upstream/mercurial-mirror Files · tests/test-push-http.t

sslutil: prevent CRIME...

sslutil: prevent CRIME ssl.create_default_context() disables compression on the TLS channel in order to prevent CRIME. I think we should follow CPython's lead and attempt to disable channel compression in order to help prevent information leakage. Sadly, I don't think there is anything we can do on Python versions that don't have an SSLContext, as there is no way to set channel options with the limited ssl API.

Mateusz Kwapich - - Load All Authors

File last commit:

r27739:d6d3cf5f default


                r29558:a935cd7d

default

Download file

             test-push-http.t
        
                    171 lines
            
             | 5.6 KiB
            
                | text/troff
            
             |
                Tads3Lexer
            
             / tests / test-push-http.t
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      #require killdaemons

        $ hg init test

        $ cd test

        $ echo a > a

        $ hg ci -Ama

        adding a

        $ cd ..

        $ hg clone test test2

        updating to branch default

        1 files updated, 0 files merged, 0 files removed, 0 files unresolved

        $ cd test2

        $ echo a >> a

        $ hg ci -mb

        $ req() {

        >     hg serve -p $HGPORT -d --pid-file=hg.pid -E errors.log

        >     cat hg.pid >> $DAEMON_PIDS

        >     hg --cwd ../test2 push http://localhost:$HGPORT/

        >     exitstatus=$?

        >     killdaemons.py

        >     echo % serve errors

        >     cat errors.log

        >     return $exitstatus

        > }

        $ cd ../test

      expect ssl error

        $ req

        pushing to http://localhost:$HGPORT/

        searching for changes

        abort: HTTP Error 403: ssl required

        % serve errors

        [255]

      expect authorization error

        $ echo '[web]' > .hg/hgrc

        $ echo 'push_ssl = false' >> .hg/hgrc

        $ req

        pushing to http://localhost:$HGPORT/

        searching for changes

        abort: authorization failed

        % serve errors

        [255]

      expect authorization error: must have authorized user

        $ echo 'allow_push = unperson' >> .hg/hgrc

        $ req

        pushing to http://localhost:$HGPORT/

        searching for changes

        abort: authorization failed

        % serve errors

        [255]

      expect success

        $ echo 'allow_push = *' >> .hg/hgrc

        $ echo '[hooks]' >> .hg/hgrc

        $ echo "changegroup = printenv.py changegroup 0" >> .hg/hgrc

        $ echo "pushkey = printenv.py pushkey 0" >> .hg/hgrc

        $ req

        pushing to http://localhost:$HGPORT/

        searching for changes

        remote: adding changesets

        remote: adding manifests

        remote: adding file changes

        remote: added 1 changesets with 1 changes to 1 files

        remote: pushkey hook: HG_KEY=ba677d0156c1196c1a699fa53f390dcfc3ce3872 HG_NAMESPACE=phases HG_NEW=0 HG_OLD=1 HG_RET=1

        remote: changegroup hook: HG_BUNDLE2=1 HG_NODE=ba677d0156c1196c1a699fa53f390dcfc3ce3872 HG_NODE_LAST=ba677d0156c1196c1a699fa53f390dcfc3ce3872 HG_SOURCE=serve HG_TXNID=TXN:* HG_URL=remote:http:127.0.0.1: (glob)

        % serve errors

        $ hg rollback

        repository tip rolled back to revision 0 (undo serve)

      expect success, server lacks the httpheader capability

        $ CAP=httpheader

        $ . "$TESTDIR/notcapable"

        $ req

        pushing to http://localhost:$HGPORT/

        searching for changes

        remote: adding changesets

        remote: adding manifests

        remote: adding file changes

        remote: added 1 changesets with 1 changes to 1 files

        remote: pushkey hook: HG_KEY=ba677d0156c1196c1a699fa53f390dcfc3ce3872 HG_NAMESPACE=phases HG_NEW=0 HG_OLD=1 HG_RET=1

        remote: changegroup hook: HG_BUNDLE2=1 HG_NODE=ba677d0156c1196c1a699fa53f390dcfc3ce3872 HG_NODE_LAST=ba677d0156c1196c1a699fa53f390dcfc3ce3872 HG_SOURCE=serve HG_TXNID=TXN:* HG_URL=remote:http:127.0.0.1: (glob)

