Page MenuHomePhabricator

404 when accessing repo via http
Closed, InvalidPublic

Description

Problem description:
When Phabricator "allow-public" is true and a repository is only accessible for certain users (non public) a push/pull failes with "404 No such repository".

  1. Set phabricator to public
  2. Set Diffusion Can Use Application, Default View Policy and Default Push Policy to a Project (I think this step has not been done in the previous attempt)
  3. Create a git repository with Visibile To, Pushable By set to a Project
  4. Try to push/pull the repo:
git push
fatal: repository 'https://xyz/diffusion/MS/test.git/' not found

After applying the patch it is possible to push/pull as expected:

git push
Everything up-to-date

Reason:

DiffusionServeController.php
-> If allow-public is set to true, no further check is done if the repository is even accessible as anonymous.

Revisions and Commits

rP Phabricator
Needs Revision

Related Objects

Event Timeline

davidgiga1993 raised the priority of this task from to Normal.
davidgiga1993 updated the task description. (Show Details)
davidgiga1993 added a project: Diffusion.
davidgiga1993 added a subscriber: davidgiga1993.
davidgiga1993 raised the priority of this task from Normal to Unbreak Now!.Jan 21 2015, 10:05 AM
davidgiga1993 updated the task description. (Show Details)
davidgiga1993 updated the task description. (Show Details)
chad lowered the priority of this task from Unbreak Now! to Needs Triage.Jan 21 2015, 3:06 PM

I ran into a 404 repository not found after changing Diffusion from public to All users. The repository in question is set to read and editable by users of a specific project. I was able to re-access the repository by setting Diffusion back to public (the repository still has restricted access).

Summary:
Diffusion: Usable by "All users" (i.e. non-public)
Repository: Visible to members of project X, editable by members of project X.
Result: "404 Repository not found" when attempting to push with Mercurial.
Expected: Repository should be accessible to user with correct credentials even if Diffusion is non-public.

epriestley claimed this task.
epriestley added a subscriber: epriestley.

See Contributing Bug Reports.

I can not reproduce this. Here's what I did:

  • Set policy.allow-public to true.
  • Set the view policy for a repository to "All Users".
  • Tried to clone it over HTTP.

Here's what I experienced:

$ git clone http://local.phacility.com/diffusion/TESTY/git-test.git
Cloning into 'git-test'...
fatal: unable to access 'http://local.phacility.com/diffusion/TESTY/git-test.git/': The requested URL returned error: 403

In particular, note this:

The requested URL returned error: 403

...i.e., a 403 (Forbidden), not a 404 (Not Found).

This issue is still relevant and reproducible in the current release.
Here are the steps to reproduce it:

  1. Set phabricator to public
  2. Set Diffusion Can Use Application, Default View Policy and Default Push Policy to a Project (I think this step has not been done in the previous attempt)
  3. Create a git repository with Visibile To, Pushable By set to a Project
  4. Try to push/pull the repo:
git push
fatal: repository 'https://xyz/diffusion/MS/test.git/' not found

After applying the patch it is possible to push/pull as expected:

git push
Everything up-to-date

Again, this issue is still relevant. Updating did again break it.

Isn't this working as designed? A user (or the public) needing access to the diffusion application in order to access repositories is exactly the behavior I would expect.

Yes sure. But in the case I've described above the user has access to diffusion (is member of the project having the diffusion application permission).

This issue is still occurring.. the root cause is related to phabricator being set to allow-public. My fix still works and it would be nice if anyone here would support me bringing this upstream.

To summarize:

  • Once phabricator is allow-public but the repositories aren't phabricator returns 404 instead of 401.
  • The suggested patch still applies, instead of throwing 404 a policy exception should be thrown if a anonymous user tries to access a repo