##// END OF EJS Templates
upstream » kallithea
RSS

Clone from https://kallithea-scm.org/repos/kallithea

Implementes #509 require SSL flag now works for both git and mercurial....
marcink -
r2668:f0851f37 beta
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -23,7 +23,7 b' from rhodecode.lib.auth import AuthUser,'
23 from rhodecode.lib.utils import get_repo_slug, invalidate_cache
23 from rhodecode.lib.utils import get_repo_slug, invalidate_cache
24 from rhodecode.model import meta
24 from rhodecode.model import meta
25
25
26 from rhodecode.model.db import Repository
26 from rhodecode.model.db import Repository, RhodeCodeUi
27 from rhodecode.model.notification import NotificationModel
27 from rhodecode.model.notification import NotificationModel
28 from rhodecode.model.scm import ScmModel
28 from rhodecode.model.scm import ScmModel
29
29
@@ -145,6 +145,21 b' class BaseVCSController(object):'
145 def _get_ip_addr(self, environ):
145 def _get_ip_addr(self, environ):
146 return _get_ip_addr(environ)
146 return _get_ip_addr(environ)
147
147
148 def _check_ssl(self, environ, start_response):
149 """
150 Checks the SSL check flag and returns False if SSL is not present
151 and required True otherwise
152 """
153 org_proto = environ['wsgi._org_proto']
154 #check if we have SSL required ! if not it's a bad request !
155 require_ssl = str2bool(RhodeCodeUi.get_by_key('push_ssl')\
156 .scalar().ui_value)
157 if require_ssl and org_proto == 'http':
158 log.debug('proto is %s and SSL is required BAD REQUEST !'
159 % org_proto)
160 return False
161 return True
162
148 def __call__(self, environ, start_response):
163 def __call__(self, environ, start_response):
149 start = time.time()
164 start = time.time()
150 try:
165 try:
Show file before | Show file after | Hide comments
@@ -42,10 +42,7 b' class HttpsFixup(object):'
42 middleware you should set this header inside your
42 middleware you should set this header inside your
43 proxy ie. nginx, apache etc.
43 proxy ie. nginx, apache etc.
44 """
44 """
45
45 # DETECT PROTOCOL !
46 if str2bool(self.config.get('force_https')):
47 proto = 'https'
48 else:
49 if 'HTTP_X_URL_SCHEME' in environ:
46 if 'HTTP_X_URL_SCHEME' in environ:
50 proto = environ.get('HTTP_X_URL_SCHEME')
47 proto = environ.get('HTTP_X_URL_SCHEME')
51 elif 'HTTP_X_FORWARDED_SCHEME' in environ:
48 elif 'HTTP_X_FORWARDED_SCHEME' in environ:
@@ -54,9 +51,11 b' class HttpsFixup(object):'
54 proto = environ.get('HTTP_X_FORWARDED_PROTO')
51 proto = environ.get('HTTP_X_FORWARDED_PROTO')
55 else:
52 else:
56 proto = 'http'
53 proto = 'http'
57 if proto == 'https':
54 org_proto = proto
55
56 # if we have force, just override
57 if str2bool(self.config.get('force_https')):
58 proto = 'https'
59
58 environ['wsgi.url_scheme'] = proto
60 environ['wsgi.url_scheme'] = proto
59 else:
61 environ['wsgi._org_proto'] = org_proto
60 environ['wsgi.url_scheme'] = 'http'
61
62 return None
Show file before | Show file after | Hide comments
@@ -74,6 +74,8 b' dulserver.DEFAULT_HANDLERS = {'
74 #from dulwich.web import make_wsgi_chain
74 #from dulwich.web import make_wsgi_chain
75
75
76 from paste.httpheaders import REMOTE_USER, AUTH_TYPE
76 from paste.httpheaders import REMOTE_USER, AUTH_TYPE
77 from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError, \
78 HTTPBadRequest, HTTPNotAcceptable
77
79
78 from rhodecode.lib.utils2 import safe_str
80 from rhodecode.lib.utils2 import safe_str
79 from rhodecode.lib.base import BaseVCSController
81 from rhodecode.lib.base import BaseVCSController
@@ -81,8 +83,6 b' from rhodecode.lib.auth import get_conta'
81 from rhodecode.lib.utils import is_valid_repo, make_ui
83 from rhodecode.lib.utils import is_valid_repo, make_ui
82 from rhodecode.model.db import User, RhodeCodeUi
84 from rhodecode.model.db import User, RhodeCodeUi
83
85
84 from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError
85
86 log = logging.getLogger(__name__)
