Refactor proxy auth a bit

- Remove authentication scheme option. We only support basic at the moment -
we'll add the option back when we diversify.
- Add some meta variables to make printout nicer

2 files changed, 14 insertions, 36 deletions

diff --git a/libmproxy/cmdline.py b/libmproxy/cmdline.py
index db1ebf0d..060e0073 100644
--- a/libmproxy/cmdline.py
+++ b/libmproxy/cmdline.py
@@ -338,46 +338,29 @@ def common_options(parser):
     group = parser.add_argument_group(
         "Proxy Authentication",
         """
-            Specification of which users are allowed to access the proxy and the method used for authenticating them.
-            If authscheme is specified, one must specify a list of authorized users and their passwords.
-            In case that authscheme is not specified, or set to None, any list of authorized users will be ignored.
-        """.strip()
-    )
-
-    group.add_argument(
-        "--authscheme", type=str,
-        action="store", dest="authscheme", default=None, choices=["none", "basic"],
-        help="""
-            Specify the scheme used by the proxy to identify users.
-            If not none, requires the specification of a list of authorized users.
-            This option is ignored if the proxy is in transparent or reverse mode.
-            """.strip()
-
+            Specify which users are allowed to access the proxy and the method
+            used for authenticating them. These options are ignored if the
+            proxy is in transparent or reverse proxy mode.
+        """
     )
-
     user_specification_group = group.add_mutually_exclusive_group()
-
-
     user_specification_group.add_argument(
         "--nonanonymous",
         action="store_true", dest="auth_nonanonymous",
-        help="Allow access to any user as long as a username is specified. Ignores the provided password."
+        help="Allow access to any user long as a credentials are specified."
     )
 
     user_specification_group.add_argument(
         "--singleuser",
         action="store", dest="auth_singleuser", type=str,
-        help="Allows access to a single user as specified by the option value. Specify a username and password in the form username:password."
+        metavar="USER",
+        help="Allows access to a a single user, specified in the form username:password."
     )
-
     user_specification_group.add_argument(
         "--htpasswd",
         action="store", dest="auth_htpasswd", type=argparse.FileType('r'),
+        metavar="PATH",
         help="Allow access to users specified in an Apache htpasswd file."
     )
 
-
-
-
-
     proxy.certificate_option_group(parser)
diff --git a/libmproxy/proxy.py b/libmproxy/proxy.py
index 9abb9833..22e7ff63 100644
--- a/libmproxy/proxy.py
+++ b/libmproxy/proxy.py
@@ -544,25 +544,20 @@ def process_proxy_options(parser, options):
         if not os.path.exists(options.certdir) or not os.path.isdir(options.certdir):
             parser.error("Dummy cert directory does not exist or is not a directory: %s"%options.certdir)
 
-    if options.authscheme and (options.authscheme!='none'):
-        if not (options.auth_nonanonymous or options.auth_singleuser or options.auth_htpasswd):
-            parser.error("Proxy authentication scheme is specified, but no allowed user list is given.")
-        if options.auth_singleuser and len(options.auth_singleuser.split(':'))!=2:
-            parser.error("Authorized user is not given in correct format username:password")
-        if options.auth_nonanonymous:
-            password_manager = authentication.PermissivePasswordManager()
-        elif options.auth_singleuser:
+    if (options.auth_nonanonymous or options.auth_singleuser or options.auth_htpasswd):
+        if options.auth_singleuser:
+            if len(options.auth_singleuser.split(':')) != 2:
+                parser.error("Please specify user in the format username:password")
             username, password = options.auth_singleuser.split(':')
             password_manager = authentication.SingleUserPasswordManager(username, password)
+        elif options.auth_nonanonymous:
+            password_manager = authentication.PermissivePasswordManager()
         elif options.auth_htpasswd:
             password_manager = authentication.HtpasswdPasswordManager(options.auth_htpasswd)
-        # in the meanwhile, basic auth is the only true authentication scheme we support
-        # so just use it
         authenticator = authentication.BasicProxyAuth(password_manager, "mitmproxy")
     else:
         authenticator = authentication.NullProxyAuth(None)
 
-
     return ProxyConfig(
         certfile = options.cert,
         cacert = cacert,