Show More
| @@ -11,6 +11,7 import errno, mimetypes, os | |||||
| 11 | HTTP_OK = 200 |
|
11 | HTTP_OK = 200 | |
| 12 | HTTP_BAD_REQUEST = 400 |
|
12 | HTTP_BAD_REQUEST = 400 | |
| 13 | HTTP_UNAUTHORIZED = 401 |
|
13 | HTTP_UNAUTHORIZED = 401 | |
|
|
14 | HTTP_FORBIDDEN = 403 | |||
| 14 | HTTP_NOT_FOUND = 404 |
|
15 | HTTP_NOT_FOUND = 404 | |
| 15 | HTTP_METHOD_NOT_ALLOWED = 405 |
|
16 | HTTP_METHOD_NOT_ALLOWED = 405 | |
| 16 | HTTP_SERVER_ERROR = 500 |
|
17 | HTTP_SERVER_ERROR = 500 | |
| @@ -12,7 +12,7 from mercurial.node import short, hex, n | |||||
| 12 | from mercurial.util import binary, datestr |
|
12 | from mercurial.util import binary, datestr | |
| 13 | from mercurial.repo import RepoError |
|
13 | from mercurial.repo import RepoError | |
| 14 | from common import paritygen, staticfile, get_contact, ErrorResponse |
|
14 | from common import paritygen, staticfile, get_contact, ErrorResponse | |
| 15 | from common import HTTP_OK, HTTP_NOT_FOUND |
|
15 | from common import HTTP_OK, HTTP_FORBIDDEN, HTTP_NOT_FOUND | |
| 16 | from mercurial import graphmod, util |
|
16 | from mercurial import graphmod, util | |
| 17 |
|
17 | |||
| 18 | # __all__ is populated with the allowed commands. Be sure to add to it if |
|
18 | # __all__ is populated with the allowed commands. Be sure to add to it if | |
| @@ -535,11 +535,15 def archive(web, req, tmpl): | |||||
| 535 | allowed = web.configlist("web", "allow_archive") |
|
535 | allowed = web.configlist("web", "allow_archive") | |
| 536 | key = req.form['node'][0] |
|
536 | key = req.form['node'][0] | |
| 537 |
|
537 | |||
| 538 |
if not |
|
538 | if type_ not in web.archives: | |
| 539 | web.configbool("web", "allow" + type_, False))): |
|
|||
| 540 | msg = 'Unsupported archive type: %s' % type_ |
|
539 | msg = 'Unsupported archive type: %s' % type_ | |
| 541 | raise ErrorResponse(HTTP_NOT_FOUND, msg) |
|
540 | raise ErrorResponse(HTTP_NOT_FOUND, msg) | |
| 542 |
|
541 | |||
|
|
542 | if not ((type_ in allowed or | |||
|
|
543 | web.configbool("web", "allow" + type_, False))): | |||
|
|
544 | msg = 'Archive type not allowed: %s' % type_ | |||
|
|
545 | raise ErrorResponse(HTTP_FORBIDDEN, msg) | |||
|
|
546 | ||||
| 543 | reponame = re.sub(r"\W+", "-", os.path.basename(web.reponame)) |
|
547 | reponame = re.sub(r"\W+", "-", os.path.basename(web.reponame)) | |
| 544 | cnode = web.repo.lookup(key) |
|
548 | cnode = web.repo.lookup(key) | |
| 545 | arch_version = key |
|
549 | arch_version = key | |
| @@ -12,10 +12,36 echo bletch>baz/bletch | |||||
| 12 | hg commit -Am 3 -d '1000000000 0' |
|
12 | hg commit -Am 3 -d '1000000000 0' | |
| 13 | echo "[web]" >> .hg/hgrc |
|
13 | echo "[web]" >> .hg/hgrc | |
| 14 | echo "name = test-archive" >> .hg/hgrc |
|
14 | echo "name = test-archive" >> .hg/hgrc | |
| 15 | echo "allow_archive = gz bz2, zip" >> .hg/hgrc |
|