86 log = logging.getLogger(__name__)
87
87
88
88
@@ -104,7 +104,8 b' class SimpleGit(BaseVCSController):'
104
104
105 if not is_git(environ):
105 if not is_git(environ):
106 return self.application(environ, start_response)
106 return self.application(environ, start_response)
107
107 if not self._check_ssl(environ, start_response):
108 return HTTPNotAcceptable('SSL REQUIRED !')(environ, start_response)
108 ipaddr = self._get_ip_addr(environ)
109 ipaddr = self._get_ip_addr(environ)
109 username = None
110 username = None
110 self._git_first_op = False
111 self._git_first_op = False
Show file before | Show file after | Hide comments
@@ -33,6 +33,8 b' from mercurial.error import RepoError'
33 from mercurial.hgweb import hgweb_mod
33 from mercurial.hgweb import hgweb_mod
34
34
35 from paste.httpheaders import REMOTE_USER, AUTH_TYPE
35 from paste.httpheaders import REMOTE_USER, AUTH_TYPE
36 from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError, \
37 HTTPBadRequest, HTTPNotAcceptable
36
38
37 from rhodecode.lib.utils2 import safe_str
39 from rhodecode.lib.utils2 import safe_str
38 from rhodecode.lib.base import BaseVCSController
40 from rhodecode.lib.base import BaseVCSController
@@ -40,7 +42,6 b' from rhodecode.lib.auth import get_conta'
40 from rhodecode.lib.utils import make_ui, is_valid_repo, ui_sections
42 from rhodecode.lib.utils import make_ui, is_valid_repo, ui_sections
41 from rhodecode.model.db import User
43 from rhodecode.model.db import User
42
44
43 from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError
44
45
45 log = logging.getLogger(__name__)
46 log = logging.getLogger(__name__)
46
47
@@ -68,6 +69,8 b' class SimpleHg(BaseVCSController):'
68 def _handle_request(self, environ, start_response):
69 def _handle_request(self, environ, start_response):
69 if not is_mercurial(environ):
70 if not is_mercurial(environ):
70 return self.application(environ, start_response)
71 return self.application(environ, start_response)
72 if not self._check_ssl(environ, start_response):
73 return HTTPNotAcceptable('SSL REQUIRED !')(environ, start_response)
71
74
72 ipaddr = self._get_ip_addr(environ)
75 ipaddr = self._get_ip_addr(environ)
73 username = None
76 username = None
Show file before | Show file after | Hide comments
@@ -312,7 +312,7 b" def make_ui(read_from='file', path=None,"
312
312
313 hg_ui = ret
313 hg_ui = ret
314 for ui_ in hg_ui:
314 for ui_ in hg_ui:
315 if ui_.ui_active:
315 if ui_.ui_active and ui_.ui_key != 'push_ssl':
316 log.debug('settings ui from db[%s]%s:%s', ui_.ui_section,
316 log.debug('settings ui from db[%s]%s:%s', ui_.ui_section,
317 ui_.ui_key, ui_.ui_value)
317 ui_.ui_key, ui_.ui_value)
318 baseui.setconfig(ui_.ui_section, ui_.ui_key, ui_.ui_value)
318 baseui.setconfig(ui_.ui_section, ui_.ui_key, ui_.ui_value)
Show file before | Show file after | Hide comments
@@ -728,7 +728,7 b' class Repository(Base, BaseModel):'
728
728
729 hg_ui = ret
729 hg_ui = ret
730 for ui_ in hg_ui:
730 for ui_ in hg_ui:
731 if ui_.ui_active:
731 if ui_.ui_active and ui_.ui_key != 'push_ssl':
732 log.debug('settings ui from db[%s]%s:%s', ui_.ui_section,
732 log.debug('settings ui from db[%s]%s:%s', ui_.ui_section,
733 ui_.ui_key, ui_.ui_value)
733 ui_.ui_key, ui_.ui_value)
734 baseui.setconfig(ui_.ui_section, ui_.ui_key, ui_.ui_value)
734 baseui.setconfig(ui_.ui_section, ui_.ui_key, ui_.ui_value)
Show file before | Show file after | Hide comments
@@ -129,7 +129,7 b''
129 <div class="checkboxes">
129 <div class="checkboxes">
130 <div class="checkbox">
130 <div class="checkbox">
131 ${h.checkbox('web_push_ssl','true')}
131 ${h.checkbox('web_push_ssl','true')}
132 <label for="web_push_ssl">${_('require ssl for pushing')}</label>
132 <label for="web_push_ssl">${_('require ssl for vcs operations')}</label>
133 </div>
133 </div>
134 </div>
134 </div>
135 </div>
135 </div>
General Comments 0
You need to be logged in to leave comments. Login now