Show More
| @@ -93,6 +93,11 b' issue_prefix = #' | |||||
| 93 | ## all running rhodecode instances. Leave empty if you don't use it |
|
93 | ## all running rhodecode instances. Leave empty if you don't use it | |
| 94 | instance_id = |
|
94 | instance_id = | |
| 95 |
|
95 | |||
|
|
96 | ## alternative return HTTP header for failed authentication. Default HTTP | |||
|
|
97 | ## response is 401 HTTPUnauthorized. Currently HG clients have troubles with | |||
|
|
98 | ## handling that. Set this variable to 403 to return HTTPForbidden | |||
|
|
99 | auth_ret_code = | |||
|
|
100 | ||||
| 96 | #################################### |
|
101 | #################################### | |
| 97 | ### CELERY CONFIG #### |
|
102 | ### CELERY CONFIG #### | |
| 98 | #################################### |
|
103 | #################################### | |
| @@ -23,6 +23,8 b' news' | |||||
| 23 | - #399 added inheritance of permissions for users group on repos groups |
|
23 | - #399 added inheritance of permissions for users group on repos groups | |
| 24 | - #401 repository group is automatically pre-selected when adding repos |
|
24 | - #401 repository group is automatically pre-selected when adding repos | |
| 25 | inside a repository group |
|
25 | inside a repository group | |
|
|
26 | - added alternative HTTP 403 response when client failed to authenticate. Helps | |||
|
|
27 | solving issues with Mercurial and LDAP | |||
| 26 |
|
28 | |||
| 27 | fixes |
|
29 | fixes | |
| 28 | +++++ |
|
30 | +++++ | |
| @@ -93,6 +93,11 b' issue_prefix = #' | |||||
| 93 | ## all running rhodecode instances. Leave empty if you don't use it |
|
93 | ## all running rhodecode instances. Leave empty if you don't use it | |
| 94 | instance_id = |
|
94 | instance_id = | |
| 95 |
|
95 | |||
|
|
96 | ## alternative return HTTP header for failed authentication. Default HTTP | |||
|
|
97 | ## response is 401 HTTPUnauthorized. Currently HG clients have troubles with | |||
|
|
98 | ## handling that. Set this variable to 403 to return HTTPForbidden | |||
|
|
99 | auth_ret_code = | |||
|
|
100 | ||||
| 96 | #################################### |
|
101 | #################################### | |
| 97 | ### CELERY CONFIG #### |
|
102 | ### CELERY CONFIG #### | |
| 98 | #################################### |
|
103 | #################################### | |
| @@ -93,6 +93,11 b' issue_prefix = #' | |||||
| 93 | ## all running rhodecode instances. Leave empty if you don't use it |
|
93 | ## all running rhodecode instances. Leave empty if you don't use it | |
| 94 | instance_id = |
|
94 | instance_id = | |
| 95 |
|
95 | |||
|
|
96 | ## alternative return HTTP header for failed authentication. Default HTTP | |||
|
|
97 | ## response is 401 HTTPUnauthorized. Currently HG clients have troubles with | |||
|
|
98 | ## handling that. Set this variable to 403 to return HTTPForbidden | |||
|
|
99 | auth_ret_code = | |||
|
|
100 | ||||
| 96 | #################################### |
|
101 | #################################### | |
| 97 | ### CELERY CONFIG #### |
|
102 | ### CELERY CONFIG #### | |
| 98 | #################################### |
|
103 | #################################### | |
| @@ -7,6 +7,8 b' import time' | |||||
| 7 | import traceback |
|
7 | import traceback | |
| 8 |
|
8 | |||
| 9 | from paste.auth.basic import AuthBasicAuthenticator |
|
9 | from paste.auth.basic import AuthBasicAuthenticator | |
|
|
10 | from paste.httpexceptions import HTTPUnauthorized, HTTPForbidden | |||
|
|
11 | from paste.httpheaders import WWW_AUTHENTICATE | |||
| 10 |
|
12 | |||
| 11 | from pylons import config, tmpl_context as c, request, session, url |
|
13 | from pylons import config, tmpl_context as c, request, session, url | |
| 12 | from pylons.controllers import WSGIController |
|
14 | from pylons.controllers import WSGIController | |
| @@ -28,6 +30,22 b' from rhodecode.model.scm import ScmModel' | |||||
| 28 | log = logging.getLogger(__name__) |
|
30 | log = logging.getLogger(__name__) | |
| 29 |
|
31 | |||
| 30 |
|
32 | |||
|
|
33 | class BasicAuth(AuthBasicAuthenticator): | |||
|
|
34 | ||||
|
|
35 | def __init__(self, realm, authfunc, auth_http_code=None): | |||
|
|
36 | self.realm = realm | |||
|
|
37 | self.authfunc = authfunc | |||
|
|
38 | self._rc_auth_http_code = auth_http_code | |||
|
|
39 | ||||
|
|
40 | def build_authentication(self): | |||
|
|
41 | head = WWW_AUTHENTICATE.tuples('Basic realm="%s"' % self.realm) | |||
|
|
42 | if self._rc_auth_http_code and self._rc_auth_http_code == '403': | |||
|
|
43 | # return 403 if alternative http return code is specified in | |||
|
|
44 | # RhodeCode config | |||
|
|
45 | return HTTPForbidden(headers=head) | |||
|
|
46 | return HTTPUnauthorized(headers=head) | |||
|
|
47 | ||||
|
|
48 | ||||
| 31 | class BaseVCSController(object): |
|
49 | class BaseVCSController(object): | |
| 32 |
|
50 | |||
| 33 | def __init__(self, application, config): |
|
51 | def __init__(self, application, config): | |
| @@ -36,7 +54,8 b' class BaseVCSController(object):' | |||||
| 36 | # base path of repo locations |
|
54 | # base path of repo locations | |
| 37 | self.basepath = self.config['base_path'] |
|
55 | self.basepath = self.config['base_path'] | |
| 38 | #authenticate this mercurial request using authfunc |
|
56 | #authenticate this mercurial request using authfunc | |
| 39 |
self.authenticate = |
|
57 | self.authenticate = BasicAuth('', authfunc, | |
|
|
58 | config.get('auth_ret_code')) | |||
| 40 | self.ipaddr = '0.0.0.0' |
|
59 | self.ipaddr = '0.0.0.0' | |
| 41 |
|
60 | |||
| 42 | def _handle_request(self, environ, start_response): |
|
61 | def _handle_request(self, environ, start_response): | |
General Comments 0
You need to be logged in to leave comments.
Login now