Perform "push requires ssl" check before authentication
If administrator enables "push requires ssl" option, RhodeCode refuses push over http after asking authentication details. For more secure setup, it should refuse pushing over http before authentication.
Most practical use of "push requires ssl" option is securing the HTTP authentication with the help of SSL. If this is the case, then RhodeCode should not allow someone to sent username/password in clear-text form just to print "requires ssl".