Mercurial > public > mercurial-scm > hg

diff mercurial/hgweb/hgweb_mod.py @ 2466:e10665147d26

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
push over http: server side authorization support. new hgrc entries allow_push, deny_push, push_ssl control push over http. allow_push list controls push. if empty or not set, no user can push. if "*", any user (incl. unauthenticated user) can push. if list of user names, only authenticated users in list can push. deny_push list examined before allow_push. if "*", no user can push. if list of user names, no unauthenticated user can push, and no users in list can push. push_ssl requires https connection for push. default is true, so password sniffing can not be done.
author Vadim Gelfer <vadim.gelfer@gmail.com>
date Tue, 20 Jun 2006 15:23:01 -0700
parents 09b1c9ef317c
children 76ff5efe8181 d0db3462d568
line wrap: on
line diff
--- a/mercurial/hgweb/hgweb_mod.py	Tue Jun 20 15:17:28 2006 -0700
+++ b/mercurial/hgweb/hgweb_mod.py	Tue Jun 20 15:23:01 2006 -0700
@@ -839,19 +839,59 @@
         req.httphdr("application/mercurial-0.1", length=len(resp))
         req.write(resp)
 
+    def check_perm(self, req, op, default):
+        '''check permission for operation based on user auth.
+        return true if op allowed, else false.
+        default is policy to use if no config given.'''
+
+        user = req.env.get('REMOTE_USER')
+
+        deny = self.repo.ui.config('web', 'deny_' + op, '')
+        deny = deny.replace(',', ' ').split()
+
+        if deny and (not user or deny == ['*'] or user in deny):
+            return False
+
+        allow = self.repo.ui.config('web', 'allow_' + op, '')
+        allow = allow.replace(',', ' ').split()
+
+        return (allow and (allow == ['*'] or user in allow)) or default
+
     def do_unbundle(self, req):
+        def bail(response, headers={}):
+            length = int(req.env['CONTENT_LENGTH'])
+            for s in util.filechunkiter(req, limit=length):
+                # drain incoming bundle, else client will not see
+                # response when run outside cgi script
+                pass
+            req.httphdr("application/mercurial-0.1", headers=headers)
+            req.write('0\n')
+            req.write(response)
+
+        # require ssl by default, auth info cannot be sniffed and
+        # replayed
+        ssl_req = self.repo.ui.configbool('web', 'push_ssl', True)
+        if ssl_req and not req.env.get('HTTPS'):
+            bail(_('ssl required\n'))
+            return
+
+        # do not allow push unless explicitly allowed
+        if not self.check_perm(req, 'push', False):
+            bail(_('push not authorized\n'),
+                 headers={'status': '401 Unauthorized'})
+            return
+
+        req.httphdr("application/mercurial-0.1")
+
         their_heads = req.form['heads'][0].split(' ')
 
         def check_heads():
             heads = map(hex, self.repo.heads())
             return their_heads == [hex('force')] or their_heads == heads
 
-        req.httphdr("application/mercurial-0.1")
-
         # fail early if possible
         if not check_heads():
-            req.write('0\n')
-            req.write(_('unsynced changes\n'))
+            bail(_('unsynced changes\n'))
             return
 
         # do not lock repo until all changegroup data is