Mercurial > hg
view tests/test-hgweb-auth.py @ 37766:925707ac2855
lfs: add the 'Authorization' property to the Batch API response, if present
The client copies all of these properties under 'header' to the HTTP Headers of
the subsequent GET or PUT request that it performs. That allows the Basic HTTP
authentication used to authorize the Batch API request to also authorize the
upload/download action.
There's likely further work to do here. There's an 'authenticated' boolean key
in the Batch API response that can be set, and there is an 'LFS-Authenticate'
header that is used instead of 'WWW-Authenticate'[1]. (We likely need to
support both, since some hosting solutions are likely to only respond with the
latter.) In any event, this works with SCM Manager, so there is real world
benefit.
I'm limiting the headers returned to 'Basic', because that's all the lfs spec
calls out. In practice, I've seen gitbucket emit custom header content[2].
[1] https://github.com/git-lfs/git-lfs/blob/master/docs/api/batch.md#response-errors
[2] https://github.com/gitbucket/gitbucket/blob/35655f33c7713f08515ed640ece0948acd6d6168/src/main/scala/gitbucket/core/servlet/GitRepositoryServlet.scala#L119
author | Matt Harbison <matt_harbison@yahoo.com> |
---|---|
date | Fri, 06 Apr 2018 11:13:47 -0400 |
parents | 58c1368ab629 |
children | 31c37e703cee |
line wrap: on
line source
from __future__ import absolute_import, print_function from mercurial import demandimport; demandimport.enable() from mercurial import ( error, ui as uimod, url, util, ) urlerr = util.urlerr urlreq = util.urlreq class myui(uimod.ui): def interactive(self): return False origui = myui.load() def writeauth(items): ui = origui.copy() for name, value in items.items(): ui.setconfig('auth', name, value) return ui def dumpdict(dict): return '{' + ', '.join(['%s: %s' % (k, dict[k]) for k in sorted(dict)]) + '}' def test(auth, urls=None): print('CFG:', dumpdict(auth)) prefixes = set() for k in auth: prefixes.add(k.split('.', 1)[0]) for p in prefixes: for name in ('.username', '.password'): if (p + name) not in auth: auth[p + name] = p auth = dict((k, v) for k, v in auth.items() if v is not None) ui = writeauth(auth) def _test(uri): print('URI:', uri) try: pm = url.passwordmgr(ui, urlreq.httppasswordmgrwithdefaultrealm()) u, authinfo = util.url(uri).authinfo() if authinfo is not None: pm.add_password(*authinfo) print(' ', pm.find_user_password('test', u)) except error.Abort: print(' ','abort') if not urls: urls = [ 'http://example.org/foo', 'http://example.org/foo/bar', 'http://example.org/bar', 'https://example.org/foo', 'https://example.org/foo/bar', 'https://example.org/bar', 'https://x@example.org/bar', 'https://y@example.org/bar', ] for u in urls: _test(u) print('\n*** Test in-uri schemes\n') test({'x.prefix': 'http://example.org'}) test({'x.prefix': 'https://example.org'}) test({'x.prefix': 'http://example.org', 'x.schemes': 'https'}) test({'x.prefix': 'https://example.org', 'x.schemes': 'http'}) print('\n*** Test separately configured schemes\n') test({'x.prefix': 'example.org', 'x.schemes': 'http'}) test({'x.prefix': 'example.org', 'x.schemes': 'https'}) test({'x.prefix': 'example.org', 'x.schemes': 'http https'}) print('\n*** Test prefix matching\n') test({'x.prefix': 'http://example.org/foo', 'y.prefix': 'http://example.org/bar'}) test({'x.prefix': 'http://example.org/foo', 'y.prefix': 'http://example.org/foo/bar'}) test({'x.prefix': '*', 'y.prefix': 'https://example.org/bar'}) print('\n*** Test user matching\n') test({'x.prefix': 'http://example.org/foo', 'x.username': None, 'x.password': 'xpassword'}, urls=['http://y@example.org/foo']) test({'x.prefix': 'http://example.org/foo', 'x.username': None, 'x.password': 'xpassword', 'y.prefix': 'http://example.org/foo', 'y.username': 'y', 'y.password': 'ypassword'}, urls=['http://y@example.org/foo']) test({'x.prefix': 'http://example.org/foo/bar', 'x.username': None, 'x.password': 'xpassword', 'y.prefix': 'http://example.org/foo', 'y.username': 'y', 'y.password': 'ypassword'}, urls=['http://y@example.org/foo/bar']) def testauthinfo(fullurl, authurl): print('URIs:', fullurl, authurl) pm = urlreq.httppasswordmgrwithdefaultrealm() pm.add_password(*util.url(fullurl).authinfo()[1]) print(pm.find_user_password('test', authurl)) print('\n*** Test urllib2 and util.url\n') testauthinfo('http://user@example.com:8080/foo', 'http://example.com:8080/foo')