kallithea Changeset - f0851f37d6be

Changeset - f0851f37d6be

Parent rev.

Child rev.

[Not reviewed]

beta

0 7 0

Marcin Kuzminski - 13 years ago 2012-07-26 23:03:26
marcin@python-works.com

Implementes #509 require SSL flag now works for both git and mercurial.
- check is done at earlies possible stage
- if detected protocol is not https and flag require is there RhodeCode will
return HTTP Error 406: Not Acceptable, before even checking credentials
- removed push_ssl flag from mercurial UI objects since that would duplicate logic

7 files changed with 40 insertions and 22 deletions:

rhodecode/lib/base.py

rhodecode/lib/middleware/https_fixup.py

rhodecode/lib/middleware/simplegit.py

rhodecode/lib/middleware/simplehg.py

rhodecode/lib/utils.py

rhodecode/model/db.py

rhodecode/templates/admin/settings/settings.html

0 comments (0 inline, 0 general)

rhodecode/lib/base.py

➞

Show inline comments

@@ @@ -23,7 +23,7 @@ from rhodecode.lib.auth import AuthUser, @@
 from rhodecode.lib.utils import get_repo_slug, invalidate_cache
 from rhodecode.model import meta
 from rhodecode.model.db import Repository
+from rhodecode.model.db import Repository, RhodeCodeUi
 from rhodecode.model.notification import NotificationModel
 from rhodecode.model.scm import ScmModel
@@ @@ -145,6 +145,21 @@ class BaseVCSController(object): @@
     def _get_ip_addr(self, environ):
         return _get_ip_addr(environ)
     def _check_ssl(self, environ, start_response):
         """
         Checks the SSL check flag and returns False if SSL is not present
         and required True otherwise
         """
         org_proto = environ['wsgi._org_proto']
         #check if we have SSL required  ! if not it's a bad request !
         require_ssl = str2bool(RhodeCodeUi.get_by_key('push_ssl')\
                                .scalar().ui_value)
         if require_ssl and org_proto == 'http':
             log.debug('proto is %s and SSL is required BAD REQUEST !'
                       % org_proto)
             return False
         return True
     def __call__(self, environ, start_response):
         start = time.time()
         try:

rhodecode/lib/middleware/https_fixup.py

➞

Show inline comments

@@ @@ -42,21 +42,20 @@ class HttpsFixup(object): @@
         middleware you should set this header inside your
         proxy ie. nginx, apache etc.
         """
         # DETECT PROTOCOL !
         if 'HTTP_X_URL_SCHEME' in environ:
             proto = environ.get('HTTP_X_URL_SCHEME')
         elif 'HTTP_X_FORWARDED_SCHEME' in environ:
             proto = environ.get('HTTP_X_FORWARDED_SCHEME')
         elif 'HTTP_X_FORWARDED_PROTO' in environ:
             proto = environ.get('HTTP_X_FORWARDED_PROTO')
         else:
             proto = 'http'
         org_proto = proto
         # if we have force, just override
         if str2bool(self.config.get('force_https')):
             proto = 'https'
         else:
             if 'HTTP_X_URL_SCHEME' in environ:
                 proto = environ.get('HTTP_X_URL_SCHEME')
             elif 'HTTP_X_FORWARDED_SCHEME' in environ:
                 proto = environ.get('HTTP_X_FORWARDED_SCHEME')
             elif 'HTTP_X_FORWARDED_PROTO' in environ:
                 proto = environ.get('HTTP_X_FORWARDED_PROTO')
             else:
                 proto = 'http'
         if proto == 'https':
             environ['wsgi.url_scheme'] = proto
         else:
             environ['wsgi.url_scheme'] = 'http'
         return None
         environ['wsgi.url_scheme'] = proto
         environ['wsgi._org_proto'] = org_proto

rhodecode/lib/middleware/simplegit.py

➞

Show inline comments

@@ @@ -74,6 +74,8 @@ dulserver.DEFAULT_HANDLERS = { @@
 #from dulwich.web import make_wsgi_chain
 from paste.httpheaders import REMOTE_USER, AUTH_TYPE
 from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError, \
     HTTPBadRequest, HTTPNotAcceptable
 from rhodecode.lib.utils2 import safe_str
 from rhodecode.lib.base import BaseVCSController
@@ @@ -81,8 +83,6 @@ from rhodecode.lib.auth import get_conta @@
 from rhodecode.lib.utils import is_valid_repo, make_ui
 from rhodecode.model.db import User, RhodeCodeUi
 from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError
 log = logging.getLogger(__name__)
@@ @@ -104,7 +104,8 @@ class SimpleGit(BaseVCSController): @@
         if not is_git(environ):
             return self.application(environ, start_response)
         if not self._check_ssl(environ, start_response):
             return HTTPNotAcceptable('SSL REQUIRED !')(environ, start_response)
         ipaddr = self._get_ip_addr(environ)
         username = None
         self._git_first_op = False

rhodecode/lib/middleware/simplehg.py

➞

Show inline comments

@@ @@ -33,6 +33,8 @@ from mercurial.error import RepoError @@
 from mercurial.hgweb import hgweb_mod
 from paste.httpheaders import REMOTE_USER, AUTH_TYPE
 from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError, \
     HTTPBadRequest, HTTPNotAcceptable
 from rhodecode.lib.utils2 import safe_str
 from rhodecode.lib.base import BaseVCSController
@@ @@ -40,7 +42,6 @@ from rhodecode.lib.auth import get_conta @@
 from rhodecode.lib.utils import make_ui, is_valid_repo, ui_sections
 from rhodecode.model.db import User
 from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError
 log = logging.getLogger(__name__)
@@ @@ -68,6 +69,8 @@ class SimpleHg(BaseVCSController): @@
     def _handle_request(self, environ, start_response):
         if not is_mercurial(environ):
             return self.application(environ, start_response)
         if not self._check_ssl(environ, start_response):
             return HTTPNotAcceptable('SSL REQUIRED !')(environ, start_response)
         ipaddr = self._get_ip_addr(environ)
         username = None

rhodecode/lib/utils.py

➞

Show inline comments

@@ @@ -312,7 +312,7 @@ def make_ui(read_from='file', path=None, @@
         hg_ui = ret
         for ui_ in hg_ui:
             if ui_.ui_active:
+            if ui_.ui_active and ui_.ui_key != 'push_ssl':
                 log.debug('settings ui from db[%s]%s:%s', ui_.ui_section,
                           ui_.ui_key, ui_.ui_value)
                 baseui.setconfig(ui_.ui_section, ui_.ui_key, ui_.ui_value)

rhodecode/model/db.py

➞

Show inline comments

@@ @@ -728,7 +728,7 @@ class Repository(Base, BaseModel): @@
         hg_ui = ret
         for ui_ in hg_ui:
             if ui_.ui_active:
+            if ui_.ui_active and ui_.ui_key != 'push_ssl':
                 log.debug('settings ui from db[%s]%s:%s', ui_.ui_section,
                           ui_.ui_key, ui_.ui_value)
                 baseui.setconfig(ui_.ui_section, ui_.ui_key, ui_.ui_value)

rhodecode/templates/admin/settings/settings.html

➞

Show inline comments

@@ @@ -129,7 +129,7 @@ @@
                 <div class="checkboxes">
 					<div class="checkbox">
 						${h.checkbox('web_push_ssl','true')}
-						<label for="web_push_ssl">${_('require ssl for pushing')}</label>
+						<label for="web_push_ssl">${_('require ssl for vcs operations')}</label>
 					</div>
 				</div>
              </div>

0 comments (0 inline, 0 general)