upstream/mercurial-mirror Files · tests/httpserverauth.py

revlog: subclass the new `repository.iverifyproblem` Protocol class...

revlog: subclass the new `repository.iverifyproblem` Protocol class This is the same transformation as did for dirstate, but the CamelCase naming was already cleaned up here. We shouldn't have to explicitly subclass, but I'm doing so to test the interplay of regular attributes and the `attrs` class. Also, PyCharm has a nifty feature that puts a jump point in the gutter to navigate back and forth between the base class and subclasses (and override functions and base class functions) when there's an explicit subclassing. Additionally, PyCharm will immediately flag signature mismatches without a 40m pytype run.

Gregory Szorc - - Load All Authors

File last commit:

r49801:642e31cb default


                r53365:4ef6dbc2

default

Download file

             httpserverauth.py
        
                    125 lines
            
             | 3.8 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / tests / httpserverauth.py
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      import base64

      import hashlib

      from mercurial.hgweb import common

      from mercurial import node

      def parse_keqv_list(req, l):

          """Parse list of key=value strings where keys are not duplicated."""

          parsed = {}

          for elt in l:

              k, v = elt.split(b'=', 1)

              if v[0:1] == b'"' and v[-1:] == b'"':

                  v = v[1:-1]

              parsed[k] = v

          return parsed

      class digestauthserver:

          def __init__(self):

              self._user_hashes = {}

          def gethashers(self):

              def _md5sum(x):

                  m = hashlib.md5()

                  m.update(x)

                  return node.hex(m.digest())

              h = _md5sum

              kd = lambda s, d, h=h: h(b"%s:%s" % (s, d))

              return h, kd

          def adduser(self, user, password, realm):

              h, kd = self.gethashers()

              a1 = h(b'%s:%s:%s' % (user, realm, password))

              self._user_hashes[(user, realm)] = a1

          def makechallenge(self, realm):

              # We aren't testing the protocol here, just that the bytes make the

              # proper round trip.  So hardcoded seems fine.

              nonce = b'064af982c5b571cea6450d8eda91c20d'

              return b'realm="%s", nonce="%s", algorithm=MD5, qop="auth"' % (

                  realm,

                  nonce,

              )

          def checkauth(self, req, header):

              log = req.rawenv[b'wsgi.errors']

              h, kd = self.gethashers()

              resp = parse_keqv_list(req, header.split(b', '))

              if resp.get(b'algorithm', b'MD5').upper() != b'MD5':

                  log.write(b'Unsupported algorithm: %s' % resp.get(b'algorithm'))

                  raise common.ErrorResponse(

                      common.HTTP_FORBIDDEN, b"unknown algorithm"

                  )

              user = resp[b'username']

              realm = resp[b'realm']

              nonce = resp[b'nonce']

              ha1 = self._user_hashes.get((user, realm))

              if not ha1:

                  log.write(b'No hash found for user/realm "%s/%s"' % (user, realm))

                  raise common.ErrorResponse(common.HTTP_FORBIDDEN, b"bad user")

              qop = resp.get(b'qop', b'auth')

              if qop != b'auth':

                  log.write(b"Unsupported qop: %s" % qop)

                  raise common.ErrorResponse(common.HTTP_FORBIDDEN, b"bad qop")

              cnonce, ncvalue = resp.get(b'cnonce'), resp.get(b'nc')

              if not cnonce or not ncvalue:

                  log.write(b'No cnonce (%s) or ncvalue (%s)' % (cnonce, ncvalue))

                  raise common.ErrorResponse(common.HTTP_FORBIDDEN, b"no cnonce")

              a2 = b'%s:%s' % (req.method, resp[b'uri'])

              noncebit = b"%s:%s:%s:%s:%s" % (nonce, ncvalue, cnonce, qop, h(a2))

              respdig = kd(ha1, noncebit)

              if respdig != resp[b'response']:

                  log.write(

                      b'User/realm "%s/%s" gave %s, but expected %s'

                      % (user, realm, resp[b'response'], respdig)

                  )

                  return False

              return True

      digest = digestauthserver()

      def perform_authentication(hgweb, req, op):

          auth = req.headers.get(b'Authorization')

          if req.headers.get(b'X-HgTest-AuthType') == b'Digest':

              if not auth:

                  challenge = digest.makechallenge(b'mercurial')

                  raise common.ErrorResponse(

                      common.HTTP_UNAUTHORIZED,

                      b'who',

                      [(b'WWW-Authenticate', b'Digest %s' % challenge)],

                  )

              if not digest.checkauth(req, auth[7:]):

                  raise common.ErrorResponse(common.HTTP_FORBIDDEN, b'no')

              return

          if not auth:

              raise common.ErrorResponse(

                  common.HTTP_UNAUTHORIZED,

                  b'who',

                  [(b'WWW-Authenticate', b'Basic Realm="mercurial"')],

              )

          if base64.b64decode(auth.split()[1]).split(b':', 1) != [b'user', b'pass']:

              raise common.ErrorResponse(common.HTTP_FORBIDDEN, b'no')

      def extsetup(ui):

          common.permhooks.insert(0, perform_authentication)

          digest.adduser(b'user', b'pass', b'mercurial')

