upstream/mercurial-mirror Files · tests/httpserverauth.py

formatting: blacken the codebase...

formatting: blacken the codebase This is using my patch to black (https://github.com/psf/black/pull/826) so we don't un-wrap collection literals. Done with: hg files 'set:**.py - mercurial/thirdparty/** - "contrib/python-zstandard/**"' | xargs black -S # skip-blame mass-reformatting only # no-check-commit reformats foo_bar functions Differential Revision: https://phab.mercurial-scm.org/D6971

Augie Fackler - - Load All Authors

File last commit:

r43346:2372284d default


                r43346:2372284d

default

Download file

             httpserverauth.py
        
                    127 lines
            
             | 3.8 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / tests / httpserverauth.py
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      from __future__ import absolute_import

      import base64

      import hashlib

      from mercurial.hgweb import common

      from mercurial import node

      def parse_keqv_list(req, l):

          """Parse list of key=value strings where keys are not duplicated."""

          parsed = {}

          for elt in l:

              k, v = elt.split(b'=', 1)

              if v[0:1] == b'"' and v[-1:] == b'"':

                  v = v[1:-1]

              parsed[k] = v

          return parsed

      class digestauthserver(object):

          def __init__(self):

              self._user_hashes = {}

          def gethashers(self):

              def _md5sum(x):

                  m = hashlib.md5()

                  m.update(x)

                  return node.hex(m.digest())

              h = _md5sum

              kd = lambda s, d, h=h: h(b"%s:%s" % (s, d))

              return h, kd

          def adduser(self, user, password, realm):

              h, kd = self.gethashers()

              a1 = h(b'%s:%s:%s' % (user, realm, password))

              self._user_hashes[(user, realm)] = a1

          def makechallenge(self, realm):

              # We aren't testing the protocol here, just that the bytes make the

              # proper round trip.  So hardcoded seems fine.

              nonce = b'064af982c5b571cea6450d8eda91c20d'

              return b'realm="%s", nonce="%s", algorithm=MD5, qop="auth"' % (

                  realm,

                  nonce,

              )

          def checkauth(self, req, header):

              log = req.rawenv[b'wsgi.errors']

              h, kd = self.gethashers()

              resp = parse_keqv_list(req, header.split(b', '))

              if resp.get(b'algorithm', b'MD5').upper() != b'MD5':

                  log.write(b'Unsupported algorithm: %s' % resp.get(b'algorithm'))

                  raise common.ErrorResponse(

                      common.HTTP_FORBIDDEN, b"unknown algorithm"

                  )

              user = resp[b'username']

              realm = resp[b'realm']

              nonce = resp[b'nonce']

              ha1 = self._user_hashes.get((user, realm))

              if not ha1:

                  log.write(b'No hash found for user/realm "%s/%s"' % (user, realm))

                  raise common.ErrorResponse(common.HTTP_FORBIDDEN, b"bad user")

              qop = resp.get(b'qop', b'auth')

              if qop != b'auth':

                  log.write(b"Unsupported qop: %s" % qop)

                  raise common.ErrorResponse(common.HTTP_FORBIDDEN, b"bad qop")

              cnonce, ncvalue = resp.get(b'cnonce'), resp.get(b'nc')

              if not cnonce or not ncvalue:

                  log.write(b'No cnonce (%s) or ncvalue (%s)' % (cnonce, ncvalue))

                  raise common.ErrorResponse(common.HTTP_FORBIDDEN, b"no cnonce")

              a2 = b'%s:%s' % (req.method, resp[b'uri'])

              noncebit = b"%s:%s:%s:%s:%s" % (nonce, ncvalue, cnonce, qop, h(a2))

              respdig = kd(ha1, noncebit)

              if respdig != resp[b'response']:

                  log.write(

                      b'User/realm "%s/%s" gave %s, but expected %s'

                      % (user, realm, resp[b'response'], respdig)

                  )

                  return False

              return True

      digest = digestauthserver()

      def perform_authentication(hgweb, req, op):

          auth = req.headers.get(b'Authorization')

          if req.headers.get(b'X-HgTest-AuthType') == b'Digest':

              if not auth:

                  challenge = digest.makechallenge(b'mercurial')

                  raise common.ErrorResponse(

                      common.HTTP_UNAUTHORIZED,

                      b'who',

                      [(b'WWW-Authenticate', b'Digest %s' % challenge)],

                  )

              if not digest.checkauth(req, auth[7:]):

                  raise common.ErrorResponse(common.HTTP_FORBIDDEN, b'no')

              return

          if not auth:

              raise common.ErrorResponse(

                  common.HTTP_UNAUTHORIZED,

                  b'who',

                  [(b'WWW-Authenticate', b'Basic Realm="mercurial"')],

              )

          if base64.b64decode(auth.split()[1]).split(b':', 1) != [b'user', b'pass']:

              raise common.ErrorResponse(common.HTTP_FORBIDDEN, b'no')

      def extsetup(ui):

          common.permhooks.insert(0, perform_authentication)

          digest.adduser(b'user', b'pass', b'mercurial')

