kallithea Changeset - a89be5fb75d2

Changeset - a89be5fb75d2

Parent rev.

Child rev.

[Not reviewed]

default

0 8 0

Mads Kiilerich - 9 years ago 2016-08-12 03:04:48
madski@unity3d.com

hg: drop pointless push_ssl configuration setting - if there is a risk push can be compromised, credentials can also easily be stolen for pull

Everybody should have a ssl-only setup now. Alternatively, there is a use case
for 'only anonymous traffic on ssl - all authentication and authenticated
traffic must be on ssl'. That can be done with proper web server configuration.

8 files changed with 3 insertions and 45 deletions:

kallithea/controllers/admin/settings.py

kallithea/lib/base.py

kallithea/lib/db_manage.py

kallithea/lib/middleware/simplegit.py

kallithea/lib/middleware/simplehg.py

kallithea/lib/utils.py

kallithea/model/forms.py

kallithea/templates/admin/settings/settings_vcs.html

0 comments (0 inline, 0 general)

kallithea/controllers/admin/settings.py

➞

Show inline comments

@@ @@ -71,9 +71,6 @@ class SettingsController(BaseController) @@
             if k == 'paths_/':
                 k = 'paths_root_path'
             if k == 'web_push_ssl':
                 v = str2bool(v)
             k = k.replace('.', '_')
             if each.ui_section in ['hooks', 'extensions']:
@@ @@ -99,9 +96,6 @@ class SettingsController(BaseController) @@
                      force_defaults=False)
             try:
                 sett = Ui.get_by_key('web', 'push_ssl')
                 sett.ui_value = form_result['web_push_ssl']
                 if c.visual.allow_repo_location_change:
                     sett = Ui.get_by_key('paths', '/')
                     sett.ui_value = form_result['paths_root_path']

kallithea/lib/base.py

➞

Show inline comments

@@ @@ -249,20 +249,6 @@ class BaseVCSController(object): @@
     def _get_ip_addr(self, environ):
         return _get_ip_addr(environ)
     def _check_ssl(self, environ):
         """
         Checks the SSL check flag and returns False if SSL is not present
         and required True otherwise
         """
         #check if we have SSL required  ! if not it's a bad request !
         if str2bool(Ui.get_by_key('web', 'push_ssl').ui_value):
             org_proto = environ.get('wsgi._org_proto', environ['wsgi.url_scheme'])
             if org_proto != 'https':
                 log.debug('proto is %s and SSL is required BAD REQUEST !',
                           org_proto)
                 return False
         return True
     def _check_locking_state(self, environ, action, repo, user_id):
         """
         Checks locking on this repository, if locking is enabled and lock is

kallithea/lib/db_manage.py

➞

Show inline comments

@@ @@ -424,9 +424,7 @@ class DbManage(object): @@
         self.create_ui_settings(path)
         ui_config = [
             ('web', 'push_ssl', 'false'),
             ('web', 'allow_archive', 'gz zip bz2'),
             ('web', 'allow_push', '*'),
             ('web', 'baseurl', '/'),
             ('paths', '/', path),
             #('phases', 'publish', 'false')

kallithea/lib/middleware/simplegit.py

➞

Show inline comments

@@ @@ -66,8 +66,6 @@ class SimpleGit(BaseVCSController): @@
     def _handle_request(self, environ, start_response):
         if not is_git(environ):
             return self.application(environ, start_response)
         if not self._check_ssl(environ):
             return HTTPNotAcceptable('SSL REQUIRED !')(environ, start_response)
         ip_addr = self._get_ip_addr(environ)
         username = None

kallithea/lib/middleware/simplehg.py

➞

Show inline comments

@@ @@ -71,8 +71,6 @@ class SimpleHg(BaseVCSController): @@
     def _handle_request(self, environ, start_response):
         if not is_mercurial(environ):
             return self.application(environ, start_response)
         if not self._check_ssl(environ):
             return HTTPNotAcceptable('SSL REQUIRED !')(environ, start_response)
         ip_addr = self._get_ip_addr(environ)
         username = None

kallithea/lib/utils.py

➞

Show inline comments

@@ @@ -365,14 +365,12 @@ def make_ui(read_from='file', path=None, @@
                           ui_.ui_key, ui_val)
                 baseui.setconfig(safe_str(ui_.ui_section), safe_str(ui_.ui_key),
                                  ui_val)
             if ui_.ui_key == 'push_ssl':
                 # force set push_ssl requirement to False, kallithea
                 # handles that
                 baseui.setconfig(safe_str(ui_.ui_section), safe_str(ui_.ui_key),
                                  False)
         if clear_session:
             meta.Session.remove()
         # force set push_ssl requirement to False, Kallithea handles that
         baseui.setconfig('web', 'push_ssl', False)
         baseui.setconfig('web', 'allow_push', '*')
         # prevent interactive questions for ssh password / passphrase
         ssh = baseui.config('ui', 'ssh', default='ssh')
         baseui.setconfig('ui', 'ssh', '%s -oBatchMode=yes -oIdentitiesOnly=yes' % ssh)

kallithea/model/forms.py

➞

Show inline comments

@@ @@ -373,7 +373,6 @@ def ApplicationUiSettingsForm(): @@
     class _ApplicationUiSettingsForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         web_push_ssl = v.StringBoolean(if_missing=False)
         paths_root_path = All(
             v.ValidPath(),
             v.UnicodeString(strip=True, min=1, not_empty=True)

kallithea/templates/admin/settings/settings_vcs.html

➞

Show inline comments

 ${h.form(url('admin_settings'), method='post')}
     <div class="form">
         <div class="fields">
             <div class="field">
                 <div class="label label-checkbox">
                     <label>${_('Web')}:</label>
                 </div>
                 <div class="checkboxes">
                     <div class="checkbox">
                         ${h.checkbox('web_push_ssl', 'True')}
                         <label for="web_push_ssl">${_('Require SSL for vcs operations')}</label>
                     </div>
                     <span class="help-block">${_('Activate to require SSL both pushing and pulling. If SSL certificate is missing, it will return an HTTP Error 406: Not Acceptable.')}</span>
                 </div>
              </div>
              <div class="field">
                 <div class="label label-checkbox">
                     <label>${_('Hooks')}:</label>

0 comments (0 inline, 0 general)