        % serve errors

        $ hg rollback

        repository tip rolled back to revision 0 (undo serve)

      expect success, server lacks the unbundlehash capability

        $ CAP=unbundlehash

        $ . "$TESTDIR/notcapable"

        $ req

        pushing to http://localhost:$HGPORT/

        searching for changes

        remote: adding changesets

        remote: adding manifests

        remote: adding file changes

        remote: added 1 changesets with 1 changes to 1 files

        remote: pushkey hook: HG_KEY=ba677d0156c1196c1a699fa53f390dcfc3ce3872 HG_NAMESPACE=phases HG_NEW=0 HG_OLD=1 HG_RET=1

        remote: changegroup hook: HG_BUNDLE2=1 HG_NODE=ba677d0156c1196c1a699fa53f390dcfc3ce3872 HG_NODE_LAST=ba677d0156c1196c1a699fa53f390dcfc3ce3872 HG_SOURCE=serve HG_TXNID=TXN:* HG_URL=remote:http:127.0.0.1: (glob)

        % serve errors

        $ hg rollback

        repository tip rolled back to revision 0 (undo serve)

      expect push success, phase change failure

        $ cat > .hg/hgrc <<EOF

        > [web]

        > push_ssl = false

        > allow_push = *

        > [hooks]

        > prepushkey = printenv.py prepushkey 1

        > EOF

        $ req

        pushing to http://localhost:$HGPORT/

        searching for changes

        remote: adding changesets

        remote: adding manifests

        remote: adding file changes

        remote: added 1 changesets with 1 changes to 1 files

        remote: prepushkey hook: HG_BUNDLE2=1 HG_KEY=ba677d0156c1196c1a699fa53f390dcfc3ce3872 HG_NAMESPACE=phases HG_NEW=0 HG_NODE=ba677d0156c1196c1a699fa53f390dcfc3ce3872 HG_NODE_LAST=ba677d0156c1196c1a699fa53f390dcfc3ce3872 HG_OLD=1 HG_PENDING=$TESTTMP/test HG_PHASES_MOVED=1 HG_SOURCE=serve HG_TXNID=TXN:* HG_URL=remote:http:127.0.0.1: (glob)

        remote: pushkey-abort: prepushkey hook exited with status 1

        remote: transaction abort!

        remote: rollback completed

        abort: updating ba677d0156c1 to public failed

        % serve errors

        [255]

      expect phase change success

        $ echo "prepushkey = printenv.py prepushkey 0" >> .hg/hgrc

        $ req

        pushing to http://localhost:$HGPORT/

        searching for changes

        remote: adding changesets

        remote: adding manifests

        remote: adding file changes

        remote: added 1 changesets with 1 changes to 1 files

        remote: prepushkey hook: HG_BUNDLE2=1 HG_KEY=ba677d0156c1196c1a699fa53f390dcfc3ce3872 HG_NAMESPACE=phases HG_NEW=0 HG_NODE=ba677d0156c1196c1a699fa53f390dcfc3ce3872 HG_NODE_LAST=ba677d0156c1196c1a699fa53f390dcfc3ce3872 HG_OLD=1 HG_PENDING=$TESTTMP/test HG_PHASES_MOVED=1 HG_SOURCE=serve HG_TXNID=TXN:* HG_URL=remote:http:127.0.0.1: (glob)

        % serve errors

        $ hg rollback

        repository tip rolled back to revision 0 (undo serve)

      expect authorization error: all users denied

        $ echo '[web]' > .hg/hgrc

        $ echo 'push_ssl = false' >> .hg/hgrc

        $ echo 'deny_push = *' >> .hg/hgrc

        $ req

        pushing to http://localhost:$HGPORT/

        searching for changes

        abort: authorization failed

        % serve errors

        [255]

      expect authorization error: some users denied, users must be authenticated

        $ echo 'deny_push = unperson' >> .hg/hgrc

        $ req

        pushing to http://localhost:$HGPORT/

        searching for changes

        abort: authorization failed

        % serve errors

        [255]

        $ cd ..

