##// END OF EJS Templates
Added new random directory for each test to be better sandboxed
Added new random directory for each test to be better sandboxed

File last commit:

r1321:56020652 beta
r1397:dc960653 beta
Show More
simplehg.py
279 lines | 10.9 KiB | text/x-python | PythonLexer
code docs, updates
r903 # -*- coding: utf-8 -*-
"""
rhodecode.lib.middleware.simplehg
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
source code cleanup: remove trailing white space, normalize file endings
r1203 SimpleHG middleware for handling mercurial protocol request
code docs, updates
r903 (push/clone etc.). It's implemented with basic auth function
source code cleanup: remove trailing white space, normalize file endings
r1203
code docs, updates
r903 :created_on: Apr 28, 2010
:author: marcink
source code cleanup: remove trailing white space, normalize file endings
r1203 :copyright: (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>
code docs, updates
r903 :license: GPLv3, see COPYING for more details.
"""
fixed license issue #149
r1206 # This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
source code cleanup: remove trailing white space, normalize file endings
r1203 #
renamed project to rhodecode
r547 # This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
source code cleanup: remove trailing white space, normalize file endings
r1203 #
renamed project to rhodecode
r547 # You should have received a copy of the GNU General Public License
fixed license issue #149
r1206 # along with this program. If not, see <http://www.gnu.org/licenses/>.
renamed project to rhodecode
r547
Rewrite simehg for enabling cloning with raw url for anonymous access + some optimizations for making less queries when authenticating users....
r910 import os
import logging
import traceback
renamed project to rhodecode
r547 from mercurial.error import RepoError
from mercurial.hgweb import hgweb
from mercurial.hgweb.request import wsgiapplication
Rewrite simehg for enabling cloning with raw url for anonymous access + some optimizations for making less queries when authenticating users....
r910
renamed project to rhodecode
r547 from paste.auth.basic import AuthBasicAuthenticator
from paste.httpheaders import REMOTE_USER, AUTH_TYPE
Rewrite simehg for enabling cloning with raw url for anonymous access + some optimizations for making less queries when authenticating users....
r910
Code refactoring,models renames...
r629 from rhodecode.lib.auth import authfunc, HasPermissionAnyMiddleware
project refactoring, cleaned up lib.utils from rarly used functions, and place them...
r756 from rhodecode.lib.utils import make_ui, invalidate_cache, \
renamed project to rhodecode
r547 check_repo_fast, ui_sections
Code refactoring,models renames...
r629 from rhodecode.model.user import UserModel
Rewrite simehg for enabling cloning with raw url for anonymous access + some optimizations for making less queries when authenticating users....
r910
renamed project to rhodecode
r547 from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError
security bugfix simplehg wasn't checking for permissions on remote commands different than pull or push.
r605
renamed project to rhodecode
r547 log = logging.getLogger(__name__)
pep8ify middlewares
r1275
project refactoring, cleaned up lib.utils from rarly used functions, and place them...
r756 def is_mercurial(environ):
code docs, updates
r903 """Returns True if request's target is mercurial server - header
project refactoring, cleaned up lib.utils from rarly used functions, and place them...
r756 ``HTTP_ACCEPT`` of such request would start with ``application/mercurial``.
"""
http_accept = environ.get('HTTP_ACCEPT')
if http_accept and http_accept.startswith('application/mercurial'):
return True
return False
pep8ify middlewares
r1275
renamed project to rhodecode
r547 class SimpleHg(object):
def __init__(self, application, config):
self.application = application
self.config = config
#49 Enabled anonymous access push and pull commands
r674 #authenticate this mercurial request using authfunc
renamed project to rhodecode
r547 self.authenticate = AuthBasicAuthenticator('', authfunc)
#48 rewrite action loggers into hooks with all changesets that are inside a push
r654 self.ipaddr = '0.0.0.0'
Rewrite simehg for enabling cloning with raw url for anonymous access + some optimizations for making less queries when authenticating users....
r910 self.repo_name = None
#48 rewrite action loggers into hooks with all changesets that are inside a push
r654 self.username = None
self.action = None
Moved out reposcan into hg Model....
r665
renamed project to rhodecode
r547 def __call__(self, environ, start_response):
if not is_mercurial(environ):
return self.application(environ, start_response)
Moved out reposcan into hg Model....
