[PATCH] allow http authentication information to be specified in the configuration
Sune Foldager
cryo at cyanite.org
Wed Apr 29 13:21:53 CDT 2009
# HG changeset patch
# User Sune Foldager <cryo at cyanite.org>
# Date 1241006815 -7200
# Node ID 2abf55b5bb83912ca2e7049d0e91109d3e2407a7
# Parent 0eade101f762927470512a0568bf31704f38d19e
allow http authentication information to be specified in the configuration
diff --git a/doc/hgrc.5.txt b/doc/hgrc.5.txt
--- a/doc/hgrc.5.txt
+++ b/doc/hgrc.5.txt
@@ -100,6 +100,45 @@
Mercurial "hgrc" file, the purpose of each section, its possible
keys, and their possible values.
+[[auth]]
+auth:
+ Authentication credentials for HTTP authentication.
+ Each line has the following format:
+
+ <name>.<argument> = <value>
+
+ where <name> is used to group arguments into authentication entries.
+ Example:
+
+ foo.prefix = hg.intevation.org/mercurial
+ foo.username = foo
+ foo.password = bar
+ foo.schemes = http https
+
+ Supported arguments:
+
+ prefix;;
+ Either '*' or a URI prefix with or without the scheme part. The
+ authentication entry with the longest matching prefix is used
+ (where '*' matches everything and counts as a match of length 1).
+ If the prefix doesn't include a scheme, the match is performed against
+ the URI with its scheme stripped as well, and the schemes argument,
+ q.v., is then subsequently consulted.
+ username;;
+ Username to authenticate with.
+ password;;
+ Optional. Password to authenticate with. If not given the user will be
+ prompted for it.
+ schemes;;
+ Optional. Space separated list of URI schemes to use this authentication
+ entry with. Only used if the prefix doesn't include a scheme. Supported
+ schemes are http and https. They will match static-http and static-https
+ respectively, as well.
+ Default: https.
+
+ If no suitable authentication entry is found, the user is prompted for
+ credentials as usual if required by the remote.
+
[[decode]]
decode/encode::
Filters for transforming files on checkout/checkin. This would
diff --git a/mercurial/url.py b/mercurial/url.py
--- a/mercurial/url.py
+++ b/mercurial/url.py
@@ -105,23 +105,59 @@
self, realm, authuri)
user, passwd = authinfo
if user and passwd:
+ self._writedebug(user, passwd)
return (user, passwd)
- if not self.ui.interactive():
- raise util.Abort(_('http authorization required'))
-
- self.ui.write(_("http authorization required\n"))
- self.ui.status(_("realm: %s\n") % realm)
- if user:
- self.ui.status(_("user: %s\n") % user)
- else:
- user = self.ui.prompt(_("user:"), default=None)
-
+ user, passwd = self._readauthtoken(authuri)
+ if not user or not passwd:
+ if not self.ui.interactive():
+ raise util.Abort(_('http authorization required'))
+
+ self.ui.write(_("http authorization required\n"))
+ self.ui.status(_("realm: %s\n") % realm)
+ if user:
+ self.ui.status(_("user: %s\n") % user)
+ else:
+ user = self.ui.prompt(_("user:"), default=None)
+
if not passwd:
passwd = self.ui.getpass()
+ if not passwd:
+ passwd = self.ui.getpass()
+
+ self.add_password(realm, authuri, user, passwd)
+ self._writedebug(user, passwd)
+ return (user, passwd)
- self.add_password(realm, authuri, user, passwd)
- return (user, passwd)
+ def _writedebug(self, user, passwd):
+ msg = _('http auth: user %s, password %s\n')
+ self.ui.debug(msg % (user, passwd and '*' * len(passwd) or 'not set'))
+
+ def _readauthtoken(self, uri):
+ # Read configuration
+ config = dict()
+ for key, val in self.ui.configitems('auth'):
+ group, setting = key.split('.', 1)
+ gdict = config.setdefault(group, dict())
+ gdict[setting] = val
+
+ # Find the best match
+ scheme, hostpath = uri.split('://', 1)
+ bestlen = 0
+ bestauth = None, None
+ for auth in config.itervalues():
+ prefix = auth.get('prefix')
+ if not prefix: continue
+ p = prefix.split('://', 1)
+ if len(p) > 1:
+ schemes, prefix = [p[0]], p[1]
+ else:
+ schemes = (auth.get('schemes') or 'https').split()
+ if (prefix == '*' or hostpath.startswith(prefix)) and \
+ len(prefix) > bestlen and scheme in schemes:
+ bestlen = len(prefix)
+ bestauth = auth.get('username'), auth.get('password')
+ return bestauth
class proxyhandler(urllib2.ProxyHandler):
def __init__(self, ui):
diff --git a/tests/test-hgweb-auth.py b/tests/test-hgweb-auth.py
new file mode 100644
--- /dev/null
+++ b/tests/test-hgweb-auth.py
@@ -0,0 +1,59 @@
+from mercurial import demandimport; demandimport.enable()
+from mercurial import ui
