upstream/mercurial-mirror Files · tests/httpserverauth.py

packaging: modernize (compat PEP 517) with less distutils and setup.py calls...

packaging: modernize (compat PEP 517) with less distutils and setup.py calls - setup.py: less distutils imports and setuptools required distutils is deprecated and one should import commands from setuptools to support modern workflows depending on PEP 517 and 518. Moreover, for Python >=3.12, distutils comes from setuptools. It corresponds to old and unmaintain code that do not support PEP 517. The PEP 517 frontends (pip, build, pipx, PDM, UV, etc.) are responsible for creating a venv just for the build. The build dependencies (currently only setuptools) are specified in the pyproject.toml file. Therefore, there is no reason to support building without setuptools. Calling directly setup.py is deprecated and we have to use a PEP 517 frontend. For this commit we use pip with venv. - run-tests.py: install with pip instead of direct call of setup.py Mercurial is then built in an isolated environment. - Makefile: use venv+pip instead of setup.py

Gregory Szorc - - Load All Authors

File last commit:

r49801:642e31cb default


                r53946:f5091286

tip default

Download file

             httpserverauth.py
        
                    125 lines
            
             | 3.8 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / tests / httpserverauth.py
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      import base64

      import hashlib

      from mercurial.hgweb import common

      from mercurial import node

      def parse_keqv_list(req, l):

          """Parse list of key=value strings where keys are not duplicated."""

          parsed = {}

          for elt in l:

              k, v = elt.split(b'=', 1)

              if v[0:1] == b'"' and v[-1:] == b'"':

                  v = v[1:-1]

              parsed[k] = v

          return parsed

      class digestauthserver:

          def __init__(self):

              self._user_hashes = {}

          def gethashers(self):

              def _md5sum(x):

                  m = hashlib.md5()

                  m.update(x)

                  return node.hex(m.digest())

              h = _md5sum

              kd = lambda s, d, h=h: h(b"%s:%s" % (s, d))

              return h, kd

          def adduser(self, user, password, realm):

              h, kd = self.gethashers()

              a1 = h(b'%s:%s:%s' % (user, realm, password))

              self._user_hashes[(user, realm)] = a1

          def makechallenge(self, realm):

              # We aren't testing the protocol here, just that the bytes make the

              # proper round trip.  So hardcoded seems fine.

              nonce = b'064af982c5b571cea6450d8eda91c20d'

              return b'realm="%s", nonce="%s", algorithm=MD5, qop="auth"' % (

                  realm,

                  nonce,

              )

          def checkauth(self, req, header):

              log = req.rawenv[b'wsgi.errors']

              h, kd = self.gethashers()

              resp = parse_keqv_list(req, header.split(b', '))

              if resp.get(b'algorithm', b'MD5').upper() != b'MD5':

                  log.write(b'Unsupported algorithm: %s' % resp.get(b'algorithm'))

                  raise common.ErrorResponse(

                      common.HTTP_FORBIDDEN, b"unknown algorithm"

                  )

              user = resp[b'username']

              realm = resp[b'realm']

              nonce = resp[b'nonce']

              ha1 = self._user_hashes.get((user, realm))

              if not ha1:

                  log.write(b'No hash found for user/realm "%s/%s"' % (user, realm))

                  raise common.ErrorResponse(common.HTTP_FORBIDDEN, b"bad user")

              qop = resp.get(b'qop', b'auth')

              if qop != b'auth':

                  log.write(b"Unsupported qop: %s" % qop)

                  raise common.ErrorResponse(common.HTTP_FORBIDDEN, b"bad qop")

              cnonce, ncvalue = resp.get(b'cnonce'), resp.get(b'nc')

              if not cnonce or not ncvalue:

                  log.write(b'No cnonce (%s) or ncvalue (%s)' % (cnonce, ncvalue))

                  raise common.ErrorResponse(common.HTTP_FORBIDDEN, b"no cnonce")

              a2 = b'%s:%s' % (req.method, resp[b'uri'])

              noncebit = b"%s:%s:%s:%s:%s" % (nonce, ncvalue, cnonce, qop, h(a2))

              respdig = kd(ha1, noncebit)

              if respdig != resp[b'response']:

                  log.write(

                      b'User/realm "%s/%s" gave %s, but expected %s'

                      % (user, realm, resp[b'response'], respdig)

