##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

url: support auth.cookiesfile for adding cookies to HTTP requests...
Gregory Szorc -
r31936:806f9a88 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -323,12 +323,32 b' related options for the diff command.'
323 323 ``auth``
324 324 --------
325 325
326 Authentication credentials for HTTP authentication. This section
327 allows you to store usernames and passwords for use when logging
328 *into* HTTP servers. See :hg:`help config.web` if
329 you want to configure *who* can login to your HTTP server.
330
331 Each line has the following format::
326 Authentication credentials and other authentication-like configuration
327 for HTTP connections. This section allows you to store usernames and
328 passwords for use when logging *into* HTTP servers. See
329 :hg:`help config.web` if you want to configure *who* can login to
330 your HTTP server.
331
332 The following options apply to all hosts.
333
334 ``cookiefile``
335 Path to a file containing HTTP cookie lines. Cookies matching a
336 host will be sent automatically.
337
338 The file format uses the Mozilla cookies.txt format, which defines cookies
339 on their own lines. Each line contains 7 fields delimited by the tab
340 character (domain, is_domain_cookie, path, is_secure, expires, name,
341 value). For more info, do an Internet search for "Netscape cookies.txt
342 format."
343
344 Note: the cookies parser does not handle port numbers on domains. You
345 will need to remove ports from the domain for the cookie to be recognized.
346 This could result in a cookie being disclosed to an unwanted server.
347
348 The cookies file is read-only.
349
350 Other options in this section are grouped by name and have the following
351 format::
332 352
333 353 <name>.<argument> = <value>
334 354
Show file before | Show file after | Hide comments
@@ -417,6 +417,35 b' class httpbasicauthhandler(urlreq.httpba'
417 417 else:
418 418 return None
419 419
420 class cookiehandler(urlreq.basehandler):
421 def __init__(self, ui):
422 self.cookiejar = None
423
424 cookiefile = ui.config('auth', 'cookiefile')
425 if not cookiefile:
426 return
427
428 cookiefile = util.expandpath(cookiefile)
429 try:
430 cookiejar = util.cookielib.MozillaCookieJar(cookiefile)
431 cookiejar.load()
432 self.cookiejar = cookiejar
433 except util.cookielib.LoadError as e:
434 ui.warn(_('(error loading cookie file %s: %s; continuing without '
435 'cookies)\n') % (cookiefile, str(e)))
436
437 def http_request(self, request):
438 if self.cookiejar:
439 self.cookiejar.add_cookie_header(request)
440
441 return request
442
443 def https_request(self, request):
444 if self.cookiejar:
445 self.cookiejar.add_cookie_header(request)
446
447 return request
448
420 449 handlerfuncs = []
421 450
422 451 def opener(ui, authinfo=None):
@@ -450,6 +479,7 b' def opener(ui, authinfo=None):'
450 479 handlers.extend((httpbasicauthhandler(passmgr),
451 480 httpdigestauthhandler(passmgr)))
452 481 handlers.extend([h(ui, passmgr) for h in handlerfuncs])
482 handlers.append(cookiehandler(ui))
453 483 opener = urlreq.buildopener(*handlers)
454 484
455 485 # The user agent should should *NOT* be used by servers for e.g.
Show file before | Show file after | Hide comments
@@ -1,4 +1,4 b''
1 #require serve
1 #require killdaemons serve
2 2
3 3 $ hg init test
4 4 $ cd test
@@ -333,3 +333,64 b' check abort error reporting while pullin'
333 333 abort: pull failed on remote
334 334 [255]
335 335 $ cat error.log
336
337 corrupt cookies file should yield a warning
338
339 $ cat > $TESTTMP/cookies.txt << EOF
340 > bad format
341 > EOF
342
343 $ hg --config auth.cookiefile=$TESTTMP/cookies.txt id http://localhost:$HGPORT/
344 (error loading cookie file $TESTTMP/cookies.txt: '$TESTTMP/cookies.txt' does not look like a Netscape format cookies file; continuing without cookies)
345 56f9bc90cce6
346
347 $ killdaemons.py
348
349 Create dummy authentication handler that looks for cookies. It doesn't do anything
350 useful. It just raises an HTTP 500 with details about the Cookie request header.
351 We raise HTTP 500 because its message is printed in the abort message.
352
353 $ cat > cookieauth.py << EOF
354 > from mercurial import util
355 > from mercurial.hgweb import common
356 > def perform_authentication(hgweb, req, op):
357 > cookie = req.env.get('HTTP_COOKIE')
358 > if not cookie:
359 > raise common.ErrorResponse(common.HTTP_SERVER_ERROR, 'no-cookie')
360 > raise common.ErrorResponse(common.HTTP_SERVER_ERROR, 'Cookie: %s' % cookie)
361 > def extsetup():
362 > common.permhooks.insert(0, perform_authentication)
363 > EOF
364
365 $ hg serve --config extensions.cookieauth=cookieauth.py -R test -p $HGPORT -d --pid-file=pid
366 $ cat pid > $DAEMON_PIDS
367
368 Request without cookie sent should fail due to lack of cookie
369
370 $ hg id http://localhost:$HGPORT
371 abort: HTTP Error 500: no-cookie
372 [255]
373
374 Populate a cookies file
375
376 $ cat > cookies.txt << EOF
377 > # HTTP Cookie File
378 > # Expiration is 2030-01-01 at midnight
379 > .example.com TRUE / FALSE 1893456000 hgkey examplevalue
380 > EOF
381
382 Should not send a cookie for another domain
383
384 $ hg --config auth.cookiefile=cookies.txt id http://localhost:$HGPORT/
385 abort: HTTP Error 500: no-cookie
386 [255]
387
388 Add a cookie entry for our test server and verify it is sent
389
390 $ cat >> cookies.txt << EOF
391 > localhost.local FALSE / FALSE 1893456000 hgkey localhostvalue
392 > EOF
393
394 $ hg --config auth.cookiefile=cookies.txt id http://localhost:$HGPORT/
395 abort: HTTP Error 500: Cookie: hgkey=localhostvalue
396 [255]
General Comments 0
You need to be logged in to leave comments. Login now