r665
#48 rewrite action loggers into hooks with all changesets that are inside a push
r654 proxy_key = 'HTTP_X_REAL_IP'
def_key = 'REMOTE_ADDR'
self.ipaddr = environ.get(proxy_key, environ.get(def_key, '0.0.0.0'))
fixed error propagation when using git/mercurial requests
r898 # skip passing error to error controller
environ['pylons.status_code_redirect'] = True
Moved out reposcan into hg Model....
r665
Rewrite simehg for enabling cloning with raw url for anonymous access + some optimizations for making less queries when authenticating users....
r910 #======================================================================
# GET ACTION PULL or PUSH
#======================================================================
self.action = self.__get_action(environ)
renamed project to rhodecode
r547 try:
Rewrite simehg for enabling cloning with raw url for anonymous access + some optimizations for making less queries when authenticating users....
r910 #==================================================================
# GET REPOSITORY NAME
source code cleanup: remove trailing white space, normalize file endings
r1203 #==================================================================
Rewrite simehg for enabling cloning with raw url for anonymous access + some optimizations for making less queries when authenticating users....
r910 self.repo_name = self.__get_repository(environ)
renamed project to rhodecode
r547 except:
return HTTPInternalServerError()(environ, start_response)
security bugfix simplehg wasn't checking for permissions on remote commands different than pull or push.
r605
Rewrite simehg for enabling cloning with raw url for anonymous access + some optimizations for making less queries when authenticating users....
r910 #======================================================================
# CHECK ANONYMOUS PERMISSION
#======================================================================
if self.action in ['pull', 'push']:
anonymous_user = self.__get_user('default')
self.username = anonymous_user.username
pep8ify middlewares
r1275 anonymous_perm = self.__check_permission(self.action,
anonymous_user,
self.repo_name)
Rewrite simehg for enabling cloning with raw url for anonymous access + some optimizations for making less queries when authenticating users....
r910
if anonymous_perm is not True or anonymous_user.active is False:
if anonymous_perm is not True:
pep8ify middlewares
r1275 log.debug('Not enough credentials to access this '
'repository as anonymous user')
Rewrite simehg for enabling cloning with raw url for anonymous access + some optimizations for making less queries when authenticating users....
r910 if anonymous_user.active is False:
log.debug('Anonymous access is disabled, running '
'authentication')
fixes #97 in simplehg and simplegit, force casting to headers
r918 #==============================================================
source code cleanup: remove trailing white space, normalize file endings
r1203 # DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE
fixes #97 in simplehg and simplegit, force casting to headers
r918 # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS
#==============================================================
fixed chrome repo switcher issue
r607
Rewrite simehg for enabling cloning with raw url for anonymous access + some optimizations for making less queries when authenticating users....
r910 if not REMOTE_USER(environ):
fixed issue #181, and small fix in gitmiddleware
r1293 self.authenticate.realm = self.config['rhodecode_realm'].\
encode('utf8', 'replace')
Rewrite simehg for enabling cloning with raw url for anonymous access + some optimizations for making less queries when authenticating users....
r910 result = self.authenticate(environ)
if isinstance(result, str):
AUTH_TYPE.update(environ, 'basic')
REMOTE_USER.update(environ, result)
else:
return result.wsgi_application(environ, start_response)
fixes #97 in simplehg and simplegit, force casting to headers
r918 #==============================================================
Rewrite simehg for enabling cloning with raw url for anonymous access + some optimizations for making less queries when authenticating users....
r910 # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME FROM
# BASIC AUTH
fixes #97 in simplehg and simplegit, force casting to headers
r918 #==============================================================
Rewrite simehg for enabling cloning with raw url for anonymous access + some optimizations for making less queries when authenticating users....
r910
if self.action in ['pull', 'push']:
simplified simplegit and simplehg a little
r989 username = REMOTE_USER(environ)
Rewrite simehg for enabling cloning with raw url for anonymous access + some optimizations for making less queries when authenticating users....
r910 try:
user = self.__get_user(username)
self.username = user.username
except:
log.error(traceback.format_exc())
pep8ify middlewares
r1275 return HTTPInternalServerError()(environ,
start_response)
Rewrite simehg for enabling cloning with raw url for anonymous access + some optimizations for making less queries when authenticating users....
r910
#check permissions for this repository
pep8ify middlewares
r1275 perm = self.__check_permission(self.action, user,
self.repo_name)
Rewrite simehg for enabling cloning with raw url for anonymous access + some optimizations for making less queries when authenticating users....
