hgweb: Respond with HTTP 403 for disabled archive types instead of 404
This makes it easier for clients/users to distinct between supported
but disabled and unsupported archive types.
--- a/mercurial/hgweb/common.py Fri Sep 12 13:28:05 2008 +0200
+++ b/mercurial/hgweb/common.py Fri Sep 05 17:28:37 2008 +0200
@@ -11,6 +11,7 @@
HTTP_OK = 200
HTTP_BAD_REQUEST = 400
HTTP_UNAUTHORIZED = 401
+HTTP_FORBIDDEN = 403
HTTP_NOT_FOUND = 404
HTTP_METHOD_NOT_ALLOWED = 405
HTTP_SERVER_ERROR = 500
--- a/mercurial/hgweb/webcommands.py Fri Sep 12 13:28:05 2008 +0200
+++ b/mercurial/hgweb/webcommands.py Fri Sep 05 17:28:37 2008 +0200
@@ -12,7 +12,7 @@
from mercurial.util import binary, datestr
from mercurial.repo import RepoError
from common import paritygen, staticfile, get_contact, ErrorResponse
-from common import HTTP_OK, HTTP_NOT_FOUND
+from common import HTTP_OK, HTTP_FORBIDDEN, HTTP_NOT_FOUND
from mercurial import graphmod, util
# __all__ is populated with the allowed commands. Be sure to add to it if
@@ -535,11 +535,15 @@
allowed = web.configlist("web", "allow_archive")
key = req.form['node'][0]
- if not (type_ in web.archives and (type_ in allowed or
- web.configbool("web", "allow" + type_, False))):
+ if type_ not in web.archives:
msg = 'Unsupported archive type: %s' % type_
raise ErrorResponse(HTTP_NOT_FOUND, msg)
+ if not ((type_ in allowed or
+ web.configbool("web", "allow" + type_, False))):
+ msg = 'Archive type not allowed: %s' % type_
+ raise ErrorResponse(HTTP_FORBIDDEN, msg)
+
reponame = re.sub(r"\W+", "-", os.path.basename(web.reponame))
cnode = web.repo.lookup(key)
arch_version = key
--- a/tests/test-archive Fri Sep 12 13:28:05 2008 +0200
+++ b/tests/test-archive Fri Sep 05 17:28:37 2008 +0200
@@ -12,10 +12,36 @@
hg commit -Am 3 -d '1000000000 0'
echo "[web]" >> .hg/hgrc
echo "name = test-archive" >> .hg/hgrc
-echo "allow_archive = gz bz2, zip" >> .hg/hgrc
+cp .hg/hgrc .hg/hgrc-base
+
+# check http return codes
+test_archtype() {
+ echo "allow_archive = $1" >> .hg/hgrc
+ hg serve -p $HGPORT -d --pid-file=hg.pid -E errors.log
+ cat hg.pid >> $DAEMON_PIDS
+ echo % $1 allowed should give 200
+ "$TESTDIR/get-with-headers.py" localhost:$HGPORT "/archive/tip.$2" | head -n 1
+ echo % $3 and $4 disallowed should both give 403
+ "$TESTDIR/get-with-headers.py" localhost:$HGPORT "/archive/tip.$3" | head -n 1
+ "$TESTDIR/get-with-headers.py" localhost:$HGPORT "/archive/tip.$4" | head -n 1
+ kill `cat hg.pid`
+ cat errors.log
+ cp .hg/hgrc-base .hg/hgrc
+}
+
+echo
+test_archtype gz tar.gz tar.bz2 zip
+test_archtype bz2 tar.bz2 zip tar.gz
+test_archtype zip zip tar.gz tar.bz2
+
+echo "allow_archive = gz bz2 zip" >> .hg/hgrc
hg serve -p $HGPORT -d --pid-file=hg.pid -E errors.log
cat hg.pid >> $DAEMON_PIDS
+echo % invalid arch type should give 404
+"$TESTDIR/get-with-headers.py" localhost:$HGPORT "/archive/tip.invalid" | head -n 1
+echo
+
TIP=`hg id -v | cut -f1 -d' '`
QTIP=`hg id -q`
cat > getarchive.py <<EOF
--- a/tests/test-archive.out Fri Sep 12 13:28:05 2008 +0200
+++ b/tests/test-archive.out Fri Sep 05 17:28:37 2008 +0200
@@ -1,6 +1,25 @@
adding foo
adding bar
adding baz/bletch
+
+% gz allowed should give 200
+200 Script output follows
+% tar.bz2 and zip disallowed should both give 403
+403 Forbidden
+403 Forbidden
+% bz2 allowed should give 200
+200 Script output follows
+% zip and tar.gz disallowed should both give 403
+403 Forbidden
+403 Forbidden
+% zip allowed should give 200
+200 Script output follows
+% tar.gz and tar.bz2 disallowed should both give 403
+403 Forbidden
+403 Forbidden
+% invalid arch type should give 404
+404 Not Found
+
test-archive-TIP/.hg_archival.txt
test-archive-TIP/bar
test-archive-TIP/baz/bletch