##// END OF EJS Templates
upstream » kallithea
RSS

Clone from https://kallithea-scm.org/repos/kallithea

fixes #97 in simplehg and simplegit, force casting to headers
marcink -
r918:b2d5868c beta
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -78,8 +78,8 from webob.exc import HTTPNotFound, HTTP
78 log = logging.getLogger(__name__)
78 log = logging.getLogger(__name__)
79
79
80 def is_git(environ):
80 def is_git(environ):
81 """Returns True if request's target is git server. ``HTTP_USER_AGENT`` would
81 """Returns True if request's target is git server.
82 then have git client version given.
82 ``HTTP_USER_AGENT`` would then have git client version given.
83
83
84 :param environ:
84 :param environ:
85 """
85 """
@@ -109,12 +109,42 class SimpleGit(object):
109 self.ipaddr = environ.get(proxy_key, environ.get(def_key, '0.0.0.0'))
109 self.ipaddr = environ.get(proxy_key, environ.get(def_key, '0.0.0.0'))
110 # skip passing error to error controller
110 # skip passing error to error controller
111 environ['pylons.status_code_redirect'] = True
111 environ['pylons.status_code_redirect'] = True
112 #===================================================================
112
113 # AUTHENTICATE THIS GIT REQUEST
113 #======================================================================
114 #===================================================================
114 # GET ACTION PULL or PUSH
115 username = REMOTE_USER(environ)
115 #======================================================================
116 if not username:
116 self.action = self.__get_action(environ)
117 self.authenticate.realm = self.config['rhodecode_realm']
117 try:
118 #==================================================================
119 # GET REPOSITORY NAME
120 #==================================================================
121 self.repo_name = self.__get_repository(environ)
122 except:
123 return HTTPInternalServerError()(environ, start_response)
124
125 #======================================================================
126 # CHECK ANONYMOUS PERMISSION
127 #======================================================================
128 if self.action in ['pull', 'push'] or self.action:
129 anonymous_user = self.__get_user('default')
130 self.username = anonymous_user.username
131 anonymous_perm = self.__check_permission(self.action, anonymous_user ,
132 self.repo_name)
133
134 if anonymous_perm is not True or anonymous_user.active is False:
135 if anonymous_perm is not True:
136 log.debug('Not enough credentials to access this repository'
137 'as anonymous user')
138 if anonymous_user.active is False:
139 log.debug('Anonymous access is disabled, running '
140 'authentication')
141 #==============================================================
142 # DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE
143 # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS
144 #==============================================================
145
146 if not REMOTE_USER(environ):
147 self.authenticate.realm = str(self.config['rhodecode_realm'])
118 result = self.authenticate(environ)
148 result = self.authenticate(environ)
119 if isinstance(result, str):
149 if isinstance(result, str):
120 AUTH_TYPE.update(environ, 'basic')
150 AUTH_TYPE.update(environ, 'basic')
@@ -122,23 +152,13 class SimpleGit(object):
122 else:
152 else:
123 return result.wsgi_application(environ, start_response)
153 return result.wsgi_application(environ, start_response)
124
154
125 #=======================================================================
126 # GET REPOSITORY
127 #=======================================================================
128 try:
129 repo_name = '/'.join(environ['PATH_INFO'].split('/')[1:])
130 if repo_name.endswith('/'):
131 repo_name = repo_name.rstrip('/')
132 self.repository = repo_name
133 except:
134 log.error(traceback.format_exc())
135 return HTTPInternalServerError()(environ, start_response)
136
155
137 #===================================================================
156 #==============================================================
138 # CHECK PERMISSIONS FOR THIS REQUEST
157 # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME FROM
139 #===================================================================
158 # BASIC AUTH
140 self.action = self.__get_action(environ)
159 #==============================================================
141 if self.action:
160
161 if self.action in ['pull', 'push'] or self.action:
142 username = self.__get_environ_user(environ)
162 username = self.__get_environ_user(environ)
143 try:
163 try:
144 user = self.__get_user(username)
164 user = self.__get_user(username)
@@ -148,24 +168,15 class SimpleGit(object):
148 return HTTPInternalServerError()(environ, start_response)
