test-http-permissions.t
1498 lines
| 35.6 KiB
| text/troff
|
Tads3Lexer
/ tests / test-http-permissions.t
Gregory Szorc
|
r36770 | $ cat > fakeremoteuser.py << EOF | ||
> import os | ||||
> from mercurial.hgweb import hgweb_mod | ||||
Gregory Szorc
|
r37803 | > from mercurial import wireprotov1server | ||
Gregory Szorc
|
r36770 | > class testenvhgweb(hgweb_mod.hgweb): | ||
> def __call__(self, env, respond): | ||||
> # Allow REMOTE_USER to define authenticated user. | ||||
> if r'REMOTE_USER' in os.environ: | ||||
> env[r'REMOTE_USER'] = os.environ[r'REMOTE_USER'] | ||||
> # Allow REQUEST_METHOD to override HTTP method | ||||
> if r'REQUEST_METHOD' in os.environ: | ||||
> env[r'REQUEST_METHOD'] = os.environ[r'REQUEST_METHOD'] | ||||
> return super(testenvhgweb, self).__call__(env, respond) | ||||
> hgweb_mod.hgweb = testenvhgweb | ||||
> | ||||
Pulkit Goyal
|
r39461 | > @wireprotov1server.wireprotocommand(b'customreadnoperm') | ||
Gregory Szorc
|
r36770 | > def customread(repo, proto): | ||
> return b'read-only command no defined permissions\n' | ||||
Pulkit Goyal
|
r39461 | > @wireprotov1server.wireprotocommand(b'customwritenoperm') | ||
Gregory Szorc
|
r36770 | > def customwritenoperm(repo, proto): | ||
> return b'write command no defined permissions\n' | ||||
Pulkit Goyal
|
r39461 | > @wireprotov1server.wireprotocommand(b'customreadwithperm', permission=b'pull') | ||
Gregory Szorc
|
r36770 | > def customreadwithperm(repo, proto): | ||
> return b'read-only command w/ defined permissions\n' | ||||
Pulkit Goyal
|
r39461 | > @wireprotov1server.wireprotocommand(b'customwritewithperm', permission=b'push') | ||
Gregory Szorc
|
r36770 | > def customwritewithperm(repo, proto): | ||
> return b'write command w/ defined permissions\n' | ||||
> EOF | ||||
$ cat >> $HGRCPATH << EOF | ||||
> [extensions] | ||||
> fakeremoteuser = $TESTTMP/fakeremoteuser.py | ||||
> strip = | ||||
> EOF | ||||
Gregory Szorc
|
r36769 | $ hg init test | ||
$ cd test | ||||
$ echo a > a | ||||
$ hg ci -Ama | ||||
adding a | ||||
$ cd .. | ||||
$ hg clone test test2 | ||||
updating to branch default | ||||
1 files updated, 0 files merged, 0 files removed, 0 files unresolved | ||||
$ cd test2 | ||||
$ echo a >> a | ||||
$ hg ci -mb | ||||
Gregory Szorc
|
r36770 | $ hg book bm -r 0 | ||
Gregory Szorc
|
r36769 | $ cd ../test | ||
Gregory Szorc
|
r36770 | web.deny_read=* prevents access to wire protocol for all users | ||
$ cat > .hg/hgrc <<EOF | ||||
> [web] | ||||
> deny_read = * | ||||
> EOF | ||||
$ hg serve -p $HGPORT -d --pid-file hg.pid | ||||
$ cat hg.pid > $DAEMON_PIDS | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=capabilities' | ||||
Gregory Szorc
|
r36772 | 401 read not authorized | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36772 | 0 | ||
read not authorized | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=stream_out' | ||||
401 read not authorized | ||||
0 | ||||
read not authorized | ||||
[1] | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases' | ||||
401 read not authorized | ||||
0 | ||||
read not authorized | ||||
[1] | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases' | ||||
Gregory Szorc
|
r36773 | 401 read not authorized | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36773 | 0 | ||
read not authorized | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm' | ||||
Gregory Szorc
|
r36774 | 401 read not authorized | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36774 | 0 | ||
read not authorized | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm' | ||||
401 read not authorized | ||||
0 | ||||
read not authorized | ||||
[1] | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' | ||||
Gregory Szorc
|
r36774 | 401 read not authorized | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36774 | 0 | ||
read not authorized | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' | ||||
401 read not authorized | ||||
0 | ||||
read not authorized | ||||
[1] | ||||
$ hg --cwd ../test2 pull http://localhost:$HGPORT/ | ||||
pulling from http://localhost:$HGPORT/ | ||||
abort: authorization failed | ||||
[255] | ||||
$ killdaemons.py | ||||
web.deny_read=* with REMOTE_USER set still locks out clients | ||||
$ REMOTE_USER=authed_user hg serve -p $HGPORT -d --pid-file hg.pid | ||||
$ cat hg.pid > $DAEMON_PIDS | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=capabilities' | ||||
Gregory Szorc
|
r36772 | 401 read not authorized | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36772 | 0 | ||
read not authorized | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=stream_out' | ||||
401 read not authorized | ||||
0 | ||||
read not authorized | ||||
[1] | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases' | ||||
Gregory Szorc
|
r36773 | 401 read not authorized | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36773 | 0 | ||
read not authorized | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm' | ||||
Gregory Szorc
|
r36774 | 401 read not authorized | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36774 | 0 | ||
read not authorized | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm' | ||||
401 read not authorized | ||||