r910 if perm is not True:
return HTTPForbidden()(environ, start_response)
Moved out reposcan into hg Model....
r665
pep8ify middlewares
r1275 self.extras = {'ip': self.ipaddr,
'username': self.username,
'action': self.action,
'repository': self.repo_name}
propagate changes for #48 into simplegit....
r655
pep8ify middlewares
r1275 #======================================================================
renamed project to rhodecode
r547 # MERCURIAL REQUEST HANDLING
pep8ify middlewares
r1275 #======================================================================
environ['PATH_INFO'] = '/' # since we wrap into hgweb, reset the path
renamed project to rhodecode
r547 self.baseui = make_ui('db')
self.basepath = self.config['base_path']
Rewrite simehg for enabling cloning with raw url for anonymous access + some optimizations for making less queries when authenticating users....
r910 self.repo_path = os.path.join(self.basepath, self.repo_name)
renamed project to rhodecode
r547
#quick check if that dir exists...
Rewrite simehg for enabling cloning with raw url for anonymous access + some optimizations for making less queries when authenticating users....
r910 if check_repo_fast(self.repo_name, self.basepath):
renamed project to rhodecode
r547 return HTTPNotFound()(environ, start_response)
try:
app = wsgiapplication(self.__make_app)
except RepoError, e:
if str(e).find('not found') != -1:
return HTTPNotFound()(environ, start_response)
except Exception:
log.error(traceback.format_exc())
return HTTPInternalServerError()(environ, start_response)
security bugfix simplehg wasn't checking for permissions on remote commands different than pull or push.
r605
renamed project to rhodecode
r547 #invalidate cache on push
#48 rewrite action loggers into hooks with all changesets that are inside a push
r654 if self.action == 'push':
Rewrite simehg for enabling cloning with raw url for anonymous access + some optimizations for making less queries when authenticating users....
r910 self.__invalidate_cache(self.repo_name)
project refactoring, cleaned up lib.utils from rarly used functions, and place them...
r756
removed 'thank you..' message from simpleHG, it should be used in hooks.
r719 return app(environ, start_response)
renamed project to rhodecode
r547
def __make_app(self):
small rewrite for injecting rhodecode_extras into ui. instead of injecting to hgweb instance, inject to ui and pass to hgweb. It's simpler and more readable.
r1276 """
Make an wsgi application using hgweb, and inject generated baseui
instance, additionally inject some extras into ui object
Rewrite simehg for enabling cloning with raw url for anonymous access + some optimizations for making less queries when authenticating users....
r910 """
small rewrite for injecting rhodecode_extras into ui. instead of injecting to hgweb instance, inject to ui and pass to hgweb. It's simpler and more readable.
r1276 self.__inject_extras(self.baseui, self.extras)
return hgweb(str(self.repo_path), baseui=self.baseui)
Rewrite simehg for enabling cloning with raw url for anonymous access + some optimizations for making less queries when authenticating users....
r910
security bugfix simplehg wasn't checking for permissions on remote commands different than pull or push.
r605
Rewrite simehg for enabling cloning with raw url for anonymous access + some optimizations for making less queries when authenticating users....
r910 def __check_permission(self, action, user, repo_name):
small rewrite for injecting rhodecode_extras into ui. instead of injecting to hgweb instance, inject to ui and pass to hgweb. It's simpler and more readable.
r1276 """
Checks permissions using action (push/pull) user and repository
Rewrite simehg for enabling cloning with raw url for anonymous access + some optimizations for making less queries when authenticating users....
r910 name
source code cleanup: remove trailing white space, normalize file endings
r1203
Rewrite simehg for enabling cloning with raw url for anonymous access + some optimizations for making less queries when authenticating users....
r910 :param action: push or pull action
:param user: user instance
:param repo_name: repository name
"""
if action == 'push':
if not HasPermissionAnyMiddleware('repository.write',
pep8ify middlewares
r1275 'repository.admin')(user,
repo_name):
Rewrite simehg for enabling cloning with raw url for anonymous access + some optimizations for making less queries when authenticating users....
r910 return False
else:
#any other action need at least read permission
if not HasPermissionAnyMiddleware('repository.read',
'repository.write',
pep8ify middlewares
r1275 'repository.admin')(user,
repo_name):
Rewrite simehg for enabling cloning with raw url for anonymous access + some optimizations for making less queries when authenticating users....
