Mercurial > hg

diff tests/test-http.t @ 31936:806f9a883b4f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
url: support auth.cookiesfile for adding cookies to HTTP requests Mercurial can't currently send cookies as part of HTTP requests. Some authentication systems use cookies. So, it seems like adding support for sending cookies seems like a useful feature. This patch implements support for reading cookies from a file and automatically sending them as part of the request. We rely on the "cookiejar" Python module to do the heavy lifting of parsing cookies files. We currently only support the Mozilla (really Netscape-era) cookie format. There is another format supported by cookielib and we may want to consider using that, especially since the Netscape cookie parser can't parse ports. It wasn't immediately obvious to me what the format of the other parser is, so I didn't know how to test it. I /think/ it might be literal "Cookie" header values, but I'm not sure. If it is more robust than the Netscape format, we may want to just support it.
author Gregory Szorc <gregory.szorc@gmail.com>
date Thu, 09 Mar 2017 22:40:52 -0800
parents 49e9124cfc23
children 9a782e7e651e
line wrap: on
line diff
--- a/tests/test-http.t	Thu Mar 09 22:35:10 2017 -0800
+++ b/tests/test-http.t	Thu Mar 09 22:40:52 2017 -0800
@@ -1,4 +1,4 @@
-#require serve
+#require killdaemons serve
 
   $ hg init test
   $ cd test
@@ -333,3 +333,64 @@
   abort: pull failed on remote
   [255]
   $ cat error.log
+
+corrupt cookies file should yield a warning
+
+  $ cat > $TESTTMP/cookies.txt << EOF
+  > bad format
+  > EOF
+
+  $ hg --config auth.cookiefile=$TESTTMP/cookies.txt id http://localhost:$HGPORT/
+  (error loading cookie file $TESTTMP/cookies.txt: '$TESTTMP/cookies.txt' does not look like a Netscape format cookies file; continuing without cookies)
+  56f9bc90cce6
+
+  $ killdaemons.py
+
+Create dummy authentication handler that looks for cookies. It doesn't do anything
+useful. It just raises an HTTP 500 with details about the Cookie request header.
+We raise HTTP 500 because its message is printed in the abort message.
+
+  $ cat > cookieauth.py << EOF
+  > from mercurial import util
+  > from mercurial.hgweb import common
+  > def perform_authentication(hgweb, req, op):
+  >     cookie = req.env.get('HTTP_COOKIE')
+  >     if not cookie:
+  >         raise common.ErrorResponse(common.HTTP_SERVER_ERROR, 'no-cookie')
+  >     raise common.ErrorResponse(common.HTTP_SERVER_ERROR, 'Cookie: %s' % cookie)
+  > def extsetup():
+  >     common.permhooks.insert(0, perform_authentication)
+  > EOF
+
+  $ hg serve --config extensions.cookieauth=cookieauth.py -R test -p $HGPORT -d --pid-file=pid
+  $ cat pid > $DAEMON_PIDS
+
+Request without cookie sent should fail due to lack of cookie
+
+  $ hg id http://localhost:$HGPORT
+  abort: HTTP Error 500: no-cookie
+  [255]
+
+Populate a cookies file
+
+  $ cat > cookies.txt << EOF
+  > # HTTP Cookie File
+  > # Expiration is 2030-01-01 at midnight
+  > .example.com	TRUE	/	FALSE	1893456000	hgkey	examplevalue
+  > EOF
+
+Should not send a cookie for another domain
+
+  $ hg --config auth.cookiefile=cookies.txt id http://localhost:$HGPORT/
+  abort: HTTP Error 500: no-cookie
+  [255]
+
+Add a cookie entry for our test server and verify it is sent
+
+  $ cat >> cookies.txt << EOF
+  > localhost.local	FALSE	/	FALSE	1893456000	hgkey	localhostvalue
+  > EOF
+
+  $ hg --config auth.cookiefile=cookies.txt id http://localhost:$HGPORT/
+  abort: HTTP Error 500: Cookie: hgkey=localhostvalue
+  [255]