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				#require killdaemons

				$ hg init test
				$ cd test
				$ echo a > a
				$ hg ci -Ama
				adding a
				$ cd ..
				$ hg clone test test2
				updating to branch default
				1 files updated, 0 files merged, 0 files removed, 0 files unresolved
				$ cd test2
				$ echo a >> a
				$ hg ci -mb
				$ req() {
				> hg serve -p $HGPORT -d --pid-file=hg.pid -E errors.log
				> cat hg.pid >> $DAEMON_PIDS
				> hg --cwd ../test2 push http://localhost:$HGPORT/
				> exitstatus=$?
				> killdaemons.py
				> echo % serve errors
				> cat errors.log
				> return $exitstatus
				> }
				$ cd ../test

				expect ssl error

				$ req
				pushing to http://localhost:$HGPORT/
				searching for changes
				abort: HTTP Error 403: ssl required
				% serve errors
				[255]

				expect authorization error

				$ echo '[web]' > .hg/hgrc
				$ echo 'push_ssl = false' >> .hg/hgrc
				$ req
				pushing to http://localhost:$HGPORT/
				searching for changes
				abort: authorization failed
				% serve errors
				[255]

				expect authorization error: must have authorized user

				$ echo 'allow_push = unperson' >> .hg/hgrc
				$ req
				pushing to http://localhost:$HGPORT/
				searching for changes
				abort: authorization failed
				% serve errors
				[255]

				expect success

				$ echo 'allow_push = *' >> .hg/hgrc
				$ echo '[hooks]' >> .hg/hgrc
				$ echo "changegroup = printenv.py changegroup 0" >> .hg/hgrc
				$ echo "pushkey = printenv.py pushkey 0" >> .hg/hgrc
				$ req
				pushing to http://localhost:$HGPORT/
				searching for changes
				remote: adding changesets
				remote: adding manifests
				remote: adding file changes
				remote: added 1 changesets with 1 changes to 1 files
				remote: pushkey hook: HG_KEY=ba677d0156c1196c1a699fa53f390dcfc3ce3872 HG_NAMESPACE=phases HG_NEW=0 HG_OLD=1 HG_RET=1
				remote: changegroup hook: HG_BUNDLE2=1 HG_NODE=ba677d0156c1196c1a699fa53f390dcfc3ce3872 HG_NODE_LAST=ba677d0156c1196c1a699fa53f390dcfc3ce3872 HG_SOURCE=serve HG_TXNID=TXN:* HG_URL=remote:http:127.0.0.1: (glob)
				% serve errors
				$ hg rollback
				repository tip rolled back to revision 0 (undo serve)

				expect success, server lacks the httpheader capability

				$ CAP=httpheader
				$ . "$TESTDIR/notcapable"
				$ req
				pushing to http://localhost:$HGPORT/
				searching for changes
				remote: adding changesets
				remote: adding manifests
				remote: adding file changes
				remote: added 1 changesets with 1 changes to 1 files
				remote: pushkey hook: HG_KEY=ba677d0156c1196c1a699fa53f390dcfc3ce3872 HG_NAMESPACE=phases HG_NEW=0 HG_OLD=1 HG_RET=1
				remote: changegroup hook: HG_BUNDLE2=1 HG_NODE=ba677d0156c1196c1a699fa53f390dcfc3ce3872 HG_NODE_LAST=ba677d0156c1196c1a699fa53f390dcfc3ce3872 HG_SOURCE=serve HG_TXNID=TXN:* HG_URL=remote:http:127.0.0.1: (glob)
				% serve errors
				$ hg rollback
				repository tip rolled back to revision 0 (undo serve)

