Show More
@@ -23,7 +23,7 b' from rhodecode.lib.auth import AuthUser,' | |||||
23 | from rhodecode.lib.utils import get_repo_slug, invalidate_cache |
|
23 | from rhodecode.lib.utils import get_repo_slug, invalidate_cache | |
24 | from rhodecode.model import meta |
|
24 | from rhodecode.model import meta | |
25 |
|
25 | |||
26 | from rhodecode.model.db import Repository |
|
26 | from rhodecode.model.db import Repository, RhodeCodeUi | |
27 | from rhodecode.model.notification import NotificationModel |
|
27 | from rhodecode.model.notification import NotificationModel | |
28 | from rhodecode.model.scm import ScmModel |
|
28 | from rhodecode.model.scm import ScmModel | |
29 |
|
29 | |||
@@ -145,6 +145,21 b' class BaseVCSController(object):' | |||||
145 | def _get_ip_addr(self, environ): |
|
145 | def _get_ip_addr(self, environ): | |
146 | return _get_ip_addr(environ) |
|
146 | return _get_ip_addr(environ) | |
147 |
|
147 | |||
|
148 | def _check_ssl(self, environ, start_response): | |||
|
149 | """ | |||
|
150 | Checks the SSL check flag and returns False if SSL is not present | |||
|
151 | and required True otherwise | |||
|
152 | """ | |||
|
153 | org_proto = environ['wsgi._org_proto'] | |||
|
154 | #check if we have SSL required ! if not it's a bad request ! | |||
|
155 | require_ssl = str2bool(RhodeCodeUi.get_by_key('push_ssl')\ | |||
|
156 | .scalar().ui_value) | |||
|
157 | if require_ssl and org_proto == 'http': | |||
|
158 | log.debug('proto is %s and SSL is required BAD REQUEST !' | |||
|
159 | % org_proto) | |||
|
160 | return False | |||
|
161 | return True | |||
|
162 | ||||
148 | def __call__(self, environ, start_response): |
|
163 | def __call__(self, environ, start_response): | |
149 | start = time.time() |
|
164 | start = time.time() | |
150 | try: |
|
165 | try: |
@@ -42,21 +42,20 b' class HttpsFixup(object):' | |||||
42 | middleware you should set this header inside your |
|
42 | middleware you should set this header inside your | |
43 | proxy ie. nginx, apache etc. |
|
43 | proxy ie. nginx, apache etc. | |
44 | """ |
|
44 | """ | |
|
45 | # DETECT PROTOCOL ! | |||
|
46 | if 'HTTP_X_URL_SCHEME' in environ: | |||
|
47 | proto = environ.get('HTTP_X_URL_SCHEME') | |||
|
48 | elif 'HTTP_X_FORWARDED_SCHEME' in environ: | |||
|
49 | proto = environ.get('HTTP_X_FORWARDED_SCHEME') | |||
|
50 | elif 'HTTP_X_FORWARDED_PROTO' in environ: | |||
|
51 | proto = environ.get('HTTP_X_FORWARDED_PROTO') | |||
|
52 | else: | |||
|
53 | proto = 'http' | |||
|
54 | org_proto = proto | |||
45 |
|
55 | |||
|
56 | # if we have force, just override | |||
46 | if str2bool(self.config.get('force_https')): |
|
57 | if str2bool(self.config.get('force_https')): | |
47 | proto = 'https' |
|
58 | proto = 'https' | |
48 | else: |
|
|||
49 | if 'HTTP_X_URL_SCHEME' in environ: |
|
|||
50 | proto = environ.get('HTTP_X_URL_SCHEME') |
|
|||
51 | elif 'HTTP_X_FORWARDED_SCHEME' in environ: |
|
|||
52 | proto = environ.get('HTTP_X_FORWARDED_SCHEME') |
|
|||
53 | elif 'HTTP_X_FORWARDED_PROTO' in environ: |
|
|||
54 | proto = environ.get('HTTP_X_FORWARDED_PROTO') |
|
|||
55 | else: |
|
|||
56 | proto = 'http' |
|
|||
57 | if proto == 'https': |
|
|||
58 | environ['wsgi.url_scheme'] = proto |
|
|||
59 | else: |
|
|||
60 | environ['wsgi.url_scheme'] = 'http' |
|
|||
61 |
|
59 | |||
62 | return None |
|
60 | environ['wsgi.url_scheme'] = proto | |
|
61 | environ['wsgi._org_proto'] = org_proto |
@@ -74,6 +74,8 b' dulserver.DEFAULT_HANDLERS = {' | |||||
74 | #from dulwich.web import make_wsgi_chain |
|
74 | #from dulwich.web import make_wsgi_chain | |
75 |
|
75 | |||
76 | from paste.httpheaders import REMOTE_USER, AUTH_TYPE |
|
76 | from paste.httpheaders import REMOTE_USER, AUTH_TYPE | |
|
77 | from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError, \ | |||
|
78 | HTTPBadRequest, HTTPNotAcceptable | |||
77 |
|
79 | |||
78 | from rhodecode.lib.utils2 import safe_str |
|
80 | from rhodecode.lib.utils2 import safe_str | |
79 | from rhodecode.lib.base import BaseVCSController |
|
81 | from rhodecode.lib.base import BaseVCSController | |
@@ -81,8 +83,6 b' from rhodecode.lib.auth import get_conta' | |||||
81 | from rhodecode.lib.utils import is_valid_repo, make_ui |
|
83 | from rhodecode.lib.utils import is_valid_repo, make_ui | |
82 | from rhodecode.model.db import User, RhodeCodeUi |
|
84 | from rhodecode.model.db import User, RhodeCodeUi | |
83 |
|
85 | |||
84 | from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError |
|
|||
85 |
|
||||
86 | log = logging.getLogger(__name__) |
|
86 | log = logging.getLogger(__name__) | |
87 |
|
87 | |||
88 |
|
88 | |||
@@ -104,7 +104,8 b' class SimpleGit(BaseVCSController):' | |||||
104 |
|
104 | |||
105 | if not is_git(environ): |
|
105 | if not is_git(environ): | |
106 | return self.application(environ, start_response) |
|
106 | return self.application(environ, start_response) | |
107 |
|
107 | if not self._check_ssl(environ, start_response): | ||
|
108 | return HTTPNotAcceptable('SSL REQUIRED !')(environ, start_response) | |||
108 | ipaddr = self._get_ip_addr(environ) |
|
109 | ipaddr = self._get_ip_addr(environ) | |
109 | username = None |
|
110 | username = None | |
110 | self._git_first_op = False |
|
111 | self._git_first_op = False |
@@ -33,6 +33,8 b' from mercurial.error import RepoError' | |||||
33 | from mercurial.hgweb import hgweb_mod |
|
33 | from mercurial.hgweb import hgweb_mod | |
34 |
|
34 | |||
35 | from paste.httpheaders import REMOTE_USER, AUTH_TYPE |
|
35 | from paste.httpheaders import REMOTE_USER, AUTH_TYPE | |
|
36 | from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError, \ | |||
|
37 | HTTPBadRequest, HTTPNotAcceptable | |||
36 |
|
38 | |||
37 | from rhodecode.lib.utils2 import safe_str |
|
39 | from rhodecode.lib.utils2 import safe_str | |
38 | from rhodecode.lib.base import BaseVCSController |
|
40 | from rhodecode.lib.base import BaseVCSController | |
@@ -40,7 +42,6 b' from rhodecode.lib.auth import get_conta' | |||||
40 | from rhodecode.lib.utils import make_ui, is_valid_repo, ui_sections |
|
42 | from rhodecode.lib.utils import make_ui, is_valid_repo, ui_sections | |
41 | from rhodecode.model.db import User |
|
43 | from rhodecode.model.db import User | |
42 |
|
44 | |||
43 | from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError |
|
|||
44 |
|
45 | |||
45 | log = logging.getLogger(__name__) |
|
46 | log = logging.getLogger(__name__) | |
46 |
|
47 | |||
@@ -68,6 +69,8 b' class SimpleHg(BaseVCSController):' | |||||
68 | def _handle_request(self, environ, start_response): |
|
69 | def _handle_request(self, environ, start_response): | |
69 | if not is_mercurial(environ): |
|
70 | if not is_mercurial(environ): | |
70 | return self.application(environ, start_response) |
|
71 | return self.application(environ, start_response) | |
|
72 | if not self._check_ssl(environ, start_response): | |||
|
73 | return HTTPNotAcceptable('SSL REQUIRED !')(environ, start_response) | |||
71 |
|
74 | |||
72 | ipaddr = self._get_ip_addr(environ) |
|
75 | ipaddr = self._get_ip_addr(environ) | |
73 | username = None |
|
76 | username = None |
@@ -312,7 +312,7 b" def make_ui(read_from='file', path=None," | |||||
312 |
|
312 | |||
313 | hg_ui = ret |
|
313 | hg_ui = ret | |
314 | for ui_ in hg_ui: |
|
314 | for ui_ in hg_ui: | |
315 | if ui_.ui_active: |
|
315 | if ui_.ui_active and ui_.ui_key != 'push_ssl': | |
316 | log.debug('settings ui from db[%s]%s:%s', ui_.ui_section, |
|
316 | log.debug('settings ui from db[%s]%s:%s', ui_.ui_section, | |
317 | ui_.ui_key, ui_.ui_value) |
|
317 | ui_.ui_key, ui_.ui_value) | |
318 | baseui.setconfig(ui_.ui_section, ui_.ui_key, ui_.ui_value) |
|
318 | baseui.setconfig(ui_.ui_section, ui_.ui_key, ui_.ui_value) |
@@ -728,7 +728,7 b' class Repository(Base, BaseModel):' | |||||
728 |
|
728 | |||
729 | hg_ui = ret |
|
729 | hg_ui = ret | |
730 | for ui_ in hg_ui: |
|
730 | for ui_ in hg_ui: | |
731 | if ui_.ui_active: |
|
731 | if ui_.ui_active and ui_.ui_key != 'push_ssl': | |
732 | log.debug('settings ui from db[%s]%s:%s', ui_.ui_section, |
|
732 | log.debug('settings ui from db[%s]%s:%s', ui_.ui_section, | |
733 | ui_.ui_key, ui_.ui_value) |
|
733 | ui_.ui_key, ui_.ui_value) | |
734 | baseui.setconfig(ui_.ui_section, ui_.ui_key, ui_.ui_value) |
|
734 | baseui.setconfig(ui_.ui_section, ui_.ui_key, ui_.ui_value) |
@@ -129,7 +129,7 b'' | |||||
129 | <div class="checkboxes"> |
|
129 | <div class="checkboxes"> | |
130 | <div class="checkbox"> |
|
130 | <div class="checkbox"> | |
131 | ${h.checkbox('web_push_ssl','true')} |
|
131 | ${h.checkbox('web_push_ssl','true')} | |
132 |
<label for="web_push_ssl">${_('require ssl for |
|
132 | <label for="web_push_ssl">${_('require ssl for vcs operations')}</label> | |
133 | </div> |
|
133 | </div> | |
134 | </div> |
|
134 | </div> | |
135 | </div> |
|
135 | </div> |
General Comments 0
You need to be logged in to leave comments.
Login now