##// END OF EJS Templates
hgweb: do not ignore [auth] if url has a username (issue2822)...
hgweb: do not ignore [auth] if url has a username (issue2822) The [auth] section was ignored when handling URLs like: http://user@example.com/foo Instead, we look in [auth] for an entry matching the URL and supplied user name. Entries without username can match URL with a username. Prefix length ties are resolved in favor of entries matching the username. With: foo.prefix = http://example.org foo.username = user foo.password = password bar.prefix = http://example.org/bar and the input URL: http://user@example.org/bar the 'bar' entry will be selected because of prefix length, therefore prompting for a password. This behaviour ensure that entries selection is consistent when looking for credentials or for certificates, and that certificates can be picked even if their entries do no define usernames while the URL does. Additionally, entries without a username matched against a username are returned as if they did have requested username set to avoid prompting again for a username if the password is not set. v2: reparse the URL in readauthforuri() to handle HTTP and HTTPS similarly. v3: allow unset usernames to match URL usernames to pick certificates. Resolve prefix length ties in favor of entries with usernames.

File last commit:

r14666:27b080aa default
r15005:4a43e23b 1.9.1 stable
Show More
test-url.py
221 lines | 6.9 KiB | text/x-python | PythonLexer
Augie Fackler
test-url: skip test when ssl module is unavailable
r12737 import sys
Mads Kiilerich
url: verify correctness of https server certificates (issue2407)...
r12592
def check(a, b):
if a != b:
print (a, b)
Martin Geisler
test-url: refactor with shorter lines
r12606 def cert(cn):
return dict(subject=((('commonName', cn),),))
Augie Fackler
sslutil: extracted ssl methods from httpsconnection in url.py...
r14204 from mercurial.sslutil import _verifycert
Mads Kiilerich
url: verify correctness of https server certificates (issue2407)...
r12592
Augie Fackler
test-url: remove trailing whitespace
r12724 # Test non-wildcard certificates
Martin Geisler
test-url: refactor with shorter lines
r12606 check(_verifycert(cert('example.com'), 'example.com'),
None)
check(_verifycert(cert('example.com'), 'www.example.com'),
'certificate is for example.com')
check(_verifycert(cert('www.example.com'), 'example.com'),
'certificate is for www.example.com')
Mads Kiilerich
url: verify correctness of https server certificates (issue2407)...
r12592
# Test wildcard certificates
Martin Geisler
test-url: refactor with shorter lines
r12606 check(_verifycert(cert('*.example.com'), 'www.example.com'),
None)
check(_verifycert(cert('*.example.com'), 'example.com'),
'certificate is for *.example.com')
check(_verifycert(cert('*.example.com'), 'w.w.example.com'),
'certificate is for *.example.com')
Mads Kiilerich
url: verify correctness of https server certificates (issue2407)...
r12592
Yuya Nishihara
url: check subjectAltName when verifying ssl certificate...
r13249 # Test subjectAltName
san_cert = {'subject': ((('commonName', 'example.com'),),),
'subjectAltName': (('DNS', '*.example.net'),
('DNS', 'example.net'))}
check(_verifycert(san_cert, 'example.net'),
None)
check(_verifycert(san_cert, 'foo.example.net'),
None)
Nicolas Bareil
sslutil: fall back to commonName when no dNSName in subjectAltName (issue2798)...
r14666 # no fallback to subject commonName when subjectAltName has DNS
Yuya Nishihara
url: check subjectAltName when verifying ssl certificate...
r13249 check(_verifycert(san_cert, 'example.com'),
'certificate is for *.example.net, example.net')
Nicolas Bareil
sslutil: fall back to commonName when no dNSName in subjectAltName (issue2798)...
r14666 # fallback to subject commonName when no DNS in subjectAltName
san_cert = {'subject': ((('commonName', 'example.com'),),),
'subjectAltName': (('IP Address', '8.8.8.8'),)}
check(_verifycert(san_cert, 'example.com'), None)
Yuya Nishihara
url: check subjectAltName when verifying ssl certificate...
r13249
Mads Kiilerich
url: verify correctness of https server certificates (issue2407)...
r12592 # Avoid some pitfalls
Martin Geisler
test-url: refactor with shorter lines
r12606 check(_verifycert(cert('*.foo'), 'foo'),
'certificate is for *.foo')
check(_verifycert(cert('*o'), 'foo'),
'certificate is for *o')
Mads Kiilerich
url: verify correctness of https server certificates (issue2407)...