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				import base64
				import hashlib

				from mercurial.hgweb import common
				from mercurial import node


				def parse_keqv_list(req, l):
				"""Parse list of key=value strings where keys are not duplicated."""
				parsed = {}
				for elt in l:
				k, v = elt.split(b'=', 1)
				if v[0:1] == b'"' and v[-1:] == b'"':
				v = v[1:-1]
				parsed[k] = v
				return parsed


				class digestauthserver:
				def __init__(self):
				self._user_hashes = {}

				def gethashers(self):
				def _md5sum(x):
				m = hashlib.md5()
				m.update(x)
				return node.hex(m.digest())

				h = _md5sum

				kd = lambda s, d, h=h: h(b"%s:%s" % (s, d))
				return h, kd

				def adduser(self, user, password, realm):
				h, kd = self.gethashers()
				a1 = h(b'%s:%s:%s' % (user, realm, password))
				self._user_hashes[(user, realm)] = a1

				def makechallenge(self, realm):
				# We aren't testing the protocol here, just that the bytes make the
				# proper round trip. So hardcoded seems fine.
				nonce = b'064af982c5b571cea6450d8eda91c20d'
				return b'realm="%s", nonce="%s", algorithm=MD5, qop="auth"' % (
				realm,
				nonce,
				)

				def checkauth(self, req, header):
				log = req.rawenv[b'wsgi.errors']

				h, kd = self.gethashers()
				resp = parse_keqv_list(req, header.split(b', '))

				if resp.get(b'algorithm', b'MD5').upper() != b'MD5':
				log.write(b'Unsupported algorithm: %s' % resp.get(b'algorithm'))
				raise common.ErrorResponse(
				common.HTTP_FORBIDDEN, b"unknown algorithm"
				)
				user = resp[b'username']
				realm = resp[b'realm']
				nonce = resp[b'nonce']

				ha1 = self._user_hashes.get((user, realm))
				if not ha1:
				log.write(b'No hash found for user/realm "%s/%s"' % (user, realm))
				raise common.ErrorResponse(common.HTTP_FORBIDDEN, b"bad user")

				qop = resp.get(b'qop', b'auth')
				if qop != b'auth':
				log.write(b"Unsupported qop: %s" % qop)
				raise common.ErrorResponse(common.HTTP_FORBIDDEN, b"bad qop")

				cnonce, ncvalue = resp.get(b'cnonce'), resp.get(b'nc')
				if not cnonce or not ncvalue:
				log.write(b'No cnonce (%s) or ncvalue (%s)' % (cnonce, ncvalue))
				raise common.ErrorResponse(common.HTTP_FORBIDDEN, b"no cnonce")

				a2 = b'%s:%s' % (req.method, resp[b'uri'])
				noncebit = b"%s:%s:%s:%s:%s" % (nonce, ncvalue, cnonce, qop, h(a2))

				respdig = kd(ha1, noncebit)
				if respdig != resp[b'response']:
				log.write(
				b'User/realm "%s/%s" gave %s, but expected %s'
				% (user, realm, resp[b'response'], respdig)
				)
				return False

				return True


				digest = digestauthserver()


				def perform_authentication(hgweb, req, op):
				auth = req.headers.get(b'Authorization')

				if req.headers.get(b'X-HgTest-AuthType') == b'Digest':
				if not auth:
				challenge = digest.makechallenge(b'mercurial')
				raise common.ErrorResponse(
				common.HTTP_UNAUTHORIZED,
				b'who',
				[(b'WWW-Authenticate', b'Digest %s' % challenge)],
				)

				if not digest.checkauth(req, auth[7:]):
				raise common.ErrorResponse(common.HTTP_FORBIDDEN, b'no')

				return

				if not auth:
				raise common.ErrorResponse(
				common.HTTP_UNAUTHORIZED,
				b'who',
				[(b'WWW-Authenticate', b'Basic Realm="mercurial"')],
				)

				if base64.b64decode(auth.split()[1]).split(b':', 1) != [b'user', b'pass']:
				raise common.ErrorResponse(common.HTTP_FORBIDDEN, b'no')


				def extsetup(ui):
				common.permhooks.insert(0, perform_authentication)
				digest.adduser(b'user', b'pass', b'mercurial')