upstream/mercurial-mirror Files · tests/test-hgweb-auth.py

sslutil: prevent CRIME...

sslutil: prevent CRIME ssl.create_default_context() disables compression on the TLS channel in order to prevent CRIME. I think we should follow CPython's lead and attempt to disable channel compression in order to help prevent information leakage. Sadly, I don't think there is anything we can do on Python versions that don't have an SSLContext, as there is no way to set channel options with the limited ssl API.

liscju - - Load All Authors

File last commit:

r29377:2c019aac default


                r29558:a935cd7d

default

Download file

             test-hgweb-auth.py
        
                    114 lines
            
             | 3.5 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / tests / test-hgweb-auth.py
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      from __future__ import absolute_import, print_function

      from mercurial import demandimport; demandimport.enable()

      from mercurial import (

          error,

          ui as uimod,

          url,

          util,

      )

      urlerr = util.urlerr

      urlreq = util.urlreq

      class myui(uimod.ui):

          def interactive(self):

              return False

      origui = myui()

      def writeauth(items):

          ui = origui.copy()

          for name, value in items.iteritems():

              ui.setconfig('auth', name, value)

          return ui

      def dumpdict(dict):

          return '{' + ', '.join(['%s: %s' % (k, dict[k])

                                  for k in sorted(dict.iterkeys())]) + '}'

      def test(auth, urls=None):

          print('CFG:', dumpdict(auth))

          prefixes = set()

          for k in auth:

              prefixes.add(k.split('.', 1)[0])

          for p in prefixes:

              for name in ('.username', '.password'):

                  if (p + name) not in auth:

                      auth[p + name] = p

          auth = dict((k, v) for k, v in auth.iteritems() if v is not None)

          ui = writeauth(auth)

          def _test(uri):

              print('URI:', uri)

              try:

                  pm = url.passwordmgr(ui, urlreq.httppasswordmgrwithdefaultrealm())

                  u, authinfo = util.url(uri).authinfo()

                  if authinfo is not None:

                      pm.add_password(*authinfo)

                  print('    ', pm.find_user_password('test', u))

              except error.Abort:

                  print('    ','abort')

          if not urls:

              urls = [

                  'http://example.org/foo',

                  'http://example.org/foo/bar',

                  'http://example.org/bar',

                  'https://example.org/foo',

                  'https://example.org/foo/bar',

                  'https://example.org/bar',

                  'https://x@example.org/bar',

                  'https://y@example.org/bar',

                  ]

          for u in urls:

              _test(u)

      print('\n*** Test in-uri schemes\n')

      test({'x.prefix': 'http://example.org'})

      test({'x.prefix': 'https://example.org'})

      test({'x.prefix': 'http://example.org', 'x.schemes': 'https'})

      test({'x.prefix': 'https://example.org', 'x.schemes': 'http'})

      print('\n*** Test separately configured schemes\n')

      test({'x.prefix': 'example.org', 'x.schemes': 'http'})

      test({'x.prefix': 'example.org', 'x.schemes': 'https'})

      test({'x.prefix': 'example.org', 'x.schemes': 'http https'})

      print('\n*** Test prefix matching\n')

      test({'x.prefix': 'http://example.org/foo',

            'y.prefix': 'http://example.org/bar'})

      test({'x.prefix': 'http://example.org/foo',

            'y.prefix': 'http://example.org/foo/bar'})

      test({'x.prefix': '*', 'y.prefix': 'https://example.org/bar'})

      print('\n*** Test user matching\n')

      test({'x.prefix': 'http://example.org/foo',

            'x.username': None,

            'x.password': 'xpassword'},

           urls=['http://y@example.org/foo'])

      test({'x.prefix': 'http://example.org/foo',

            'x.username': None,

            'x.password': 'xpassword',

            'y.prefix': 'http://example.org/foo',

            'y.username': 'y',

            'y.password': 'ypassword'},

           urls=['http://y@example.org/foo'])

      test({'x.prefix': 'http://example.org/foo/bar',

            'x.username': None,

            'x.password': 'xpassword',

            'y.prefix': 'http://example.org/foo',

            'y.username': 'y',

            'y.password': 'ypassword'},

           urls=['http://y@example.org/foo/bar'])

      def testauthinfo(fullurl, authurl):

          print('URIs:', fullurl, authurl)

          pm = urlreq.httppasswordmgrwithdefaultrealm()

          pm.add_password(*util.url(fullurl).authinfo()[1])

          print(pm.find_user_password('test', authurl))

      print('\n*** Test urllib2 and util.url\n')

      testauthinfo('http://user@example.com:8080/foo', 'http://example.com:8080/foo')