0 | ||||
read not authorized | ||||
[1] | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' | ||||
Gregory Szorc
|
r36774 | 401 read not authorized | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36774 | 0 | ||
read not authorized | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' | ||||
401 read not authorized | ||||
0 | ||||
read not authorized | ||||
[1] | ||||
$ hg --cwd ../test2 pull http://localhost:$HGPORT/ | ||||
pulling from http://localhost:$HGPORT/ | ||||
abort: authorization failed | ||||
[255] | ||||
$ killdaemons.py | ||||
web.deny_read=<user> denies access to unauthenticated user | ||||
$ cat > .hg/hgrc <<EOF | ||||
> [web] | ||||
> deny_read = baduser1,baduser2 | ||||
> EOF | ||||
$ hg serve -p $HGPORT -d --pid-file hg.pid | ||||
$ cat hg.pid > $DAEMON_PIDS | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases' | ||||
401 read not authorized | ||||
0 | ||||
read not authorized | ||||
[1] | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases' | ||||
Gregory Szorc
|
r36773 | 401 read not authorized | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36773 | 0 | ||
read not authorized | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm' | ||||
Gregory Szorc
|
r36774 | 401 read not authorized | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36774 | 0 | ||
read not authorized | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm' | ||||
401 read not authorized | ||||
0 | ||||
read not authorized | ||||
[1] | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' | ||||
Gregory Szorc
|
r36774 | 401 read not authorized | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36774 | 0 | ||
read not authorized | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' | ||||
401 read not authorized | ||||
0 | ||||
read not authorized | ||||
[1] | ||||
$ hg --cwd ../test2 pull http://localhost:$HGPORT/ | ||||
pulling from http://localhost:$HGPORT/ | ||||
abort: authorization failed | ||||
[255] | ||||
$ killdaemons.py | ||||
web.deny_read=<user> denies access to users in deny list | ||||
$ REMOTE_USER=baduser2 hg serve -p $HGPORT -d --pid-file hg.pid | ||||
$ cat hg.pid > $DAEMON_PIDS | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases' | ||||
401 read not authorized | ||||
0 | ||||
read not authorized | ||||
[1] | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases' | ||||
Gregory Szorc
|
r36773 | 401 read not authorized | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36773 | 0 | ||
read not authorized | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm' | ||||
Gregory Szorc
|
r36774 | 401 read not authorized | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36774 | 0 | ||
read not authorized | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm' | ||||
401 read not authorized | ||||
0 | ||||
read not authorized | ||||
[1] | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' | ||||
Gregory Szorc
|
r36774 | 401 read not authorized | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36774 | 0 | ||
read not authorized | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' | ||||
401 read not authorized | ||||
0 | ||||
read not authorized | ||||
[1] | ||||
$ hg --cwd ../test2 pull http://localhost:$HGPORT/ | ||||
pulling from http://localhost:$HGPORT/ | ||||
abort: authorization failed | ||||
[255] | ||||
$ killdaemons.py | ||||
web.deny_read=<user> allows access to authenticated users not in list | ||||
$ REMOTE_USER=gooduser hg serve -p $HGPORT -d --pid-file hg.pid | ||||
$ cat hg.pid > $DAEMON_PIDS | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases' | ||||
200 Script output follows | ||||
cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1 | ||||
publishing True (no-eol) | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases' | ||||
200 Script output follows | ||||
cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1 | ||||
publishing True (no-eol) | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm' | ||||
Gregory Szorc
|
r36774 | 405 push requires POST request | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36774 | 0 | ||
push requires POST request | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm' | ||||
200 Script output follows | ||||
read-only command w/ defined permissions | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' | ||||
Gregory Szorc
|
r36774 | 405 push requires POST request | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36774 | 0 | ||
push requires POST request | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' | ||||
405 push requires POST request | ||||
0 | ||||
push requires POST request | ||||
[1] | ||||
$ hg --cwd ../test2 pull http://localhost:$HGPORT/ | ||||
pulling from http://localhost:$HGPORT/ | ||||
searching for changes | ||||
no changes found | ||||
$ killdaemons.py | ||||
web.allow_read=* allows reads for unauthenticated users | ||||
$ cat > .hg/hgrc <<EOF | ||||
> [web] | ||||
> allow_read = * | ||||
> EOF | ||||
$ hg serve -p $HGPORT -d --pid-file hg.pid | ||||
$ cat hg.pid > $DAEMON_PIDS | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases' | ||||
200 Script output follows | ||||
cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1 | ||||
publishing True (no-eol) | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases' | ||||
200 Script output follows | ||||
cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1 | ||||
publishing True (no-eol) | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm' | ||||
Gregory Szorc
|
r36774 | 405 push requires POST request | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36774 | 0 | ||
push requires POST request | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm' | ||||
200 Script output follows | ||||
read-only command w/ defined permissions | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' | ||||
Gregory Szorc
|
r36774 | 405 push requires POST request | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36774 | 0 | ||
push requires POST request | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' | ||||
405 push requires POST request | ||||
0 | ||||
push requires POST request | ||||
[1] | ||||
$ hg --cwd ../test2 pull http://localhost:$HGPORT/ | ||||
pulling from http://localhost:$HGPORT/ | ||||
searching for changes | ||||
no changes found | ||||
$ killdaemons.py | ||||
web.allow_read=* allows read for authenticated user | ||||
$ REMOTE_USER=authed_user hg serve -p $HGPORT -d --pid-file hg.pid | ||||
$ cat hg.pid > $DAEMON_PIDS | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases' | ||||
200 Script output follows | ||||
cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1 | ||||
publishing True (no-eol) | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases' | ||||
200 Script output follows | ||||
cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1 | ||||
publishing True (no-eol) | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm' | ||||
Gregory Szorc
|
r36774 | 405 push requires POST request | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36774 | 0 | ||
push requires POST request | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm' | ||||
200 Script output follows | ||||
read-only command w/ defined permissions | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' | ||||
Gregory Szorc
|
r36774 | 405 push requires POST request | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36774 | 0 | ||
push requires POST request | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' | ||||
405 push requires POST request | ||||
0 | ||||
push requires POST request | ||||
[1] | ||||
$ hg --cwd ../test2 pull http://localhost:$HGPORT/ | ||||
pulling from http://localhost:$HGPORT/ | ||||
searching for changes | ||||
no changes found | ||||
$ killdaemons.py | ||||
web.allow_read=<user> does not allow unauthenticated users to read | ||||
$ cat > .hg/hgrc <<EOF | ||||
> [web] | ||||
> allow_read = gooduser | ||||
> EOF | ||||
$ hg serve -p $HGPORT -d --pid-file hg.pid | ||||
$ cat hg.pid > $DAEMON_PIDS | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases' | ||||
401 read not authorized | ||||
0 | ||||
read not authorized | ||||
[1] | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases' | ||||
Gregory Szorc
|
r36773 | 401 read not authorized | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36773 | 0 | ||
read not authorized | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm' | ||||
Gregory Szorc
|
r36774 | 401 read not authorized | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36774 | 0 | ||
read not authorized | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm' | ||||
401 read not authorized | ||||
0 | ||||
read not authorized | ||||
[1] | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' | ||||
Gregory Szorc
|
r36774 | 401 read not authorized | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36774 | 0 | ||
read not authorized | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' | ||||
401 read not authorized | ||||
0 | ||||
read not authorized | ||||
[1] | ||||
$ hg --cwd ../test2 pull http://localhost:$HGPORT/ | ||||
pulling from http://localhost:$HGPORT/ | ||||
abort: authorization failed | ||||
[255] | ||||
$ killdaemons.py | ||||
web.allow_read=<user> does not allow user not in list to read | ||||
$ REMOTE_USER=baduser hg serve -p $HGPORT -d --pid-file hg.pid | ||||
$ cat hg.pid > $DAEMON_PIDS | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases' | ||||
401 read not authorized | ||||
0 | ||||
read not authorized | ||||
[1] | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases' | ||||
Gregory Szorc
|
r36773 | 401 read not authorized | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36773 | 0 | ||
read not authorized | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm' | ||||
Gregory Szorc
|
r36774 | 401 read not authorized | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36774 | 0 | ||
read not authorized | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm' | ||||
401 read not authorized | ||||
0 | ||||
read not authorized | ||||
[1] | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' | ||||
Gregory Szorc
|
r36774 | 401 read not authorized | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36774 | 0 | ||
read not authorized | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' | ||||