15 | cp .hg/hgrc .hg/hgrc-base | |
|
|
16 | ||||
|
|
17 | # check http return codes | |||
|
|
18 | test_archtype() { | |||
|
|
19 | echo "allow_archive = $1" >> .hg/hgrc | |||
|
|
20 | hg serve -p $HGPORT -d --pid-file=hg.pid -E errors.log | |||
|
|
21 | cat hg.pid >> $DAEMON_PIDS | |||
|
|
22 | echo % $1 allowed should give 200 | |||
|
|
23 | "$TESTDIR/get-with-headers.py" localhost:$HGPORT "/archive/tip.$2" | head -n 1 | |||
|
|
24 | echo % $3 and $4 disallowed should both give 403 | |||
|
|
25 | "$TESTDIR/get-with-headers.py" localhost:$HGPORT "/archive/tip.$3" | head -n 1 | |||
|
|
26 | "$TESTDIR/get-with-headers.py" localhost:$HGPORT "/archive/tip.$4" | head -n 1 | |||
|
|
27 | kill `cat hg.pid` | |||
|
|
28 | cat errors.log | |||
|
|
29 | cp .hg/hgrc-base .hg/hgrc | |||
|
|
30 | } | |||
|
|
31 | ||||
|
|
32 | echo | |||
|
|
33 | test_archtype gz tar.gz tar.bz2 zip | |||
|
|
34 | test_archtype bz2 tar.bz2 zip tar.gz | |||
|
|
35 | test_archtype zip zip tar.gz tar.bz2 | |||
|
|
36 | ||||
|
|
37 | echo "allow_archive = gz bz2 zip" >> .hg/hgrc | |||
| 16 | hg serve -p $HGPORT -d --pid-file=hg.pid -E errors.log |
|
38 | hg serve -p $HGPORT -d --pid-file=hg.pid -E errors.log | |
| 17 | cat hg.pid >> $DAEMON_PIDS |
|
39 | cat hg.pid >> $DAEMON_PIDS | |
| 18 |
|
40 | |||
|
|
41 | echo % invalid arch type should give 404 | |||
|
|
42 | "$TESTDIR/get-with-headers.py" localhost:$HGPORT "/archive/tip.invalid" | head -n 1 | |||
|
|
43 | echo | |||
|
|
44 | ||||
| 19 | TIP=`hg id -v | cut -f1 -d' '` |
|
45 | TIP=`hg id -v | cut -f1 -d' '` | |
| 20 | QTIP=`hg id -q` |
|
46 | QTIP=`hg id -q` | |
| 21 | cat > getarchive.py <<EOF |
|
47 | cat > getarchive.py <<EOF | |
| @@ -1,6 +1,25 | |||||
| 1 | adding foo |
|
1 | adding foo | |
| 2 | adding bar |
|
2 | adding bar | |
| 3 | adding baz/bletch |
|
3 | adding baz/bletch | |
|
|
4 | ||||
|
|
5 | % gz allowed should give 200 | |||
|
|
6 | 200 Script output follows | |||
|
|
7 | % tar.bz2 and zip disallowed should both give 403 | |||
|
|
8 | 403 Forbidden | |||
|
|
9 | 403 Forbidden | |||
|
|
10 | % bz2 allowed should give 200 | |||
|
|
11 | 200 Script output follows | |||
|
|
12 | % zip and tar.gz disallowed should both give 403 | |||
|
|
13 | 403 Forbidden | |||
|
|
14 | 403 Forbidden | |||
|
|
15 | % zip allowed should give 200 | |||
|
|
16 | 200 Script output follows | |||
|
|
17 | % tar.gz and tar.bz2 disallowed should both give 403 | |||
|
|
18 | 403 Forbidden | |||
|
|
19 | 403 Forbidden | |||
|
|
20 | % invalid arch type should give 404 | |||
|
|
21 | 404 Not Found | |||
|
|
22 | ||||
| 4 | test-archive-TIP/.hg_archival.txt |
|
23 | test-archive-TIP/.hg_archival.txt | |
| 5 | test-archive-TIP/bar |
|
24 | test-archive-TIP/bar | |
| 6 | test-archive-TIP/baz/bletch |
|
25 | test-archive-TIP/baz/bletch | |
General Comments 0
You need to be logged in to leave comments.
Login now