# HG changeset patch # User Mads Kiilerich # Date 1470963888 -7200 # Node ID a89be5fb75d2b4ca7fd548a493c0a130ae33314e # Parent a1b3f392032b9d6040024fe05aea5bfc46b521ea hg: drop pointless push_ssl configuration setting - if there is a risk push can be compromised, credentials can also easily be stolen for pull Everybody should have a ssl-only setup now. Alternatively, there is a use case for 'only anonymous traffic on ssl - all authentication and authenticated traffic must be on ssl'. That can be done with proper web server configuration. diff -r a1b3f392032b -r a89be5fb75d2 kallithea/controllers/admin/settings.py --- a/kallithea/controllers/admin/settings.py Fri Aug 12 03:04:48 2016 +0200 +++ b/kallithea/controllers/admin/settings.py Fri Aug 12 03:04:48 2016 +0200 @@ -71,9 +71,6 @@ if k == 'paths_/': k = 'paths_root_path' - if k == 'web_push_ssl': - v = str2bool(v) - k = k.replace('.', '_') if each.ui_section in ['hooks', 'extensions']: @@ -99,9 +96,6 @@ force_defaults=False) try: - sett = Ui.get_by_key('web', 'push_ssl') - sett.ui_value = form_result['web_push_ssl'] - if c.visual.allow_repo_location_change: sett = Ui.get_by_key('paths', '/') sett.ui_value = form_result['paths_root_path'] diff -r a1b3f392032b -r a89be5fb75d2 kallithea/lib/base.py --- a/kallithea/lib/base.py Fri Aug 12 03:04:48 2016 +0200 +++ b/kallithea/lib/base.py Fri Aug 12 03:04:48 2016 +0200 @@ -249,20 +249,6 @@ def _get_ip_addr(self, environ): return _get_ip_addr(environ) - def _check_ssl(self, environ): - """ - Checks the SSL check flag and returns False if SSL is not present - and required True otherwise - """ - #check if we have SSL required ! if not it's a bad request ! - if str2bool(Ui.get_by_key('web', 'push_ssl').ui_value): - org_proto = environ.get('wsgi._org_proto', environ['wsgi.url_scheme']) - if org_proto != 'https': - log.debug('proto is %s and SSL is required BAD REQUEST !', - org_proto) - return False - return True - def _check_locking_state(self, environ, action, repo, user_id): """ Checks locking on this repository, if locking is enabled and lock is diff -r a1b3f392032b -r a89be5fb75d2 kallithea/lib/db_manage.py --- a/kallithea/lib/db_manage.py Fri Aug 12 03:04:48 2016 +0200 +++ b/kallithea/lib/db_manage.py Fri Aug 12 03:04:48 2016 +0200 @@ -424,9 +424,7 @@ self.create_ui_settings(path) ui_config = [ - ('web', 'push_ssl', 'false'), ('web', 'allow_archive', 'gz zip bz2'), - ('web', 'allow_push', '*'), ('web', 'baseurl', '/'), ('paths', '/', path), #('phases', 'publish', 'false') diff -r a1b3f392032b -r a89be5fb75d2 kallithea/lib/middleware/simplegit.py --- a/kallithea/lib/middleware/simplegit.py Fri Aug 12 03:04:48 2016 +0200 +++ b/kallithea/lib/middleware/simplegit.py Fri Aug 12 03:04:48 2016 +0200 @@ -66,8 +66,6 @@ def _handle_request(self, environ, start_response): if not is_git(environ): return self.application(environ, start_response) - if not self._check_ssl(environ): - return HTTPNotAcceptable('SSL REQUIRED !')(environ, start_response) ip_addr = self._get_ip_addr(environ) username = None diff -r a1b3f392032b -r a89be5fb75d2 kallithea/lib/middleware/simplehg.py --- a/kallithea/lib/middleware/simplehg.py Fri Aug 12 03:04:48 2016 +0200 +++ b/kallithea/lib/middleware/simplehg.py Fri Aug 12 03:04:48 2016 +0200 @@ -71,8 +71,6 @@ def _handle_request(self, environ, start_response): if not is_mercurial(environ): return self.application(environ, start_response) - if not self._check_ssl(environ): - return HTTPNotAcceptable('SSL REQUIRED !')(environ, start_response) ip_addr = self._get_ip_addr(environ) username = None diff -r a1b3f392032b -r a89be5fb75d2 kallithea/lib/utils.py --- a/kallithea/lib/utils.py Fri Aug 12 03:04:48 2016 +0200 +++ b/kallithea/lib/utils.py Fri Aug 12 03:04:48 2016 +0200 @@ -365,14 +365,12 @@ ui_.ui_key, ui_val) baseui.setconfig(safe_str(ui_.ui_section), safe_str(ui_.ui_key), ui_val) - if ui_.ui_key == 'push_ssl': - # force set push_ssl requirement to False, kallithea - # handles that - baseui.setconfig(safe_str(ui_.ui_section), safe_str(ui_.ui_key), - False) if clear_session: meta.Session.remove() + # force set push_ssl requirement to False, Kallithea handles that + baseui.setconfig('web', 'push_ssl', False) + baseui.setconfig('web', 'allow_push', '*') # prevent interactive questions for ssh password / passphrase ssh = baseui.config('ui', 'ssh', default='ssh') baseui.setconfig('ui', 'ssh', '%s -oBatchMode=yes -oIdentitiesOnly=yes' % ssh) diff -r a1b3f392032b -r a89be5fb75d2 kallithea/model/forms.py --- a/kallithea/model/forms.py Fri Aug 12 03:04:48 2016 +0200 +++ b/kallithea/model/forms.py Fri Aug 12 03:04:48 2016 +0200 @@ -373,7 +373,6 @@ class _ApplicationUiSettingsForm(formencode.Schema): allow_extra_fields = True filter_extra_fields = False - web_push_ssl = v.StringBoolean(if_missing=False) paths_root_path = All( v.ValidPath(), v.UnicodeString(strip=True, min=1, not_empty=True) diff -r a1b3f392032b -r a89be5fb75d2 kallithea/templates/admin/settings/settings_vcs.html --- a/kallithea/templates/admin/settings/settings_vcs.html Fri Aug 12 03:04:48 2016 +0200 +++ b/kallithea/templates/admin/settings/settings_vcs.html Fri Aug 12 03:04:48 2016 +0200 @@ -1,19 +1,6 @@ ${h.form(url('admin_settings'), method='post')}
-
-
- -
-
-
- ${h.checkbox('web_push_ssl', 'True')} - -
- ${_('Activate to require SSL both pushing and pulling. If SSL certificate is missing, it will return an HTTP Error 406: Not Acceptable.')} -
-
-