401 read not authorized | ||||
0 | ||||
read not authorized | ||||
[1] | ||||
$ hg --cwd ../test2 pull http://localhost:$HGPORT/ | ||||
pulling from http://localhost:$HGPORT/ | ||||
abort: authorization failed | ||||
[255] | ||||
$ killdaemons.py | ||||
web.allow_read=<user> allows read from user in list | ||||
$ REMOTE_USER=gooduser hg serve -p $HGPORT -d --pid-file hg.pid | ||||
$ cat hg.pid > $DAEMON_PIDS | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases' | ||||
200 Script output follows | ||||
cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1 | ||||
publishing True (no-eol) | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases' | ||||
200 Script output follows | ||||
cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1 | ||||
publishing True (no-eol) | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm' | ||||
Gregory Szorc
|
r36774 | 405 push requires POST request | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36774 | 0 | ||
push requires POST request | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm' | ||||
200 Script output follows | ||||
read-only command w/ defined permissions | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' | ||||
Gregory Szorc
|
r36774 | 405 push requires POST request | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36774 | 0 | ||
push requires POST request | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' | ||||
405 push requires POST request | ||||
0 | ||||
push requires POST request | ||||
[1] | ||||
$ hg --cwd ../test2 pull http://localhost:$HGPORT/ | ||||
pulling from http://localhost:$HGPORT/ | ||||
searching for changes | ||||
no changes found | ||||
$ killdaemons.py | ||||
web.deny_read takes precedence over web.allow_read | ||||
$ cat > .hg/hgrc <<EOF | ||||
> [web] | ||||
> allow_read = baduser | ||||
> deny_read = baduser | ||||
> EOF | ||||
$ REMOTE_USER=baduser hg serve -p $HGPORT -d --pid-file hg.pid | ||||
$ cat hg.pid > $DAEMON_PIDS | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases' | ||||
401 read not authorized | ||||
0 | ||||
read not authorized | ||||
[1] | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases' | ||||
Gregory Szorc
|
r36773 | 401 read not authorized | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36773 | 0 | ||
read not authorized | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm' | ||||
Gregory Szorc
|
r36774 | 401 read not authorized | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36774 | 0 | ||
read not authorized | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm' | ||||
401 read not authorized | ||||
0 | ||||
read not authorized | ||||
[1] | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' | ||||
Gregory Szorc
|
r36774 | 401 read not authorized | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36774 | 0 | ||
read not authorized | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' | ||||
401 read not authorized | ||||
0 | ||||
read not authorized | ||||
[1] | ||||
$ hg --cwd ../test2 pull http://localhost:$HGPORT/ | ||||
pulling from http://localhost:$HGPORT/ | ||||
abort: authorization failed | ||||
[255] | ||||
$ killdaemons.py | ||||
web.allow-pull=false denies read access to repo | ||||
$ cat > .hg/hgrc <<EOF | ||||
> [web] | ||||
> allow-pull = false | ||||
> EOF | ||||
$ hg serve -p $HGPORT -d --pid-file hg.pid | ||||
$ cat hg.pid > $DAEMON_PIDS | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=capabilities' | ||||
Gregory Szorc
|
r36772 | 401 pull not authorized | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36772 | 0 | ||
pull not authorized | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases' | ||||
401 pull not authorized | ||||
0 | ||||
pull not authorized | ||||
[1] | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases' | ||||
Gregory Szorc
|
r36773 | 401 pull not authorized | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36773 | 0 | ||
pull not authorized | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm' | ||||
Gregory Szorc
|
r36774 | 405 push requires POST request | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36774 | 0 | ||
push requires POST request | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm' | ||||
401 pull not authorized | ||||
0 | ||||
pull not authorized | ||||
[1] | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' | ||||
Gregory Szorc
|
r36774 | 405 push requires POST request | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36774 | 0 | ||
push requires POST request | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' | ||||
405 push requires POST request | ||||
0 | ||||
push requires POST request | ||||
[1] | ||||
$ hg --cwd ../test2 pull http://localhost:$HGPORT/ | ||||
pulling from http://localhost:$HGPORT/ | ||||
abort: authorization failed | ||||
[255] | ||||
$ killdaemons.py | ||||
Attempting a write command with HTTP GET fails | ||||
$ cat > .hg/hgrc <<EOF | ||||
> EOF | ||||
$ REQUEST_METHOD=GET hg serve -p $HGPORT -d --pid-file hg.pid | ||||
$ cat hg.pid > $DAEMON_PIDS | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' | ||||
405 push requires POST request | ||||
0 | ||||
push requires POST request | ||||
