upstream/mercurial-mirror Commit - r36778:7bf80d9d

merge with stable...

Gregory Szorc -

r36778:7bf80d9d default

parent child

tests/test-http-permissions.t

0 created 644 +1502 0

This diff has been collapsed as it changes many lines, (1502 lines changed) Show them Hide them
	@@ -0,0 +1,1502 b''
		1	#require killdaemons
		2
		3	$ cat > fakeremoteuser.py << EOF
		4	> import os
		5	> from mercurial.hgweb import hgweb_mod
		6	> from mercurial import wireproto
		7	> class testenvhgweb(hgweb_mod.hgweb):
		8	> def __call__(self, env, respond):
		9	> # Allow REMOTE_USER to define authenticated user.
		10	> if r'REMOTE_USER' in os.environ:
		11	> env[r'REMOTE_USER'] = os.environ[r'REMOTE_USER']
		12	> # Allow REQUEST_METHOD to override HTTP method
		13	> if r'REQUEST_METHOD' in os.environ:
		14	> env[r'REQUEST_METHOD'] = os.environ[r'REQUEST_METHOD']
		15	> return super(testenvhgweb, self).__call__(env, respond)
		16	> hgweb_mod.hgweb = testenvhgweb
		17	>
		18	> @wireproto.wireprotocommand('customreadnoperm')
		19	> def customread(repo, proto):
		20	> return b'read-only command no defined permissions\n'
		21	> @wireproto.wireprotocommand('customwritenoperm')
		22	> def customwritenoperm(repo, proto):
		23	> return b'write command no defined permissions\n'
		24	> wireproto.permissions['customreadwithperm'] = 'pull'
		25	> @wireproto.wireprotocommand('customreadwithperm')
		26	> def customreadwithperm(repo, proto):
		27	> return b'read-only command w/ defined permissions\n'
		28	> wireproto.permissions['customwritewithperm'] = 'push'
		29	> @wireproto.wireprotocommand('customwritewithperm')
		30	> def customwritewithperm(repo, proto):
		31	> return b'write command w/ defined permissions\n'
		32	> EOF
		33
		34	$ cat >> $HGRCPATH << EOF
		35	> [extensions]
		36	> fakeremoteuser = $TESTTMP/fakeremoteuser.py
		37	> strip =
		38	> EOF
		39
		40	$ hg init test
		41	$ cd test
		42	$ echo a > a
		43	$ hg ci -Ama
		44	adding a
		45	$ cd ..
		46	$ hg clone test test2
		47	updating to branch default
		48	1 files updated, 0 files merged, 0 files removed, 0 files unresolved
		49	$ cd test2
		50	$ echo a >> a
		51	$ hg ci -mb
		52	$ hg book bm -r 0
		53	$ cd ../test
		54
		55	web.deny_read=* prevents access to wire protocol for all users
		56
		57	$ cat > .hg/hgrc <<EOF
		58	> [web]
		59	> deny_read = *
		60	> EOF
		61
		62	$ hg serve -p $HGPORT -d --pid-file hg.pid
		63	$ cat hg.pid > $DAEMON_PIDS
		64
		65	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=capabilities'
		66	401 read not authorized
		67
		68	0
		69	read not authorized
		70	[1]
		71
		72	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=stream_out'
		73	401 read not authorized
		74
		75	0
		76	read not authorized
		77	[1]
		78
		79	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
		80	401 read not authorized
		81
		82	0
		83	read not authorized
		84	[1]
		85
		86	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
		87	401 read not authorized
		88
		89	0
		90	read not authorized
		91	[1]
		92
		93	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
		94	401 read not authorized
		95
		96	0
		97	read not authorized
		98	[1]
		99
		100	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
		101	401 read not authorized
		102
		103	0
		104	read not authorized
		105	[1]
		106
		107	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
		108	401 read not authorized
		109
		110	0
		111	read not authorized
		112	[1]
		113
		114	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
		115	401 read not authorized
		116
		117	0
		118	read not authorized
		119	[1]
		120
		121	$ hg --cwd ../test2 pull http://localhost:$HGPORT/
		122	pulling from http://localhost:$HGPORT/
		123	abort: authorization failed
		124	[255]
		125
		126	$ killdaemons.py
		127
		128	web.deny_read=* with REMOTE_USER set still locks out clients
		129
		130	$ REMOTE_USER=authed_user hg serve -p $HGPORT -d --pid-file hg.pid
		131	$ cat hg.pid > $DAEMON_PIDS
		132
		133	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=capabilities'
		134	401 read not authorized
		135
		136	0
		137	read not authorized
		138	[1]
		139
		140	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=stream_out'
		141	401 read not authorized
		142
		143	0
		144	read not authorized
		145	[1]
		146
		147	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
		148	401 read not authorized
		149
		150	0
		151	read not authorized
		152	[1]
		153
		154	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
		155	401 read not authorized
		156
		157	0
		158	read not authorized
		159	[1]
		160
		161	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
		162	401 read not authorized
		163
		164	0
		165	read not authorized
		166	[1]
		167
		168	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
		169	401 read not authorized
		170
		171	0
		172	read not authorized
		173	[1]
		174
		175	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
		176	401 read not authorized
		177
		178	0
		179	read not authorized
		180	[1]
		181
		182	$ hg --cwd ../test2 pull http://localhost:$HGPORT/
		183	pulling from http://localhost:$HGPORT/
		184	abort: authorization failed
		185	[255]
		186
		187	$ killdaemons.py
		188
		189	web.deny_read=<user> denies access to unauthenticated user
		190
		191	$ cat > .hg/hgrc <<EOF
		192	> [web]
		193	> deny_read = baduser1,baduser2
		194	> EOF
		195
		196	$ hg serve -p $HGPORT -d --pid-file hg.pid
		197	$ cat hg.pid > $DAEMON_PIDS
		198
		199	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
		200	401 read not authorized
		201
		202	0
		203	read not authorized
		204	[1]
		205
		206	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
		207	401 read not authorized
		208
		209	0
		210	read not authorized
		211	[1]
		212
		213	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
		214	401 read not authorized
		215
		216	0
		217	read not authorized
		218	[1]
		219
		220	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
		221	401 read not authorized
		222
		223	0
		224	read not authorized
		225	[1]
		226
		227	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
		228	401 read not authorized
		229
		230	0
		231	read not authorized
		232	[1]
		233
		234	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
		235	401 read not authorized
		236
		237	0
		238	read not authorized
		239	[1]
		240
		241	$ hg --cwd ../test2 pull http://localhost:$HGPORT/
		242	pulling from http://localhost:$HGPORT/
		243	abort: authorization failed
		244	[255]
		245
		246	$ killdaemons.py
		247
		248	web.deny_read=<user> denies access to users in deny list
		249
		250	$ REMOTE_USER=baduser2 hg serve -p $HGPORT -d --pid-file hg.pid
		251	$ cat hg.pid > $DAEMON_PIDS
		252
		253	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
		254	401 read not authorized
		255
		256	0
		257	read not authorized
		258	[1]
		259
		260	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
		261	401 read not authorized
		262
		263	0
		264	read not authorized
		265	[1]
		266
		267	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
		268	401 read not authorized
		269
		270	0
		271	read not authorized
		272	[1]
		273
		274	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
		275	401 read not authorized
		276
		277	0
		278	read not authorized
		279	[1]
		280
		281	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
		282	401 read not authorized
		283
		284	0
		285	read not authorized
		286	[1]
		287
		288	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
		289	401 read not authorized
		290
		291	0
		292	read not authorized
		293	[1]
		294
		295	$ hg --cwd ../test2 pull http://localhost:$HGPORT/
		296	pulling from http://localhost:$HGPORT/
		297	abort: authorization failed
		298	[255]
		299
		300	$ killdaemons.py
		301
		302	web.deny_read=<user> allows access to authenticated users not in list
		303
		304	$ REMOTE_USER=gooduser hg serve -p $HGPORT -d --pid-file hg.pid
		305	$ cat hg.pid > $DAEMON_PIDS
		306
		307	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
		308	200 Script output follows
		309
		310	cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1
		311	publishing True (no-eol)
		312
		313	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
		314	200 Script output follows
		315
		316	cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1
		317	publishing True (no-eol)
		318
		319	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
		320	405 push requires POST request
		321
		322	0
		323	push requires POST request
		324	[1]
		325
		326	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
		327	200 Script output follows
		328
		329	read-only command w/ defined permissions
		330
		331	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
		332	405 push requires POST request
		333
		334	0
		335	push requires POST request
		336	[1]
		337
		338	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
		339	405 push requires POST request
		340
		341	0
		342	push requires POST request
		343	[1]
		344
		345	$ hg --cwd ../test2 pull http://localhost:$HGPORT/
		346	pulling from http://localhost:$HGPORT/
		347	searching for changes
		348	no changes found
		349
		350	$ killdaemons.py
		351
		352	web.allow_read=* allows reads for unauthenticated users
		353
		354	$ cat > .hg/hgrc <<EOF
		355	> [web]
		356	> allow_read = *
		357	> EOF
		358
		359	$ hg serve -p $HGPORT -d --pid-file hg.pid
		360	$ cat hg.pid > $DAEMON_PIDS
		361
		362	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
		363	200 Script output follows
		364
		365	cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1
		366	publishing True (no-eol)
		367
		368	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
		369	200 Script output follows
		370
		371	cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1
		372	publishing True (no-eol)
		373
		374	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
		375	405 push requires POST request
		376
		377	0
		378	push requires POST request
		379	[1]
		380
		381	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
		382	200 Script output follows
		383
		384	read-only command w/ defined permissions
		385
		386	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
		387	405 push requires POST request
		388
		389	0
		390	push requires POST request
		391	[1]
		392
		393	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
		394	405 push requires POST request
		395
		396	0
		397	push requires POST request
		398	[1]
		399
		400	$ hg --cwd ../test2 pull http://localhost:$HGPORT/
		401	pulling from http://localhost:$HGPORT/
		402	searching for changes
		403	no changes found
		404
		405	$ killdaemons.py
		406
		407	web.allow_read=* allows read for authenticated user
		408
		409	$ REMOTE_USER=authed_user hg serve -p $HGPORT -d --pid-file hg.pid
		410	$ cat hg.pid > $DAEMON_PIDS
		411
		412	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
		413	200 Script output follows
		414
		415	cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1
		416	publishing True (no-eol)
		417
		418	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
		419	200 Script output follows
		420
		421	cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1
		422	publishing True (no-eol)
		423
		424	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
		425	405 push requires POST request
		426
		427	0
		428	push requires POST request
		429	[1]
		430
		431	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
		432	200 Script output follows
		433
		434	read-only command w/ defined permissions
		435
		436	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
		437	405 push requires POST request
		438
		439	0
		440	push requires POST request
		441	[1]
		442
		443	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
		444	405 push requires POST request
		445
		446	0
		447	push requires POST request
		448	[1]
		449
		450	$ hg --cwd ../test2 pull http://localhost:$HGPORT/
		451	pulling from http://localhost:$HGPORT/
		452	searching for changes
		453	no changes found
		454
		455	$ killdaemons.py
		456
		457	web.allow_read=<user> does not allow unauthenticated users to read
		458
		459	$ cat > .hg/hgrc <<EOF
		460	> [web]
		461	> allow_read = gooduser
		462	> EOF
		463
		464	$ hg serve -p $HGPORT -d --pid-file hg.pid
		465	$ cat hg.pid > $DAEMON_PIDS
		466
		467	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
		468	401 read not authorized
		469
		470	0
		471	read not authorized
		472	[1]
		473
		474	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
		475	401 read not authorized
		476
		477	0
		478	read not authorized
		479	[1]
		480
		481	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
		482	401 read not authorized
		483
		484	0
		485	read not authorized
		486	[1]
		487
		488	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
		489	401 read not authorized
		490
		491	0
		492	read not authorized
		493	[1]
		494