r12592
Mads Kiilerich
url: validity (notBefore/notAfter) is checked by OpenSSL (issue2407)...
r12742 check(_verifycert({'subject': ()},
Martin Geisler
test-url: refactor with shorter lines
r12606 'example.com'),
Yuya Nishihara
url: check subjectAltName when verifying ssl certificate...
r13249 'no commonName or subjectAltName found in certificate')
Mads Kiilerich
url: verify correctness of https server certificates (issue2407)...
r12592 check(_verifycert(None, 'example.com'),
Martin Geisler
test-url: refactor with shorter lines
r12606 'no certificate received')
Yuya Nishihara
url: fix UnicodeDecodeError on certificate verification error...
r13248
Nicolas Bareil
sslutil: fall back to commonName when no dNSName in subjectAltName (issue2798)...
r14666 # Unicode (IDN) certname isn't supported
check(_verifycert(cert(u'\u4f8b.jp'), 'example.jp'),
'IDN in certificate not supported')
Brodie Rao
url: provide url object...
r13770 import doctest
def test_url():
"""
Brodie Rao
url: move URL parsing functions into util to improve startup time...
r14076 >>> from mercurial.util import url
Brodie Rao
url: provide url object...
r13770
This tests for edge cases in url.URL's parsing algorithm. Most of
these aren't useful for documentation purposes, so they aren't
part of the class's doc tests.
Query strings and fragments:
>>> url('http://host/a?b#c')
<url scheme: 'http', host: 'host', path: 'a', query: 'b', fragment: 'c'>
>>> url('http://host/a?')
<url scheme: 'http', host: 'host', path: 'a'>
>>> url('http://host/a#b#c')
<url scheme: 'http', host: 'host', path: 'a', fragment: 'b#c'>
>>> url('http://host/a#b?c')
<url scheme: 'http', host: 'host', path: 'a', fragment: 'b?c'>
>>> url('http://host/?a#b')
<url scheme: 'http', host: 'host', path: '', query: 'a', fragment: 'b'>
Matt Mackall
url: nuke some newly-introduced underbars in identifiers
r13827 >>> url('http://host/?a#b', parsequery=False)
Brodie Rao
url: provide url object...
r13770 <url scheme: 'http', host: 'host', path: '?a', fragment: 'b'>
Matt Mackall
url: nuke some newly-introduced underbars in identifiers
r13827 >>> url('http://host/?a#b', parsefragment=False)
Brodie Rao
url: provide url object...
r13770 <url scheme: 'http', host: 'host', path: '', query: 'a#b'>
Matt Mackall
url: nuke some newly-introduced underbars in identifiers
r13827 >>> url('http://host/?a#b', parsequery=False, parsefragment=False)
Brodie Rao
url: provide url object...
r13770 <url scheme: 'http', host: 'host', path: '?a#b'>
IPv6 addresses:
>>> url('ldap://[2001:db8::7]/c=GB?objectClass?one')
<url scheme: 'ldap', host: '[2001:db8::7]', path: 'c=GB',
query: 'objectClass?one'>
>>> url('ldap://joe:xxx@[2001:db8::7]:80/c=GB?objectClass?one')
<url scheme: 'ldap', user: 'joe', passwd: 'xxx', host: '[2001:db8::7]',
port: '80', path: 'c=GB', query: 'objectClass?one'>
Missing scheme, host, etc.:
>>> url('://192.0.2.16:80/')
<url path: '://192.0.2.16:80/'>
>>> url('http://mercurial.selenic.com')
<url scheme: 'http', host: 'mercurial.selenic.com'>
>>> url('/foo')
<url path: '/foo'>
>>> url('bundle:/foo')
<url scheme: 'bundle', path: '/foo'>
>>> url('a?b#c')
<url path: 'a?b', fragment: 'c'>
>>> url('http://x.com?arg=/foo')
<url scheme: 'http', host: 'x.com', query: 'arg=/foo'>
>>> url('http://joe:xxx@/foo')
<url scheme: 'http', user: 'joe', passwd: 'xxx', path: 'foo'>
Just a scheme and a path:
>>> url('mailto:John.Doe@example.com')
<url scheme: 'mailto', path: 'John.Doe@example.com'>
>>> url('a:b:c:d')
Matt Mackall
url: fix tests
r13808 <url path: 'a:b:c:d'>
>>> url('aa:bb:cc:dd')
<url scheme: 'aa', path: 'bb:cc:dd'>
Brodie Rao
url: provide url object...
r13770
SSH examples:
>>> url('ssh://joe@host//home/joe')
<url scheme: 'ssh', user: 'joe', host: 'host', path: '/home/joe'>
>>> url('ssh://joe:xxx@host/src')
<url scheme: 'ssh', user: 'joe', passwd: 'xxx', host: 'host', path: 'src'>
>>> url('ssh://joe:xxx@host')
<url scheme: 'ssh', user: 'joe', passwd: 'xxx', host: 'host'>
>>> url('ssh://joe@host')
<url scheme: 'ssh', user: 'joe', host: 'host'>
>>> url('ssh://host')
<url scheme: 'ssh', host: 'host'>
>>> url('ssh://')
<url scheme: 'ssh'>
>>> url('ssh:')
<url scheme: 'ssh'>
Non-numeric port:
>>> url('http://example.com:dd')
<url scheme: 'http', host: 'example.com', port: 'dd'>
>>> url('ssh://joe:xxx@host:ssh/foo')
<url scheme: 'ssh', user: 'joe', passwd: 'xxx', host: 'host', port: 'ssh',
path: 'foo'>
Bad authentication credentials:
>>> url('http://joe@joeville:123@4:@host/a?b#c')
<url scheme: 'http', user: 'joe@joeville', passwd: '123@4:',
host: 'host', path: 'a', query: 'b', fragment: 'c'>
>>> url('http://!*#?/@!*#?/:@host/a?b#c')
<url scheme: 'http', host: '!*', fragment: '?/@!*#?/:@host/a?b#c'>
>>> url('http://!*#?@!*#?:@host/a?b#c')
<url scheme: 'http', host: '!*', fragment: '?@!*#?:@host/a?b#c'>
>>> url('http://!*@:!*@@host/a?b#c')
<url scheme: 'http', user: '!*@', passwd: '!*@', host: 'host',
path: 'a', query: 'b', fragment: 'c'>
File paths:
>>> url('a/b/c/d.g.f')
<url path: 'a/b/c/d.g.f'>
>>> url('/x///z/y/')
<url path: '/x///z/y/'>
Brodie Rao
url: be stricter about detecting schemes...
r13848 >>> url('/foo:bar')
<url path: '/foo:bar'>
>>> url('\\\\foo:bar')
<url path: '\\\\foo:bar'>
>>> url('./foo:bar')
<url path: './foo:bar'>
Brodie Rao
url: provide url object...
r13770
Brodie Rao
url: abort on file:// URLs with non-localhost hosts
r13817 Non-localhost file URL:
>>> u = url('file://mercurial.selenic.com/foo')
Traceback (most recent call last):
File "<stdin>", line 1, in ?
Abort: file:// URLs can only refer to localhost
Brodie Rao
url: provide url object...
r13770 Empty URL:
>>> u = url('')
>>> u
<url path: ''>
>>> str(u)
''
Empty path with query string:
>>> str(url('http://foo/?bar'))
'http://foo/?bar'
Invalid path:
>>> u = url('http://foo/bar')
>>> u.path = 'bar'
>>> str(u)
'http://foo/bar'
Peter Arrenbrecht
util: make str(url) return file:/// for abs paths again...
r14313 >>> u = url('file:/foo/bar/baz')
>>> u
<url scheme: 'file', path: '/foo/bar/baz'>
>>> str(u)
'file:///foo/bar/baz'
Brodie Rao
url: provide url object...
r13770 >>> u = url('file:///foo/bar/baz')
>>> u
<url scheme: 'file', path: '/foo/bar/baz'>
>>> str(u)
Peter Arrenbrecht
util: make str(url) return file:/// for abs paths again...
r14313 'file:///foo/bar/baz'
>>> u = url('file:foo/bar/baz')
>>> u
<url scheme: 'file', path: 'foo/bar/baz'>
>>> str(u)
'file:foo/bar/baz'
Brodie Rao
url: provide url object...
r13770 """
doctest.testmod(optionflags=doctest.NORMALIZE_WHITESPACE)