[1] | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' | ||||
Gregory Szorc
|
r36773 | 405 push requires POST request | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36773 | 0 | ||
push requires POST request | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ hg bookmarks | ||||
Gregory Szorc
|
r36773 | no bookmarks set | ||
Gregory Szorc
|
r36770 | $ hg bookmark -d bm | ||
Gregory Szorc
|
r36773 | abort: bookmark 'bm' does not exist | ||
[255] | ||||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' | ||||
Gregory Szorc
|
r36774 | 405 push requires POST request | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36774 | 0 | ||
push requires POST request | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' | ||||
405 push requires POST request | ||||
0 | ||||
push requires POST request | ||||
[1] | ||||
$ killdaemons.py | ||||
Attempting a write command with an unknown HTTP verb fails | ||||
$ REQUEST_METHOD=someverb hg serve -p $HGPORT -d --pid-file hg.pid | ||||
$ cat hg.pid > $DAEMON_PIDS | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' | ||||
405 push requires POST request | ||||
0 | ||||
push requires POST request | ||||
[1] | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' | ||||
Gregory Szorc
|
r36773 | 405 push requires POST request | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36773 | 0 | ||
push requires POST request | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ hg bookmarks | ||||
Gregory Szorc
|
r36773 | no bookmarks set | ||
Gregory Szorc
|
r36770 | $ hg bookmark -d bm | ||
Gregory Szorc
|
r36773 | abort: bookmark 'bm' does not exist | ||
[255] | ||||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' | ||||
Gregory Szorc
|
r36774 | 405 push requires POST request | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36774 | 0 | ||
push requires POST request | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' | ||||
405 push requires POST request | ||||
0 | ||||
push requires POST request | ||||
[1] | ||||
$ killdaemons.py | ||||
Pushing on a plaintext channel is disabled by default | ||||
$ cat > .hg/hgrc <<EOF | ||||
> EOF | ||||
$ REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid | ||||
$ cat hg.pid > $DAEMON_PIDS | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' | ||||
403 ssl required | ||||
0 | ||||
ssl required | ||||
[1] | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' | ||||
Gregory Szorc
|
r36773 | 403 ssl required | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36773 | 0 | ||
ssl required | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ hg bookmarks | ||||
Gregory Szorc
|
r36773 | no bookmarks set | ||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' | ||||
Gregory Szorc
|
r36774 | 403 ssl required | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36774 | 0 | ||
ssl required | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' | ||||
403 ssl required | ||||
0 | ||||
ssl required | ||||
[1] | ||||
Reset server to remove REQUEST_METHOD hack to test hg client | ||||
$ killdaemons.py | ||||
$ hg serve -p $HGPORT -d --pid-file hg.pid | ||||
$ cat hg.pid > $DAEMON_PIDS | ||||
$ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/ | ||||
pushing to http://localhost:$HGPORT/ | ||||
searching for changes | ||||
no changes found | ||||
abort: HTTP Error 403: ssl required | ||||
Martin von Zweigbergk
|
r46443 | [100] | ||
Gregory Szorc
|
r36770 | |||
$ hg --cwd ../test2 push http://localhost:$HGPORT/ | ||||
pushing to http://localhost:$HGPORT/ | ||||
searching for changes | ||||
abort: HTTP Error 403: ssl required | ||||
Martin von Zweigbergk
|
r46443 | [100] | ||
Gregory Szorc
|
r36770 | |||
$ killdaemons.py | ||||
web.deny_push=* denies pushing to unauthenticated users | ||||
Gregory Szorc
|
r36769 | |||
$ cat > .hg/hgrc <<EOF | ||||
> [web] | ||||
> push_ssl = false | ||||
> deny_push = * | ||||
> EOF | ||||
Gregory Szorc
|
r36770 | $ REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid | ||
$ cat hg.pid > $DAEMON_PIDS | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' | ||||
401 push not authorized | ||||
0 | ||||
push not authorized | ||||
[1] | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' | ||||
Gregory Szorc
|
r36773 | 401 push not authorized | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36773 | 0 | ||
push not authorized | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ hg bookmarks | ||||
Gregory Szorc
|
r36773 | no bookmarks set | ||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' | ||||
Gregory Szorc
|
r36774 | 401 push not authorized | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36774 | 0 | ||
push not authorized | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' | ||||
401 push not authorized | ||||
0 | ||||
push not authorized | ||||
[1] | ||||
Reset server to remove REQUEST_METHOD hack to test hg client | ||||
$ killdaemons.py | ||||
Gregory Szorc
|
r36769 | $ hg serve -p $HGPORT -d --pid-file hg.pid | ||
$ cat hg.pid > $DAEMON_PIDS | ||||
Gregory Szorc
|
r36770 | $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/ | ||
pushing to http://localhost:$HGPORT/ | ||||
searching for changes | ||||