r910 return False
return True
def __get_repository(self, environ):
small rewrite for injecting rhodecode_extras into ui. instead of injecting to hgweb instance, inject to ui and pass to hgweb. It's simpler and more readable.
r1276 """
Get's repository name out of PATH_INFO header
source code cleanup: remove trailing white space, normalize file endings
r1203
Rewrite simehg for enabling cloning with raw url for anonymous access + some optimizations for making less queries when authenticating users....
r910 :param environ: environ where PATH_INFO is stored
"""
try:
repo_name = '/'.join(environ['PATH_INFO'].split('/')[1:])
if repo_name.endswith('/'):
repo_name = repo_name.rstrip('/')
except:
log.error(traceback.format_exc())
raise
return repo_name
renamed project to rhodecode
r547 def __get_user(self, username):
Code refactoring,models renames...
r629 return UserModel().get_by_username(username, cache=True)
security bugfix simplehg wasn't checking for permissions on remote commands different than pull or push.
r605
renamed project to rhodecode
r547 def __get_action(self, environ):
small rewrite for injecting rhodecode_extras into ui. instead of injecting to hgweb instance, inject to ui and pass to hgweb. It's simpler and more readable.
r1276 """
Maps mercurial request commands into a clone,pull or push command.
Fixed journal action loggin doubled messages.
r606 This should always return a valid command string
source code cleanup: remove trailing white space, normalize file endings
r1203
security bugfix simplehg wasn't checking for permissions on remote commands different than pull or push.
r605 :param environ:
renamed project to rhodecode
r547 """
mapping = {'changegroup': 'pull',
'changegroupsubset': 'pull',
'stream_out': 'pull',
#48 rewrite action loggers into hooks with all changesets that are inside a push
r654 'listkeys': 'pull',
renamed project to rhodecode
r547 'unbundle': 'push',
'pushkey': 'push', }
for qry in environ['QUERY_STRING'].split('&'):
if qry.startswith('cmd'):
cmd = qry.split('=')[-1]
pep8ify middlewares
r1275 if cmd in mapping:
renamed project to rhodecode
r547 return mapping[cmd]
security bugfix simplehg wasn't checking for permissions on remote commands different than pull or push.
r605 else:
let action always return pull command for better security on pull restricted repos
r1128 return 'pull'
security bugfix simplehg wasn't checking for permissions on remote commands different than pull or push.
r605
renamed project to rhodecode
r547 def __invalidate_cache(self, repo_name):
"""we know that some change was made to repositories and we should
invalidate the cache to see the changes right away but only for
push requests"""
Moved out reposcan into hg Model....
r665 invalidate_cache('get_repo_cached_%s' % repo_name)
security bugfix simplehg wasn't checking for permissions on remote commands different than pull or push.
r605
small rewrite for injecting rhodecode_extras into ui. instead of injecting to hgweb instance, inject to ui and pass to hgweb. It's simpler and more readable.
r1276 def __inject_extras(self, baseui, extras={}):
fixed local hgrc settings, patch introduced by Marc Villetard
r1321 """
Injects some extra params into baseui instance
also overwrites global settings with those takes from local hgrc file
:param baseui: baseui instance
:param extras: dict with extra params to put into baseui
"""
security bugfix simplehg wasn't checking for permissions on remote commands different than pull or push.
r605
renamed project to rhodecode
r547 hgrc = os.path.join(self.repo_path, '.hg', 'hgrc')
Moved out reposcan into hg Model....
r665
#48 rewrite action loggers into hooks with all changesets that are inside a push
r654 #inject some additional parameters that will be available in ui
#for hooks
for k, v in extras.items():
small rewrite for injecting rhodecode_extras into ui. instead of injecting to hgweb instance, inject to ui and pass to hgweb. It's simpler and more readable.
r1276 baseui.setconfig('rhodecode_extras', k, v)
Moved out reposcan into hg Model....
r665
renamed project to rhodecode
r547 repoui = make_ui('file', hgrc, False)
security bugfix simplehg wasn't checking for permissions on remote commands different than pull or push.
r605
renamed project to rhodecode
r547 if repoui:
#overwrite our ui instance with the section from hgrc file
for section in ui_sections:
for k, v in repoui.configitems(section):
fixed local hgrc settings, patch introduced by Marc Villetard
r1321 baseui.setconfig(section, k, v)