tests: comprehensively test HTTP server permissions checking
We didn't have test coverage for numerous web.* config options. We
add that test coverage.
Included in the tests are tests for custom commands. We have commands
that are supposedly read-only and perform writes and a variation of
each that does and does not define its operation type in
hgweb_mod.perms.
The tests reveal a handful of security bugs related to permissions
checking. Subsequent commits will address these security bugs.
# A dummy extension that installs an hgweb command that throws an Exception.
from __future__ import absolute_import
from mercurial.hgweb import (
webcommands,
)
def raiseerror(web, req, tmpl):
'''Dummy web command that raises an uncaught Exception.'''
# Simulate an error after partial response.
if 'partialresponse' in req.form:
req.respond(200, 'text/plain')
req.write('partial content\n')
raise AttributeError('I am an uncaught error!')
def extsetup(ui):
setattr(webcommands, 'raiseerror', raiseerror)
webcommands.__all__.append('raiseerror')