no changes found | ||||
abort: authorization failed | ||||
[255] | ||||
Gregory Szorc
|
r36769 | $ hg --cwd ../test2 push http://localhost:$HGPORT/ | ||
pushing to http://localhost:$HGPORT/ | ||||
searching for changes | ||||
abort: authorization failed | ||||
[255] | ||||
$ killdaemons.py | ||||
Gregory Szorc
|
r36770 | web.deny_push=* denies pushing to authenticated users | ||
$ REMOTE_USER=someuser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid | ||||
$ cat hg.pid > $DAEMON_PIDS | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' | ||||
401 push not authorized | ||||
0 | ||||
push not authorized | ||||
[1] | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' | ||||
Gregory Szorc
|
r36773 | 401 push not authorized | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36773 | 0 | ||
push not authorized | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ hg bookmarks | ||||
Gregory Szorc
|
r36773 | no bookmarks set | ||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' | ||||
Gregory Szorc
|
r36774 | 401 push not authorized | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36774 | 0 | ||
push not authorized | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' | ||||
401 push not authorized | ||||
0 | ||||
push not authorized | ||||
[1] | ||||
Reset server to remove REQUEST_METHOD hack to test hg client | ||||
$ killdaemons.py | ||||
$ REMOTE_USER=someuser hg serve -p $HGPORT -d --pid-file hg.pid | ||||
$ cat hg.pid > $DAEMON_PIDS | ||||
$ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/ | ||||
pushing to http://localhost:$HGPORT/ | ||||
searching for changes | ||||
no changes found | ||||
abort: authorization failed | ||||
[255] | ||||
$ hg --cwd ../test2 push http://localhost:$HGPORT/ | ||||
pushing to http://localhost:$HGPORT/ | ||||
searching for changes | ||||
abort: authorization failed | ||||
[255] | ||||
$ killdaemons.py | ||||
web.deny_push=<user> denies pushing to user in list | ||||
Gregory Szorc
|
r36769 | |||
$ cat > .hg/hgrc <<EOF | ||||
> [web] | ||||
> push_ssl = false | ||||
Gregory Szorc
|
r36770 | > deny_push = baduser | ||
Gregory Szorc
|
r36769 | > EOF | ||
Gregory Szorc
|
r36770 | $ REMOTE_USER=baduser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid | ||
$ cat hg.pid > $DAEMON_PIDS | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' | ||||
401 push not authorized | ||||
0 | ||||
push not authorized | ||||
[1] | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' | ||||
Gregory Szorc
|
r36773 | 401 push not authorized | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36773 | 0 | ||
push not authorized | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ hg bookmarks | ||||
Gregory Szorc
|
r36773 | no bookmarks set | ||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' | ||||
Gregory Szorc
|
r36774 | 401 push not authorized | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36774 | 0 | ||
push not authorized | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' | ||||
401 push not authorized | ||||
0 | ||||
push not authorized | ||||
[1] | ||||
Reset server to remove REQUEST_METHOD hack to test hg client | ||||
$ killdaemons.py | ||||
$ REMOTE_USER=baduser hg serve -p $HGPORT -d --pid-file hg.pid | ||||
Gregory Szorc
|
r36769 | $ cat hg.pid > $DAEMON_PIDS | ||
Gregory Szorc
|
r36770 | |||
$ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/ | ||||
pushing to http://localhost:$HGPORT/ | ||||
searching for changes | ||||
no changes found | ||||
abort: authorization failed | ||||
[255] | ||||
$ hg --cwd ../test2 push http://localhost:$HGPORT/ | ||||
pushing to http://localhost:$HGPORT/ | ||||
searching for changes | ||||
abort: authorization failed | ||||
[255] | ||||
$ killdaemons.py | ||||
web.deny_push=<user> denies pushing to user not in list because allow-push isn't set | ||||
$ REMOTE_USER=gooduser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid | ||||
$ cat hg.pid > $DAEMON_PIDS | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' | ||||
401 push not authorized | ||||
0 | ||||
push not authorized | ||||
[1] | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' | ||||
Gregory Szorc
|
r36773 | 401 push not authorized | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36773 | 0 | ||
push not authorized | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ hg bookmarks | ||||
Gregory Szorc
|
r36773 | no bookmarks set | ||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' | ||||
Gregory Szorc
|
r36774 | 401 push not authorized | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36774 | 0 | ||
push not authorized | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' | ||||
401 push not authorized | ||||
0 | ||||
push not authorized | ||||
[1] | ||||
Reset server to remove REQUEST_METHOD hack to test hg client | ||||
$ killdaemons.py | ||||
$ REMOTE_USER=gooduser hg serve -p $HGPORT -d --pid-file hg.pid | ||||
$ cat hg.pid > $DAEMON_PIDS | ||||
$ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/ | ||||
pushing to http://localhost:$HGPORT/ | ||||
searching for changes | ||||
no changes found | ||||
abort: authorization failed | ||||
[255] | ||||