		495	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
		496	401 read not authorized
		497
		498	0
		499	read not authorized
		500	[1]
		501
		502	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
		503	401 read not authorized
		504
		505	0
		506	read not authorized
		507	[1]
		508
		509	$ hg --cwd ../test2 pull http://localhost:$HGPORT/
		510	pulling from http://localhost:$HGPORT/
		511	abort: authorization failed
		512	[255]
		513
		514	$ killdaemons.py
		515
		516	web.allow_read=<user> does not allow user not in list to read
		517
		518	$ REMOTE_USER=baduser hg serve -p $HGPORT -d --pid-file hg.pid
		519	$ cat hg.pid > $DAEMON_PIDS
		520
		521	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
		522	401 read not authorized
		523
		524	0
		525	read not authorized
		526	[1]
		527
		528	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
		529	401 read not authorized
		530
		531	0
		532	read not authorized
		533	[1]
		534
		535	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
		536	401 read not authorized
		537
		538	0
		539	read not authorized
		540	[1]
		541
		542	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
		543	401 read not authorized
		544
		545	0
		546	read not authorized
		547	[1]
		548
		549	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
		550	401 read not authorized
		551
		552	0
		553	read not authorized
		554	[1]
		555
		556	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
		557	401 read not authorized
		558
		559	0
		560	read not authorized
		561	[1]
		562
		563	$ hg --cwd ../test2 pull http://localhost:$HGPORT/
		564	pulling from http://localhost:$HGPORT/
		565	abort: authorization failed
		566	[255]
		567
		568	$ killdaemons.py
		569
		570	web.allow_read=<user> allows read from user in list
		571
		572	$ REMOTE_USER=gooduser hg serve -p $HGPORT -d --pid-file hg.pid
		573	$ cat hg.pid > $DAEMON_PIDS
		574
		575	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
		576	200 Script output follows
		577
		578	cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1
		579	publishing True (no-eol)
		580
		581	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
		582	200 Script output follows
		583
		584	cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1
		585	publishing True (no-eol)
		586
		587	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
		588	405 push requires POST request
		589
		590	0
		591	push requires POST request
		592	[1]
		593
		594	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
		595	200 Script output follows
		596
		597	read-only command w/ defined permissions
		598
		599	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
		600	405 push requires POST request
		601
		602	0
		603	push requires POST request
		604	[1]
		605
		606	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
		607	405 push requires POST request
		608
		609	0
		610	push requires POST request
		611	[1]
		612
		613	$ hg --cwd ../test2 pull http://localhost:$HGPORT/
		614	pulling from http://localhost:$HGPORT/
		615	searching for changes
		616	no changes found
		617
		618	$ killdaemons.py
		619
		620	web.deny_read takes precedence over web.allow_read
		621
		622	$ cat > .hg/hgrc <<EOF
		623	> [web]
		624	> allow_read = baduser
		625	> deny_read = baduser
		626	> EOF
		627
		628	$ REMOTE_USER=baduser hg serve -p $HGPORT -d --pid-file hg.pid
		629	$ cat hg.pid > $DAEMON_PIDS
		630
		631	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
		632	401 read not authorized
		633
		634	0
		635	read not authorized
		636	[1]
		637
		638	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
		639	401 read not authorized
		640
		641	0
		642	read not authorized
		643	[1]
		644
		645	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
		646	401 read not authorized
		647
		648	0
		649	read not authorized
		650	[1]
		651
		652	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
		653	401 read not authorized
		654
		655	0
		656	read not authorized
		657	[1]
		658
		659	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
		660	401 read not authorized
		661
		662	0
		663	read not authorized
		664	[1]
		665
		666	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
		667	401 read not authorized
		668
		669	0
		670	read not authorized
		671	[1]
		672
		673	$ hg --cwd ../test2 pull http://localhost:$HGPORT/
		674	pulling from http://localhost:$HGPORT/
		675	abort: authorization failed
		676	[255]
		677
		678	$ killdaemons.py
		679
		680	web.allow-pull=false denies read access to repo
		681
		682	$ cat > .hg/hgrc <<EOF
		683	> [web]
		684	> allow-pull = false
		685	> EOF
		686
		687	$ hg serve -p $HGPORT -d --pid-file hg.pid
		688	$ cat hg.pid > $DAEMON_PIDS
		689
		690	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=capabilities'
		691	401 pull not authorized
		692
		693	0
		694	pull not authorized
		695	[1]
		696
		697	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases'
		698	401 pull not authorized
		699
		700	0
		701	pull not authorized
		702	[1]
		703
		704	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases'
		705	401 pull not authorized
		706
		707	0
		708	pull not authorized
		709	[1]
		710
		711	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
		712	405 push requires POST request
		713
		714	0
		715	push requires POST request
		716	[1]
		717
		718	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
		719	401 pull not authorized
		720
		721	0
		722	pull not authorized
		723	[1]
		724
		725	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
		726	405 push requires POST request
		727
		728	0
		729	push requires POST request
		730	[1]
		731
		732	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
		733	405 push requires POST request
		734
		735	0
		736	push requires POST request
		737	[1]
		738
		739	$ hg --cwd ../test2 pull http://localhost:$HGPORT/
		740	pulling from http://localhost:$HGPORT/
		741	abort: authorization failed
		742	[255]
		743
		744	$ killdaemons.py
		745
		746	Attempting a write command with HTTP GET fails
		747
		748	$ cat > .hg/hgrc <<EOF
		749	> EOF
		750
		751	$ REQUEST_METHOD=GET hg serve -p $HGPORT -d --pid-file hg.pid
		752	$ cat hg.pid > $DAEMON_PIDS
		753
		754	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
		755	405 push requires POST request
		756
		757	0
		758	push requires POST request
		759	[1]
		760
		761	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
		762	405 push requires POST request
		763
		764	0
		765	push requires POST request
		766	[1]
		767
		768	$ hg bookmarks
		769	no bookmarks set
		770	$ hg bookmark -d bm
		771	abort: bookmark 'bm' does not exist
		772	[255]
		773
		774	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
		775	405 push requires POST request
		776
		777	0
		778	push requires POST request
		779	[1]
		780
		781	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
		782	405 push requires POST request
		783
		784	0
		785	push requires POST request
		786	[1]
		787
		788	$ killdaemons.py
		789
		790	Attempting a write command with an unknown HTTP verb fails
		791
		792	$ REQUEST_METHOD=someverb hg serve -p $HGPORT -d --pid-file hg.pid
		793	$ cat hg.pid > $DAEMON_PIDS
		794
		795	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
		796	405 push requires POST request
		797
		798	0
		799	push requires POST request
		800	[1]
		801
		802	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
		803	405 push requires POST request
		804
		805	0
		806	push requires POST request
		807	[1]
		808
		809	$ hg bookmarks
		810	no bookmarks set
		811	$ hg bookmark -d bm
		812	abort: bookmark 'bm' does not exist
		813	[255]
		814
		815	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
		816	405 push requires POST request
		817
		818	0
		819	push requires POST request
		820	[1]
		821
		822	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
		823	405 push requires POST request
		824
		825	0
		826	push requires POST request
		827	[1]
		828
		829	$ killdaemons.py
		830
		831	Pushing on a plaintext channel is disabled by default
		832
		833	$ cat > .hg/hgrc <<EOF
		834	> EOF
		835
		836	$ REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
		837	$ cat hg.pid > $DAEMON_PIDS
		838
		839	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
		840	403 ssl required
		841
		842	0
		843	ssl required
		844	[1]
		845
		846	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
		847	403 ssl required
		848
		849	0
		850	ssl required
		851	[1]
		852
		853	$ hg bookmarks
		854	no bookmarks set
		855
		856	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
		857	403 ssl required
		858
		859	0
		860	ssl required
		861	[1]
		862
		863	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
		864	403 ssl required
		865
		866	0
		867	ssl required
		868	[1]
		869
		870	Reset server to remove REQUEST_METHOD hack to test hg client
		871
		872	$ killdaemons.py
		873	$ hg serve -p $HGPORT -d --pid-file hg.pid
		874	$ cat hg.pid > $DAEMON_PIDS
		875
		876	$ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
		877	pushing to http://localhost:$HGPORT/
		878	searching for changes
		879	no changes found
		880	abort: HTTP Error 403: ssl required
		881	[255]
		882
		883	$ hg --cwd ../test2 push http://localhost:$HGPORT/
		884	pushing to http://localhost:$HGPORT/
		885	searching for changes
		886	abort: HTTP Error 403: ssl required
		887	[255]
		888
		889	$ killdaemons.py
		890
		891	web.deny_push=* denies pushing to unauthenticated users
		892
		893	$ cat > .hg/hgrc <<EOF
		894	> [web]
		895	> push_ssl = false
		896	> deny_push = *
		897	> EOF
		898
		899	$ REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
		900	$ cat hg.pid > $DAEMON_PIDS
		901
		902	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
		903	401 push not authorized
		904
		905	0
		906	push not authorized
		907	[1]
		908
		909	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
		910	401 push not authorized
		911
		912	0
		913	push not authorized
		914	[1]
		915
		916	$ hg bookmarks
		917	no bookmarks set
		918
		919	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
		920	401 push not authorized
		921
		922	0
		923	push not authorized
		924	[1]
		925
		926	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
		927	401 push not authorized
		928
		929	0
		930	push not authorized
		931	[1]
		932
		933	Reset server to remove REQUEST_METHOD hack to test hg client
		934
		935	$ killdaemons.py
		936	$ hg serve -p $HGPORT -d --pid-file hg.pid
		937	$ cat hg.pid > $DAEMON_PIDS
		938
		939	$ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
		940	pushing to http://localhost:$HGPORT/
		941	searching for changes
		942	no changes found
		943	abort: authorization failed
		944	[255]
		945
		946	$ hg --cwd ../test2 push http://localhost:$HGPORT/
		947	pushing to http://localhost:$HGPORT/
		948	searching for changes
		949	abort: authorization failed
		950	[255]
		951
		952	$ killdaemons.py
		953
		954	web.deny_push=* denies pushing to authenticated users
		955
		956	$ REMOTE_USER=someuser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
		957	$ cat hg.pid > $DAEMON_PIDS
		958
		959	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
		960	401 push not authorized
		961
		962	0
		963	push not authorized
		964	[1]
		965
		966	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
		967	401 push not authorized
		968
		969	0
		970	push not authorized
		971	[1]
		972
		973	$ hg bookmarks
		974	no bookmarks set
		975
		976	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
		977	401 push not authorized
		978
		979	0
		980	push not authorized
		981	[1]
		982
		983	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
		984	401 push not authorized
		985
		986	0
		987	push not authorized
		988	[1]
		989
		990	Reset server to remove REQUEST_METHOD hack to test hg client
		991
		992	$ killdaemons.py
		993	$ REMOTE_USER=someuser hg serve -p $HGPORT -d --pid-file hg.pid
		994	$ cat hg.pid > $DAEMON_PIDS
		995
		996	$ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
		997	pushing to http://localhost:$HGPORT/
		998	searching for changes
		999	no changes found
		1000	abort: authorization failed
		1001	[255]
		1002
		1003	$ hg --cwd ../test2 push http://localhost:$HGPORT/
		1004	pushing to http://localhost:$HGPORT/
		1005	searching for changes
		1006	abort: authorization failed
		1007	[255]
		1008
		1009	$ killdaemons.py
		1010
		1011	web.deny_push=<user> denies pushing to user in list
		1012
		1013	$ cat > .hg/hgrc <<EOF
		1014	> [web]
		1015	> push_ssl = false
		1016	> deny_push = baduser
		1017	> EOF
		1018
		1019	$ REMOTE_USER=baduser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
		1020	$ cat hg.pid > $DAEMON_PIDS
		1021
		1022	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
		1023	401 push not authorized
		1024
		1025	0
		1026	push not authorized
		1027	[1]
		1028
		1029	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
