tests: comprehensively test HTTP server permissions checking
We didn't have test coverage for numerous web.* config options. We
add that test coverage.
Included in the tests are tests for custom commands. We have commands
that are supposedly read-only and perform writes and a variation of
each that does and does not define its operation type in
hgweb_mod.perms.
The tests reveal a handful of security bugs related to permissions
checking. Subsequent commits will address these security bugs.
#require killdaemons
= Test the known() protocol function =
Create a test repository:
$ hg init repo
$ cd repo
$ touch a ; hg add a ; hg ci -ma
$ touch b ; hg add b ; hg ci -mb
$ touch c ; hg add c ; hg ci -mc
$ hg log --template '{node}\n'
991a3460af53952d10ec8a295d3d2cc2e5fa9690
0e067c57feba1a5694ca4844f05588bb1bf82342
3903775176ed42b1458a6281db4a0ccf4d9f287a
$ cd ..
Test locally:
$ hg debugknown repo 991a3460af53952d10ec8a295d3d2cc2e5fa9690 0e067c57feba1a5694ca4844f05588bb1bf82342 3903775176ed42b1458a6281db4a0ccf4d9f287a
111
$ hg debugknown repo 000a3460af53952d10ec8a295d3d2cc2e5fa9690 0e067c57feba1a5694ca4844f05588bb1bf82342 0003775176ed42b1458a6281db4a0ccf4d9f287a
010
$ hg debugknown repo
Test via HTTP:
$ hg serve -R repo -p $HGPORT -d --pid-file=hg.pid -E error.log -A access.log
$ cat hg.pid >> $DAEMON_PIDS
$ hg debugknown http://localhost:$HGPORT/ 991a3460af53952d10ec8a295d3d2cc2e5fa9690 0e067c57feba1a5694ca4844f05588bb1bf82342 3903775176ed42b1458a6281db4a0ccf4d9f287a
111
$ hg debugknown http://localhost:$HGPORT/ 000a3460af53952d10ec8a295d3d2cc2e5fa9690 0e067c57feba1a5694ca4844f05588bb1bf82342 0003775176ed42b1458a6281db4a0ccf4d9f287a
010
$ hg debugknown http://localhost:$HGPORT/
$ cat error.log
$ killdaemons.py