1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-19 05:12:41 +01:00

Allow broader HTTP access to public repositories, respect nonstandard Phabricator HTTP port when generating repository URIs

Summary:
Fixes T11030. Fixes T11032.

  - Allow HTTP access to "Public" repositories even if `diffusion.allow-http-auth` is disabled.
  - If you run Phabricator on an unusual port (???) use that port as the default when generating HTTP URIs.

Test Plan:
  - Faked `phabricator.base-uri` to an unusual port, saw repository HTTP URI generate with an unusual port.
  - Disabled `diffusion.allow-http-auth`, confirmed that toggling view policy between "public" and "users" activated or deactivated HTTP clone URI.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11030, T11032

Differential Revision: https://secure.phabricator.com/D15973
This commit is contained in:
epriestley 2016-05-25 08:07:38 -07:00
parent d1eed54d85
commit 189600e411
3 changed files with 44 additions and 10 deletions

View file

@ -2078,7 +2078,13 @@ final class PhabricatorRepository extends PhabricatorRepositoryDAO
PhabricatorRepositoryURI::BUILTIN_IDENTIFIER_ID => true, PhabricatorRepositoryURI::BUILTIN_IDENTIFIER_ID => true,
); );
$allow_http = PhabricatorEnv::getEnvConfig('diffusion.allow-http-auth'); // If the view policy of the repository is public, support anonymous HTTP
// even if authenticated HTTP is not supported.
if ($this->getViewPolicy() === PhabricatorPolicies::POLICY_PUBLIC) {
$allow_http = true;
} else {
$allow_http = PhabricatorEnv::getEnvConfig('diffusion.allow-http-auth');
}
$base_uri = PhabricatorEnv::getURI('/'); $base_uri = PhabricatorEnv::getURI('/');
$base_uri = new PhutilURI($base_uri); $base_uri = new PhutilURI($base_uri);

View file

@ -379,14 +379,40 @@ final class PhabricatorRepositoryURI
} }
private function getForcedPort() { private function getForcedPort() {
switch ($this->getBuiltinProtocol()) { $protocol = $this->getBuiltinProtocol();
case self::BUILTIN_PROTOCOL_SSH:
return PhabricatorEnv::getEnvConfig('diffusion.ssh-port'); if ($protocol == self::BUILTIN_PROTOCOL_SSH) {
case self::BUILTIN_PROTOCOL_HTTP: return PhabricatorEnv::getEnvConfig('diffusion.ssh-port');
case self::BUILTIN_PROTOCOL_HTTPS:
default:
return null;
} }
// If Phabricator is running on a nonstandard port, use that as the defualt
// port for URIs with the same protocol.
$is_http = ($protocol == self::BUILTIN_PROTOCOL_HTTP);
$is_https = ($protocol == self::BUILTIN_PROTOCOL_HTTPS);
if ($is_http || $is_https) {
$uri = PhabricatorEnv::getURI('/');
$uri = new PhutilURI($uri);
$port = $uri->getPort();
if (!$port) {
return null;
}
$uri_protocol = $uri->getProtocol();
$use_port =
($is_http && ($uri_protocol == 'http')) ||
($is_https && ($uri_protocol == 'https'));
if (!$use_port) {
return null;
}
return $port;
}
return null;
} }
private function getForcedPath() { private function getForcedPath() {

View file

@ -173,14 +173,16 @@ SSH clone URIs by examining configuration.
**HTTP**: The `http://` clone URI will be available if these conditions are **HTTP**: The `http://` clone URI will be available if these conditions are
satisfied: satisfied:
- `diffusion.allow-http-auth` must be enabled. - `diffusion.allow-http-auth` must be enabled or the repository view policy
must be "Public".
- The repository must be a Git or Mercurial repository. - The repository must be a Git or Mercurial repository.
- `security.require-https` must be disabled. - `security.require-https` must be disabled.
**HTTPS**: The `https://` clone URI will be available if these conditions are **HTTPS**: The `https://` clone URI will be available if these conditions are
satisfied: satisfied:
- `diffusion.allow-http-auth` must be enabled. - `diffusion.allow-http-auth` must be enabled or the repository view policy
must be "Public".
- The repository must be a Git or Mercurial repository. - The repository must be a Git or Mercurial repository.
- The `phabricator.base-uri` protocol must be `https://`. - The `phabricator.base-uri` protocol must be `https://`.