		1030	401 push not authorized
		1031
		1032	0
		1033	push not authorized
		1034	[1]
		1035
		1036	$ hg bookmarks
		1037	no bookmarks set
		1038
		1039	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
		1040	401 push not authorized
		1041
		1042	0
		1043	push not authorized
		1044	[1]
		1045
		1046	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
		1047	401 push not authorized
		1048
		1049	0
		1050	push not authorized
		1051	[1]
		1052
		1053	Reset server to remove REQUEST_METHOD hack to test hg client
		1054
		1055	$ killdaemons.py
		1056	$ REMOTE_USER=baduser hg serve -p $HGPORT -d --pid-file hg.pid
		1057	$ cat hg.pid > $DAEMON_PIDS
		1058
		1059	$ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
		1060	pushing to http://localhost:$HGPORT/
		1061	searching for changes
		1062	no changes found
		1063	abort: authorization failed
		1064	[255]
		1065
		1066	$ hg --cwd ../test2 push http://localhost:$HGPORT/
		1067	pushing to http://localhost:$HGPORT/
		1068	searching for changes
		1069	abort: authorization failed
		1070	[255]
		1071
		1072	$ killdaemons.py
		1073
		1074	web.deny_push=<user> denies pushing to user not in list because allow-push isn't set
		1075
		1076	$ REMOTE_USER=gooduser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
		1077	$ cat hg.pid > $DAEMON_PIDS
		1078
		1079	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
		1080	401 push not authorized
		1081
		1082	0
		1083	push not authorized
		1084	[1]
		1085
		1086	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
		1087	401 push not authorized
		1088
		1089	0
		1090	push not authorized
		1091	[1]
		1092
		1093	$ hg bookmarks
		1094	no bookmarks set
		1095
		1096	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
		1097	401 push not authorized
		1098
		1099	0
		1100	push not authorized
		1101	[1]
		1102
		1103	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
		1104	401 push not authorized
		1105
		1106	0
		1107	push not authorized
		1108	[1]
		1109
		1110	Reset server to remove REQUEST_METHOD hack to test hg client
		1111
		1112	$ killdaemons.py
		1113	$ REMOTE_USER=gooduser hg serve -p $HGPORT -d --pid-file hg.pid
		1114	$ cat hg.pid > $DAEMON_PIDS
		1115
		1116	$ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
		1117	pushing to http://localhost:$HGPORT/
		1118	searching for changes
		1119	no changes found
		1120	abort: authorization failed
		1121	[255]
		1122
		1123	$ hg --cwd ../test2 push http://localhost:$HGPORT/
		1124	pushing to http://localhost:$HGPORT/
		1125	searching for changes
		1126	abort: authorization failed
		1127	[255]
		1128
		1129	$ killdaemons.py
		1130
		1131	web.allow-push=* allows pushes from unauthenticated users
		1132
		1133	$ cat > .hg/hgrc <<EOF
		1134	> [web]
		1135	> push_ssl = false
		1136	> allow-push = *
		1137	> EOF
		1138
		1139	$ REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
		1140	$ cat hg.pid > $DAEMON_PIDS
		1141
		1142	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
		1143	200 Script output follows
		1144
		1145	1
		1146
		1147	$ hg bookmarks
		1148	bm 0:cb9a9f314b8b
		1149	$ hg book -d bm
		1150
		1151	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
		1152	200 Script output follows
		1153
		1154	write command no defined permissions
		1155
		1156	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
		1157	200 Script output follows
		1158
		1159	write command w/ defined permissions
		1160
		1161	Reset server to remove REQUEST_METHOD hack to test hg client
		1162
		1163	$ killdaemons.py
		1164	$ hg serve -p $HGPORT -d --pid-file hg.pid
		1165	$ cat hg.pid > $DAEMON_PIDS
		1166
		1167	$ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
		1168	pushing to http://localhost:$HGPORT/
		1169	searching for changes
		1170	no changes found
		1171	exporting bookmark bm
		1172	[1]
		1173
		1174	$ hg book -d bm
		1175
		1176	$ hg --cwd ../test2 push http://localhost:$HGPORT/
		1177	pushing to http://localhost:$HGPORT/
		1178	searching for changes
		1179	remote: adding changesets
		1180	remote: adding manifests
		1181	remote: adding file changes
		1182	remote: added 1 changesets with 1 changes to 1 files
		1183
		1184	$ hg strip -r 1:
		1185	saved backup bundle to $TESTTMP/test/.hg/strip-backup/ba677d0156c1-eea704d7-backup.hg
		1186
		1187	$ killdaemons.py
		1188
		1189	web.allow-push=* allows pushes from authenticated users
		1190
		1191	$ REMOTE_USER=someuser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
		1192	$ cat hg.pid > $DAEMON_PIDS
		1193
		1194	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
		1195	200 Script output follows
		1196
		1197	1
		1198
		1199	$ hg bookmarks
		1200	bm 0:cb9a9f314b8b
		1201	$ hg book -d bm
		1202
		1203	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
		1204	200 Script output follows
		1205
		1206	write command no defined permissions
		1207
		1208	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
		1209	200 Script output follows
		1210
		1211	write command w/ defined permissions
		1212
		1213	Reset server to remove REQUEST_METHOD hack to test hg client
		1214
		1215	$ killdaemons.py
		1216	$ REMOTE_USER=someuser hg serve -p $HGPORT -d --pid-file hg.pid
		1217	$ cat hg.pid > $DAEMON_PIDS
		1218
		1219	$ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
		1220	pushing to http://localhost:$HGPORT/
		1221	searching for changes
		1222	no changes found
		1223	exporting bookmark bm
		1224	[1]
		1225
		1226	$ hg book -d bm
		1227
		1228	$ hg --cwd ../test2 push http://localhost:$HGPORT/
		1229	pushing to http://localhost:$HGPORT/
		1230	searching for changes
		1231	remote: adding changesets
		1232	remote: adding manifests
		1233	remote: adding file changes
		1234	remote: added 1 changesets with 1 changes to 1 files
		1235
		1236	$ hg strip -r 1:
		1237	saved backup bundle to $TESTTMP/test/.hg/strip-backup/ba677d0156c1-eea704d7-backup.hg
		1238
		1239	$ killdaemons.py
		1240
		1241	web.allow-push=<user> denies push to user not in list
		1242
		1243	$ cat > .hg/hgrc <<EOF
		1244	> [web]
		1245	> push_ssl = false
		1246	> allow-push = gooduser
		1247	> EOF
		1248
		1249	$ REMOTE_USER=baduser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
		1250	$ cat hg.pid > $DAEMON_PIDS
		1251
		1252	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
		1253	401 push not authorized
		1254
		1255	0
		1256	push not authorized
		1257	[1]
		1258
		1259	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
		1260	401 push not authorized
		1261
		1262	0
		1263	push not authorized
		1264	[1]
		1265
		1266	$ hg bookmarks
		1267	no bookmarks set
		1268
		1269	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
		1270	401 push not authorized
		1271
		1272	0
		1273	push not authorized
		1274	[1]
		1275
		1276	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
		1277	401 push not authorized
		1278
		1279	0
		1280	push not authorized
		1281	[1]
		1282
		1283	Reset server to remove REQUEST_METHOD hack to test hg client
		1284
		1285	$ killdaemons.py
		1286	$ REMOTE_USER=baduser hg serve -p $HGPORT -d --pid-file hg.pid
		1287	$ cat hg.pid > $DAEMON_PIDS
		1288
		1289	$ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
		1290	pushing to http://localhost:$HGPORT/
		1291	searching for changes
		1292	no changes found
		1293	abort: authorization failed
		1294	[255]
		1295
		1296	$ hg --cwd ../test2 push http://localhost:$HGPORT/
		1297	pushing to http://localhost:$HGPORT/
		1298	searching for changes
		1299	abort: authorization failed
		1300	[255]
		1301
		1302	$ killdaemons.py
		1303
		1304	web.allow-push=<user> allows push from user in list
		1305
		1306	$ REMOTE_USER=gooduser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
		1307	$ cat hg.pid > $DAEMON_PIDS
		1308
		1309	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
		1310	200 Script output follows
		1311
		1312	1
		1313
		1314	$ hg bookmarks
		1315	bm 0:cb9a9f314b8b
		1316	$ hg book -d bm
		1317
		1318	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
		1319	200 Script output follows
		1320
		1321	1
		1322
		1323	$ hg bookmarks
		1324	bm 0:cb9a9f314b8b
		1325	$ hg book -d bm
		1326
		1327	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
		1328	200 Script output follows
		1329
		1330	write command no defined permissions
		1331
		1332	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
		1333	200 Script output follows
		1334
		1335	write command w/ defined permissions
		1336
		1337	Reset server to remove REQUEST_METHOD hack to test hg client
		1338
		1339	$ killdaemons.py
		1340	$ REMOTE_USER=gooduser hg serve -p $HGPORT -d --pid-file hg.pid
		1341	$ cat hg.pid > $DAEMON_PIDS
		1342
		1343	$ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
		1344	pushing to http://localhost:$HGPORT/
		1345	searching for changes
		1346	no changes found
		1347	exporting bookmark bm
		1348	[1]
		1349
		1350	$ hg book -d bm
		1351
		1352	$ hg --cwd ../test2 push http://localhost:$HGPORT/
		1353	pushing to http://localhost:$HGPORT/
		1354	searching for changes
		1355	remote: adding changesets
		1356	remote: adding manifests
		1357	remote: adding file changes
		1358	remote: added 1 changesets with 1 changes to 1 files
		1359
		1360	$ hg strip -r 1:
		1361	saved backup bundle to $TESTTMP/test/.hg/strip-backup/ba677d0156c1-eea704d7-backup.hg
		1362
		1363	$ killdaemons.py
		1364
		1365	web.deny_push takes precedence over web.allow_push
		1366
		1367	$ cat > .hg/hgrc <<EOF
		1368	> [web]
		1369	> push_ssl = false
		1370	> allow-push = someuser
		1371	> deny_push = someuser
		1372	> EOF
		1373
		1374	$ REMOTE_USER=someuser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid
		1375	$ cat hg.pid > $DAEMON_PIDS
		1376
		1377	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
		1378	401 push not authorized
		1379
		1380	0
		1381	push not authorized
		1382	[1]
		1383
		1384	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
		1385	401 push not authorized
		1386
		1387	0
		1388	push not authorized
		1389	[1]
		1390
		1391	$ hg bookmarks
		1392	no bookmarks set
		1393
		1394	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
		1395	401 push not authorized
		1396
		1397	0
		1398	push not authorized
		1399	[1]
		1400
		1401	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
		1402	401 push not authorized
		1403
		1404	0
		1405	push not authorized
		1406	[1]
		1407
		1408	Reset server to remove REQUEST_METHOD hack to test hg client
		1409
		1410	$ killdaemons.py
		1411	$ REMOTE_USER=someuser hg serve -p $HGPORT -d --pid-file hg.pid
		1412	$ cat hg.pid > $DAEMON_PIDS
		1413
		1414	$ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
		1415	pushing to http://localhost:$HGPORT/
		1416	searching for changes
		1417	no changes found
		1418	abort: authorization failed
		1419	[255]
		1420
		1421	$ hg --cwd ../test2 push http://localhost:$HGPORT/
		1422	pushing to http://localhost:$HGPORT/
		1423	searching for changes
		1424	abort: authorization failed
		1425	[255]
		1426
		1427	$ killdaemons.py
		1428
		1429	web.allow-push has no effect if web.deny_read is set
		1430
		1431	$ cat > .hg/hgrc <<EOF
		1432	> [web]
		1433	> push_ssl = false
		1434	> allow-push = *
		1435	> deny_read = *
		1436	> EOF
		1437
		1438	$ REQUEST_METHOD=POST REMOTE_USER=someuser hg serve -p $HGPORT -d --pid-file hg.pid
		1439	$ cat hg.pid > $DAEMON_PIDS
		1440
		1441	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
		1442	401 read not authorized
		1443
		1444	0
		1445	read not authorized
		1446	[1]
		1447
		1448	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b'
		1449	401 read not authorized
		1450
		1451	0
		1452	read not authorized
		1453	[1]
		1454
		1455	$ hg bookmarks
		1456	no bookmarks set
		1457
		1458	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadnoperm'
		1459	401 read not authorized
		1460
		1461	0
		1462	read not authorized
		1463	[1]
		1464
		1465	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customreadwithperm'
		1466	401 read not authorized
		1467
		1468	0
		1469	read not authorized
		1470	[1]
		1471
		1472	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritenoperm'
		1473	401 read not authorized
		1474
		1475	0
		1476	read not authorized
		1477	[1]
		1478
		1479	$ get-with-headers.py $LOCALIP:$HGPORT '?cmd=customwritewithperm'
		1480	401 read not authorized
		1481
		1482	0
		1483	read not authorized
		1484	[1]
		1485
		1486	Reset server to remove REQUEST_METHOD hack to test hg client
		1487
		1488	$ killdaemons.py
		1489	$ REMOTE_USER=someuser hg serve -p $HGPORT -d --pid-file hg.pid
		1490	$ cat hg.pid > $DAEMON_PIDS
		1491
		1492	$ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/
		1493	pushing to http://localhost:$HGPORT/
		1494	abort: authorization failed
		1495	[255]
		1496
		1497	$ hg --cwd ../test2 push http://localhost:$HGPORT/
		1498	pushing to http://localhost:$HGPORT/
		1499	abort: authorization failed
		1500	[255]
		1501
		1502	$ killdaemons.py

