Patchwork D2793: hgweb: transition permissions hooks to modern request type (API)

login
register
mail settings
Submitter phabricator
Date March 12, 2018, 9:34 p.m.
Message ID <2b14656895895dc4d090daedf7b09f0f@localhost.localdomain>
Download mbox | patch
Permalink /patch/29376/
State Not Applicable
Headers show

Comments

phabricator - March 12, 2018, 9:34 p.m.
This revision was automatically updated to reflect the committed changes.
Closed by commit rHG02bea04b4c54: hgweb: transition permissions hooks to modern request type (API) (authored by indygreg, committed by ).

REPOSITORY
  rHG Mercurial

CHANGES SINCE LAST UPDATE
  https://phab.mercurial-scm.org/D2793?vs=6854&id=6929

REVISION DETAIL
  https://phab.mercurial-scm.org/D2793

AFFECTED FILES
  mercurial/hgweb/common.py
  mercurial/hgweb/hgweb_mod.py
  mercurial/wireprotoserver.py
  tests/test-http-bundle1.t
  tests/test-http.t
  tests/test-largefiles-wireproto.t

CHANGE DETAILS




To: indygreg, #hg-reviewers, durin42
Cc: mercurial-devel

Patch

diff --git a/tests/test-largefiles-wireproto.t b/tests/test-largefiles-wireproto.t
--- a/tests/test-largefiles-wireproto.t
+++ b/tests/test-largefiles-wireproto.t
@@ -424,7 +424,7 @@ 
   > import base64
   > from mercurial.hgweb import common
   > def perform_authentication(hgweb, req, op):
-  >     auth = req.env.get('HTTP_AUTHORIZATION')
+  >     auth = req.headers.get('Authorization')
   >     if not auth:
   >         raise common.ErrorResponse(common.HTTP_UNAUTHORIZED, 'who',
   >                 [('WWW-Authenticate', 'Basic Realm="mercurial"')])
diff --git a/tests/test-http.t b/tests/test-http.t
--- a/tests/test-http.t
+++ b/tests/test-http.t
@@ -168,7 +168,7 @@ 
   > import base64
   > from mercurial.hgweb import common
   > def perform_authentication(hgweb, req, op):
-  >     auth = req.env.get('HTTP_AUTHORIZATION')
+  >     auth = req.headers.get('Authorization')
   >     if not auth:
   >         raise common.ErrorResponse(common.HTTP_UNAUTHORIZED, 'who',
   >                 [('WWW-Authenticate', 'Basic Realm="mercurial"')])
@@ -510,7 +510,7 @@ 
   > from mercurial import util
   > from mercurial.hgweb import common
   > def perform_authentication(hgweb, req, op):
-  >     cookie = req.env.get('HTTP_COOKIE')
+  >     cookie = req.headers.get('Cookie')
   >     if not cookie:
   >         raise common.ErrorResponse(common.HTTP_SERVER_ERROR, 'no-cookie')
   >     raise common.ErrorResponse(common.HTTP_SERVER_ERROR, 'Cookie: %s' % cookie)
diff --git a/tests/test-http-bundle1.t b/tests/test-http-bundle1.t
--- a/tests/test-http-bundle1.t
+++ b/tests/test-http-bundle1.t
@@ -177,7 +177,7 @@ 
   > import base64
   > from mercurial.hgweb import common
   > def perform_authentication(hgweb, req, op):
-  >     auth = req.env.get('HTTP_AUTHORIZATION')
+  >     auth = req.headers.get('Authorization')
   >     if not auth:
   >         raise common.ErrorResponse(common.HTTP_UNAUTHORIZED, 'who',
   >                 [('WWW-Authenticate', 'Basic Realm="mercurial"')])
diff --git a/mercurial/wireprotoserver.py b/mercurial/wireprotoserver.py
--- a/mercurial/wireprotoserver.py
+++ b/mercurial/wireprotoserver.py
@@ -148,13 +148,12 @@ 
 def iscmd(cmd):
     return cmd in wireproto.commands
 
-def handlewsgirequest(rctx, wsgireq, req, res, checkperm):
+def handlewsgirequest(rctx, req, res, checkperm):
     """Possibly process a wire protocol request.
 
     If the current request is a wire protocol request, the request is
     processed by this function.
 
-    ``wsgireq`` is a ``wsgirequest`` instance.
     ``req`` is a ``parsedrequest`` instance.
     ``res`` is a ``wsgiresponse`` instance.
 
@@ -197,7 +196,7 @@ 
         return True
 
     proto = httpv1protocolhandler(req, repo.ui,
-                                  lambda perm: checkperm(rctx, wsgireq, perm))
+                                  lambda perm: checkperm(rctx, req, perm))
 
     # The permissions checker should be the only thing that can raise an
     # ErrorResponse. It is kind of a layer violation to catch an hgweb
diff --git a/mercurial/hgweb/hgweb_mod.py b/mercurial/hgweb/hgweb_mod.py
--- a/mercurial/hgweb/hgweb_mod.py
+++ b/mercurial/hgweb/hgweb_mod.py
@@ -322,7 +322,7 @@ 
             res.headers['Content-Security-Policy'] = rctx.csp
 
         handled = wireprotoserver.handlewsgirequest(
-            rctx, wsgireq, req, res, self.check_perm)
+            rctx, req, res, self.check_perm)
         if handled:
             return res.sendresponse()
 
@@ -380,7 +380,7 @@ 
 
             # check read permissions non-static content
             if cmd != 'static':
-                self.check_perm(rctx, wsgireq, None)
+                self.check_perm(rctx, req, None)
 
             if cmd == '':
                 req.qsparams['cmd'] = tmpl.cache['default']
diff --git a/mercurial/hgweb/common.py b/mercurial/hgweb/common.py
--- a/mercurial/hgweb/common.py
+++ b/mercurial/hgweb/common.py
@@ -46,7 +46,7 @@ 
     authentication info). Return if op allowed, else raise an ErrorResponse
     exception.'''
 
-    user = req.env.get(r'REMOTE_USER')
+    user = req.remoteuser
 
     deny_read = hgweb.configlist('web', 'deny_read')
     if deny_read and (not user or ismember(hgweb.repo.ui, user, deny_read)):
@@ -62,14 +62,13 @@ 
         return
 
     # enforce that you can only push using POST requests
-    if req.env[r'REQUEST_METHOD'] != r'POST':
+    if req.method != 'POST':
         msg = 'push requires POST request'
         raise ErrorResponse(HTTP_METHOD_NOT_ALLOWED, msg)
 
     # require ssl by default for pushing, auth info cannot be sniffed
     # and replayed
-    scheme = req.env.get('wsgi.url_scheme')
-    if hgweb.configbool('web', 'push_ssl') and scheme != 'https':
+    if hgweb.configbool('web', 'push_ssl') and req.urlscheme != 'https':
         raise ErrorResponse(HTTP_FORBIDDEN, 'ssl required')
 
     deny = hgweb.configlist('web', 'deny_push')