##// END OF EJS Templates
hgweb: Respond with HTTP 403 for disabled archive types instead of 404...
Rocco Rutte -
r7029:b84d2738 default
parent child Browse files
Show More
@@ -11,6 +11,7 import errno, mimetypes, os
11 HTTP_OK = 200
11 HTTP_OK = 200
12 HTTP_BAD_REQUEST = 400
12 HTTP_BAD_REQUEST = 400
13 HTTP_UNAUTHORIZED = 401
13 HTTP_UNAUTHORIZED = 401
14 HTTP_FORBIDDEN = 403
14 HTTP_NOT_FOUND = 404
15 HTTP_NOT_FOUND = 404
15 HTTP_METHOD_NOT_ALLOWED = 405
16 HTTP_METHOD_NOT_ALLOWED = 405
16 HTTP_SERVER_ERROR = 500
17 HTTP_SERVER_ERROR = 500
@@ -12,7 +12,7 from mercurial.node import short, hex, n
12 from mercurial.util import binary, datestr
12 from mercurial.util import binary, datestr
13 from mercurial.repo import RepoError
13 from mercurial.repo import RepoError
14 from common import paritygen, staticfile, get_contact, ErrorResponse
14 from common import paritygen, staticfile, get_contact, ErrorResponse
15 from common import HTTP_OK, HTTP_NOT_FOUND
15 from common import HTTP_OK, HTTP_FORBIDDEN, HTTP_NOT_FOUND
16 from mercurial import graphmod, util
16 from mercurial import graphmod, util
17
17
18 # __all__ is populated with the allowed commands. Be sure to add to it if
18 # __all__ is populated with the allowed commands. Be sure to add to it if
@@ -535,11 +535,15 def archive(web, req, tmpl):
535 allowed = web.configlist("web", "allow_archive")
535 allowed = web.configlist("web", "allow_archive")
536 key = req.form['node'][0]
536 key = req.form['node'][0]
537
537
538 if not (type_ in web.archives and (type_ in allowed or
538 if type_ not in web.archives:
539 web.configbool("web", "allow" + type_, False))):
540 msg = 'Unsupported archive type: %s' % type_
539 msg = 'Unsupported archive type: %s' % type_
541 raise ErrorResponse(HTTP_NOT_FOUND, msg)
540 raise ErrorResponse(HTTP_NOT_FOUND, msg)
542
541
542 if not ((type_ in allowed or
543 web.configbool("web", "allow" + type_, False))):
544 msg = 'Archive type not allowed: %s' % type_
545 raise ErrorResponse(HTTP_FORBIDDEN, msg)
546
543 reponame = re.sub(r"\W+", "-", os.path.basename(web.reponame))
547 reponame = re.sub(r"\W+", "-", os.path.basename(web.reponame))
544 cnode = web.repo.lookup(key)
548 cnode = web.repo.lookup(key)
545 arch_version = key
549 arch_version = key
@@ -12,10 +12,36 echo bletch>baz/bletch
12 hg commit -Am 3 -d '1000000000 0'
12 hg commit -Am 3 -d '1000000000 0'
13 echo "[web]" >> .hg/hgrc
13 echo "[web]" >> .hg/hgrc
14 echo "name = test-archive" >> .hg/hgrc
14 echo "name = test-archive" >> .hg/hgrc
15 echo "allow_archive = gz bz2, zip" >> .hg/hgrc
15 cp .hg/hgrc .hg/hgrc-base
16
17 # check http return codes
18 test_archtype() {
19 echo "allow_archive = $1" >> .hg/hgrc
20 hg serve -p $HGPORT -d --pid-file=hg.pid -E errors.log
21 cat hg.pid >> $DAEMON_PIDS
22 echo % $1 allowed should give 200
23 "$TESTDIR/get-with-headers.py" localhost:$HGPORT "/archive/tip.$2" | head -n 1
24 echo % $3 and $4 disallowed should both give 403
25 "$TESTDIR/get-with-headers.py" localhost:$HGPORT "/archive/tip.$3" | head -n 1
26 "$TESTDIR/get-with-headers.py" localhost:$HGPORT "/archive/tip.$4" | head -n 1
27 kill `cat hg.pid`
28 cat errors.log
29 cp .hg/hgrc-base .hg/hgrc
30 }
31
32 echo
33 test_archtype gz tar.gz tar.bz2 zip
34 test_archtype bz2 tar.bz2 zip tar.gz
35 test_archtype zip zip tar.gz tar.bz2
36
37 echo "allow_archive = gz bz2 zip" >> .hg/hgrc
16 hg serve -p $HGPORT -d --pid-file=hg.pid -E errors.log
38 hg serve -p $HGPORT -d --pid-file=hg.pid -E errors.log
17 cat hg.pid >> $DAEMON_PIDS
39 cat hg.pid >> $DAEMON_PIDS
18
40
41 echo % invalid arch type should give 404
42 "$TESTDIR/get-with-headers.py" localhost:$HGPORT "/archive/tip.invalid" | head -n 1
43 echo
44
19 TIP=`hg id -v | cut -f1 -d' '`
45 TIP=`hg id -v | cut -f1 -d' '`
20 QTIP=`hg id -q`
46 QTIP=`hg id -q`
21 cat > getarchive.py <<EOF
47 cat > getarchive.py <<EOF
@@ -1,6 +1,25
1 adding foo
1 adding foo
2 adding bar
2 adding bar
3 adding baz/bletch
3 adding baz/bletch
4
5 % gz allowed should give 200
6 200 Script output follows
7 % tar.bz2 and zip disallowed should both give 403
8 403 Forbidden
9 403 Forbidden
10 % bz2 allowed should give 200
11 200 Script output follows
12 % zip and tar.gz disallowed should both give 403
13 403 Forbidden
14 403 Forbidden
15 % zip allowed should give 200
16 200 Script output follows
17 % tar.gz and tar.bz2 disallowed should both give 403
18 403 Forbidden
19 403 Forbidden
20 % invalid arch type should give 404
21 404 Not Found
22
4 test-archive-TIP/.hg_archival.txt
23 test-archive-TIP/.hg_archival.txt
5 test-archive-TIP/bar
24 test-archive-TIP/bar
6 test-archive-TIP/baz/bletch
25 test-archive-TIP/baz/bletch
General Comments 0
You need to be logged in to leave comments. Login now