                  )

                  return False

              return True

      digest = digestauthserver()

      def perform_authentication(hgweb, req, op):

          auth = req.headers.get(b'Authorization')

          if req.headers.get(b'X-HgTest-AuthType') == b'Digest':

              if not auth:

                  challenge = digest.makechallenge(b'mercurial')

                  raise common.ErrorResponse(

                      common.HTTP_UNAUTHORIZED,

                      b'who',

                      [(b'WWW-Authenticate', b'Digest %s' % challenge)],

                  )

              if not digest.checkauth(req, auth[7:]):

                  raise common.ErrorResponse(common.HTTP_FORBIDDEN, b'no')

              return

          if not auth:

              raise common.ErrorResponse(

                  common.HTTP_UNAUTHORIZED,

                  b'who',

                  [(b'WWW-Authenticate', b'Basic Realm="mercurial"')],

              )

          if base64.b64decode(auth.split()[1]).split(b':', 1) != [b'user', b'pass']:

              raise common.ErrorResponse(common.HTTP_FORBIDDEN, b'no')

      def extsetup(ui):

          common.permhooks.insert(0, perform_authentication)

          digest.adduser(b'user', b'pass', b'mercurial')

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				import base64
				import hashlib

				from mercurial.hgweb import common
				from mercurial import node


				def parse_keqv_list(req, l):
				"""Parse list of key=value strings where keys are not duplicated."""
				parsed = {}
				for elt in l:
				k, v = elt.split(b'=', 1)
				if v[0:1] == b'"' and v[-1:] == b'"':
				v = v[1:-1]
				parsed[k] = v
				return parsed


				class digestauthserver:
				def __init__(self):
				self._user_hashes = {}

				def gethashers(self):
				def _md5sum(x):
				m = hashlib.md5()
				m.update(x)
				return node.hex(m.digest())

				h = _md5sum

				kd = lambda s, d, h=h: h(b"%s:%s" % (s, d))
				return h, kd

				def adduser(self, user, password, realm):
				h, kd = self.gethashers()
				a1 = h(b'%s:%s:%s' % (user, realm, password))
				self._user_hashes[(user, realm)] = a1

				def makechallenge(self, realm):
				# We aren't testing the protocol here, just that the bytes make the
				# proper round trip. So hardcoded seems fine.
				nonce = b'064af982c5b571cea6450d8eda91c20d'
				return b'realm="%s", nonce="%s", algorithm=MD5, qop="auth"' % (
				realm,
				nonce,
				)

				def checkauth(self, req, header):
				log = req.rawenv[b'wsgi.errors']

				h, kd = self.gethashers()
				resp = parse_keqv_list(req, header.split(b', '))

				if resp.get(b'algorithm', b'MD5').upper() != b'MD5':
				log.write(b'Unsupported algorithm: %s' % resp.get(b'algorithm'))
				raise common.ErrorResponse(
				common.HTTP_FORBIDDEN, b"unknown algorithm"
				)
				user = resp[b'username']
				realm = resp[b'realm']
				nonce = resp[b'nonce']

				ha1 = self._user_hashes.get((user, realm))
				if not ha1:
				log.write(b'No hash found for user/realm "%s/%s"' % (user, realm))
				raise common.ErrorResponse(common.HTTP_FORBIDDEN, b"bad user")

				qop = resp.get(b'qop', b'auth')
				if qop != b'auth':
				log.write(b"Unsupported qop: %s" % qop)
				raise common.ErrorResponse(common.HTTP_FORBIDDEN, b"bad qop")

				cnonce, ncvalue = resp.get(b'cnonce'), resp.get(b'nc')
				if not cnonce or not ncvalue:
				log.write(b'No cnonce (%s) or ncvalue (%s)' % (cnonce, ncvalue))
				raise common.ErrorResponse(common.HTTP_FORBIDDEN, b"no cnonce")

				a2 = b'%s:%s' % (req.method, resp[b'uri'])
				noncebit = b"%s:%s:%s:%s:%s" % (nonce, ncvalue, cnonce, qop, h(a2))

				respdig = kd(ha1, noncebit)
				if respdig != resp[b'response']:
				log.write(
				b'User/realm "%s/%s" gave %s, but expected %s'
				% (user, realm, resp[b'response'], respdig)
				)
				return False

				return True


				digest = digestauthserver()


				def perform_authentication(hgweb, req, op):
				auth = req.headers.get(b'Authorization')

				if req.headers.get(b'X-HgTest-AuthType') == b'Digest':
				if not auth:
				challenge = digest.makechallenge(b'mercurial')
				raise common.ErrorResponse(
				common.HTTP_UNAUTHORIZED,
				b'who',
				[(b'WWW-Authenticate', b'Digest %s' % challenge)],
				)

				if not digest.checkauth(req, auth[7:]):
				raise common.ErrorResponse(common.HTTP_FORBIDDEN, b'no')

				return

				if not auth:
				raise common.ErrorResponse(
				common.HTTP_UNAUTHORIZED,
				b'who',
				[(b'WWW-Authenticate', b'Basic Realm="mercurial"')],
				)

				if base64.b64decode(auth.split()[1]).split(b':', 1) != [b'user', b'pass']:
				raise common.ErrorResponse(common.HTTP_FORBIDDEN, b'no')


				def extsetup(ui):
				common.permhooks.insert(0, perform_authentication)
				digest.adduser(b'user', b'pass', b'mercurial')