# HG changeset patch # User Gregory Szorc # Date 2018-03-11 02:19:27 # Node ID 02bea04b4c548bd5154ae827c58edf3b39bea2e9 # Parent 97f44b0720e210cd9a1c88031deafc00feb933b6 hgweb: transition permissions hooks to modern request type (API) We're trying to remove ``wsgirequest``. The permissions hooks don't do anything they can't do with our new request type. So let's pass that in. This was the last use of ``wsgirequest`` in the wire protocol code! .. api:: hgweb.hgweb_mod.permhooks no longer take a ``wsgirequest`` instance as an argument. Differential Revision: https://phab.mercurial-scm.org/D2793 diff --git a/mercurial/hgweb/common.py b/mercurial/hgweb/common.py --- a/mercurial/hgweb/common.py +++ b/mercurial/hgweb/common.py @@ -46,7 +46,7 @@ def checkauthz(hgweb, req, op): authentication info). Return if op allowed, else raise an ErrorResponse exception.''' - user = req.env.get(r'REMOTE_USER') + user = req.remoteuser deny_read = hgweb.configlist('web', 'deny_read') if deny_read and (not user or ismember(hgweb.repo.ui, user, deny_read)): @@ -62,14 +62,13 @@ def checkauthz(hgweb, req, op): return # enforce that you can only push using POST requests - if req.env[r'REQUEST_METHOD'] != r'POST': + if req.method != 'POST': msg = 'push requires POST request' raise ErrorResponse(HTTP_METHOD_NOT_ALLOWED, msg) # require ssl by default for pushing, auth info cannot be sniffed # and replayed - scheme = req.env.get('wsgi.url_scheme') - if hgweb.configbool('web', 'push_ssl') and scheme != 'https': + if hgweb.configbool('web', 'push_ssl') and req.urlscheme != 'https': raise ErrorResponse(HTTP_FORBIDDEN, 'ssl required') deny = hgweb.configlist('web', 'deny_push') diff --git a/mercurial/hgweb/hgweb_mod.py b/mercurial/hgweb/hgweb_mod.py --- a/mercurial/hgweb/hgweb_mod.py +++ b/mercurial/hgweb/hgweb_mod.py @@ -322,7 +322,7 @@ class hgweb(object): res.headers['Content-Security-Policy'] = rctx.csp handled = wireprotoserver.handlewsgirequest( - rctx, wsgireq, req, res, self.check_perm) + rctx, req, res, self.check_perm) if handled: return res.sendresponse() @@ -380,7 +380,7 @@ class hgweb(object): # check read permissions non-static content if cmd != 'static': - self.check_perm(rctx, wsgireq, None) + self.check_perm(rctx, req, None) if cmd == '': req.qsparams['cmd'] = tmpl.cache['default'] diff --git a/mercurial/wireprotoserver.py b/mercurial/wireprotoserver.py --- a/mercurial/wireprotoserver.py +++ b/mercurial/wireprotoserver.py @@ -148,13 +148,12 @@ class httpv1protocolhandler(wireprototyp def iscmd(cmd): return cmd in wireproto.commands -def handlewsgirequest(rctx, wsgireq, req, res, checkperm): +def handlewsgirequest(rctx, req, res, checkperm): """Possibly process a wire protocol request. If the current request is a wire protocol request, the request is processed by this function. - ``wsgireq`` is a ``wsgirequest`` instance. ``req`` is a ``parsedrequest`` instance. ``res`` is a ``wsgiresponse`` instance. @@ -197,7 +196,7 @@ def handlewsgirequest(rctx, wsgireq, req return True proto = httpv1protocolhandler(req, repo.ui, - lambda perm: checkperm(rctx, wsgireq, perm)) + lambda perm: checkperm(rctx, req, perm)) # The permissions checker should be the only thing that can raise an # ErrorResponse. It is kind of a layer violation to catch an hgweb diff --git a/tests/test-http-bundle1.t b/tests/test-http-bundle1.t --- a/tests/test-http-bundle1.t +++ b/tests/test-http-bundle1.t @@ -177,7 +177,7 @@ test http authentication > import base64 > from mercurial.hgweb import common > def perform_authentication(hgweb, req, op): - > auth = req.env.get('HTTP_AUTHORIZATION') + > auth = req.headers.get('Authorization') > if not auth: > raise common.ErrorResponse(common.HTTP_UNAUTHORIZED, 'who', > [('WWW-Authenticate', 'Basic Realm="mercurial"')]) diff --git a/tests/test-http.t b/tests/test-http.t --- a/tests/test-http.t +++ b/tests/test-http.t @@ -168,7 +168,7 @@ test http authentication > import base64 > from mercurial.hgweb import common > def perform_authentication(hgweb, req, op): - > auth = req.env.get('HTTP_AUTHORIZATION') + > auth = req.headers.get('Authorization') > if not auth: > raise common.ErrorResponse(common.HTTP_UNAUTHORIZED, 'who', > [('WWW-Authenticate', 'Basic Realm="mercurial"')]) @@ -510,7 +510,7 @@ We raise HTTP 500 because its message is > from mercurial import util > from mercurial.hgweb import common > def perform_authentication(hgweb, req, op): - > cookie = req.env.get('HTTP_COOKIE') + > cookie = req.headers.get('Cookie') > if not cookie: > raise common.ErrorResponse(common.HTTP_SERVER_ERROR, 'no-cookie') > raise common.ErrorResponse(common.HTTP_SERVER_ERROR, 'Cookie: %s' % cookie) diff --git a/tests/test-largefiles-wireproto.t b/tests/test-largefiles-wireproto.t --- a/tests/test-largefiles-wireproto.t +++ b/tests/test-largefiles-wireproto.t @@ -424,7 +424,7 @@ a large file from the server rather than > import base64 > from mercurial.hgweb import common > def perform_authentication(hgweb, req, op): - > auth = req.env.get('HTTP_AUTHORIZATION') + > auth = req.headers.get('Authorization') > if not auth: > raise common.ErrorResponse(common.HTTP_UNAUTHORIZED, 'who', > [('WWW-Authenticate', 'Basic Realm="mercurial"')])