Gregory Szorc
|
r36769 | $ hg --cwd ../test2 push http://localhost:$HGPORT/ | ||
pushing to http://localhost:$HGPORT/ | ||||
searching for changes | ||||
abort: authorization failed | ||||
[255] | ||||
$ killdaemons.py | ||||
Gregory Szorc
|
r36770 | |||
web.allow-push=* allows pushes from unauthenticated users | ||||
$ cat > .hg/hgrc <<EOF | ||||
> [web] | ||||
> push_ssl = false | ||||
> allow-push = * | ||||
> EOF | ||||
$ REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid | ||||
$ cat hg.pid > $DAEMON_PIDS | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' | ||||
200 Script output follows | ||||
1 | ||||
$ hg bookmarks | ||||
bm 0:cb9a9f314b8b | ||||
$ hg book -d bm | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' | ||||
200 Script output follows | ||||
write command no defined permissions | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' | ||||
200 Script output follows | ||||
write command w/ defined permissions | ||||
Reset server to remove REQUEST_METHOD hack to test hg client | ||||
$ killdaemons.py | ||||
$ hg serve -p $HGPORT -d --pid-file hg.pid | ||||
$ cat hg.pid > $DAEMON_PIDS | ||||
$ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/ | ||||
pushing to http://localhost:$HGPORT/ | ||||
searching for changes | ||||
no changes found | ||||
exporting bookmark bm | ||||
[1] | ||||
$ hg book -d bm | ||||
$ hg --cwd ../test2 push http://localhost:$HGPORT/ | ||||
pushing to http://localhost:$HGPORT/ | ||||
searching for changes | ||||
remote: adding changesets | ||||
remote: adding manifests | ||||
remote: adding file changes | ||||
remote: added 1 changesets with 1 changes to 1 files | ||||
$ hg strip -r 1: | ||||
saved backup bundle to $TESTTMP/test/.hg/strip-backup/ba677d0156c1-eea704d7-backup.hg | ||||
$ killdaemons.py | ||||
web.allow-push=* allows pushes from authenticated users | ||||
$ REMOTE_USER=someuser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid | ||||
$ cat hg.pid > $DAEMON_PIDS | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' | ||||
200 Script output follows | ||||
1 | ||||
$ hg bookmarks | ||||
bm 0:cb9a9f314b8b | ||||
$ hg book -d bm | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' | ||||
200 Script output follows | ||||
write command no defined permissions | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' | ||||
200 Script output follows | ||||
write command w/ defined permissions | ||||
Reset server to remove REQUEST_METHOD hack to test hg client | ||||
$ killdaemons.py | ||||
$ REMOTE_USER=someuser hg serve -p $HGPORT -d --pid-file hg.pid | ||||
$ cat hg.pid > $DAEMON_PIDS | ||||
$ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/ | ||||
pushing to http://localhost:$HGPORT/ | ||||
searching for changes | ||||
no changes found | ||||
exporting bookmark bm | ||||
[1] | ||||
$ hg book -d bm | ||||
$ hg --cwd ../test2 push http://localhost:$HGPORT/ | ||||
pushing to http://localhost:$HGPORT/ | ||||
searching for changes | ||||
remote: adding changesets | ||||
remote: adding manifests | ||||
remote: adding file changes | ||||
remote: added 1 changesets with 1 changes to 1 files | ||||
$ hg strip -r 1: | ||||
saved backup bundle to $TESTTMP/test/.hg/strip-backup/ba677d0156c1-eea704d7-backup.hg | ||||
$ killdaemons.py | ||||
web.allow-push=<user> denies push to user not in list | ||||
$ cat > .hg/hgrc <<EOF | ||||
> [web] | ||||
> push_ssl = false | ||||
> allow-push = gooduser | ||||
> EOF | ||||
$ REMOTE_USER=baduser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid | ||||
$ cat hg.pid > $DAEMON_PIDS | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' | ||||
401 push not authorized | ||||
0 | ||||
push not authorized | ||||
[1] | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' | ||||
Gregory Szorc
|
r36773 | 401 push not authorized | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36773 | 0 | ||
push not authorized | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ hg bookmarks | ||||
Gregory Szorc
|
r36773 | no bookmarks set | ||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' | ||||
Gregory Szorc
|
r36774 | 401 push not authorized | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36774 | 0 | ||
push not authorized | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' | ||||
401 push not authorized | ||||
0 | ||||
push not authorized | ||||
[1] | ||||
Reset server to remove REQUEST_METHOD hack to test hg client | ||||
$ killdaemons.py | ||||
$ REMOTE_USER=baduser hg serve -p $HGPORT -d --pid-file hg.pid | ||||
$ cat hg.pid > $DAEMON_PIDS | ||||
$ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/ | ||||
pushing to http://localhost:$HGPORT/ | ||||
searching for changes | ||||
no changes found | ||||
abort: authorization failed | ||||
[255] | ||||
$ hg --cwd ../test2 push http://localhost:$HGPORT/ | ||||
pushing to http://localhost:$HGPORT/ | ||||
searching for changes | ||||
abort: authorization failed | ||||
[255] | ||||
$ killdaemons.py | ||||
web.allow-push=<user> allows push from user in list | ||||
$ REMOTE_USER=gooduser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid | ||||
$ cat hg.pid > $DAEMON_PIDS | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' | ||||