tests/test-lfs-bundle.t

0 created 644 +97 0

@@ -0,0 +1,97 b''
	1	In this test, we want to test LFS bundle application on both LFS and non-LFS
	2	repos.
	3
	4	To make it more interesting, the file revisions will contain hg filelog
	5	metadata ('\1\n'). The bundle will have 1 file revision overlapping with the
	6	destination repo.
	7
	8	# rev 1 2 3
	9	# repo: yes yes no
	10	# bundle: no (base) yes yes (deltabase: 2 if possible)
	11
	12	It is interesting because rev 2 could have been stored as LFS in the repo, and
	13	non-LFS in the bundle; or vice-versa.
	14
	15	Init
	16
	17	$ cat >> $HGRCPATH << EOF
	18	> [extensions]
	19	> lfs=
	20	> drawdag=$TESTDIR/drawdag.py
	21	> [lfs]
	22	> url=file:$TESTTMP/lfs-remote
	23	> EOF
	24
	25	Helper functions
	26
	27	$ commitxy() {
	28	> hg debugdrawdag "$@" <<'EOS'
	29	> Y # Y/X=\1\nAAAA\nE\nF
	30	> \| # Y/Y=\1\nAAAA\nG\nH
	31	> X # X/X=\1\nAAAA\nC\n
	32	> # X/Y=\1\nAAAA\nD\n
	33	> EOS
	34	> }
	35
	36	$ commitz() {
	37	> hg debugdrawdag "$@" <<'EOS'
	38	> Z # Z/X=\1\nAAAA\nI\n
	39	> \| # Z/Y=\1\nAAAA\nJ\n
	40	> \| # Z/Z=\1\nZ
	41	> Y
	42	> EOS
	43	> }
	44
	45	$ enablelfs() {
	46	> cat >> .hg/hgrc <<EOF
	47	> [lfs]
	48	> track=all()
	49	> EOF
	50	> }
	51
	52	Generate bundles
	53
	54	$ for i in normal lfs; do
	55	> NAME=src-$i
	56	> hg init $TESTTMP/$NAME
	57	> cd $TESTTMP/$NAME
	58	> [ $i = lfs ] && enablelfs
	59	> commitxy
	60	> commitz
	61	> hg bundle -q --base X -r Y+Z $TESTTMP/$NAME.bundle
	62	> SRCNAMES="$SRCNAMES $NAME"
	63	> done
	64
	65	Prepare destination repos
	66
	67	$ for i in normal lfs; do
	68	> NAME=dst-$i
	69	> hg init $TESTTMP/$NAME
	70	> cd $TESTTMP/$NAME
	71	> [ $i = lfs ] && enablelfs
	72	> commitxy
	73	> DSTNAMES="$DSTNAMES $NAME"
	74	> done
	75
	76	Apply bundles
	77
	78	$ for i in $SRCNAMES; do
	79	> for j in $DSTNAMES; do
	80	> echo ---- Applying $i.bundle to $j ----
	81	> cp -R $TESTTMP/$j $TESTTMP/tmp-$i-$j
	82	> cd $TESTTMP/tmp-$i-$j
	83	> if hg unbundle $TESTTMP/$i.bundle -q 2>/dev/null; then
	84	> hg verify -q && echo OK
	85	> else
	86	> echo CRASHED
	87	> fi
	88	> done
	89	> done
	90	---- Applying src-normal.bundle to dst-normal ----
	91	OK
	92	---- Applying src-normal.bundle to dst-lfs ----
	93	OK
	94	---- Applying src-lfs.bundle to dst-normal ----
	95	OK
	96	---- Applying src-lfs.bundle to dst-lfs ----
	97	OK

