upstream/mercurial-mirror Files · tests/test-hgweb-auth.py

sslutil: synchronize hostname matching logic with CPython...

sslutil: synchronize hostname matching logic with CPython sslutil contains its own hostname matching logic. CPython has code for the same intent. However, it is only available to Python 2.7.9+ (or distributions that have backported 2.7.9's ssl module improvements). This patch effectively imports CPython's hostname matching code from its ssl.py into sslutil.py. The hostname matching code itself is pretty similar. However, the DNS name matching code is much more robust and spec conformant. As the test changes show, this changes some behavior around wildcard handling and IDNA matching. The new behavior allows wildcards in the middle of words (e.g. 'f*.com' matches 'foo.com') This is spec compliant according to RFC 6125 Section 6.5.3 item 3. There is one test where the matcher is more strict. Before, '*.a.com' matched '.a.com'. Now it doesn't match. Strictly speaking this is a security vulnerability.

liscju - - Load All Authors

File last commit:

r29377:2c019aac default


                r29452:26a5d605

3.8.4 stable

Download file

             test-hgweb-auth.py
        
                    114 lines
            
             | 3.5 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / tests / test-hgweb-auth.py
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      from __future__ import absolute_import, print_function

      from mercurial import demandimport; demandimport.enable()

      from mercurial import (

          error,

          ui as uimod,

          url,

          util,

      )

      urlerr = util.urlerr

      urlreq = util.urlreq

      class myui(uimod.ui):

          def interactive(self):

              return False

      origui = myui()

      def writeauth(items):

          ui = origui.copy()

          for name, value in items.iteritems():

              ui.setconfig('auth', name, value)

          return ui

      def dumpdict(dict):

          return '{' + ', '.join(['%s: %s' % (k, dict[k])

                                  for k in sorted(dict.iterkeys())]) + '}'

      def test(auth, urls=None):

          print('CFG:', dumpdict(auth))

          prefixes = set()

          for k in auth:

              prefixes.add(k.split('.', 1)[0])

          for p in prefixes:

              for name in ('.username', '.password'):

                  if (p + name) not in auth:

                      auth[p + name] = p

          auth = dict((k, v) for k, v in auth.iteritems() if v is not None)

          ui = writeauth(auth)

          def _test(uri):

              print('URI:', uri)

              try:

                  pm = url.passwordmgr(ui)

                  u, authinfo = util.url(uri).authinfo()

                  if authinfo is not None:

                      pm.add_password(*authinfo)

                  print('    ', pm.find_user_password('test', u))

              except error.Abort:

                  print('    ','abort')

          if not urls:

              urls = [

                  'http://example.org/foo',

                  'http://example.org/foo/bar',

                  'http://example.org/bar',

                  'https://example.org/foo',

                  'https://example.org/foo/bar',

                  'https://example.org/bar',

                  'https://x@example.org/bar',

                  'https://y@example.org/bar',

                  ]

          for u in urls:

              _test(u)

      print('\n*** Test in-uri schemes\n')

      test({'x.prefix': 'http://example.org'})

      test({'x.prefix': 'https://example.org'})

      test({'x.prefix': 'http://example.org', 'x.schemes': 'https'})

      test({'x.prefix': 'https://example.org', 'x.schemes': 'http'})

      print('\n*** Test separately configured schemes\n')

      test({'x.prefix': 'example.org', 'x.schemes': 'http'})

      test({'x.prefix': 'example.org', 'x.schemes': 'https'})

      test({'x.prefix': 'example.org', 'x.schemes': 'http https'})

      print('\n*** Test prefix matching\n')

      test({'x.prefix': 'http://example.org/foo',

            'y.prefix': 'http://example.org/bar'})

      test({'x.prefix': 'http://example.org/foo',

            'y.prefix': 'http://example.org/foo/bar'})

      test({'x.prefix': '*', 'y.prefix': 'https://example.org/bar'})

      print('\n*** Test user matching\n')

      test({'x.prefix': 'http://example.org/foo',

            'x.username': None,

            'x.password': 'xpassword'},

           urls=['http://y@example.org/foo'])

      test({'x.prefix': 'http://example.org/foo',

            'x.username': None,

            'x.password': 'xpassword',

            'y.prefix': 'http://example.org/foo',

            'y.username': 'y',

            'y.password': 'ypassword'},

           urls=['http://y@example.org/foo'])

      test({'x.prefix': 'http://example.org/foo/bar',

            'x.username': None,

            'x.password': 'xpassword',

            'y.prefix': 'http://example.org/foo',

            'y.username': 'y',

            'y.password': 'ypassword'},

           urls=['http://y@example.org/foo/bar'])

      def testauthinfo(fullurl, authurl):

          print('URIs:', fullurl, authurl)

          pm = urlreq.httppasswordmgrwithdefaultrealm()

          pm.add_password(*util.url(fullurl).authinfo()[1])

          print(pm.find_user_password('test', authurl))

      print('\n*** Test urllib2 and util.url\n')

      testauthinfo('http://user@example.com:8080/foo', 'http://example.com:8080/foo')

