[PATCH] allow http authentication information to be specified in the configuration
Sune Foldager
cryo at cyanite.org
Sun Apr 5 15:17:26 CDT 2009
I discussed this with djc on IRC some time ago. It adds an [auth]
section to the configuration, where you can put lines like this:
urlprefix = username:password
urlprefix is matched against the url being operated on (excluding the
schema). The longest prefix wins, and there is a special prefix, *,
which matches all urls (with match length 1, so any more specific prefix
will win). The username/password pair is then used to authenticate
against the remote http. All this is only activated if no
username/password is given as part of the URL.
Presently, it only works with http and static-http, as ssh doesn't seem
to allow the password to be specified as part of the url, and
url.getauthtoken isn't used to extract this information.
At work we use this patch to do our own authentication system where an
external program obtains a token and writes it into the mercurial.ini
file with a special username, and the server checks this against the
token provider.
Ideas for unit testing are welcome :-).
--
Sune Foldager.
# HG changeset patch
# User Sune Foldager <cryo at cyanite.org>
# Date 1238961876 -7200
# Node ID 5f4f6c45ea85b0cfaef47cfca9b4cf679cd9fc52
# Parent 25b63941b17b836caf5fd547d2a646a168496ba6
allow http authentication information to be specified in the configuration
diff --git a/mercurial/httprepo.py b/mercurial/httprepo.py
--- a/mercurial/httprepo.py
+++ b/mercurial/httprepo.py
@@ -31,7 +31,7 @@
(query or frag))
# urllib cannot handle URLs with embedded user or passwd
- self._url, authinfo = url.getauthinfo(path)
+ self._url, authinfo = url.getauthinfo(ui, path)
self.ui = ui
self.ui.debug(_('using %s\n') % self._url)
diff --git a/mercurial/statichttprepo.py b/mercurial/statichttprepo.py
--- a/mercurial/statichttprepo.py
+++ b/mercurial/statichttprepo.py
@@ -60,7 +60,7 @@
self._url = path
self.ui = ui
- self.path, authinfo = url.getauthinfo(path.rstrip('/') + "/.hg")
+ self.path, authinfo = url.getauthinfo(ui, path.rstrip('/') +
"/.hg")
opener = build_opener(ui, authinfo)
self.opener = opener(self.path)
diff --git a/mercurial/url.py b/mercurial/url.py
--- a/mercurial/url.py
+++ b/mercurial/url.py
@@ -246,7 +246,22 @@
return
raise
-def getauthinfo(path):
+def _readauthtoken(ui, url):
+ url = url[url.index('://')+3:]
+ bestlen = 0
+ bestauth = None
+ for prefix, auth in ui.configitems('auth'):
+ if (prefix == '*' or url.startswith(prefix)) and len(prefix) >
bestlen:
+ bestlen = len(prefix)
+ bestauth = auth
+ if bestauth:
+ userpw = bestauth.split(':')
+ if len(userpw) == 1:
+ return userpw[0], None
+ return userpw
+ return None, None
+
+def getauthinfo(ui, path):
scheme, netloc, urlpath, query, frag = urlparse.urlsplit(path)
if not urlpath:
urlpath = '/'
@@ -261,6 +276,8 @@
# urllib cannot handle URLs with embedded user or passwd
url = urlparse.urlunsplit((scheme, netlocunsplit(host, port),
urlpath, query, frag))
+ if not user:
+ user, passwd = _readauthtoken(ui, url)
if user:
netloc = host
if port:
@@ -310,5 +327,5 @@
url = 'file://' + urllib.pathname2url(path)
authinfo = None
else:
- url, authinfo = getauthinfo(url)
+ url, authinfo = getauthinfo(ui, url)
return opener(ui, authinfo).open(url, data)
More information about the Mercurial-devel
mailing list