On Thu, Nov 8, 2012 at 6:49 PM, Thomas Åkesson <thomas.akes...@simonsoft.se> wrote: > On 5 nov 2012, at 00:21, Thomas Åkesson wrote: >>
Hi Thomas, Thank you for comprehensive testing! See my reply inline. >> I have meant to set up a test server with our reference configuration to >> validate the patch under realistic circumstances. Unfortunately, the SLES >> activation servers have been down for several hours (we don't have dev tools >> on our VM Appliance by default). I will do some tests with parentpath under >> "/svn/" and both variations of Satisfy as soon as possible. > > Right, it took a while to get that test server up and running with the dev > setup. I had to refresh some knowledge. > > I have performed the following tests with patch 2012-11-02. All tests with > access file configured and "Require valid-user". > > Parentpath on /svn/ and Satisfy Any: > > - Access without auth displays repositories with anonymous access, auth is > not requested. > - Access with auth displays filtered list. Works well when browser has > previously > been on an authenticated path. This is the situation when Satisfy Any and > filtered > Collection of Repositories does not work well. That's why mixing anonymous and authenticated access is not good thing. > - Did a test with AuthzSVNAnonymous Off, which gave the quite surprising > result > that all content was listed both on Collection of Repositories and within the > repositories. I doubt this is the intended behaviour?!? I agree, this is really strange behavior. Could you check this behavior with my patch? It's very low chance that my patch changes this behavior. > > > Parentpath on /svn/ and Satisfy All: > > - Authentication is required everywhere and the Collection of Repositories > is beautifully filtered. Works very well with improved user experience on > many installations. > > AuthzSVNAnonymous seems to have no effect in this case, which is expected. > > > Parentpath on /: > > Tested both Satisfy Any/All with same results as on /svn/. Good, I had some > concerns since there have historically been issues. Good. > The remaining concerns I have: > - The combination of this patch with Satisfy Any. I am a bit more concerned > than I was initially. > - What is going on with AuthzSVNAnonymous Off? I will do more analysis of the > code (focusing on access_checker in mod_authz_svn.c) but it would be great if > someone could elaborate a bit on the intent. > It would be nice if you confirm that my patch does not change AuthzSVNAnonymous Off behavior in this case I'll commit my patch and we may focus on this issue. -- Ivan Zhakov