200 Script output follows | ||||
1 | ||||
$ hg bookmarks | ||||
bm 0:cb9a9f314b8b | ||||
$ hg book -d bm | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' | ||||
200 Script output follows | ||||
1 | ||||
$ hg bookmarks | ||||
bm 0:cb9a9f314b8b | ||||
$ hg book -d bm | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' | ||||
200 Script output follows | ||||
write command no defined permissions | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' | ||||
200 Script output follows | ||||
write command w/ defined permissions | ||||
Reset server to remove REQUEST_METHOD hack to test hg client | ||||
$ killdaemons.py | ||||
$ REMOTE_USER=gooduser hg serve -p $HGPORT -d --pid-file hg.pid | ||||
$ cat hg.pid > $DAEMON_PIDS | ||||
$ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/ | ||||
pushing to http://localhost:$HGPORT/ | ||||
searching for changes | ||||
no changes found | ||||
exporting bookmark bm | ||||
[1] | ||||
$ hg book -d bm | ||||
$ hg --cwd ../test2 push http://localhost:$HGPORT/ | ||||
pushing to http://localhost:$HGPORT/ | ||||
searching for changes | ||||
remote: adding changesets | ||||
remote: adding manifests | ||||
remote: adding file changes | ||||
remote: added 1 changesets with 1 changes to 1 files | ||||
$ hg strip -r 1: | ||||
saved backup bundle to $TESTTMP/test/.hg/strip-backup/ba677d0156c1-eea704d7-backup.hg | ||||
$ killdaemons.py | ||||
web.deny_push takes precedence over web.allow_push | ||||
$ cat > .hg/hgrc <<EOF | ||||
> [web] | ||||
> push_ssl = false | ||||
> allow-push = someuser | ||||
> deny_push = someuser | ||||
> EOF | ||||
$ REMOTE_USER=someuser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid | ||||
$ cat hg.pid > $DAEMON_PIDS | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' | ||||
401 push not authorized | ||||
0 | ||||
push not authorized | ||||
[1] | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' | ||||
Gregory Szorc
|
r36773 | 401 push not authorized | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36773 | 0 | ||
push not authorized | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ hg bookmarks | ||||
Gregory Szorc
|
r36773 | no bookmarks set | ||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' | ||||
Gregory Szorc
|
r36774 | 401 push not authorized | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36774 | 0 | ||
push not authorized | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' | ||||
401 push not authorized | ||||
0 | ||||
push not authorized | ||||
[1] | ||||
Reset server to remove REQUEST_METHOD hack to test hg client | ||||
$ killdaemons.py | ||||
$ REMOTE_USER=someuser hg serve -p $HGPORT -d --pid-file hg.pid | ||||
$ cat hg.pid > $DAEMON_PIDS | ||||
$ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/ | ||||
pushing to http://localhost:$HGPORT/ | ||||
searching for changes | ||||
no changes found | ||||
abort: authorization failed | ||||
[255] | ||||
$ hg --cwd ../test2 push http://localhost:$HGPORT/ | ||||
pushing to http://localhost:$HGPORT/ | ||||
searching for changes | ||||
abort: authorization failed | ||||
[255] | ||||
$ killdaemons.py | ||||
web.allow-push has no effect if web.deny_read is set | ||||
$ cat > .hg/hgrc <<EOF | ||||
> [web] | ||||
> push_ssl = false | ||||
> allow-push = * | ||||
> deny_read = * | ||||
> EOF | ||||
$ REQUEST_METHOD=POST REMOTE_USER=someuser hg serve -p $HGPORT -d --pid-file hg.pid | ||||
$ cat hg.pid > $DAEMON_PIDS | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' | ||||
401 read not authorized | ||||
0 | ||||
read not authorized | ||||
[1] | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' | ||||
Gregory Szorc
|
r36773 | 401 read not authorized | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36773 | 0 | ||
read not authorized | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ hg bookmarks | ||||
Gregory Szorc
|
r36773 | no bookmarks set | ||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm' | ||||
Gregory Szorc
|
r36774 | 401 read not authorized | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36774 | 0 | ||
read not authorized | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm' | ||||
401 read not authorized | ||||
0 | ||||
read not authorized | ||||
[1] | ||||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm' | ||||
Gregory Szorc
|
r36774 | 401 read not authorized | ||
Gregory Szorc
|
r36770 | |||
Gregory Szorc
|
r36774 | 0 | ||
read not authorized | ||||
[1] | ||||
Gregory Szorc
|
r36770 | |||
$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm' | ||||
401 read not authorized | ||||
0 | ||||
read not authorized | ||||
[1] | ||||
Reset server to remove REQUEST_METHOD hack to test hg client | ||||
$ killdaemons.py | ||||
$ REMOTE_USER=someuser hg serve -p $HGPORT -d --pid-file hg.pid | ||||
$ cat hg.pid > $DAEMON_PIDS | ||||
$ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/ | ||||
pushing to http://localhost:$HGPORT/ | ||||
abort: authorization failed | ||||
[255] | ||||
$ hg --cwd ../test2 push http://localhost:$HGPORT/ | ||||
pushing to http://localhost:$HGPORT/ | ||||
abort: authorization failed | ||||
[255] | ||||
$ killdaemons.py | ||||