Mercurial > kallithea

changeset 7723:d14328af601e

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
middleware: minor cleanup and alignment between VCSs to clarify how things work
author Mads Kiilerich <mads@kiilerich.com>
date Mon, 07 Jan 2019 02:08:38 +0100
parents 0441afb55a96
children b88150a90804
files kallithea/lib/base.py kallithea/lib/middleware/simplegit.py kallithea/lib/middleware/simplehg.py kallithea/lib/utils.py
diffstat 4 files changed, 22 insertions(+), 25 deletions(-) [+]
line wrap: on
line diff
--- a/kallithea/lib/base.py	Wed Jan 23 03:47:46 2019 +0100
+++ b/kallithea/lib/base.py	Mon Jan 07 02:08:38 2019 +0100
@@ -58,7 +58,7 @@
 from kallithea.lib.vcs.exceptions import RepositoryError, EmptyRepositoryError, ChangesetDoesNotExistError
 from kallithea.model import meta
 
-from kallithea.model.db import PullRequest, Repository, Ui, User, Setting
+from kallithea.model.db import PullRequest, Repository, User, Setting
 from kallithea.model.scm import ScmModel
 
 log = logging.getLogger(__name__)
@@ -102,11 +102,11 @@
 
 
 def _get_access_path(environ):
-    path = environ.get('PATH_INFO')
+    """Return PATH_INFO from environ ... using tg.original_request if available."""
     org_req = environ.get('tg.original_request')
-    if org_req:
-        path = org_req.environ.get('PATH_INFO')
-    return path
+    if org_req is not None:
+        environ = org_req.environ
+    return environ.get('PATH_INFO')
 
 
 def log_in_user(user, remember, is_external_auth, ip_addr):
@@ -210,7 +210,7 @@
         """
         raise NotImplementedError()
 
-    def _authorize(self, environ, start_response, action, repo_name, ip_addr):
+    def _authorize(self, environ, action, repo_name, ip_addr):
         """Authenticate and authorize user.
 
         Since we're dealing with a VCS client and not a browser, we only
--- a/kallithea/lib/middleware/simplegit.py	Wed Jan 23 03:47:46 2019 +0100
+++ b/kallithea/lib/middleware/simplegit.py	Mon Jan 07 02:08:38 2019 +0100
@@ -28,13 +28,11 @@
 """
 
 
-import os
 import re
 import logging
 import traceback
 
-from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError, \
-    HTTPNotAcceptable, HTTPBadRequest
+from webob.exc import HTTPNotFound, HTTPInternalServerError, HTTPBadRequest
 
 from kallithea.model.db import Ui, Repository
 from kallithea.lib.utils2 import safe_str, safe_unicode, get_server_url, \
@@ -83,7 +81,6 @@
         return parsed_request
 
     def _handle_request(self, parsed_request, environ, start_response):
-        ip_addr = self._get_ip_addr(environ)
         # skip passing error to error controller
         environ['pylons.status_code_redirect'] = True
 
@@ -98,14 +95,14 @@
         #======================================================================
         # CHECK PERMISSIONS
         #======================================================================
-        user, response_app = self._authorize(environ, start_response, parsed_request.action, parsed_request.repo_name, ip_addr)
+        ip_addr = self._get_ip_addr(environ)
+        user, response_app = self._authorize(environ, parsed_request.action, parsed_request.repo_name, ip_addr)
         if response_app is not None:
             return response_app(environ, start_response)
 
         # extras are injected into Mercurial UI object and later available
         # in hooks executed by Kallithea
         from kallithea import CONFIG
-        server_url = get_server_url(environ)
         extras = {
             'ip': ip_addr,
             'username': user.username,
@@ -113,14 +110,14 @@
             'repository': parsed_request.repo_name,
             'scm': self.scm_alias,
             'config': CONFIG['__file__'],
-            'server_url': server_url,
+            'server_url': get_server_url(environ),
         }
 
-        #===================================================================
-        # GIT REQUEST HANDLING
-        #===================================================================
+        #======================================================================
+        # REQUEST HANDLING
+        #======================================================================
         log.debug('HOOKS extras is %s', extras)
-        _set_extras(extras or {})
+        _set_extras(extras)
 
         try:
             log.info('%s action on %s repo "%s" by "%s" from %s',
--- a/kallithea/lib/middleware/simplehg.py	Wed Jan 23 03:47:46 2019 +0100
+++ b/kallithea/lib/middleware/simplehg.py	Mon Jan 07 02:08:38 2019 +0100
@@ -33,8 +33,7 @@
 import traceback
 import urllib
 
-from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError, \
-    HTTPNotAcceptable, HTTPBadRequest
+from webob.exc import HTTPNotFound, HTTPInternalServerError, HTTPBadRequest
 
 from kallithea.lib.utils2 import safe_str, safe_unicode, get_server_url, \
     _set_extras
@@ -137,7 +136,6 @@
         return parsed_request
 
     def _handle_request(self, parsed_request, environ, start_response):
-        ip_addr = self._get_ip_addr(environ)
         # skip passing error to error controller
         environ['pylons.status_code_redirect'] = True
 
@@ -152,14 +150,14 @@
         #======================================================================
         # CHECK PERMISSIONS
         #======================================================================
-        user, response_app = self._authorize(environ, start_response, parsed_request.action, parsed_request.repo_name, ip_addr)
+        ip_addr = self._get_ip_addr(environ)
+        user, response_app = self._authorize(environ, parsed_request.action, parsed_request.repo_name, ip_addr)
         if response_app is not None:
             return response_app(environ, start_response)
 
         # extras are injected into Mercurial UI object and later available
         # in hooks executed by Kallithea
         from kallithea import CONFIG
-        server_url = get_server_url(environ)
         extras = {
             'ip': ip_addr,
             'username': user.username,
@@ -167,13 +165,14 @@
             'repository': parsed_request.repo_name,
             'scm': self.scm_alias,
             'config': CONFIG['__file__'],
-            'server_url': server_url,
+            'server_url': get_server_url(environ),
         }
+
         #======================================================================
-        # MERCURIAL REQUEST HANDLING
+        # REQUEST HANDLING
         #======================================================================
         log.debug('HOOKS extras is %s', extras)
-        _set_extras(extras or {})
+        _set_extras(extras)
 
         try:
             log.info('%s action on %s repo "%s" by "%s" from %s',
--- a/kallithea/lib/utils.py	Wed Jan 23 03:47:46 2019 +0100
+++ b/kallithea/lib/utils.py	Mon Jan 07 02:08:38 2019 +0100
@@ -268,6 +268,7 @@
 
     :return True: if given path is a valid repository
     """
+    # TODO: paranoid security checks?
     full_path = os.path.join(safe_str(base_path), safe_str(repo_name))
 
     try: