Page MenuHomePhabricator
Differential D7468

Implement writes over HTTP for Git.
ClosedPublic
Actions

Authored by epriestley on Oct 31 2013, 8:23 AM.
Tags
None
Referenced Files
F13161757: D7468.diff
Mon, May 6, 9:43 AM
Unknown Object (File)
Wed, May 1, 6:44 PM
Unknown Object (File)
Thu, Apr 18, 3:26 PM
Unknown Object (File)
Thu, Apr 18, 3:26 PM
Unknown Object (File)
Thu, Apr 18, 3:26 PM
Unknown Object (File)
Thu, Apr 18, 2:34 PM
Unknown Object (File)
Thu, Apr 18, 2:04 PM
Unknown Object (File)
Thu, Apr 18, 4:25 AM
View All Files
Subscribers
aran
epriestley
Korvin

Details

Reviewers
hach-que
Group Reviewers
Blessed Reviewers
Maniphest Tasks
Restricted Maniphest Task
Commits
Restricted Diffusion Commit
rP43fd567ef471: Implement writes over HTTP for Git.
Summary

Depends on D7642. This updates the authentication logic so that HTTP writes can be made to Git repositories hosted by Phabricator.

Test Plan

Set the policy to allow me to push and I was able to. Changed the policy to disallow push and I was no longer able to push.

Diff Detail

Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

epriestley accepted this revision.Oct 31 2013, 1:29 PM

A couple of tweaks inline if you get to this before I pull it, but this looks good to me.

src/applications/diffusion/controller/DiffusionController.php
75–77

We should put a key on this in D7462 to serve this query. I'd ideally like to use a user-based salt, which would mean we'd have to load the user first instead in order to hash the password (that is, hashPassword would become hashPassword($password, $user)). Is there a reason we can't do this in the "natural" order (check for a user, then verify the password) that you're aware of?

83–84

We should reject the viewer if their account isDisabled() here.

epriestley commandeered this revision.Oct 31 2013, 4:25 PM
epriestley edited reviewers, added: hach-que; removed: epriestley.

Yoink!

epriestley planned changes to this revision.Oct 31 2013, 4:25 PM

pokey pokey

epriestley added inline comments.Oct 31 2013, 4:55 PM
src/applications/diffusion/controller/DiffusionController.php
73–84

Oh, this doesn't actually do what it says on the tin -- PHP_AUTH_USER is completely ignored. I assume that's not intentional?

epriestley added a comment.Oct 31 2013, 5:48 PM

I have the password part of this working, but git-http-backend isn't working correctly for bare Git repositories. I'm going to keep digging and see if I can figure that out.

hach-que added inline comments.Oct 31 2013, 8:30 PM
src/applications/diffusion/controller/DiffusionController.php
73–84

Oh whoops! That definitely needs to have the username check in there. It's missing username = %s and $username in the query.

epriestley updated this revision to Unknown Object (????).Oct 31 2013, 10:26 PM
  • Check username.
  • Clarify some 401 vs 403: if you will never be able to log in, 403 instead of 401.
  • Pass HTTP_CONTENT_ENCODING so that git-http-backend knows it has to unzip stuff.
  • Add some more error handling and debugging that I wrote to try to figure out the gzip thing.
hach-que accepted this revision.Nov 1 2013, 8:29 AM
epriestley closed this revision.Nov 1 2013, 3:45 PM

Closed by commit rP43fd567ef471 (authored by @epriestley).

Revision Contents
Changeset List

PathSize
src/
applications/
diffusion/
controller/
134 lines

Diff 16838

View Options

src/applications/diffusion/controller/DiffusionController.php

Loading...
Phabricator · Built by Phacility