				expect success, server lacks the unbundlehash capability

				$ CAP=unbundlehash
				$ . "$TESTDIR/notcapable"
				$ req
				pushing to http://localhost:$HGPORT/
				searching for changes
				remote: adding changesets
				remote: adding manifests
				remote: adding file changes
				remote: added 1 changesets with 1 changes to 1 files
				remote: pushkey hook: HG_KEY=ba677d0156c1196c1a699fa53f390dcfc3ce3872 HG_NAMESPACE=phases HG_NEW=0 HG_OLD=1 HG_RET=1
				remote: changegroup hook: HG_BUNDLE2=1 HG_NODE=ba677d0156c1196c1a699fa53f390dcfc3ce3872 HG_NODE_LAST=ba677d0156c1196c1a699fa53f390dcfc3ce3872 HG_SOURCE=serve HG_TXNID=TXN:* HG_URL=remote:http:127.0.0.1: (glob)
				% serve errors
				$ hg rollback
				repository tip rolled back to revision 0 (undo serve)

				expect push success, phase change failure

				$ cat > .hg/hgrc <<EOF
				> [web]
				> push_ssl = false
				> allow_push = *
				> [hooks]
				> prepushkey = printenv.py prepushkey 1
				> EOF
				$ req
				pushing to http://localhost:$HGPORT/
				searching for changes
				remote: adding changesets
				remote: adding manifests
				remote: adding file changes
				remote: added 1 changesets with 1 changes to 1 files
				remote: prepushkey hook: HG_BUNDLE2=1 HG_KEY=ba677d0156c1196c1a699fa53f390dcfc3ce3872 HG_NAMESPACE=phases HG_NEW=0 HG_NODE=ba677d0156c1196c1a699fa53f390dcfc3ce3872 HG_NODE_LAST=ba677d0156c1196c1a699fa53f390dcfc3ce3872 HG_OLD=1 HG_PENDING=$TESTTMP/test HG_PHASES_MOVED=1 HG_SOURCE=serve HG_TXNID=TXN:* HG_URL=remote:http:127.0.0.1: (glob)
				remote: pushkey-abort: prepushkey hook exited with status 1
				remote: transaction abort!
				remote: rollback completed
				abort: updating ba677d0156c1 to public failed
				% serve errors
				[255]

				expect phase change success

				$ echo "prepushkey = printenv.py prepushkey 0" >> .hg/hgrc
				$ req
				pushing to http://localhost:$HGPORT/
				searching for changes
				remote: adding changesets
				remote: adding manifests
				remote: adding file changes
				remote: added 1 changesets with 1 changes to 1 files
				remote: prepushkey hook: HG_BUNDLE2=1 HG_KEY=ba677d0156c1196c1a699fa53f390dcfc3ce3872 HG_NAMESPACE=phases HG_NEW=0 HG_NODE=ba677d0156c1196c1a699fa53f390dcfc3ce3872 HG_NODE_LAST=ba677d0156c1196c1a699fa53f390dcfc3ce3872 HG_OLD=1 HG_PENDING=$TESTTMP/test HG_PHASES_MOVED=1 HG_SOURCE=serve HG_TXNID=TXN:* HG_URL=remote:http:127.0.0.1: (glob)
				% serve errors
				$ hg rollback
				repository tip rolled back to revision 0 (undo serve)

				expect authorization error: all users denied

				$ echo '[web]' > .hg/hgrc
				$ echo 'push_ssl = false' >> .hg/hgrc
				$ echo 'deny_push = *' >> .hg/hgrc
				$ req
				pushing to http://localhost:$HGPORT/
				searching for changes
				abort: authorization failed
				% serve errors
				[255]

				expect authorization error: some users denied, users must be authenticated

				$ echo 'deny_push = unperson' >> .hg/hgrc
				$ req
				pushing to http://localhost:$HGPORT/
				searching for changes
				abort: authorization failed
				% serve errors
				[255]

				$ cd ..