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				from __future__ import absolute_import, print_function

				from mercurial import demandimport; demandimport.enable()
				from mercurial import (
				error,
				ui as uimod,
				url,
				util,
				)

				urlerr = util.urlerr
				urlreq = util.urlreq

				class myui(uimod.ui):
				def interactive(self):
				return False

				origui = myui()

				def writeauth(items):
				ui = origui.copy()
				for name, value in items.iteritems():
				ui.setconfig('auth', name, value)
				return ui

				def dumpdict(dict):
				return '{' + ', '.join(['%s: %s' % (k, dict[k])
				for k in sorted(dict.iterkeys())]) + '}'

				def test(auth, urls=None):
				print('CFG:', dumpdict(auth))
				prefixes = set()
				for k in auth:
				prefixes.add(k.split('.', 1)[0])
				for p in prefixes:
				for name in ('.username', '.password'):
				if (p + name) not in auth:
				auth[p + name] = p
				auth = dict((k, v) for k, v in auth.iteritems() if v is not None)

				ui = writeauth(auth)

				def _test(uri):
				print('URI:', uri)
				try:
				pm = url.passwordmgr(ui, urlreq.httppasswordmgrwithdefaultrealm())
				u, authinfo = util.url(uri).authinfo()
				if authinfo is not None:
				pm.add_password(*authinfo)
				print(' ', pm.find_user_password('test', u))
				except error.Abort:
				print(' ','abort')

				if not urls:
				urls = [
				'http://example.org/foo',
				'http://example.org/foo/bar',
				'http://example.org/bar',
				'https://example.org/foo',
				'https://example.org/foo/bar',
				'https://example.org/bar',
				'https://x@example.org/bar',
				'https://y@example.org/bar',
				]
				for u in urls:
				_test(u)


				print('\n*** Test in-uri schemes\n')
				test({'x.prefix': 'http://example.org'})
				test({'x.prefix': 'https://example.org'})
				test({'x.prefix': 'http://example.org', 'x.schemes': 'https'})
				test({'x.prefix': 'https://example.org', 'x.schemes': 'http'})

				print('\n*** Test separately configured schemes\n')
				test({'x.prefix': 'example.org', 'x.schemes': 'http'})
				test({'x.prefix': 'example.org', 'x.schemes': 'https'})
				test({'x.prefix': 'example.org', 'x.schemes': 'http https'})

				print('\n*** Test prefix matching\n')
				test({'x.prefix': 'http://example.org/foo',
				'y.prefix': 'http://example.org/bar'})
				test({'x.prefix': 'http://example.org/foo',
				'y.prefix': 'http://example.org/foo/bar'})
				test({'x.prefix': '*', 'y.prefix': 'https://example.org/bar'})

				print('\n*** Test user matching\n')
				test({'x.prefix': 'http://example.org/foo',
				'x.username': None,
				'x.password': 'xpassword'},
				urls=['http://y@example.org/foo'])
				test({'x.prefix': 'http://example.org/foo',
				'x.username': None,
				'x.password': 'xpassword',
				'y.prefix': 'http://example.org/foo',
				'y.username': 'y',
				'y.password': 'ypassword'},
				urls=['http://y@example.org/foo'])
				test({'x.prefix': 'http://example.org/foo/bar',
				'x.username': None,
				'x.password': 'xpassword',
				'y.prefix': 'http://example.org/foo',
				'y.username': 'y',
				'y.password': 'ypassword'},
				urls=['http://y@example.org/foo/bar'])

				def testauthinfo(fullurl, authurl):
				print('URIs:', fullurl, authurl)
				pm = urlreq.httppasswordmgrwithdefaultrealm()
				pm.add_password(*util.url(fullurl).authinfo()[1])
				print(pm.find_user_password('test', authurl))

				print('\n*** Test urllib2 and util.url\n')
				testauthinfo('http://user@example.com:8080/foo', 'http://example.com:8080/foo')