Mercurial > hg > soundsoftware-site

changeset 734:1d1b8170c2f7 feature_318

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Switch to SSL earlier when doing a push -- check for branchmap command. This is unequivocally a hack
author Chris Cannam
date Fri, 04 Nov 2011 14:41:21 +0000
parents c7a731db96e5
children 8653bddf26a6
files extra/soundsoftware/SoundSoftware.pm
diffstat 1 files changed, 42 insertions(+), 15 deletions(-) [+]
line wrap: on
line diff
--- a/extra/soundsoftware/SoundSoftware.pm	Fri Nov 04 11:02:56 2011 +0000
+++ b/extra/soundsoftware/SoundSoftware.pm	Fri Nov 04 14:41:21 2011 +0000
@@ -215,6 +215,8 @@
     $dbh->disconnect();
     undef $dbh;
 
+    my $auth_ssl_reqd = will_require_ssl_auth($r);
+
     if ($status == 1) { # public
 
 	print STDERR "SoundSoftware.pm:$$: Project is public\n";
@@ -231,6 +233,16 @@
 		# fall through, this is the normal case
 	    }
 
+        } elsif ($auth_ssl_reqd and $r->unparsed_uri =~ m/cmd=branchmap/) {
+
+            # A hac^H^H^Hspecial case. We want to ensure we switch to
+            # https (if it will be necessarily for authentication) 
+            # before the first POST request, and this is what I think
+            # will give us suitable warning for Mercurial.
+
+            print STDERR "SoundSoftware.pm:$$: Switching to HTTPS in preparation\n";
+            # fall through, this is the normal case
+
 	} else {
 	    # Public project, read-only method -- this is the only
 	    # case we can decide for certain to accept in this function
@@ -245,22 +257,13 @@
 	# fall through
     }
 
-    my $cfg = Apache2::Module::get_config
-        (__PACKAGE__, $r->server, $r->per_dir_config);
-    if ($cfg->{SoundSoftwareSslRequired} eq "on") {
-	if ($r->dir_config('HTTPS') eq "on") {
-	    return OK;
-	} else {
-	    my $redir_to = "https://" . $r->hostname() . $r->unparsed_uri();
-	    print STDERR "SoundSoftware.pm:$$: Need to switch to HTTPS, redirecting to $redir_to\n";
-	    $r->headers_out->add('Location' => $redir_to);
-	    return REDIRECT;
-	}
-    } elsif ($cfg->{SoundSoftwareSslRequired} eq "off") {
-	return OK;
+    if ($auth_ssl_reqd) {
+        my $redir_to = "https://" . $r->hostname() . $r->unparsed_uri();
+        print STDERR "SoundSoftware.pm:$$: Need to switch to HTTPS, redirecting to $redir_to\n";
+        $r->headers_out->add('Location' => $redir_to);
+        return REDIRECT;
     } else {
-	print STDERR "WARNING: SoundSoftware.pm:$$: SoundSoftwareSslRequired should be either 'on' or 'off'\n";
-	return OK;
+        return OK;
     }
 }
 
@@ -340,6 +343,30 @@
     $ret;
 }
 
+sub will_require_ssl_auth {
+    my $r = shift;
+
+    my $cfg = Apache2::Module::get_config
+        (__PACKAGE__, $r->server, $r->per_dir_config);
+
+    if ($cfg->{SoundSoftwareSslRequired} eq "on") {
+        if ($r->dir_config('HTTPS') eq "on") {
+            # already have ssl
+            return 0;
+        } else {
+            # require ssl for auth, don't have it yet
+            return 1;
+        }
+    } elsif ($cfg->{SoundSoftwareSslRequired} eq "off") {
+        # don't require ssl for auth
+        return 0;
+    } else {
+        print STDERR "WARNING: SoundSoftware.pm:$$: SoundSoftwareSslRequired should be either 'on' or 'off'\n";
+        # this is safer
+        return 1;
+    }
+}
+
 sub project_repo_is_readonly {
     my $dbh = shift;
     my $project_id = shift;