Mercurial > hg

view tests/test-hgweb-non-interactive.t @ 29289:3536673a25ae

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
sslutil: move and change warning when cert verification is disabled A short time ago, validatesocket() didn't know the reasons why cert verification was disabled. Multiple code paths could lead to cert verification being disabled. e.g. --insecure and lack of loaded CAs. With the recent refactorings to sslutil.py, we now know the reasons behind security settings. This means we can recognize when the user requested security be disabled (as opposed to being unable to provide certificate verification due to lack of CAs). This patch moves the check for certificate verification being disabled and changes the wording to distinguish it from other states. The warning message is purposefully more dangerous sounding in order to help discourage people from disabling security outright. We may want to add a URL or hint to this message. I'm going to wait until additional changes to security defaults before committing to something.
author Gregory Szorc <gregory.szorc@gmail.com>
date Mon, 30 May 2016 13:15:53 -0700
parents 86db5cb55d46
children 636cf3f7620d
line wrap: on
line source

Tests if hgweb can run without touching sys.stdin, as is required
by the WSGI standard and strictly implemented by mod_wsgi.

  $ hg init repo
  $ cd repo
  $ echo foo > bar
  $ hg add bar
  $ hg commit -m "test"
  $ cat > request.py <<EOF
  > from __future__ import absolute_import
  > import os
  > import sys
  > from mercurial import (
  >     dispatch,
  >     hg,
  >     ui as uimod,
  >     util,
  > )
  > ui = uimod.ui
  > from mercurial.hgweb.hgweb_mod import (
  >     hgweb,
  > )
  > stringio = util.stringio
  > 
  > class FileLike(object):
  >     def __init__(self, real):
  >         self.real = real
  >     def fileno(self):
  >         print >> sys.__stdout__, 'FILENO'
  >         return self.real.fileno()
  >     def read(self):
  >         print >> sys.__stdout__, 'READ'
  >         return self.real.read()
  >     def readline(self):
  >         print >> sys.__stdout__, 'READLINE'
  >         return self.real.readline()
  > 
  > sys.stdin = FileLike(sys.stdin)
  > errors = stringio()
  > input = stringio()
  > output = stringio()
  > 
  > def startrsp(status, headers):
  >     print '---- STATUS'
  >     print status
  >     print '---- HEADERS'
  >     print [i for i in headers if i[0] != 'ETag']
  >     print '---- DATA'
  >     return output.write
  > 
  > env = {
  >     'wsgi.version': (1, 0),
  >     'wsgi.url_scheme': 'http',
  >     'wsgi.errors': errors,
  >     'wsgi.input': input,
  >     'wsgi.multithread': False,
  >     'wsgi.multiprocess': False,
  >     'wsgi.run_once': False,
  >     'REQUEST_METHOD': 'GET',
  >     'SCRIPT_NAME': '',
  >     'PATH_INFO': '',
  >     'QUERY_STRING': '',
  >     'SERVER_NAME': '127.0.0.1',
  >     'SERVER_PORT': os.environ['HGPORT'],
  >     'SERVER_PROTOCOL': 'HTTP/1.0'
  > }
  > 
  > i = hgweb('.')
  > for c in i(env, startrsp):
  >     pass
  > print '---- ERRORS'
  > print errors.getvalue()
  > print '---- OS.ENVIRON wsgi variables'
  > print sorted([x for x in os.environ if x.startswith('wsgi')])
  > print '---- request.ENVIRON wsgi variables'
  > with i._obtainrepo() as repo:
  >     print sorted([x for x in repo.ui.environ if x.startswith('wsgi')])
  > EOF
  $ python request.py
  ---- STATUS
  200 Script output follows
  ---- HEADERS
  [('Content-Type', 'text/html; charset=ascii')]
  ---- DATA
  ---- ERRORS
  
  ---- OS.ENVIRON wsgi variables
  []
  ---- request.ENVIRON wsgi variables
  ['wsgi.errors', 'wsgi.input', 'wsgi.multiprocess', 'wsgi.multithread', 'wsgi.run_once', 'wsgi.url_scheme', 'wsgi.version']

  $ cd ..