##// END OF EJS Templates
hgweb: Respond with HTTP 403 for disabled archive types instead of 404...
Rocco Rutte -
r7029:b84d2738 default
parent child Browse files
Show More
@@ -11,6 +11,7 b' import errno, mimetypes, os'
11 HTTP_OK = 200
11 HTTP_OK = 200
12 HTTP_BAD_REQUEST = 400
12 HTTP_BAD_REQUEST = 400
13 HTTP_UNAUTHORIZED = 401
13 HTTP_UNAUTHORIZED = 401
14 HTTP_FORBIDDEN = 403
14 HTTP_NOT_FOUND = 404
15 HTTP_NOT_FOUND = 404
15 HTTP_METHOD_NOT_ALLOWED = 405
16 HTTP_METHOD_NOT_ALLOWED = 405
16 HTTP_SERVER_ERROR = 500
17 HTTP_SERVER_ERROR = 500
@@ -12,7 +12,7 b' from mercurial.node import short, hex, n'
12 from mercurial.util import binary, datestr
12 from mercurial.util import binary, datestr
13 from mercurial.repo import RepoError
13 from mercurial.repo import RepoError
14 from common import paritygen, staticfile, get_contact, ErrorResponse
14 from common import paritygen, staticfile, get_contact, ErrorResponse
15 from common import HTTP_OK, HTTP_NOT_FOUND
15 from common import HTTP_OK, HTTP_FORBIDDEN, HTTP_NOT_FOUND
16 from mercurial import graphmod, util
16 from mercurial import graphmod, util
17
17
18 # __all__ is populated with the allowed commands. Be sure to add to it if
18 # __all__ is populated with the allowed commands. Be sure to add to it if
@@ -535,11 +535,15 b' def archive(web, req, tmpl):'
535 allowed = web.configlist("web", "allow_archive")
535 allowed = web.configlist("web", "allow_archive")
536 key = req.form['node'][0]
536 key = req.form['node'][0]
537
537
538 if not (type_ in web.archives and (type_ in allowed or
538 if type_ not in web.archives:
539 web.configbool("web", "allow" + type_, False))):
540 msg = 'Unsupported archive type: %s' % type_
539 msg = 'Unsupported archive type: %s' % type_
541 raise ErrorResponse(HTTP_NOT_FOUND, msg)
540 raise ErrorResponse(HTTP_NOT_FOUND, msg)
542
541
542 if not ((type_ in allowed or
543 web.configbool("web", "allow" + type_, False))):
544 msg = 'Archive type not allowed: %s' % type_
545 raise ErrorResponse(HTTP_FORBIDDEN, msg)
546
543 reponame = re.sub(r"\W+", "-", os.path.basename(web.reponame))
547 reponame = re.sub(r"\W+", "-", os.path.basename(web.reponame))
544 cnode = web.repo.lookup(key)
548 cnode = web.repo.lookup(key)
545 arch_version = key
549 arch_version = key
@@ -12,10 +12,36 b' echo bletch>baz/bletch'
12 hg commit -Am 3 -d '1000000000 0'
12 hg commit -Am 3 -d '1000000000 0'
13 echo "[web]" >> .hg/hgrc
13 echo "[web]" >> .hg/hgrc
14 echo "name = test-archive" >> .hg/hgrc
14 echo "name = test-archive" >> .hg/hgrc
15 echo "allow_archive = gz bz2, zip" >> .hg/hgrc
15 cp .hg/hgrc .hg/hgrc-base
16
17 # check http return codes
18 test_archtype() {
19 echo "allow_archive = $1" >> .hg/hgrc
20 hg serve -p $HGPORT -d --pid-file=hg.pid -E errors.log
21 cat hg.pid >> $DAEMON_PIDS
22 echo % $1 allowed should give 200
23 "$TESTDIR/get-with-headers.py" localhost:$HGPORT "/archive/tip.$2" | head -n 1
24 echo % $3 and $4 disallowed should both give 403
25 "$TESTDIR/get-with-headers.py" localhost:$HGPORT "/archive/tip.$3" | head -n 1
26 "$TESTDIR/get-with-headers.py" localhost:$HGPORT "/archive/tip.$4" | head -n 1
27 kill `cat hg.pid`
28 cat errors.log
29 cp .hg/hgrc-base .hg/hgrc
30 }
31
32 echo
33 test_archtype gz tar.gz tar.bz2 zip
34 test_archtype bz2 tar.bz2 zip tar.gz
35 test_archtype zip zip tar.gz tar.bz2
36
37 echo "allow_archive = gz bz2 zip" >> .hg/hgrc
16 hg serve -p $HGPORT -d --pid-file=hg.pid -E errors.log
38 hg serve -p $HGPORT -d --pid-file=hg.pid -E errors.log
17 cat hg.pid >> $DAEMON_PIDS
39 cat hg.pid >> $DAEMON_PIDS
18
40
41 echo % invalid arch type should give 404
42 "$TESTDIR/get-with-headers.py" localhost:$HGPORT "/archive/tip.invalid" | head -n 1
43 echo
44
19 TIP=`hg id -v | cut -f1 -d' '`
45 TIP=`hg id -v | cut -f1 -d' '`
20 QTIP=`hg id -q`
46 QTIP=`hg id -q`
21 cat > getarchive.py <<EOF
47 cat > getarchive.py <<EOF
@@ -1,6 +1,25 b''
1 adding foo
1 adding foo
2 adding bar
2 adding bar
3 adding baz/bletch
3 adding baz/bletch
4
5 % gz allowed should give 200
6 200 Script output follows
7 % tar.bz2 and zip disallowed should both give 403
8 403 Forbidden
9 403 Forbidden
10 % bz2 allowed should give 200
11 200 Script output follows
12 % zip and tar.gz disallowed should both give 403
13 403 Forbidden
14 403 Forbidden
15 % zip allowed should give 200
16 200 Script output follows
17 % tar.gz and tar.bz2 disallowed should both give 403
18 403 Forbidden
19 403 Forbidden
20 % invalid arch type should give 404
21 404 Not Found
22
4 test-archive-TIP/.hg_archival.txt
23 test-archive-TIP/.hg_archival.txt
5 test-archive-TIP/bar
24 test-archive-TIP/bar
6 test-archive-TIP/baz/bletch
25 test-archive-TIP/baz/bletch
General Comments 0
You need to be logged in to leave comments. Login now