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				from __future__ import absolute_import

				import base64
				import hashlib

				from mercurial.hgweb import common
				from mercurial import node


				def parse_keqv_list(req, l):
				"""Parse list of key=value strings where keys are not duplicated."""
				parsed = {}
				for elt in l:
				k, v = elt.split(b'=', 1)
				if v[0:1] == b'"' and v[-1:] == b'"':
				v = v[1:-1]
				parsed[k] = v
				return parsed


				class digestauthserver(object):
				def __init__(self):
				self._user_hashes = {}

				def gethashers(self):
				def _md5sum(x):
				m = hashlib.md5()
				m.update(x)
				return node.hex(m.digest())

				h = _md5sum

				kd = lambda s, d, h=h: h(b"%s:%s" % (s, d))
				return h, kd

				def adduser(self, user, password, realm):
				h, kd = self.gethashers()
				a1 = h(b'%s:%s:%s' % (user, realm, password))
				self._user_hashes[(user, realm)] = a1

				def makechallenge(self, realm):
				# We aren't testing the protocol here, just that the bytes make the
				# proper round trip. So hardcoded seems fine.
				nonce = b'064af982c5b571cea6450d8eda91c20d'
				return b'realm="%s", nonce="%s", algorithm=MD5, qop="auth"' % (
				realm,
				nonce,
				)

				def checkauth(self, req, header):
				log = req.rawenv[b'wsgi.errors']

				h, kd = self.gethashers()
				resp = parse_keqv_list(req, header.split(b', '))

				if resp.get(b'algorithm', b'MD5').upper() != b'MD5':
				log.write(b'Unsupported algorithm: %s' % resp.get(b'algorithm'))
				raise common.ErrorResponse(
				common.HTTP_FORBIDDEN, b"unknown algorithm"
				)
				user = resp[b'username']
				realm = resp[b'realm']
				nonce = resp[b'nonce']

				ha1 = self._user_hashes.get((user, realm))
				if not ha1:
				log.write(b'No hash found for user/realm "%s/%s"' % (user, realm))
				raise common.ErrorResponse(common.HTTP_FORBIDDEN, b"bad user")

				qop = resp.get(b'qop', b'auth')
				if qop != b'auth':
				log.write(b"Unsupported qop: %s" % qop)
				raise common.ErrorResponse(common.HTTP_FORBIDDEN, b"bad qop")

				cnonce, ncvalue = resp.get(b'cnonce'), resp.get(b'nc')
				if not cnonce or not ncvalue:
				log.write(b'No cnonce (%s) or ncvalue (%s)' % (cnonce, ncvalue))
				raise common.ErrorResponse(common.HTTP_FORBIDDEN, b"no cnonce")

				a2 = b'%s:%s' % (req.method, resp[b'uri'])
				noncebit = b"%s:%s:%s:%s:%s" % (nonce, ncvalue, cnonce, qop, h(a2))

				respdig = kd(ha1, noncebit)
				if respdig != resp[b'response']:
				log.write(
				b'User/realm "%s/%s" gave %s, but expected %s'
				% (user, realm, resp[b'response'], respdig)
				)
				return False

				return True


				digest = digestauthserver()


				def perform_authentication(hgweb, req, op):
				auth = req.headers.get(b'Authorization')

				if req.headers.get(b'X-HgTest-AuthType') == b'Digest':
				if not auth:
				challenge = digest.makechallenge(b'mercurial')
				raise common.ErrorResponse(
				common.HTTP_UNAUTHORIZED,
				b'who',
				[(b'WWW-Authenticate', b'Digest %s' % challenge)],
				)

				if not digest.checkauth(req, auth[7:]):
				raise common.ErrorResponse(common.HTTP_FORBIDDEN, b'no')

				return

				if not auth:
				raise common.ErrorResponse(
				common.HTTP_UNAUTHORIZED,
				b'who',
				[(b'WWW-Authenticate', b'Basic Realm="mercurial"')],
				)

				if base64.b64decode(auth.split()[1]).split(b':', 1) != [b'user', b'pass']:
				raise common.ErrorResponse(common.HTTP_FORBIDDEN, b'no')


				def extsetup(ui):
				common.permhooks.insert(0, perform_authentication)
				digest.adduser(b'user', b'pass', b'mercurial')