diff options
author | Aldo Cortesi <aldo@nullcube.com> | 2012-12-31 10:56:44 +1300 |
---|---|---|
committer | Aldo Cortesi <aldo@nullcube.com> | 2012-12-31 10:56:44 +1300 |
commit | 5347cb9c269acdbc2fc36f92e3545fcbb9de45a1 (patch) | |
tree | 0bc590a4539f78ecce202e8891644a20507b41d9 /libmproxy/authentication.py | |
parent | 3b84111493dee7c21c4dd6ba390fd70cb13a8674 (diff) | |
download | mitmproxy-5347cb9c269acdbc2fc36f92e3545fcbb9de45a1.tar.gz mitmproxy-5347cb9c269acdbc2fc36f92e3545fcbb9de45a1.tar.bz2 mitmproxy-5347cb9c269acdbc2fc36f92e3545fcbb9de45a1.zip |
More work on proxy auth
- Strip auth header if auth succeeds, so it's not passed upstream
- Actually use realm specification to BasicProxyAuth, and make it mandatory
- Cleanups and unit tests
Diffstat (limited to 'libmproxy/authentication.py')
-rw-r--r-- | libmproxy/authentication.py | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/libmproxy/authentication.py b/libmproxy/authentication.py index 675f5dc5..1f1f40ae 100644 --- a/libmproxy/authentication.py +++ b/libmproxy/authentication.py @@ -9,9 +9,15 @@ class NullProxyAuth(): self.password_manager = password_manager self.username = "" + def clean(self, headers): + """ + Clean up authentication headers, so they're not passed upstream. + """ + pass + def authenticate(self, headers): """ - Tests that the specified user is allowed to use the proxy (stub) + Tests that the user is allowed to use the proxy """ return True @@ -23,12 +29,17 @@ class NullProxyAuth(): class BasicProxyAuth(NullProxyAuth): - def __init__(self, password_manager, realm="mitmproxy"): + CHALLENGE_HEADER = 'Proxy-Authenticate' + AUTH_HEADER = 'Proxy-Authorization' + def __init__(self, password_manager, realm): NullProxyAuth.__init__(self, password_manager) - self.realm = "mitmproxy" + self.realm = realm + + def clean(self, headers): + del headers[self.AUTH_HEADER] def authenticate(self, headers): - auth_value = headers.get('Proxy-Authorization', []) + auth_value = headers.get(self.AUTH_HEADER, []) if not auth_value: return False try: @@ -43,7 +54,7 @@ class BasicProxyAuth(NullProxyAuth): return True def auth_challenge_headers(self): - return {'Proxy-Authenticate':'Basic realm="%s"'%self.realm} + return {self.CHALLENGE_HEADER:'Basic realm="%s"'%self.realm} def unparse_auth_value(self, scheme, username, password): v = binascii.b2a_base64(username + ":" + password) |