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				from __future__ import absolute_import, print_function

				from mercurial import demandimport; demandimport.enable()
				from mercurial import (
				error,
				ui as uimod,
				url,
				util,
				)

				urlerr = util.urlerr
				urlreq = util.urlreq

				class myui(uimod.ui):
				def interactive(self):
				return False

				origui = myui()

				def writeauth(items):
				ui = origui.copy()
				for name, value in items.iteritems():
				ui.setconfig('auth', name, value)
				return ui

				def dumpdict(dict):
				return '{' + ', '.join(['%s: %s' % (k, dict[k])
				for k in sorted(dict.iterkeys())]) + '}'

				def test(auth, urls=None):
				print('CFG:', dumpdict(auth))
				prefixes = set()
				for k in auth:
				prefixes.add(k.split('.', 1)[0])
				for p in prefixes:
				for name in ('.username', '.password'):
				if (p + name) not in auth:
				auth[p + name] = p
				auth = dict((k, v) for k, v in auth.iteritems() if v is not None)

				ui = writeauth(auth)

				def _test(uri):
				print('URI:', uri)
				try:
				pm = url.passwordmgr(ui)
				u, authinfo = util.url(uri).authinfo()
				if authinfo is not None:
				pm.add_password(*authinfo)
				print(' ', pm.find_user_password('test', u))
				except error.Abort:
				print(' ','abort')

				if not urls:
				urls = [
				'http://example.org/foo',
				'http://example.org/foo/bar',
				'http://example.org/bar',
				'https://example.org/foo',
				'https://example.org/foo/bar',
				'https://example.org/bar',
				'https://x@example.org/bar',
				'https://y@example.org/bar',
				]
				for u in urls:
				_test(u)


				print('\n*** Test in-uri schemes\n')
				test({'x.prefix': 'http://example.org'})
				test({'x.prefix': 'https://example.org'})
				test({'x.prefix': 'http://example.org', 'x.schemes': 'https'})
				test({'x.prefix': 'https://example.org', 'x.schemes': 'http'})

				print('\n*** Test separately configured schemes\n')
				test({'x.prefix': 'example.org', 'x.schemes': 'http'})
				test({'x.prefix': 'example.org', 'x.schemes': 'https'})
				test({'x.prefix': 'example.org', 'x.schemes': 'http https'})

				print('\n*** Test prefix matching\n')
				test({'x.prefix': 'http://example.org/foo',
				'y.prefix': 'http://example.org/bar'})
				test({'x.prefix': 'http://example.org/foo',
				'y.prefix': 'http://example.org/foo/bar'})
				test({'x.prefix': '*', 'y.prefix': 'https://example.org/bar'})

				print('\n*** Test user matching\n')
				test({'x.prefix': 'http://example.org/foo',
				'x.username': None,
				'x.password': 'xpassword'},
				urls=['http://y@example.org/foo'])
				test({'x.prefix': 'http://example.org/foo',
				'x.username': None,
				'x.password': 'xpassword',
				'y.prefix': 'http://example.org/foo',
				'y.username': 'y',
				'y.password': 'ypassword'},
				urls=['http://y@example.org/foo'])
				test({'x.prefix': 'http://example.org/foo/bar',
				'x.username': None,
				'x.password': 'xpassword',
				'y.prefix': 'http://example.org/foo',
				'y.username': 'y',
				'y.password': 'ypassword'},
				urls=['http://y@example.org/foo/bar'])

				def testauthinfo(fullurl, authurl):
				print('URIs:', fullurl, authurl)
				pm = urlreq.httppasswordmgrwithdefaultrealm()
				pm.add_password(*util.url(fullurl).authinfo()[1])
				print(pm.find_user_password('test', authurl))

				print('\n*** Test urllib2 and util.url\n')
				testauthinfo('http://user@example.com:8080/foo', 'http://example.com:8080/foo')