
6 $ mkdir foo.d foo.d/bAr.hg.d foo.d/baR.d.hg 6 $ mkdir foo.d foo.d/bAr.hg.d foo.d/baR.d.hg
331 requesting all changes 331 requesting all changes
332 remote: abort: this is an exercise 332 remote: abort: this is an exercise
333 abort: pull failed on remote 333 abort: pull failed on remote
334 [255] 334 [255]
335 $ cat error.log 335 $ cat error.log
336
337 corrupt cookies file should yield a warning
338
339 $ cat > $TESTTMP/cookies.txt << EOF
340 > bad format
341 > EOF
342
343 $ hg --config auth.cookiefile=$TESTTMP/cookies.txt id http://localhost:$HGPORT/
344 (error loading cookie file $TESTTMP/cookies.txt: '$TESTTMP/cookies.txt' does not look like a Netscape format cookies file; continuing without cookies)
345 56f9bc90cce6
346
347 $ killdaemons.py
348
349 Create dummy authentication handler that looks for cookies. It doesn't do anything
350 useful. It just raises an HTTP 500 with details about the Cookie request header.
351 We raise HTTP 500 because its message is printed in the abort message.
352
353 $ cat > cookieauth.py << EOF
354 > from mercurial import util
355 > from mercurial.hgweb import common
356 > def perform_authentication(hgweb, req, op):
357 > cookie = req.env.get('HTTP_COOKIE')
358 > if not cookie:
359 > raise common.ErrorResponse(common.HTTP_SERVER_ERROR, 'no-cookie')
360 > raise common.ErrorResponse(common.HTTP_SERVER_ERROR, 'Cookie: %s' % cookie)
361 > def extsetup():
362 > common.permhooks.insert(0, perform_authentication)
363 > EOF
364
365 $ hg serve --config extensions.cookieauth=cookieauth.py -R test -p $HGPORT -d --pid-file=pid
366 $ cat pid > $DAEMON_PIDS
367
368 Request without cookie sent should fail due to lack of cookie
369
370 $ hg id http://localhost:$HGPORT
371 abort: HTTP Error 500: no-cookie
372 [255]
373
374 Populate a cookies file
375
376 $ cat > cookies.txt << EOF
377 > # HTTP Cookie File
378 > # Expiration is 2030-01-01 at midnight
379 > .example.com TRUE / FALSE 1893456000 hgkey examplevalue
380 > EOF
381
382 Should not send a cookie for another domain
383
384 $ hg --config auth.cookiefile=cookies.txt id http://localhost:$HGPORT/
385 abort: HTTP Error 500: no-cookie
386 [255]
387
388 Add a cookie entry for our test server and verify it is sent
389
390 $ cat >> cookies.txt << EOF
391 > localhost.local FALSE / FALSE 1893456000 hgkey localhostvalue
392 > EOF
393
394 $ hg --config auth.cookiefile=cookies.txt id http://localhost:$HGPORT/
395 abort: HTTP Error 500: Cookie: hgkey=localhostvalue
396 [255]