.hgsigs

0 +2 0

             a92b9f8e11ba330614cdfd6af0e03b15c1ff3797 0 iQJVBAABCAA/FiEEOoFVFj0OIKUw/LeGR6Z/+qNGqs4FAlohslshHGtidWxsb2NrK21lcmN1cmlhbEByaW5nd29ybGQub3JnAAoJEEemf/qjRqrO7P8P/1qGts96acEdB9BZbK/Eesalb1wUByLXZoP8j+1wWwqh/Kq/q7V4Qe0z1jw/92oZbmnLy2C8sDhWv/XKxACKv69oPrcqQix1E8M+07u88ZXqHJMSxkOmvA2Vimp9EG1qgje+qchgOVgvhEhysA96bRpEnc6V0RnBqI5UdfbKtlfBmX5mUE/qsoBZhly1FTmzV1bhYlGgNLyqtJQpcbA34wyPoywsp8DRBiHWrIzz5XNR+DJFTOe4Kqio1i5r8R4QSIM5vtTbj5pbsmtGcP2CsFC9S3xTSAU6AEJKxGpubPk3ckNj3P9zolvR7krU5Jt8LIgXSVaKLt9rPhmxCbPrLtORgXkUupJcrwzQl+oYz5bkl9kowFa959waIPYoCuuW402mOTDq/L3xwDH9AKK5rELPl3fNo+5OIDKAKRIu6zRSAzBtyGT6kkfb1NSghumP4scR7cgUmLaNibZBa8eJj92gwf+ucSGoB/dF/YHWNe0jY09LFK3nyCoftmyLzxcRk1JLGNngw8MCIuisHTskhxSm/qlX7qjunoZnA3yy9behhy/YaFt4YzYZbMTivt2gszX5ktToaDqfxWDYdIa79kp8G68rYPeybelTS74LwbK3blXPI3I1nddkW52znHYLvW6BYyi+QQ5jPZLkiOC+AF0q+c4gYmPaLVN/mpMZjjmB
 b6df1b5adbdf647cf5c6675b40575e1b197c60 0 iQJEBAABCAAuFiEEK8zhT1xnJaouqK63ucncgkqlvdUFAlpmbwIQHHJhZkBkdXJpbjQyLmNvbQAKCRC5ydyCSqW91W4BD/4h+y7QH7FkNcueOBrmdci7w1apkPX7KuknKxf8+FmA1QDGWYATnqD6IcAk3+f4reO4n9qc0y2BGrIz/pyTSIHvJW+ORrbPCKVrXlfUgkUK3TumtRObt8B75BVBBNaJ93r1yOALpo/K8wSwRrBF+Yl6aCoFiibUEbfcfaOAHVqZXKC1ZPtLRwq5NHIw0wWB0qNoAXj+FJV1EHO7SEjj2lXqw/r0HriQMdObWLgAb6QVUq7oVMpAumUeuQtZ169qHdqYfF1OLdCnsVBcwYEz/cBLC43bvYiwFxSkbAFyl656caWiwA3PISFSzP9Co0zWU/Qf8f7dTdAdT/orzCfUq8YoXqryfRSxi+8L8/EMxankzdW73Rx5X+0539pSq+gDDtTOyNuW6+CZwa5D84b31rsd+jTx8zVm3SRHRKsoGF2EEMQkWmDbhIFjX5W1fE84Ul3umypv+lPSvCPlQpIqv2hZmcTR12sgjdBjU8z+Zcq22SHFybqiYNmWpkVUtiMvTlHMoJfi5PI6xF8D2dxV4ErG+NflqdjaXydgnbO6D3/A1FCASig0wL4jMxSeRqnRRqLihN3VaGG2QH6MLJ+Ty6YuoonKtopw9JNOZydr/XN7K5LcjX1T3+31qmnHZyBXRSejWl9XN93IDbQcnMBWHkz/cJLN0kKu4pvnV8UGUcyXfA==
             d334afc585e29577f271c5eda03378736a16ca6b 0 iQJEBAABCAAuFiEEK8zhT1xnJaouqK63ucncgkqlvdUFAlpzZuUQHHJhZkBkdXJpbjQyLmNvbQAKCRC5ydyCSqW91TiDEADDD6Tn04UjgrZ36nAqOcHaG1ZT2Cm1/sbTw+6duAhf3+uKWFqi2bgcdCBkdfRH7KfEU0GNsPpiC6mzWw3PDWmGhnLJAkR+9FTBU0edK01hkNW8RelDTL5J9IzIGwrP4KFfcUue6yrxU8GnSxnf5Vy/N5ZZzLV/P3hdBte5We9PD5KHPAwTzzcZ9Wiog700rFDDChyFq7hNQ3H0GpknF6+Ck5XmJ3DOqt1MFHk9V4Z/ASU59cQXKOeaMChlBpTb1gIIWjOE99v5aY06dc1WlwttuHtCZvZgtAduRAB6XYWyniS/7nXBv0MXD3EWbpH1pkOaWUxw217HpNP4g9Yo3u/i8UW+NkSJOeXtC1CFjWmUNj138IhS1pogaiPPnIs+H6eOJsmnGhN2KbOMjA5Dn9vSTi6s/98TarfUSiwxA4L7fJy5qowFETftuBO0fJpbB8+ZtpnjNp0MMKed27OUSv69i6BmLrP+eqk+MVO6PovvIySlWAP9/REM/I5/mFkqoI+ruT4a9osNGDZ4Jqb382b7EmpEMDdgb7+ezsybgDfizuaTs/LBae7h79o1m30DxZ/EZ5C+2LY8twbGSORvZN4ViMVhIhWBTlOE/iVBOj807Y2OaUURcuLfHRmaCcfF1uIzg0uNB/aM/WSE0+AXh2IX+mipoTS3eh/V2EKldBHcOQ==
+aadf7a3264b03c8b09efce715bc41e6ab4a9b 0 iQJVBAABCAA/FiEEOoFVFj0OIKUw/LeGR6Z/+qNGqs4FAlqe5w8hHGtidWxsb2NrK21lcmN1cmlhbEByaW5nd29ybGQub3JnAAoJEEemf/qjRqrO1lUQAK6+S26rE3AMt6667ClT+ubPl+nNMRkWJXa8EyPplBUGTPdMheViOe+28dCsveJxqUF7A4TMLMA/eIj4cRIwmVbBaivfQKnG5GMZ+9N6j6oqE/OAJujdHzzZ3+o9KJGtRgJP2tzdY/6qkXwL3WN6KULz7pSkrKZLOiNfj4k2bf3bXeB7d3N5erxJYlhddlPBlHXImRkWiPR/bdaAaYJq+EEWCbia6MWXlSAqEjIgQi+ytuh/9Z+QSsJCsECDRqEExZClqHGkCLYhST99NqqdYCGJzAFMgh+xWxZxI0LO08pJxYctHGoHm+vvRVMfmdbxEydEy01H6jX+1e7Yq44bovIiIOkaXCTSuEBol+R5aPKJhgvqgZ5IlcTLoIYQBE3MZMKZ89NWy3TvgcNkQiOPCCkKs1+DukXKqTt62zOTxfa6mIZDCXdGai6vZBJ5b0yeEd3HV96yHb9dFlS5w1cG7prIBRv5BkqEaFbRMGZGV31Ri7BuVu0O68Pfdq+R+4A1YLdJ0H5DySe2dGlwE2DMKhdtVu1bie4UWHK10TphmqhBk6B9Ew2+tASCU7iczAqRzyzMLBTHIfCYO2R+5Yuh0CApt47KV23OcLje9nORyE2yaDTbVUPiXzdOnbRaCQf7eW5/1y/LLjG6OwtuETTcHKh7ruko+u7rFL96a4DNlNdk
+bba684efde7f45add05f737952093bb2aa07155 0 iQJVBAABCAA/FiEEOoFVFj0OIKUw/LeGR6Z/+qNGqs4FAlqe6dkhHGtidWxsb2NrK21lcmN1cmlhbEByaW5nd29ybGQub3JnAAoJEEemf/qjRqrOJmIQALUVCoWUFYYaRxGH4OpmIQ2o1JrMefvarFhaPY1r3+G87sjXgw15uobEQDtoybTUYbcdSxJQT1KE1FOm3wU0VyN6PY9c1PMEAVgJlve0eDiXNNlBsoYMXnpq1HidZknkjpXgUPdE/LElxpJJRlJQZlS29bkGmEDZQBoOvlcZoBRDSYcbM07wn7d+1gmJkcHViDBMAbSrudfO0OYzDC1BjtGyKm7Mes2WB1yFYw+ySa8hF/xPKEDvoZINOE5n3PBJiCvPuTw3PqsHvWgKOA1Obx9fATlxj7EHBLfKBTNfpUwPMRSH1cmA+qUS9mRDrdLvrThwalr6D3r2RJ2ntOipcZpKMmxARRV+VUAI1K6H0/Ws3XAxENqhF7RgRruJFVq8G8EcHJLZEoVHsR+VOnd/pzgkFKS+tIsYYRcMpL0DdMF8pV3xrEFahgRhaEZOh4jsG3Z+sGLVFFl7DdMqeGs6m/TwDrvfuYtGczfGRB0wqu8KOwhR1BjNJKcr4lk35GKwSXmI1vk6Z1gAm0e13995lqbCJwkuOKynQlHWVOR6hu3ypvAgV/zXLF5t8HHtL48sOJ8a33THuJT4whbXSIb9BQXu/NQnNhK8G3Kly5UN88vL4a3sZi/Y86h4R2fKOSib/txJ3ydLbMeS8LlJMqeF/hrBanVF0r15NZ2CdmL1Qxim

.hgtags

0 +2 0

             a92b9f8e11ba330614cdfd6af0e03b15c1ff3797 4.4.2
 b6df1b5adbdf647cf5c6675b40575e1b197c60 4.5-rc
             d334afc585e29577f271c5eda03378736a16ca6b 4.5
+aadf7a3264b03c8b09efce715bc41e6ab4a9b 4.5.1
+bba684efde7f45add05f737952093bb2aa07155 4.5.2

hgext/largefiles/uisetup.py

0 +4 -4

             from mercurial.i18n import _
             from mercurial.hgweb import (
-                hgweb_mod,
                 webcommands,
             )
                 # make putlfile behave the same as push and {get,stat}lfile behave
                 # the same as pull w.r.t. permissions checks
-                hgweb_mod.perms['putlfile'] = 'push'
+                wireproto.permissions['putlfile'] = 'push'
-                hgweb_mod.perms['getlfile'] = 'pull'
+                wireproto.permissions['getlfile'] = 'pull'
-                hgweb_mod.perms['statlfile'] = 'pull'
+                wireproto.permissions['statlfile'] = 'pull'
+                wireproto.permissions['lheads'] = 'pull'
                 extensions.wrapfunction(webcommands, 'decodepath', overrides.decodepath)

mercurial/changegroup.py

0 +8 -3

                     progress(msgbundling, None)
                 def deltaparent(self, revlog, rev, p1, p2, prev):
+                    if not revlog.candelta(prev, rev):
+                        raise error.ProgrammingError('cg1 should not be used in this case')
                     return prev
                 def revchunk(self, revlog, rev, prev, linknode):
                         # expensive. The revlog caches should have prev cached, meaning
                         # less CPU for changegroup generation. There is likely room to add
                         # a flag and/or config option to control this behavior.
-                        return prev
+                        base = prev
                     elif dp == nullrev:
                         # revlog is configured to use full snapshot for a reason,
                         # stick to full snapshot.
-                        return nullrev
+                        base = nullrev
                     elif dp not in (p1, p2, prev):
                         # Pick prev when we can't be sure remote has the base revision.
                         return prev
                     else:
-                        return dp
+                        base = dp
+                    if base != nullrev and not revlog.candelta(base, rev):
+                        base = nullrev
+                    return base
                 def builddeltaheader(self, node, p1n, p2n, basenode, linknode, flags):
                     # Do nothing with flags, it is implicitly 0 in cg1 and cg2

mercurial/hgweb/hgweb_mod.py

0 +15 -13

                 templater,
                 ui as uimod,
                 util,
+                wireproto,
                 wireprotoserver,
             )
                 wsgicgi,
             )
-            perms = {
+            # Aliased for API compatibility.
-                'changegroup': 'pull',
+            perms = wireproto.permissions
-                'changegroupsubset': 'pull',
-                'getbundle': 'pull',
-                'stream_out': 'pull',
-                'listkeys': 'pull',
-                'unbundle': 'push',
-                'pushkey': 'push',
             archivespecs = util.sortdict((
                 ('zip', ('application/zip', 'zip', '.zip', None)),
                         try:
                             if query:
                                 raise ErrorResponse(HTTP_NOT_FOUND)
-                            if cmd in perms:
-                                self.check_perm(rctx, req, perms[cmd])
+                            # TODO fold this into parsehttprequest
+                            req.checkperm = lambda op: self.check_perm(rctx, req, op)
+                            protohandler['proto'].checkperm = req.checkperm
+                            # Assume commands with no defined permissions are writes /
+                            # for pushes. This is the safest from a security perspective
+                            # because it doesn't allow commands with undefined semantics
+                            # from bypassing permissions checks.
+                            req.checkperm(perms.get(cmd, 'push'))
+                            return protohandler['dispatch']()
                         except ErrorResponse as inst:
                             return protohandler['handleerror'](inst)
-                        return protohandler['dispatch']()
                     # translate user-visible url structure to internal structure
                     args = query.split('/', 2)

mercurial/revlog.py

0 +34 -4

                 REVIDX_EXTSTORED,
             ]
             REVIDX_KNOWN_FLAGS = util.bitsfrom(REVIDX_FLAGS_ORDER)
+            # bitmark for flags that could cause rawdata content change
+            REVIDX_RAWTEXT_CHANGING_FLAGS = REVIDX_ISCENSORED | REVIDX_EXTSTORED
             # max size of revlog with inline data
             _maxinline = 131072
                 """Register a flag processor on a revision data flag.
                 Invariant:
-                - Flags need to be defined in REVIDX_KNOWN_FLAGS and REVIDX_FLAGS_ORDER.
+                - Flags need to be defined in REVIDX_KNOWN_FLAGS and REVIDX_FLAGS_ORDER,
+                  and REVIDX_RAWTEXT_CHANGING_FLAGS if they can alter rawtext.
                 - Only one flag processor can be registered on a specific flag.
                 - flagprocessors must be 3-tuples of functions (read, write, raw) with the
                   following signatures:
                                                                len(delta) - hlen):
                         btext[0] = delta[hlen:]
                     else:
-                        basetext = revlog.revision(baserev, _df=fh, raw=True)
+                        # deltabase is rawtext before changed by flag processors, which is
+                        # equivalent to non-raw text
+                        basetext = revlog.revision(baserev, _df=fh, raw=False)
                         btext[0] = mdiff.patch(basetext, delta)
                     try:
                     for candidaterevs in self._getcandidaterevs(p1, p2, cachedelta):
                         nominateddeltas = []
                         for candidaterev in candidaterevs:
+                            # no delta for rawtext-changing revs (see "candelta" for why)
+                            if revlog.flags(candidaterev) & REVIDX_RAWTEXT_CHANGING_FLAGS:
+                                continue
                             candidatedelta = self._builddeltainfo(revinfo, candidaterev, fh)
                             if revlog._isgooddeltainfo(candidatedelta, revinfo.textlen):
                                 nominateddeltas.append(candidatedelta)
                     except KeyError:
                         return False
+                def candelta(self, baserev, rev):
+                    """whether two revisions (baserev, rev) can be delta-ed or not"""
+                    # Disable delta if either rev requires a content-changing flag
+                    # processor (ex. LFS). This is because such flag processor can alter
+                    # the rawtext content that the delta will be based on, and two clients
+                    # could have a same revlog node with different flags (i.e. different
+                    # rawtext contents) and the delta could be incompatible.
+                    if ((self.flags(baserev) & REVIDX_RAWTEXT_CHANGING_FLAGS)
+                        or (self.flags(rev) & REVIDX_RAWTEXT_CHANGING_FLAGS)):
+                        return False
+                    return True
                 def clearcaches(self):
                     self._cache = None
                     self._chainbasecache.clear()
                     # full versions are inserted when the needed deltas
                     # become comparable to the uncompressed text
                     if rawtext is None:
-                        textlen = mdiff.patchedsize(self.rawsize(cachedelta[0]),
+                        # need rawtext size, before changed by flag processors, which is
+                        # the non-raw size. use revlog explicitly to avoid filelog's extra
+                        # logic that might remove metadata size.
+                        textlen = mdiff.patchedsize(revlog.size(self, cachedelta[0]),
                                                     cachedelta[1])
                     else:
                         textlen = len(rawtext)
                         deltacomputer = _deltacomputer(self)
                     revinfo = _revisioninfo(node, p1, p2, btext, textlen, cachedelta, flags)
-                    deltainfo = deltacomputer.finddeltainfo(revinfo, fh)
+                    # no delta for flag processor revision (see "candelta" for why)
+                    # not calling candelta since only one revision needs test, also to
+                    # avoid overhead fetching flags again.
+                    if flags & REVIDX_RAWTEXT_CHANGING_FLAGS:
+                        deltainfo = None
+                    else:
+                        deltainfo = deltacomputer.finddeltainfo(revinfo, fh)
                     if deltainfo is not None:
                         base = deltainfo.base

mercurial/wireproto.py

0 +35 0

             commands = commanddict()
+            # Maps wire protocol name to operation type. This is used for permissions
+            # checking. All defined @wireiprotocommand should have an entry in this
+            # dict.
+            permissions = {}
             def wireprotocommand(name, args='', transportpolicy=POLICY_ALL):
                 """Decorator to declare a wire protocol command.
                     return func
                 return register
+            # TODO define a more appropriate permissions type to use for this.
+            permissions['batch'] = 'pull'
             @wireprotocommand('batch', 'cmds *')
             def batch(repo, proto, cmds, others):
                 repo = repo.filtered("served")
                             n, v = a.split('=')
                             vals[unescapearg(n)] = unescapearg(v)
                     func, spec = commands[op]
+                    # If the protocol supports permissions checking, perform that
+                    # checking on each batched command.
+                    # TODO formalize permission checking as part of protocol interface.
+                    if util.safehasattr(proto, 'checkperm'):
+                        # Assume commands with no defined permissions are writes / for
+                        # pushes. This is the safest from a security perspective because
+                        # it doesn't allow commands with undefined semantics from
+                        # bypassing permissions checks.
+                        proto.checkperm(permissions.get(op, 'push'))
                     if spec:
                         keys = spec.split()
                         data = {}
                 return bytesresponse(';'.join(res))
+            permissions['between'] = 'pull'
             @wireprotocommand('between', 'pairs', transportpolicy=POLICY_V1_ONLY)
             def between(repo, proto, pairs):
                 pairs = [decodelist(p, '-') for p in pairs.split(" ")]
                 return bytesresponse(''.join(r))
+            permissions['branchmap'] = 'pull'
             @wireprotocommand('branchmap')
             def branchmap(repo, proto):
                 branchmap = repo.branchmap()
                 return bytesresponse('\n'.join(heads))
+            permissions['branches'] = 'pull'
             @wireprotocommand('branches', 'nodes', transportpolicy=POLICY_V1_ONLY)
             def branches(repo, proto, nodes):
                 nodes = decodelist(nodes)
                 return bytesresponse(''.join(r))
+            permissions['clonebundles'] = 'pull'
             @wireprotocommand('clonebundles', '')
             def clonebundles(repo, proto):
                 """Server command for returning info for available bundles to seed clones.
             # If you are writing an extension and consider wrapping this function. Wrap
             # `_capabilities` instead.
+            permissions['capabilities'] = 'pull'
             @wireprotocommand('capabilities')
             def capabilities(repo, proto):
                 return bytesresponse(' '.join(_capabilities(repo, proto)))
+            permissions['changegroup'] = 'pull'
             @wireprotocommand('changegroup', 'roots', transportpolicy=POLICY_V1_ONLY)
             def changegroup(repo, proto, roots):
                 nodes = decodelist(roots)
                 gen = iter(lambda: cg.read(32768), '')
                 return streamres(gen=gen)
+            permissions['changegroupsubset'] = 'pull'
             @wireprotocommand('changegroupsubset', 'bases heads',
                               transportpolicy=POLICY_V1_ONLY)
             def changegroupsubset(repo, proto, bases, heads):
                 gen = iter(lambda: cg.read(32768), '')
                 return streamres(gen=gen)
+            permissions['debugwireargs'] = 'pull'
             @wireprotocommand('debugwireargs', 'one two *')
             def debugwireargs(repo, proto, one, two, others):
                 # only accept optional args from the known set
                 return bytesresponse(repo.debugwireargs(one, two,
                                                         **pycompat.strkwargs(opts)))
+            permissions['getbundle'] = 'pull'
             @wireprotocommand('getbundle', '*')
             def getbundle(repo, proto, others):
                 opts = options('getbundle', gboptsmap.keys(), others)
                 return streamres(gen=chunks, prefer_uncompressed=not prefercompressed)
+            permissions['heads'] = 'pull'
             @wireprotocommand('heads')
             def heads(repo, proto):
                 h = repo.heads()
                 return bytesresponse(encodelist(h) + '\n')
+            permissions['hello'] = 'pull'
             @wireprotocommand('hello')
             def hello(repo, proto):
                 """Called as part of SSH handshake to obtain server info.
                 caps = capabilities(repo, proto).data
                 return bytesresponse('capabilities: %s\n' % caps)
+            permissions['listkeys'] = 'pull'
             @wireprotocommand('listkeys', 'namespace')
             def listkeys(repo, proto, namespace):
                 d = sorted(repo.listkeys(encoding.tolocal(namespace)).items())
                 return bytesresponse(pushkeymod.encodekeys(d))
+            permissions['lookup'] = 'pull'
             @wireprotocommand('lookup', 'key')
             def lookup(repo, proto, key):
                 try:
                     success = 0
                 return bytesresponse('%d %s\n' % (success, r))
+            permissions['known'] = 'pull'
             @wireprotocommand('known', 'nodes *')
             def known(repo, proto, nodes, others):
                 v = ''.join(b and '1' or '0' for b in repo.known(decodelist(nodes)))
                 return bytesresponse(v)
+            permissions['pushkey'] = 'push'
             @wireprotocommand('pushkey', 'namespace key old new')
             def pushkey(repo, proto, namespace, key, old, new):
                 # compatibility with pre-1.8 clients which were accidentally
                 output = output.getvalue() if output else ''
                 return bytesresponse('%d\n%s' % (int(r), output))
+            permissions['stream_out'] = 'pull'
             @wireprotocommand('stream_out')
             def stream(repo, proto):
                 '''If the server supports streaming clone, it advertises the "stream"
                 '''
                 return streamres_legacy(streamclone.generatev1wireproto(repo))
+            permissions['unbundle'] = 'push'
             @wireprotocommand('unbundle', 'heads')
             def unbundle(repo, proto, heads):
                 their_heads = decodelist(heads)

tests/drawdag.py

0 +2 -1

                 comments = list(_getcomments(text))
                 filere = re.compile(br'^(\w+)/([\w/]+)\s*=\s*(.*)$', re.M)
                 for name, path, content in filere.findall(b'\n'.join(comments)):
-                    files[name][path] = content.replace(br'\n', b'\n')
+                    content = content.replace(br'\n', b'\n').replace(br'\1', b'\1')
+                    files[name][path] = content
                 committed = {None: node.nullid}  # {name: node}

tests/test-annotate.t

0 +11 -5

               $ hg init repo-cr
               $ cd repo-cr
-              $ substcr() {
+              $ cat <<'EOF' >> "$TESTTMP/substcr.py"
-              > sed 's/\r/[CR]/g'
+              > import sys
-              > }
+              > from mercurial import util
+              > util.setbinary(sys.stdin)
+              > util.setbinary(sys.stdout)
+              > stdin = getattr(sys.stdin, 'buffer', sys.stdin)
+              > stdout = getattr(sys.stdout, 'buffer', sys.stdout)
+              > stdout.write(stdin.read().replace(b'\r', b'[CR]'))
+              > EOF
               >>> with open('a', 'wb') as f:
               ...     f.write(b'0a\r0b\r\n0c\r0d\r\n0e\n0f\n0g')
               ...     f.write(b'0a\r0b\r\n1c\r1d\r\n0e\n1f\n0g')
               $ hg ci -m1
-              $ hg annotate -r0 a | substcr
+              $ hg annotate -r0 a | $PYTHON "$TESTTMP/substcr.py"
 : 0a[CR]0b[CR]
 : 0c[CR]0d[CR]
 : 0e
 : 0f
 : 0g
-              $ hg annotate -r1 a | substcr
+              $ hg annotate -r1 a | $PYTHON "$TESTTMP/substcr.py"
 : 0a[CR]0b[CR]
 : 1c[CR]1d[CR]
 : 0e

tests/test-http-bundle1.t

0 +15 -23

               $ hg rollback -q
               $ sed 's/.*] "/"/' < ../access.log
-              "GET /?cmd=capabilities HTTP/1.1" 200 -
+              "GET /?cmd=capabilities HTTP/1.1" 401 -
-              "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
+              "GET /?cmd=capabilities HTTP/1.1" 401 -
-              "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
+              "GET /?cmd=capabilities HTTP/1.1" 401 -
               "GET /?cmd=capabilities HTTP/1.1" 200 -
               "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
-              "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
+              "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
+              "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
+              "GET /?cmd=capabilities HTTP/1.1" 401 -
               "GET /?cmd=capabilities HTTP/1.1" 200 -
               "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
-              "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
-              "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
-              "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
-              "GET /?cmd=capabilities HTTP/1.1" 200 -
-              "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
-              "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
+              "GET /?cmd=capabilities HTTP/1.1" 401 -
               "GET /?cmd=capabilities HTTP/1.1" 200 -
               "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
-              "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
+              "GET /?cmd=capabilities HTTP/1.1" 401 -
               "GET /?cmd=capabilities HTTP/1.1" 200 -
               "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
-              "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
+              "GET /?cmd=capabilities HTTP/1.1" 401 -
               "GET /?cmd=capabilities HTTP/1.1" 200 -
               "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
-              "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
+              "GET /?cmd=capabilities HTTP/1.1" 401 -
               "GET /?cmd=capabilities HTTP/1.1" 200 -
               "GET /?cmd=branchmap HTTP/1.1" 200 - x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
-              "GET /?cmd=stream_out HTTP/1.1" 401 - x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=stream_out HTTP/1.1" 200 - x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=batch HTTP/1.1" 200 - x-hgarg-1:cmds=heads+%3Bknown+nodes%3D5fed3813f7f5e1824344fdc9cf8f63bb662c292d x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=phases x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
+              "GET /?cmd=capabilities HTTP/1.1" 401 -
               "GET /?cmd=capabilities HTTP/1.1" 200 -
-              "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=batch HTTP/1.1" 200 - x-hgarg-1:cmds=heads+%3Bknown+nodes%3D x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=getbundle HTTP/1.1" 200 - x-hgarg-1:common=0000000000000000000000000000000000000000&heads=5fed3813f7f5e1824344fdc9cf8f63bb662c292d x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=phases x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
-              "GET /?cmd=capabilities HTTP/1.1" 200 -
+              "GET /?cmd=capabilities HTTP/1.1" 401 -
-              "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
+              "GET /?cmd=capabilities HTTP/1.1" 401 -
-              "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
+              "GET /?cmd=capabilities HTTP/1.1" 403 -
-              "GET /?cmd=capabilities HTTP/1.1" 200 -
+              "GET /?cmd=capabilities HTTP/1.1" 401 -
-              "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
-              "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
-              "GET /?cmd=listkeys HTTP/1.1" 403 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=capabilities HTTP/1.1" 200 -
               "GET /?cmd=batch HTTP/1.1" 200 - x-hgarg-1:cmds=heads+%3Bknown+nodes%3D7f4e523d01f2cc3765ac8934da3d14db775ff872 x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
-              "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=phases x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=phases x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=branchmap HTTP/1.1" 200 - x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$

