Mercurial > hg

view tests/test-hgweb-auth.py @ 37766:925707ac2855

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
lfs: add the 'Authorization' property to the Batch API response, if present The client copies all of these properties under 'header' to the HTTP Headers of the subsequent GET or PUT request that it performs. That allows the Basic HTTP authentication used to authorize the Batch API request to also authorize the upload/download action. There's likely further work to do here. There's an 'authenticated' boolean key in the Batch API response that can be set, and there is an 'LFS-Authenticate' header that is used instead of 'WWW-Authenticate'[1]. (We likely need to support both, since some hosting solutions are likely to only respond with the latter.) In any event, this works with SCM Manager, so there is real world benefit. I'm limiting the headers returned to 'Basic', because that's all the lfs spec calls out. In practice, I've seen gitbucket emit custom header content[2]. [1] https://github.com/git-lfs/git-lfs/blob/master/docs/api/batch.md#response-errors [2] https://github.com/gitbucket/gitbucket/blob/35655f33c7713f08515ed640ece0948acd6d6168/src/main/scala/gitbucket/core/servlet/GitRepositoryServlet.scala#L119
author Matt Harbison <matt_harbison@yahoo.com>
date Fri, 06 Apr 2018 11:13:47 -0400
parents 58c1368ab629
children 31c37e703cee
line wrap: on
line source

from __future__ import absolute_import, print_function

from mercurial import demandimport; demandimport.enable()
from mercurial import (
    error,
    ui as uimod,
    url,
    util,
)

urlerr = util.urlerr
urlreq = util.urlreq

class myui(uimod.ui):
    def interactive(self):
        return False

origui = myui.load()

def writeauth(items):
    ui = origui.copy()
    for name, value in items.items():
        ui.setconfig('auth', name, value)
    return ui

def dumpdict(dict):
    return '{' + ', '.join(['%s: %s' % (k, dict[k])
                            for k in sorted(dict)]) + '}'

def test(auth, urls=None):
    print('CFG:', dumpdict(auth))
    prefixes = set()
    for k in auth:
        prefixes.add(k.split('.', 1)[0])
    for p in prefixes:
        for name in ('.username', '.password'):
            if (p + name) not in auth:
                auth[p + name] = p
    auth = dict((k, v) for k, v in auth.items() if v is not None)

    ui = writeauth(auth)

    def _test(uri):
        print('URI:', uri)
        try:
            pm = url.passwordmgr(ui, urlreq.httppasswordmgrwithdefaultrealm())
            u, authinfo = util.url(uri).authinfo()
            if authinfo is not None:
                pm.add_password(*authinfo)
            print('    ', pm.find_user_password('test', u))
        except error.Abort:
            print('    ','abort')

    if not urls:
        urls = [
            'http://example.org/foo',
            'http://example.org/foo/bar',
            'http://example.org/bar',
            'https://example.org/foo',
            'https://example.org/foo/bar',
            'https://example.org/bar',
            'https://x@example.org/bar',
            'https://y@example.org/bar',
            ]
    for u in urls:
        _test(u)


print('\n*** Test in-uri schemes\n')
test({'x.prefix': 'http://example.org'})
test({'x.prefix': 'https://example.org'})
test({'x.prefix': 'http://example.org', 'x.schemes': 'https'})
test({'x.prefix': 'https://example.org', 'x.schemes': 'http'})

print('\n*** Test separately configured schemes\n')
test({'x.prefix': 'example.org', 'x.schemes': 'http'})
test({'x.prefix': 'example.org', 'x.schemes': 'https'})
test({'x.prefix': 'example.org', 'x.schemes': 'http https'})

print('\n*** Test prefix matching\n')
test({'x.prefix': 'http://example.org/foo',
      'y.prefix': 'http://example.org/bar'})
test({'x.prefix': 'http://example.org/foo',
      'y.prefix': 'http://example.org/foo/bar'})
test({'x.prefix': '*', 'y.prefix': 'https://example.org/bar'})

print('\n*** Test user matching\n')
test({'x.prefix': 'http://example.org/foo',
      'x.username': None,
      'x.password': 'xpassword'},
     urls=['http://y@example.org/foo'])
test({'x.prefix': 'http://example.org/foo',
      'x.username': None,
      'x.password': 'xpassword',
      'y.prefix': 'http://example.org/foo',
      'y.username': 'y',
      'y.password': 'ypassword'},
     urls=['http://y@example.org/foo'])
test({'x.prefix': 'http://example.org/foo/bar',
      'x.username': None,
      'x.password': 'xpassword',
      'y.prefix': 'http://example.org/foo',
      'y.username': 'y',
      'y.password': 'ypassword'},
     urls=['http://y@example.org/foo/bar'])

def testauthinfo(fullurl, authurl):
    print('URIs:', fullurl, authurl)
    pm = urlreq.httppasswordmgrwithdefaultrealm()
    pm.add_password(*util.url(fullurl).authinfo()[1])
    print(pm.find_user_password('test', authurl))

print('\n*** Test urllib2 and util.url\n')
testauthinfo('http://user@example.com:8080/foo', 'http://example.com:8080/foo')