+from mercurial import url
+from mercurial.error import Abort
+
+class myui(ui.ui):
+ def interactive(self):
+ return False
+
+origui = myui()
+
+def writeauth(items):
+ ui = origui.copy()
+ for name, value in items.iteritems():
+ ui.setconfig('auth', name, value)
+ return ui
+
+def dumpdict(dict):
+ print '{' + ', '.join(['%s: %s' % (k, dict[k]) for k in sorted(dict.iterkeys())]) + '}'
+
+def test(auth):
+ print 'CFG:', dumpdict(auth)
+ prefixes = set()
+ for k in auth:
+ prefixes.add(k.split('.', 1)[0])
+ for p in prefixes:
+ auth.update({p + '.username': p, p + '.password': p})
+
+ ui = writeauth(auth)
+
+ def _test(uri):
+ print 'URI:', uri
+ try:
+ pm = url.passwordmgr(ui)
+ print ' ', pm.find_user_password('test', uri)
+ except Abort, e:
+ print 'abort'
+
+ _test('http://example.org/foo')
+ _test('http://example.org/foo/bar')
+ _test('http://example.org/bar')
+ _test('https://example.org/foo')
+ _test('https://example.org/foo/bar')
+ _test('https://example.org/bar')
+
+
+print '\n*** Test in-uri schemes\n'
+test({'x.prefix': 'http://example.org'})
+test({'x.prefix': 'https://example.org'})
+
+print '\n*** Test separately configured schemes\n'
+test({'x.prefix': 'example.org', 'x.schemes': 'http'})
+test({'x.prefix': 'example.org', 'x.schemes': 'https'})
+test({'x.prefix': 'example.org', 'x.schemes': 'http https'})
+
+print '\n*** Test prefix matching\n'
+test({'x.prefix': 'http://example.org/foo', 'y.prefix': 'http://example.org/bar'})
+test({'x.prefix': 'http://example.org/foo', 'y.prefix': 'http://example.org/foo/bar'})
+test({'x.prefix': '*', 'y.prefix': 'https://example.org/bar'})
diff --git a/tests/test-hgweb-auth.py.out b/tests/test-hgweb-auth.py.out
new file mode 100644
--- /dev/null
+++ b/tests/test-hgweb-auth.py.out
@@ -0,0 +1,121 @@
+
+*** Test in-uri schemes
+
+CFG: {x.prefix: http://example.org}
+None
+URI: http://example.org/foo
+ ('x', 'x')
+URI: http://example.org/foo/bar
+ ('x', 'x')
+URI: http://example.org/bar
+ ('x', 'x')
+URI: https://example.org/foo
+ abort
+URI: https://example.org/foo/bar
+ abort
+URI: https://example.org/bar
+ abort
+CFG: {x.prefix: https://example.org}
+None
+URI: http://example.org/foo
+ abort
+URI: http://example.org/foo/bar
+ abort
+URI: http://example.org/bar
+ abort
+URI: https://example.org/foo
+ ('x', 'x')
+URI: https://example.org/foo/bar
+ ('x', 'x')
+URI: https://example.org/bar
+ ('x', 'x')
+
+*** Test separately configured schemes
+
+CFG: {x.prefix: example.org, x.schemes: http}
+None
+URI: http://example.org/foo
+ ('x', 'x')
+URI: http://example.org/foo/bar
+ ('x', 'x')
+URI: http://example.org/bar
+ ('x', 'x')
+URI: https://example.org/foo
+ abort
+URI: https://example.org/foo/bar
+ abort
+URI: https://example.org/bar
+ abort
+CFG: {x.prefix: example.org, x.schemes: https}
+None
+URI: http://example.org/foo
+ abort
+URI: http://example.org/foo/bar
+ abort
+URI: http://example.org/bar
+ abort
+URI: https://example.org/foo
+ ('x', 'x')
+URI: https://example.org/foo/bar
+ ('x', 'x')
+URI: https://example.org/bar
+ ('x', 'x')
+CFG: {x.prefix: example.org, x.schemes: http https}
+None
+URI: http://example.org/foo
+ ('x', 'x')
+URI: http://example.org/foo/bar
+ ('x', 'x')
+URI: http://example.org/bar
+ ('x', 'x')
+URI: https://example.org/foo
+ ('x', 'x')
+URI: https://example.org/foo/bar
+ ('x', 'x')
+URI: https://example.org/bar
+ ('x', 'x')
+
+*** Test prefix matching
+
+CFG: {x.prefix: http://example.org/foo, y.prefix: http://example.org/bar}
+None
+URI: http://example.org/foo
+ ('x', 'x')
+URI: http://example.org/foo/bar
+ ('x', 'x')
+URI: http://example.org/bar
+ ('y', 'y')
+URI: https://example.org/foo
+ abort
+URI: https://example.org/foo/bar
+ abort
+URI: https://example.org/bar
+ abort
+CFG: {x.prefix: http://example.org/foo, y.prefix: http://example.org/foo/bar}
+None
+URI: http://example.org/foo
+ ('x', 'x')
+URI: http://example.org/foo/bar
+ ('y', 'y')
+URI: http://example.org/bar
+ abort
+URI: https://example.org/foo
+ abort
+URI: https://example.org/foo/bar
+ abort
+URI: https://example.org/bar
+ abort
+CFG: {x.prefix: *, y.prefix: https://example.org/bar}
+None
+URI: http://example.org/foo
+ abort
+URI: http://example.org/foo/bar
+ abort
+URI: http://example.org/bar
+ abort
+URI: https://example.org/foo
+ ('x', 'x')
+URI: https://example.org/foo/bar
+ ('x', 'x')
+URI: https://example.org/bar
+ ('y', 'y')
More information about the Mercurial-devel
mailing list