tests/test-http.t

0 +17 -25

               http auth: user user, password ****
               sending capabilities command
               devel-peer-request: GET http://localhost:$HGPORT2/?cmd=capabilities
+              http auth: user user, password ****
               devel-peer-request:   finished in *.???? seconds (200) (glob)
               query 1; heads
               sending batch command
               devel-peer-request:   Vary X-HgArg-1,X-HgProto-1
               devel-peer-request:   X-hgproto-1 0.1 0.2 comp=$USUAL_COMPRESSIONS$
               devel-peer-request:   16 bytes of commands arguments in headers
-              http auth: user user, password ****
               devel-peer-request:   finished in *.???? seconds (200) (glob)
               received listkey for "phases": 58 bytes
               checking for updated bookmarks
               $ hg rollback -q
               $ sed 's/.*] "/"/' < ../access.log
-              "GET /?cmd=capabilities HTTP/1.1" 200 -
+              "GET /?cmd=capabilities HTTP/1.1" 401 -
-              "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
+              "GET /?cmd=capabilities HTTP/1.1" 401 -
-              "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
+              "GET /?cmd=capabilities HTTP/1.1" 401 -
               "GET /?cmd=capabilities HTTP/1.1" 200 -
               "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
-              "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
+              "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
+              "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
+              "GET /?cmd=capabilities HTTP/1.1" 401 -
               "GET /?cmd=capabilities HTTP/1.1" 200 -
               "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
-              "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
-              "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
-              "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
-              "GET /?cmd=capabilities HTTP/1.1" 200 -
-              "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
-              "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
+              "GET /?cmd=capabilities HTTP/1.1" 401 -
               "GET /?cmd=capabilities HTTP/1.1" 200 -
               "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
-              "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
+              "GET /?cmd=capabilities HTTP/1.1" 401 -
               "GET /?cmd=capabilities HTTP/1.1" 200 -
               "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
-              "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
+              "GET /?cmd=capabilities HTTP/1.1" 401 -
               "GET /?cmd=capabilities HTTP/1.1" 200 -
               "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
-              "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
+              "GET /?cmd=capabilities HTTP/1.1" 401 -
               "GET /?cmd=capabilities HTTP/1.1" 200 -
               "GET /?cmd=branchmap HTTP/1.1" 200 - x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
-              "GET /?cmd=stream_out HTTP/1.1" 401 - x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=stream_out HTTP/1.1" 200 - x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=batch HTTP/1.1" 200 - x-hgarg-1:cmds=heads+%3Bknown+nodes%3D5fed3813f7f5e1824344fdc9cf8f63bb662c292d x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=getbundle HTTP/1.1" 200 - x-hgarg-1:bookmarks=1&$USUAL_BUNDLE_CAPS$&cg=0&common=5fed3813f7f5e1824344fdc9cf8f63bb662c292d&heads=5fed3813f7f5e1824344fdc9cf8f63bb662c292d&listkeys=bookmarks&phases=1 x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
+              "GET /?cmd=capabilities HTTP/1.1" 401 -
               "GET /?cmd=capabilities HTTP/1.1" 200 -
               "GET /?cmd=batch HTTP/1.1" 200 - x-hgarg-1:cmds=heads+%3Bknown+nodes%3D x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
-              "GET /?cmd=getbundle HTTP/1.1" 401 - x-hgarg-1:bookmarks=1&$USUAL_BUNDLE_CAPS$&cg=1&common=0000000000000000000000000000000000000000&heads=5fed3813f7f5e1824344fdc9cf8f63bb662c292d&listkeys=bookmarks&phases=1 x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=getbundle HTTP/1.1" 200 - x-hgarg-1:bookmarks=1&$USUAL_BUNDLE_CAPS$&cg=1&common=0000000000000000000000000000000000000000&heads=5fed3813f7f5e1824344fdc9cf8f63bb662c292d&listkeys=bookmarks&phases=1 x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
-              "GET /?cmd=capabilities HTTP/1.1" 200 -
+              "GET /?cmd=capabilities HTTP/1.1" 401 -
-              "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
+              "GET /?cmd=capabilities HTTP/1.1" 401 -
-              "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
+              "GET /?cmd=capabilities HTTP/1.1" 403 -
-              "GET /?cmd=capabilities HTTP/1.1" 200 -
+              "GET /?cmd=capabilities HTTP/1.1" 401 -
-              "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
-              "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
-              "GET /?cmd=listkeys HTTP/1.1" 403 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=capabilities HTTP/1.1" 200 -
               "GET /?cmd=batch HTTP/1.1" 200 - x-hgarg-1:cmds=heads+%3Bknown+nodes%3D7f4e523d01f2cc3765ac8934da3d14db775ff872 x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
-              "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=phases x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=phases x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=branchmap HTTP/1.1" 200 - x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "POST /?cmd=unbundle HTTP/1.1" 200 - x-hgarg-1:heads=666f726365* (glob)
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=phases x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
+              "GET /?cmd=capabilities HTTP/1.1" 401 -
               "GET /?cmd=capabilities HTTP/1.1" 200 -
               "GET /?cmd=batch HTTP/1.1" 200 - x-hgarg-1:cmds=heads+%3Bknown+nodes%3D7f4e523d01f2cc3765ac8934da3d14db775ff872 x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
-              "GET /?cmd=listkeys HTTP/1.1" 401 - x-hgarg-1:namespace=phases x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=phases x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=bookmarks x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$
               "GET /?cmd=branchmap HTTP/1.1" 200 - x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$

tests/test-largefiles-wireproto.t

0 +2 -2

               > EOF
               $ hg clone --config ui.interactive=true --config extensions.getpass=get_pass.py \
               >          http://user@localhost:$HGPORT credentialclone
-              requesting all changes
               http authorization required for http://localhost:$HGPORT/
               realm: mercurial
               user: user
-              password: adding changesets
+              password: requesting all changes
+              adding changesets
               adding manifests
               adding file changes
               added 1 changesets with 1 changes to 1 files

tests/test-lfs.t

0 +1 -1

               uncompressed size of bundle content:
                    * (changelog) (glob)
                    * (manifests) (glob)
-                   *  a (glob)
+                  * a (glob)
               $ hg --config extensions.strip= strip -r 2 --no-backup --force -q
               $ hg -R bundle.hg log -p -T '{rev} {desc}\n' a
 branching

tests/test-pull-http.t

0 0 -2

               $ hg serve -p $HGPORT -d --pid-file=hg.pid -E errors.log
               $ cat hg.pid >> $DAEMON_PIDS
               $ hg clone http://localhost:$HGPORT/ test4 # bundle2+
-              requesting all changes
               abort: authorization failed
               [255]
               $ hg clone http://localhost:$HGPORT/ test4 --config devel.legacy.exchange=bundle1
               $ req
               pulling from http://localhost:$HGPORT/
-              searching for changes
               abort: authorization failed
               % serve errors

tests/test-push-http.t

0 0 -22

@@ -307,28 +307,6 b' Make phases updates work'
307	$ hg --config extensions.strip= strip -r 1:	307	$ hg --config extensions.strip= strip -r 1:
308	saved backup bundle to $TESTTMP/test/.hg/strip-backup/ba677d0156c1-eea704d7-backup.hg	308	saved backup bundle to $TESTTMP/test/.hg/strip-backup/ba677d0156c1-eea704d7-backup.hg
309		309
310	expect authorization error: all users denied
311
312	$ echo '[web]' > .hg/hgrc
313	$ echo 'push_ssl = false' >> .hg/hgrc
314	$ echo 'deny_push = *' >> .hg/hgrc
315	$ req
316	pushing to http://localhost:$HGPORT/
317	searching for changes
318	abort: authorization failed
319	% serve errors
320	[255]
321
322	expect authorization error: some users denied, users must be authenticated
323
324	$ echo 'deny_push = unperson' >> .hg/hgrc
325	$ req
326	pushing to http://localhost:$HGPORT/
327	searching for changes
328	abort: authorization failed
329	% serve errors
330	[255]
331
332	#if bundle2	310	#if bundle2
333		311
334	$ cat > .hg/hgrc <<EOF	312	$ cat > .hg/hgrc <<EOF

tests/test-revlog-raw.py

0 +10 -5

                         else:
                             # suboptimal deltaparent
                             deltaparent = min(0, parentrev)
+                        if not rlog.candelta(deltaparent, r):
+                            deltaparent = -1
                         return {'node': rlog.node(r), 'p1': pnode, 'p2': node.nullid,
                                 'cs': rlog.node(rlog.linkrev(r)), 'flags': rlog.flags(r),
                                 'deltabase': rlog.node(deltaparent),
                 for r in rlog:
                     p1 = rlog.node(r - 1)
                     p2 = node.nullid
-                    if r == 0:
+                    if r == 0 or (rlog.flags(r) & revlog.REVIDX_EXTSTORED):
                         text = rlog.revision(r, raw=True)
                         cachedelta = None
                     else:
-                        # deltaparent is more interesting if it has the EXTSTORED flag.
+                        # deltaparent cannot have EXTSTORED flag.
-                        deltaparent = max([0] + [p for p in range(r - 2) if rlog.flags(p)])
+                        deltaparent = max([-1] +
+                                          [p for p in range(r)
+                                           if rlog.flags(p) & revlog.REVIDX_EXTSTORED == 0])
                         text = None
                         cachedelta = (deltaparent, rlog.revdiff(deltaparent, r))
                     flags = rlog.flags(r)
                     result.append((text, rawtext))
                     # Verify flags like isdelta, isext work as expected
-                    if bool(rlog.deltaparent(rev) > -1) != isdelta:
+                    # isdelta can be overridden to False if this or p1 has isext set
-                        abort('rev %d: isdelta is ineffective' % rev)
+                    if bool(rlog.deltaparent(rev) > -1) and not isdelta:
+                        abort('rev %d: isdelta is unexpected' % rev)
                     if bool(rlog.flags(rev)) != isext:
                         abort('rev %d: isext is ineffective' % rev)
                 return result

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages