diff --git a/rhodecode/lib/auth.py b/rhodecode/lib/auth.py --- a/rhodecode/lib/auth.py +++ b/rhodecode/lib/auth.py @@ -788,10 +788,15 @@ class HasPermissionAnyMiddleware(object) self.required_perms = set(perms) def __call__(self, user, repo_name): + # repo_name MUST be unicode, since we handle keys in permission + # dict by unicode + repo_name = safe_unicode(repo_name) usr = AuthUser(user.user_id) try: self.user_perms = set([usr.permissions['repositories'][repo_name]]) - except: + except Exception: + log.error('Exception while accessing permissions %s' % + traceback.format_exc()) self.user_perms = set() self.granted_for = '' self.username = user.username diff --git a/rhodecode/lib/middleware/simplegit.py b/rhodecode/lib/middleware/simplegit.py --- a/rhodecode/lib/middleware/simplegit.py +++ b/rhodecode/lib/middleware/simplegit.py @@ -86,7 +86,9 @@ GIT_PROTO_PAT = re.compile(r'^/(.+)/(inf def is_git(environ): path_info = environ['PATH_INFO'] isgit_path = GIT_PROTO_PAT.match(path_info) - log.debug('is a git path %s pathinfo : %s' % (isgit_path, path_info)) + log.debug('pathinfo: %s detected as GIT %s' % ( + path_info, isgit_path != None) + ) return isgit_path @@ -121,7 +123,6 @@ class SimpleGit(BaseVCSController): #====================================================================== # CHECK ANONYMOUS PERMISSION #====================================================================== - if action in ['pull', 'push']: anonymous_user = self.__get_user('default') username = anonymous_user.username @@ -177,7 +178,7 @@ class SimpleGit(BaseVCSController): #=================================================================== # GIT REQUEST HANDLING #=================================================================== - repo_path = safe_str(os.path.join(self.basepath, repo_name)) + repo_path = os.path.join(safe_str(self.basepath), safe_str(repo_name)) log.debug('Repository path is %s' % repo_path) # quick check if that dir exists... diff --git a/rhodecode/lib/middleware/simplehg.py b/rhodecode/lib/middleware/simplehg.py --- a/rhodecode/lib/middleware/simplehg.py +++ b/rhodecode/lib/middleware/simplehg.py @@ -27,6 +27,7 @@ import os import logging import traceback +import urllib from mercurial.error import RepoError from mercurial.hgweb import hgweb_mod @@ -45,13 +46,21 @@ log = logging.getLogger(__name__) def is_mercurial(environ): - """Returns True if request's target is mercurial server - header + """ + Returns True if request's target is mercurial server - header ``HTTP_ACCEPT`` of such request would start with ``application/mercurial``. """ http_accept = environ.get('HTTP_ACCEPT') + path_info = environ['PATH_INFO'] if http_accept and http_accept.startswith('application/mercurial'): - return True - return False + ishg_path = True + else: + ishg_path = False + + log.debug('pathinfo: %s detected as HG %s' % ( + path_info, ishg_path) + ) + return ishg_path class SimpleHg(BaseVCSController): @@ -80,12 +89,12 @@ class SimpleHg(BaseVCSController): # GET ACTION PULL or PUSH #====================================================================== action = self.__get_action(environ) + #====================================================================== # CHECK ANONYMOUS PERMISSION #====================================================================== if action in ['pull', 'push']: anonymous_user = self.__get_user('default') - username = anonymous_user.username anonymous_perm = self._check_permission(action, anonymous_user, repo_name) @@ -132,21 +141,23 @@ class SimpleHg(BaseVCSController): start_response) #check permissions for this repository - perm = self._check_permission(action, user, - repo_name) + perm = self._check_permission(action, user, repo_name) if perm is not True: return HTTPForbidden()(environ, start_response) - extras = {'ip': ipaddr, - 'username': username, - 'action': action, - 'repository': repo_name} + # extras are injected into mercurial UI object and later available + # in hg hooks executed by rhodecode + extras = { + 'ip': ipaddr, + 'username': username, + 'action': action, + 'repository': repo_name + } #====================================================================== # MERCURIAL REQUEST HANDLING #====================================================================== - - repo_path = safe_str(os.path.join(self.basepath, repo_name)) + repo_path = os.path.join(safe_str(self.basepath), safe_str(repo_name)) log.debug('Repository path is %s' % repo_path) baseui = make_ui('db') diff --git a/rhodecode/lib/utils.py b/rhodecode/lib/utils.py --- a/rhodecode/lib/utils.py +++ b/rhodecode/lib/utils.py @@ -54,6 +54,7 @@ from rhodecode.model.db import Repositor UserLog, RepoGroup, RhodeCodeSetting, UserRepoGroupToPerm from rhodecode.model.meta import Session from rhodecode.model.repos_group import ReposGroupModel +from rhodecode.lib import safe_str, safe_unicode log = logging.getLogger(__name__) @@ -154,7 +155,10 @@ def action_logger(user, action, repo, ip user_log.user_ip = ipaddr sa.add(user_log) - log.info('Adding user %s, action %s on %s' % (user_obj, action, repo)) + log.info( + 'Adding user %s, action %s on %s' % (user_obj, action, + safe_unicode(repo)) + ) if commit: sa.commit() except: @@ -198,12 +202,13 @@ def get_repos(path, recursive=False): def is_valid_repo(repo_name, base_path): """ Returns True if given path is a valid repository False otherwise + :param repo_name: :param base_path: :return True: if given path is a valid repository """ - full_path = os.path.join(base_path, repo_name) + full_path = os.path.join(safe_str(base_path), safe_str(repo_name)) try: get_scm(full_path) @@ -219,7 +224,7 @@ def is_valid_repos_group(repos_group_nam :param repo_name: :param base_path: """ - full_path = os.path.join(base_path, repos_group_name) + full_path = os.path.join(safe_str(base_path), safe_str(repos_group_name)) # check if it's not a repo if is_valid_repo(repos_group_name, base_path):