168 return HTTPInternalServerError()(environ, start_response)
149
169
150 #check permissions for this repository
170 #check permissions for this repository
151 if self.action == 'push':
171 perm = self.__check_permission(self.action, user, self.repo_name)
152 if not HasPermissionAnyMiddleware('repository.write',
172 if perm is not True:
153 'repository.admin')\
173 print 'not allowed'
154 (user, repo_name):
155 return HTTPForbidden()(environ, start_response)
156
157 else:
158 #any other action need at least read permission
159 if not HasPermissionAnyMiddleware('repository.read',
160 'repository.write',
161 'repository.admin')\
162 (user, repo_name):
163 return HTTPForbidden()(environ, start_response)
174 return HTTPForbidden()(environ, start_response)
164
175
165 self.extras = {'ip':self.ipaddr,
176 self.extras = {'ip':self.ipaddr,
166 'username':self.username,
177 'username':self.username,
167 'action':self.action,
178 'action':self.action,
168 'repository':self.repository}
179 'repository':self.repo_name}
169
180
170 #===================================================================
181 #===================================================================
171 # GIT REQUEST HANDLING
182 # GIT REQUEST HANDLING
@@ -197,6 +208,46 class SimpleGit(object):
197
208
198 return gitserve
209 return gitserve
199
210
211 def __check_permission(self, action, user, repo_name):
212 """Checks permissions using action (push/pull) user and repository
213 name
214
215 :param action: push or pull action
216 :param user: user instance
217 :param repo_name: repository name
218 """
219 if action == 'push':
220 if not HasPermissionAnyMiddleware('repository.write',
221 'repository.admin')\
222 (user, repo_name):
223 return False
224
225 else:
226 #any other action need at least read permission
227 if not HasPermissionAnyMiddleware('repository.read',
228 'repository.write',
229 'repository.admin')\
230 (user, repo_name):
231 return False
232
233 return True
234
235
236 def __get_repository(self, environ):
237 """Get's repository name out of PATH_INFO header
238
239 :param environ: environ where PATH_INFO is stored
240 """
241 try:
242 repo_name = '/'.join(environ['PATH_INFO'].split('/')[1:])
243 if repo_name.endswith('/'):
244 repo_name = repo_name.rstrip('/')
245 except:
246 log.error(traceback.format_exc())
247 raise
248 repo_name = repo_name.split('/')[0]
249 return repo_name
250
200 def __get_environ_user(self, environ):
251 def __get_environ_user(self, environ):
201 return environ.get('REMOTE_USER')
252 return environ.get('REMOTE_USER')
202
253
Show file before | Show file after | Hide comments
@@ -105,13 +105,13 class SimpleHg(object):
105 if anonymous_user.active is False:
105 if anonymous_user.active is False:
106 log.debug('Anonymous access is disabled, running '
106 log.debug('Anonymous access is disabled, running '
107 'authentication')
107 'authentication')
108 #==================================================================
108 #==============================================================
109 # DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE NEED
109 # DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE
110 # TO AUTHENTICATE AND ASK FOR AUTHENTICATED USER PERMISSIONS
110 # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS
111 #==================================================================
111 #==============================================================
112
112
113 if not REMOTE_USER(environ):
113 if not REMOTE_USER(environ):
114 self.authenticate.realm = self.config['rhodecode_realm']
114 self.authenticate.realm = str(self.config['rhodecode_realm'])
115 result = self.authenticate(environ)
115 result = self.authenticate(environ)
116 if isinstance(result, str):
116 if isinstance(result, str):
117 AUTH_TYPE.update(environ, 'basic')
117 AUTH_TYPE.update(environ, 'basic')
@@ -120,10 +120,10 class SimpleHg(object):
120 return result.wsgi_application(environ, start_response)
120 return result.wsgi_application(environ, start_response)
121
121
122
122
123 #==================================================================
123 #==============================================================
124 # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME FROM
124 # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME FROM
125 # BASIC AUTH
125 # BASIC AUTH
126 #==================================================================
126 #==============================================================
127
127
128 if self.action in ['pull', 'push']:
128 if self.action in ['pull', 'push']:
129 username = self.__get_environ_user(environ)
129 username = self.__get_environ_user(environ)
General Comments 0
You need to be logged in to leave comments. Login now