diff options
| author | Aldo Cortesi <aldo@nullcube.com> | 2012-12-31 10:34:25 +1300 |
|---|---|---|
| committer | Aldo Cortesi <aldo@nullcube.com> | 2012-12-31 10:34:25 +1300 |
| commit | 3b84111493dee7c21c4dd6ba390fd70cb13a8674 (patch) | |
| tree | b37bda18c09f4b60928f782702ebad3c88733674 | |
| parent | 018c229ae40d93f0f0987a37a33256db57cdc62c (diff) | |
| download | mitmproxy-3b84111493dee7c21c4dd6ba390fd70cb13a8674.tar.gz mitmproxy-3b84111493dee7c21c4dd6ba390fd70cb13a8674.tar.bz2 mitmproxy-3b84111493dee7c21c4dd6ba390fd70cb13a8674.zip | |
Test and robustify BasicProxyAuth.parse_auth_value
- This is partly in preparation for moving the implementation to netlib
- Also add an unparse_auth_value for testing (and use in pathod once the move is done)
| -rw-r--r-- | libmproxy/authentication.py | 23 | ||||
| -rw-r--r-- | test/test_authentication.py | 12 |
2 files changed, 29 insertions, 6 deletions
diff --git a/libmproxy/authentication.py b/libmproxy/authentication.py index c928ebbd..675f5dc5 100644 --- a/libmproxy/authentication.py +++ b/libmproxy/authentication.py @@ -32,8 +32,8 @@ class BasicProxyAuth(NullProxyAuth): if not auth_value: return False try: - scheme, username, password = self.parse_authorization_header(auth_value[0]) - except: + scheme, username, password = self.parse_auth_value(auth_value[0]) + except ValueError: return False if scheme.lower()!='basic': return False @@ -45,12 +45,23 @@ class BasicProxyAuth(NullProxyAuth): def auth_challenge_headers(self): return {'Proxy-Authenticate':'Basic realm="%s"'%self.realm} - def parse_authorization_header(self, auth_value): + def unparse_auth_value(self, scheme, username, password): + v = binascii.b2a_base64(username + ":" + password) + return scheme + " " + v + + def parse_auth_value(self, auth_value): words = auth_value.split() + if len(words) != 2: + raise ValueError("Invalid basic auth credential.") scheme = words[0] - user = binascii.a2b_base64(words[1]) - username, password = user.split(':') - return scheme, username, password + try: + user = binascii.a2b_base64(words[1]) + except binascii.Error: + raise ValueError("Invalid basic auth credential: user:password pair not valid base64: %s"%words[1]) + parts = user.split(':') + if len(parts) != 2: + raise ValueError("Invalid basic auth credential: decoded user:password pair not valid: %s"%user) + return scheme, parts[0], parts[1] class PasswordManager(): diff --git a/test/test_authentication.py b/test/test_authentication.py index 25714263..cc797d68 100644 --- a/test/test_authentication.py +++ b/test/test_authentication.py @@ -1,5 +1,7 @@ +import binascii from libmproxy import authentication from netlib import odict +import tutils class TestNullProxyAuth: @@ -16,3 +18,13 @@ class TestBasicProxyAuth: assert ba.auth_challenge_headers() assert not ba.authenticate(h) + def test_parse_auth_value(self): + ba = authentication.BasicProxyAuth(authentication.PermissivePasswordManager()) + vals = ("basic", "foo", "bar") + assert ba.parse_auth_value(ba.unparse_auth_value(*vals)) == vals + tutils.raises(ValueError, ba.parse_auth_value, "") + tutils.raises(ValueError, ba.parse_auth_value, "foo bar") + + v = "basic " + binascii.b2a_base64("foo") + tutils.raises(ValueError, ba.parse_auth_value, v) + |