soundsoftware-site: extra/soundsoftware/SoundSoftware.pm comparison

comparison extra/soundsoftware/SoundSoftware.pm @ 734:1d1b8170c2f7 feature_318

Switch to SSL earlier when doing a push -- check for branchmap command. This is unequivocally a hack

author	Chris Cannam
date	Fri, 04 Nov 2011 14:41:21 +0000
parents	c7a731db96e5
children	8653bddf26a6

comparison

equal deleted inserted replaced

-:c7a731db96e5
+:1d1b8170c2f7
 my $readonly = project_repo_is_readonly($dbh, $project_id, $r);
 $dbh->disconnect();
 undef $dbh;
+my $auth_ssl_reqd = will_require_ssl_auth($r);
 if ($status == 1) { # public
 	print STDERR "SoundSoftware.pm:$$: Project is public\n";
 	if (!defined $read_only_methods{$method}) {
 	    } else {
 		print STDERR "SoundSoftware.pm:$$: Project repo is read-write, auth required\n";
 		# fall through, this is the normal case
 	    }
+} elsif ($auth_ssl_reqd and $r->unparsed_uri =~ m/cmd=branchmap/) {
+# A hac^H^H^Hspecial case. We want to ensure we switch to
+# https (if it will be necessarily for authentication)
+# before the first POST request, and this is what I think
+# will give us suitable warning for Mercurial.
+print STDERR "SoundSoftware.pm:$$: Switching to HTTPS in preparation\n";
+# fall through, this is the normal case
 	} else {
 	    # Public project, read-only method -- this is the only
 	    # case we can decide for certain to accept in this function
 	    print STDERR "SoundSoftware.pm:$$: Method is read-only, no restriction here\n";
 	    $r->set_handlers(PerlAuthenHandler => [\&OK]);
 	print STDERR "SoundSoftware.pm:$$: Project is private or nonexistent, auth required\n";
 	# fall through
 }
-my $cfg = Apache2::Module::get_config
+if ($auth_ssl_reqd) {
-(__PACKAGE__, $r->server, $r->per_dir_config);
+my $redir_to = "https://" . $r->hostname() . $r->unparsed_uri();
-if ($cfg->{SoundSoftwareSslRequired} eq "on") {
+print STDERR "SoundSoftware.pm:$$: Need to switch to HTTPS, redirecting to $redir_to\n";
-	if ($r->dir_config('HTTPS') eq "on") {
+$r->headers_out->add('Location' => $redir_to);
-	    return OK;
+return REDIRECT;
-	} else {
-	    my $redir_to = "https://" . $r->hostname() . $r->unparsed_uri();
-	    print STDERR "SoundSoftware.pm:$$: Need to switch to HTTPS, redirecting to $redir_to\n";
-	    $r->headers_out->add('Location' => $redir_to);
-	    return REDIRECT;
-	}
-} elsif ($cfg->{SoundSoftwareSslRequired} eq "off") {
-	return OK;
 } else {
-	print STDERR "WARNING: SoundSoftware.pm:$$: SoundSoftwareSslRequired should be either 'on' or 'off'\n";
+return OK;
-	return OK;
 }
 }
 sub authen_handler {
 my $r = shift;
 }
 $sth->finish();
 undef $sth;
 $ret;
+}
+sub will_require_ssl_auth {
+my $r = shift;
+my $cfg = Apache2::Module::get_config
+(__PACKAGE__, $r->server, $r->per_dir_config);
+if ($cfg->{SoundSoftwareSslRequired} eq "on") {
+if ($r->dir_config('HTTPS') eq "on") {
+# already have ssl
+return 0;
+} else {
+# require ssl for auth, don't have it yet
+return 1;
+}
+} elsif ($cfg->{SoundSoftwareSslRequired} eq "off") {
+# don't require ssl for auth
+return 0;
+} else {
+print STDERR "WARNING: SoundSoftware.pm:$$: SoundSoftwareSslRequired should be either 'on' or 'off'\n";
+# this is safer
+return 1;
+}
 }
 sub project_repo_is_readonly {
 my $dbh = shift;
 my $project_id = shift;

Mercurial > hg > soundsoftware-site

comparison extra/soundsoftware/SoundSoftware.pm @ 734:1d1b8170c2f7 feature_318