##// END OF EJS Templates
upstream » kallithea
RSS

Clone from https://kallithea-scm.org/repos/kallithea

fixes #97 in simplehg and simplegit, force casting to headers
marcink -
r918:b2d5868c beta
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -78,8 +78,8 b' from webob.exc import HTTPNotFound, HTTP'
78 log = logging.getLogger(__name__)
78 log = logging.getLogger(__name__)
79
79
80 def is_git(environ):
80 def is_git(environ):
81 """Returns True if request's target is git server. ``HTTP_USER_AGENT`` would
81 """Returns True if request's target is git server.
82 then have git client version given.
82 ``HTTP_USER_AGENT`` would then have git client version given.
83
83
84 :param environ:
84 :param environ:
85 """
85 """
@@ -109,63 +109,74 b' class SimpleGit(object):'
109 self.ipaddr = environ.get(proxy_key, environ.get(def_key, '0.0.0.0'))
109 self.ipaddr = environ.get(proxy_key, environ.get(def_key, '0.0.0.0'))
110 # skip passing error to error controller
110 # skip passing error to error controller
111 environ['pylons.status_code_redirect'] = True
111 environ['pylons.status_code_redirect'] = True
112 #===================================================================
113 # AUTHENTICATE THIS GIT REQUEST
114 #===================================================================
115 username = REMOTE_USER(environ)
116 if not username:
117 self.authenticate.realm = self.config['rhodecode_realm']
118 result = self.authenticate(environ)
119 if isinstance(result, str):
120 AUTH_TYPE.update(environ, 'basic')
121 REMOTE_USER.update(environ, result)
122 else:
123 return result.wsgi_application(environ, start_response)
124
112
125 #=======================================================================
113 #======================================================================
126 # GET REPOSITORY
114 # GET ACTION PULL or PUSH
127 #=======================================================================
115 #======================================================================
116 self.action = self.__get_action(environ)
128 try:
117 try:
129 repo_name = '/'.join(environ['PATH_INFO'].split('/')[1:])
118 #==================================================================
130 if repo_name.endswith('/'):
119 # GET REPOSITORY NAME
131 repo_name = repo_name.rstrip('/')
120 #==================================================================
132 self.repository = repo_name
121 self.repo_name = self.__get_repository(environ)
133 except:
122 except:
134 log.error(traceback.format_exc())
135 return HTTPInternalServerError()(environ, start_response)
123 return HTTPInternalServerError()(environ, start_response)
136
124
137 #===================================================================
125 #======================================================================
138 # CHECK PERMISSIONS FOR THIS REQUEST
126 # CHECK ANONYMOUS PERMISSION
139 #===================================================================
127 #======================================================================
140 self.action = self.__get_action(environ)
128 if self.action in ['pull', 'push'] or self.action:
141 if self.action:
129 anonymous_user = self.__get_user('default')
142 username = self.__get_environ_user(environ)
130 self.username = anonymous_user.username
143 try:
131 anonymous_perm = self.__check_permission(self.action, anonymous_user ,
144 user = self.__get_user(username)
132 self.repo_name)
145 self.username = user.username
133
146 except:
134 if anonymous_perm is not True or anonymous_user.active is False:
147 log.error(traceback.format_exc())
135 if anonymous_perm is not True:
148 return HTTPInternalServerError()(environ, start_response)
136 log.debug('Not enough credentials to access this repository'
137 'as anonymous user')
138 if anonymous_user.active is False:
139 log.debug('Anonymous access is disabled, running '
140 'authentication')
141 #==============================================================
142 # DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE
143 # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS
144 #==============================================================
149
145
150 #check permissions for this repository
146 if not REMOTE_USER(environ):
151 if self.action == 'push':
147 self.authenticate.realm = str(self.config['rhodecode_realm'])
152 if not HasPermissionAnyMiddleware('repository.write',
148 result = self.authenticate(environ)
153 'repository.admin')\
149 if isinstance(result, str):
154 (user, repo_name):
150 AUTH_TYPE.update(environ, 'basic')
155 return HTTPForbidden()(environ, start_response)
151 REMOTE_USER.update(environ, result)
152 else:
153 return result.wsgi_application(environ, start_response)
154
155
156 #==============================================================
157 # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME FROM
