[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: better messaging w/ mod_dontdothat?

From: Mark Phippard <markphip_at_gmail.com>
Date: Wed, 5 Sep 2012 16:46:31 -0400

On Wed, Sep 5, 2012 at 2:56 PM, Doug Hunley <doug.hunley_at_gmail.com> wrote:

> I've recently been tasked to implement mod_dontdothat, and the
> implementation is in jeopardy of being cancelled due to the apparent
> lack of ability to customize the error messaging returned to the user
> when mod_dontdothat disallows an action. Is there some means I'm
> missing of configuring this?
>
> As I understand it, when an action is disallowed, mod_dontdothat
> basically returns 'nope' which Apache then translated into a 403 which
> is returned to the user. The (uneducated) user gets a pop-up from
> Tortoise/Cornerstone and basically doesn't know why they're denied. In
> fact, if they pay any attention at all, they 'recognize' the pop-up
> and think their password is wrong. :(
>
> Is there some means to actually tell the user they authenticated
> successfully, but they tried an action that we're disallowing? Ideally
> we'd point them to a wiki showing what is/isn't allowed.
>
>
Assume you already looked at the code? The comments are interesting and
might point in a direction to go:

      /* If we found something that isn't allowed, set the correct status
       * and return an error so it'll bail out before it gets anywhere it
       * can do real damage. */
      if (ctx->no_soup_for_you)
        {
          /* XXX maybe set up the SVN-ACTION env var so that it'll show up
           * in the Subversion operational logs? */

          ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, f->r,
                        "mod_dontdothat: client broke the rules, "
                        "returning error");

          /* Ok, pass an error bucket and an eos bucket back to the client.
           *
           * NOTE: The custom error string passed here doesn't seem to be
           * used anywhere by httpd. This is quite possibly a bug.
           *
           * TODO: Try and pass back a custom document body containing a
           * serialized svn_error_t so the client displays a better
           * error message. */
          bb = apr_brigade_create(f->r->pool, f->c->bucket_alloc);
          e = ap_bucket_error_create(403, "No Soup For You!",
                                     f->r->pool, f->c->bucket_alloc);
          APR_BRIGADE_INSERT_TAIL(bb, e);
          e = apr_bucket_eos_create(f->c->bucket_alloc);
          APR_BRIGADE_INSERT_TAIL(bb, e);

          /* Don't forget to remove us, otherwise recursion blows the
stack. */
          ap_remove_input_filter(f);

          return ap_pass_brigade(f->r->output_filters, bb);
        } 

-- 
Thanks
Mark Phippard
http://markphip.blogspot.com/
Received on 2012-09-05 22:47:04 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.