Page MenuHomePhabricator
Create Task
Maniphest T7000

404 when accessing repo via http
Closed, InvalidPublic
Actions

Description

Problem description:
When Phabricator "allow-public" is true and a repository is only accessible for certain users (non public) a push/pull failes with "404 No such repository".

  1. Set phabricator to public
  2. Set Diffusion Can Use Application, Default View Policy and Default Push Policy to a Project (I think this step has not been done in the previous attempt)
  3. Create a git repository with Visibile To, Pushable By set to a Project
  4. Try to push/pull the repo:
git push
fatal: repository 'https://xyz/diffusion/MS/test.git/' not found

After applying the patch it is possible to push/pull as expected:

git push
Everything up-to-date

Reason:

DiffusionServeController.php
-> If allow-public is set to true, no further check is done if the repository is even accessible as anonymous.

Revisions and Commits

rP Phabricator
Needs RevisionD11462 Fixed T7000

Related Objects

Mentioned In
D11462: Fixed T7000

Event Timeline

davidgiga1993 created this task.Jan 21 2015, 8:36 AM
davidgiga1993 raised the priority of this task from to Normal.
davidgiga1993 updated the task description. (Show Details)
davidgiga1993 added a project: Diffusion.
davidgiga1993 added a subscriber: davidgiga1993.
davidgiga1993 raised the priority of this task from Normal to Unbreak Now!.Jan 21 2015, 10:05 AM
davidgiga1993 updated the task description. (Show Details)
davidgiga1993 updated the task description. (Show Details)
davidgiga1993 added a revision: D11462: Fixed T7000.Jan 21 2015, 12:53 PM
chad lowered the priority of this task from Unbreak Now! to Needs Triage.Jan 21 2015, 3:06 PM
liuxinyu970226 added a subscriber: liuxinyu970226.Mar 29 2015, 8:39 AM
0xseantasker added a subscriber: 0xseantasker.Jun 2 2015, 1:29 AM

I ran into a 404 repository not found after changing Diffusion from public to All users. The repository in question is set to read and editable by users of a specific project. I was able to re-access the repository by setting Diffusion back to public (the repository still has restricted access).

Summary:
Diffusion: Usable by "All users" (i.e. non-public)
Repository: Visible to members of project X, editable by members of project X.
Result: "404 Repository not found" when attempting to push with Mercurial.
Expected: Repository should be accessible to user with correct credentials even if Diffusion is non-public.

epriestley closed this task as Invalid.Nov 23 2015, 4:14 PM
epriestley claimed this task.
epriestley added a subscriber: epriestley.

See Contributing Bug Reports.

I can not reproduce this. Here's what I did:

  • Set policy.allow-public to true.
  • Set the view policy for a repository to "All Users".
  • Tried to clone it over HTTP.

Here's what I experienced:

$ git clone http://local.phacility.com/diffusion/TESTY/git-test.git
Cloning into 'git-test'...
fatal: unable to access 'http://local.phacility.com/diffusion/TESTY/git-test.git/': The requested URL returned error: 403

In particular, note this:

The requested URL returned error: 403

...i.e., a 403 (Forbidden), not a 404 (Not Found).

epriestley mentioned this in D11462: Fixed T7000.Nov 23 2015, 4:14 PM
liuxinyu970226 removed a subscriber: liuxinyu970226.Dec 7 2015, 4:38 AM
davidgiga1993 added a comment.Apr 8 2019, 1:25 PM

This issue is still relevant and reproducible in the current release.
Here are the steps to reproduce it:

  1. Set phabricator to public
  2. Set Diffusion Can Use Application, Default View Policy and Default Push Policy to a Project (I think this step has not been done in the previous attempt)
  3. Create a git repository with Visibile To, Pushable By set to a Project
  4. Try to push/pull the repo:
git push
fatal: repository 'https://xyz/diffusion/MS/test.git/' not found

After applying the patch it is possible to push/pull as expected:

git push
Everything up-to-date
davidgiga1993 updated the task description. (Show Details)Nov 4 2019, 9:07 AM
Herald added a subscriber: amckinley. · View Herald TranscriptNov 4 2019, 9:07 AM
davidgiga1993 added a comment.Nov 4 2019, 9:07 AM

Again, this issue is still relevant. Updating did again break it.

leoluk added a subscriber: leoluk.Nov 4 2019, 5:45 PM

Isn't this working as designed? A user (or the public) needing access to the diffusion application in order to access repositories is exactly the behavior I would expect.

davidgiga1993 added a comment.Nov 4 2019, 6:11 PM

Yes sure. But in the case I've described above the user has access to diffusion (is member of the project having the diffusion application permission).

davidgiga1993 added a comment.Apr 13 2021, 6:42 AM

This issue is still occurring.. the root cause is related to phabricator being set to allow-public. My fix still works and it would be nice if anyone here would support me bringing this upstream.

To summarize:

  • Once phabricator is allow-public but the repositories aren't phabricator returns 404 instead of 401.
  • The suggested patch still applies, instead of throwing 404 a policy exception should be thrown if a anonymous user tries to access a repo
Phabricator · Built by Phacility