Mercurial > hg
changeset 7029:b84d27386285
hgweb: Respond with HTTP 403 for disabled archive types instead of 404
This makes it easier for clients/users to distinct between supported
but disabled and unsupported archive types.
| author | Rocco Rutte <pdmef@gmx.net> |
|---|---|
| date | Fri, 05 Sep 2008 17:28:37 +0200 |
| parents | 93746cbf15b5 |
| children | 20a5dd5d6dd9 |
| files | mercurial/hgweb/common.py mercurial/hgweb/webcommands.py tests/test-archive tests/test-archive.out |
| diffstat | 4 files changed, 54 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/mercurial/hgweb/common.py Fri Sep 12 13:28:05 2008 +0200 +++ b/mercurial/hgweb/common.py Fri Sep 05 17:28:37 2008 +0200 @@ -11,6 +11,7 @@ HTTP_OK = 200 HTTP_BAD_REQUEST = 400 HTTP_UNAUTHORIZED = 401 +HTTP_FORBIDDEN = 403 HTTP_NOT_FOUND = 404 HTTP_METHOD_NOT_ALLOWED = 405 HTTP_SERVER_ERROR = 500
--- a/mercurial/hgweb/webcommands.py Fri Sep 12 13:28:05 2008 +0200 +++ b/mercurial/hgweb/webcommands.py Fri Sep 05 17:28:37 2008 +0200 @@ -12,7 +12,7 @@ from mercurial.util import binary, datestr from mercurial.repo import RepoError from common import paritygen, staticfile, get_contact, ErrorResponse -from common import HTTP_OK, HTTP_NOT_FOUND +from common import HTTP_OK, HTTP_FORBIDDEN, HTTP_NOT_FOUND from mercurial import graphmod, util # __all__ is populated with the allowed commands. Be sure to add to it if @@ -535,11 +535,15 @@ allowed = web.configlist("web", "allow_archive") key = req.form['node'][0] - if not (type_ in web.archives and (type_ in allowed or - web.configbool("web", "allow" + type_, False))): + if type_ not in web.archives: msg = 'Unsupported archive type: %s' % type_ raise ErrorResponse(HTTP_NOT_FOUND, msg) + if not ((type_ in allowed or + web.configbool("web", "allow" + type_, False))): + msg = 'Archive type not allowed: %s' % type_ + raise ErrorResponse(HTTP_FORBIDDEN, msg) + reponame = re.sub(r"\W+", "-", os.path.basename(web.reponame)) cnode = web.repo.lookup(key) arch_version = key
--- a/tests/test-archive Fri Sep 12 13:28:05 2008 +0200 +++ b/tests/test-archive Fri Sep 05 17:28:37 2008 +0200 @@ -12,10 +12,36 @@ hg commit -Am 3 -d '1000000000 0' echo "[web]" >> .hg/hgrc echo "name = test-archive" >> .hg/hgrc -echo "allow_archive = gz bz2, zip" >> .hg/hgrc +cp .hg/hgrc .hg/hgrc-base + +# check http return codes +test_archtype() { + echo "allow_archive = $1" >> .hg/hgrc + hg serve -p $HGPORT -d --pid-file=hg.pid -E errors.log + cat hg.pid >> $DAEMON_PIDS + echo % $1 allowed should give 200 + "$TESTDIR/get-with-headers.py" localhost:$HGPORT "/archive/tip.$2" | head -n 1 + echo % $3 and $4 disallowed should both give 403 + "$TESTDIR/get-with-headers.py" localhost:$HGPORT "/archive/tip.$3" | head -n 1 + "$TESTDIR/get-with-headers.py" localhost:$HGPORT "/archive/tip.$4" | head -n 1 + kill `cat hg.pid` + cat errors.log + cp .hg/hgrc-base .hg/hgrc +} + +echo +test_archtype gz tar.gz tar.bz2 zip +test_archtype bz2 tar.bz2 zip tar.gz +test_archtype zip zip tar.gz tar.bz2 + +echo "allow_archive = gz bz2 zip" >> .hg/hgrc hg serve -p $HGPORT -d --pid-file=hg.pid -E errors.log cat hg.pid >> $DAEMON_PIDS +echo % invalid arch type should give 404 +"$TESTDIR/get-with-headers.py" localhost:$HGPORT "/archive/tip.invalid" | head -n 1 +echo + TIP=`hg id -v | cut -f1 -d' '` QTIP=`hg id -q` cat > getarchive.py <<EOF
--- a/tests/test-archive.out Fri Sep 12 13:28:05 2008 +0200 +++ b/tests/test-archive.out Fri Sep 05 17:28:37 2008 +0200 @@ -1,6 +1,25 @@ adding foo adding bar adding baz/bletch + +% gz allowed should give 200 +200 Script output follows +% tar.bz2 and zip disallowed should both give 403 +403 Forbidden +403 Forbidden +% bz2 allowed should give 200 +200 Script output follows +% zip and tar.gz disallowed should both give 403 +403 Forbidden +403 Forbidden +% zip allowed should give 200 +200 Script output follows +% tar.gz and tar.bz2 disallowed should both give 403 +403 Forbidden +403 Forbidden +% invalid arch type should give 404 +404 Not Found + test-archive-TIP/.hg_archival.txt test-archive-TIP/bar test-archive-TIP/baz/bletch