158 # BASIC AUTH
159 #==============================================================
156
160
157 else:
161 if self.action in ['pull', 'push'] or self.action:
158 #any other action need at least read permission
162 username = self.__get_environ_user(environ)
159 if not HasPermissionAnyMiddleware('repository.read',
163 try:
160 'repository.write',
164 user = self.__get_user(username)
161 'repository.admin')\
165 self.username = user.username
162 (user, repo_name):
166 except:
163 return HTTPForbidden()(environ, start_response)
167 log.error(traceback.format_exc())
168 return HTTPInternalServerError()(environ, start_response)
169
170 #check permissions for this repository
171 perm = self.__check_permission(self.action, user, self.repo_name)
172 if perm is not True:
173 print 'not allowed'
174 return HTTPForbidden()(environ, start_response)
164
175
165 self.extras = {'ip':self.ipaddr,
176 self.extras = {'ip':self.ipaddr,
166 'username':self.username,
177 'username':self.username,
167 'action':self.action,
178 'action':self.action,
168 'repository':self.repository}
179 'repository':self.repo_name}
169
180
170 #===================================================================
181 #===================================================================
171 # GIT REQUEST HANDLING
182 # GIT REQUEST HANDLING
@@ -197,6 +208,46 b' class SimpleGit(object):'
197
208
198 return gitserve
209 return gitserve
199
210
211 def __check_permission(self, action, user, repo_name):
212 """Checks permissions using action (push/pull) user and repository
213 name
214
215 :param action: push or pull action
216 :param user: user instance
217 :param repo_name: repository name
218 """
219 if action == 'push':
220 if not HasPermissionAnyMiddleware('repository.write',
221 'repository.admin')\
222 (user, repo_name):
223 return False
224
225 else:
226 #any other action need at least read permission
227 if not HasPermissionAnyMiddleware('repository.read',
228 'repository.write',
229 'repository.admin')\
230 (user, repo_name):
231 return False
232
233 return True
234
235
236 def __get_repository(self, environ):
237 """Get's repository name out of PATH_INFO header
238
239 :param environ: environ where PATH_INFO is stored
240 """
241 try:
242 repo_name = '/'.join(environ['PATH_INFO'].split('/')[1:])
243 if repo_name.endswith('/'):
244 repo_name = repo_name.rstrip('/')
245 except:
246 log.error(traceback.format_exc())
247 raise
248 repo_name = repo_name.split('/')[0]
249 return repo_name
250
200 def __get_environ_user(self, environ):
251 def __get_environ_user(self, environ):
201 return environ.get('REMOTE_USER')
252 return environ.get('REMOTE_USER')
202
253
Show file before | Show file after | Hide comments
@@ -105,13 +105,13 b' class SimpleHg(object):'
105 if anonymous_user.active is False:
105 if anonymous_user.active is False:
106 log.debug('Anonymous access is disabled, running '
106 log.debug('Anonymous access is disabled, running '
107 'authentication')
107 'authentication')
108 #==================================================================
108 #==============================================================
109 # DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE NEED
109 # DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE
110 # TO AUTHENTICATE AND ASK FOR AUTHENTICATED USER PERMISSIONS
110 # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS
111 #==================================================================
111 #==============================================================
112
112
113 if not REMOTE_USER(environ):
113 if not REMOTE_USER(environ):
114 self.authenticate.realm = self.config['rhodecode_realm']
114 self.authenticate.realm = str(self.config['rhodecode_realm'])
115 result = self.authenticate(environ)
115 result = self.authenticate(environ)
116 if isinstance(result, str):
116 if isinstance(result, str):
117 AUTH_TYPE.update(environ, 'basic')
117 AUTH_TYPE.update(environ, 'basic')
@@ -120,10 +120,10 b' class SimpleHg(object):'
120 return result.wsgi_application(environ, start_response)
120 return result.wsgi_application(environ, start_response)
121
121
122
122
123 #==================================================================
123 #==============================================================
124 # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME FROM
124 # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME FROM
125 # BASIC AUTH
125 # BASIC AUTH
126 #==================================================================
126 #==============================================================
127
127
128 if self.action in ['pull', 'push']:
128 if self.action in ['pull', 'push']:
129 username = self.__get_environ_user(environ)
129 username = self.__get_environ_user(environ)
General Comments 0
You need to be logged in to leave comments. Login now