acl: support for getting authenticated user from web server (issue298)
authorHenrik Stuart <hg@hstuart.dk>
Sun, 07 Jun 2009 20:31:38 +0200
changeset 8846 b30775386d40
parent 8845 296767acbb55
child 8847 7951f385fcb7
acl: support for getting authenticated user from web server (issue298) Previously, the acl extension just read the current system user, which is fine for direct file system access and SSH, but will not work for HTTP(S) as that would return the web server process user identity rather than the authenticated user. An empty user is returned if the user is not authenticated.
hgext/acl.py
mercurial/hgweb/protocol.py
--- a/hgext/acl.py	Sun Jun 07 20:15:37 2009 +0200
+++ b/hgext/acl.py	Sun Jun 07 20:31:38 2009 +0200
@@ -47,7 +47,7 @@
 
 from mercurial.i18n import _
 from mercurial import util, match
-import getpass
+import getpass, urllib
 
 def buildmatch(ui, repo, user, key):
     '''return tuple of (match function, list enabled).'''
@@ -72,7 +72,15 @@
         ui.debug(_('acl: changes have source "%s" - skipping\n') % source)
         return
 
-    user = getpass.getuser()
+    user = None
+    if source == 'serve' and 'url' in kwargs:
+        url = kwargs['url'].split(':')
+        if url[0] == 'remote' and url[1].startswith('http'):
+            user = urllib.unquote(url[2])
+
+    if user is None:
+        user = getpass.getuser()
+
     cfg = ui.config('acl', 'config')
     if cfg:
         ui.readconfig(cfg, sections = ['acl.allow', 'acl.deny'])
--- a/mercurial/hgweb/protocol.py	Sun Jun 07 20:15:37 2009 +0200
+++ b/mercurial/hgweb/protocol.py	Sun Jun 07 20:31:38 2009 +0200
@@ -162,9 +162,10 @@
                 sys.stderr = sys.stdout = cStringIO.StringIO()
 
                 try:
-                    url = 'remote:%s:%s' % (proto,
-                                            urllib.quote(
-                                              req.env.get('REMOTE_HOST', '')))
+                    url = 'remote:%s:%s:%s' % (
+                          proto,
+                          urllib.quote(req.env.get('REMOTE_HOST', '')),
+                          urllib.quote(req.env.get('REMOTE_USER', '')))
                     try:
                         ret = repo.addchangegroup(gen, 'serve', url)
                     except util.Abort, inst: