Show More
| @@ -23,7 +23,7 b' from rhodecode.lib.auth import AuthUser,' | |||
|
|
23 | 23 | from rhodecode.lib.utils import get_repo_slug, invalidate_cache |
|
|
24 | 24 | from rhodecode.model import meta |
|
|
25 | 25 | |
|
|
26 | from rhodecode.model.db import Repository | |
|
|
26 | from rhodecode.model.db import Repository, RhodeCodeUi | |
|
|
27 | 27 | from rhodecode.model.notification import NotificationModel |
|
|
28 | 28 | from rhodecode.model.scm import ScmModel |
|
|
29 | 29 | |
| @@ -145,6 +145,21 b' class BaseVCSController(object):' | |||
|
|
145 | 145 | def _get_ip_addr(self, environ): |
|
|
146 | 146 | return _get_ip_addr(environ) |
|
|
147 | 147 | |
|
|
148 | def _check_ssl(self, environ, start_response): | |
|
|
149 | """ | |
|
|
150 | Checks the SSL check flag and returns False if SSL is not present | |
|
|
151 | and required True otherwise | |
|
|
152 | """ | |
|
|
153 | org_proto = environ['wsgi._org_proto'] | |
|
|
154 | #check if we have SSL required ! if not it's a bad request ! | |
|
|
155 | require_ssl = str2bool(RhodeCodeUi.get_by_key('push_ssl')\ | |
|
|
156 | .scalar().ui_value) | |
|
|
157 | if require_ssl and org_proto == 'http': | |
|
|
158 | log.debug('proto is %s and SSL is required BAD REQUEST !' | |
|
|
159 | % org_proto) | |
|
|
160 | return False | |
|
|
161 | return True | |
|
|
162 | ||
|
|
148 | 163 | def __call__(self, environ, start_response): |
|
|
149 | 164 | start = time.time() |
|
|
150 | 165 | try: |
| @@ -42,21 +42,20 b' class HttpsFixup(object):' | |||
|
|
42 | 42 | middleware you should set this header inside your |
|
|
43 | 43 | proxy ie. nginx, apache etc. |
|
|
44 | 44 | """ |
|
|
45 | # DETECT PROTOCOL ! | |
|
|
46 | if 'HTTP_X_URL_SCHEME' in environ: | |
|
|
47 | proto = environ.get('HTTP_X_URL_SCHEME') | |
|
|
48 | elif 'HTTP_X_FORWARDED_SCHEME' in environ: | |
|
|
49 | proto = environ.get('HTTP_X_FORWARDED_SCHEME') | |
|
|
50 | elif 'HTTP_X_FORWARDED_PROTO' in environ: | |
|
|
51 | proto = environ.get('HTTP_X_FORWARDED_PROTO') | |
|
|
52 | else: | |
|
|
53 | proto = 'http' | |
|
|
54 | org_proto = proto | |
|
|
45 | 55 | |
|
|
56 | # if we have force, just override | |
|
|
46 | 57 | if str2bool(self.config.get('force_https')): |
|
|
47 | 58 | proto = 'https' |
|
|
48 | else: | |
|
|
49 | if 'HTTP_X_URL_SCHEME' in environ: | |
|
|
50 | proto = environ.get('HTTP_X_URL_SCHEME') | |
|
|
51 | elif 'HTTP_X_FORWARDED_SCHEME' in environ: | |
|
|
52 | proto = environ.get('HTTP_X_FORWARDED_SCHEME') | |
|
|
53 | elif 'HTTP_X_FORWARDED_PROTO' in environ: | |
|
|
54 | proto = environ.get('HTTP_X_FORWARDED_PROTO') | |
|
|
55 | else: | |
|
|
56 | proto = 'http' | |
|
|
57 | if proto == 'https': | |
|
|
58 | environ['wsgi.url_scheme'] = proto | |
|
|
59 | else: | |
|
|
60 | environ['wsgi.url_scheme'] = 'http' | |
|
|
61 | 59 | |
|
|
62 | return None | |
|
|
60 | environ['wsgi.url_scheme'] = proto | |
|
|
61 | environ['wsgi._org_proto'] = org_proto | |
| @@ -74,6 +74,8 b' dulserver.DEFAULT_HANDLERS = {' | |||
|
|
74 | 74 | #from dulwich.web import make_wsgi_chain |
|
|
75 | 75 | |
|
|
76 | 76 | from paste.httpheaders import REMOTE_USER, AUTH_TYPE |
|
|
77 | from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError, \ | |
|
|
78 | HTTPBadRequest, HTTPNotAcceptable | |
|
|
77 | 79 | |
|
|
78 | 80 | from rhodecode.lib.utils2 import safe_str |
|
|
79 | 81 | from rhodecode.lib.base import BaseVCSController |
| @@ -81,8 +83,6 b' from rhodecode.lib.auth import get_conta' | |||
|
|
81 | 83 | from rhodecode.lib.utils import is_valid_repo, make_ui |
|
|
82 | 84 | from rhodecode.model.db import User, RhodeCodeUi |
|
|
83 | 85 | |
|
|
84 | from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError | |
|
|
85 | ||
|
|
86 | 86 | log = logging.getLogger(__name__) |
|
|
87 | 87 | |
|
|
88 | 88 | |
| @@ -104,7 +104,8 b' class SimpleGit(BaseVCSController):' | |||
|
|
104 | 104 | |
|
|
105 | 105 | if not is_git(environ): |
|
|
106 | 106 | return self.application(environ, start_response) |
|
|
107 | ||
|
|
107 | if not self._check_ssl(environ, start_response): | |
|
|
108 | return HTTPNotAcceptable('SSL REQUIRED !')(environ, start_response) | |
|
|
108 | 109 | ipaddr = self._get_ip_addr(environ) |
|
|
109 | 110 | username = None |
|
|
110 | 111 | self._git_first_op = False |
| @@ -33,6 +33,8 b' from mercurial.error import RepoError' | |||
|
|
33 | 33 | from mercurial.hgweb import hgweb_mod |
|
|
34 | 34 | |
|
|
35 | 35 | from paste.httpheaders import REMOTE_USER, AUTH_TYPE |
|
|
36 | from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError, \ | |
|
|
37 | HTTPBadRequest, HTTPNotAcceptable | |
|
|
36 | 38 | |
|
|
37 | 39 | from rhodecode.lib.utils2 import safe_str |
|
|
38 | 40 | from rhodecode.lib.base import BaseVCSController |
| @@ -40,7 +42,6 b' from rhodecode.lib.auth import get_conta' | |||
|
|
40 | 42 | from rhodecode.lib.utils import make_ui, is_valid_repo, ui_sections |
|
|
41 | 43 | from rhodecode.model.db import User |
|
|
42 | 44 | |
|
|
43 | from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError | |
|
|
44 | 45 | |
|
|
45 | 46 | log = logging.getLogger(__name__) |
|
|
46 | 47 | |
| @@ -68,6 +69,8 b' class SimpleHg(BaseVCSController):' | |||
|
|
68 | 69 | def _handle_request(self, environ, start_response): |
|
|
69 | 70 | if not is_mercurial(environ): |
|
|
70 | 71 | return self.application(environ, start_response) |
|
|
72 | if not self._check_ssl(environ, start_response): | |
|
|
73 | return HTTPNotAcceptable('SSL REQUIRED !')(environ, start_response) | |
|
|
71 | 74 | |
|
|
72 | 75 | ipaddr = self._get_ip_addr(environ) |
|
|
73 | 76 | username = None |
| @@ -312,7 +312,7 b" def make_ui(read_from='file', path=None," | |||
|
|
312 | 312 | |
|
|
313 | 313 | hg_ui = ret |
|
|
314 | 314 | for ui_ in hg_ui: |
|
|
315 | if ui_.ui_active: | |
|
|
315 | if ui_.ui_active and ui_.ui_key != 'push_ssl': | |
|
|
316 | 316 | log.debug('settings ui from db[%s]%s:%s', ui_.ui_section, |
|
|
317 | 317 | ui_.ui_key, ui_.ui_value) |
|
|
318 | 318 | baseui.setconfig(ui_.ui_section, ui_.ui_key, ui_.ui_value) |
| @@ -728,7 +728,7 b' class Repository(Base, BaseModel):' | |||
|
|
728 | 728 | |
|
|
729 | 729 | hg_ui = ret |
|
|
730 | 730 | for ui_ in hg_ui: |
|
|
731 | if ui_.ui_active: | |
|
|
731 | if ui_.ui_active and ui_.ui_key != 'push_ssl': | |
|
|
732 | 732 | log.debug('settings ui from db[%s]%s:%s', ui_.ui_section, |
|
|
733 | 733 | ui_.ui_key, ui_.ui_value) |
|
|
734 | 734 | baseui.setconfig(ui_.ui_section, ui_.ui_key, ui_.ui_value) |
| @@ -129,7 +129,7 b'' | |||
|
|
129 | 129 | <div class="checkboxes"> |
|
|
130 | 130 | <div class="checkbox"> |
|
|
131 | 131 | ${h.checkbox('web_push_ssl','true')} |
|
|
132 |
<label for="web_push_ssl">${_('require ssl for |
|
|
|
132 | <label for="web_push_ssl">${_('require ssl for vcs operations')}</label> | |
|
|
133 | 133 | </div> |
|
|
134 | 134 | </div> |
|
|
135 | 135 | </div> |
General Comments 0
You need to be logged in to leave comments.
Login now