addons.proxyauth: out with the old, in with the new

- Strip out old auth mechanisms, and enable addon
- Disable web app auth for now - this should just use the Tornado auth stuff

5 files changed, 29 insertions, 170 deletions

diff --git a/test/mitmproxy/addons/test_proxyauth.py b/test/mitmproxy/addons/test_proxyauth.py
index 73d87cbf..494a992f 100644
--- a/test/mitmproxy/addons/test_proxyauth.py
+++ b/test/mitmproxy/addons/test_proxyauth.py
@@ -7,16 +7,9 @@ from mitmproxy.test import tutils
 from mitmproxy.addons import proxyauth
 
 
-def mkauth(username, password, scheme="basic"):
-    v = binascii.b2a_base64(
-        (username + ":" + password).encode("utf8")
-    ).decode("ascii")
-    return scheme + " " + v
-
-
 def test_parse_http_basic_auth():
     assert proxyauth.parse_http_basic_auth(
-        mkauth("test", "test")
+        proxyauth.mkauth("test", "test")
     ) == ("basic", "test", "test")
     assert not proxyauth.parse_http_basic_auth("")
     assert not proxyauth.parse_http_basic_auth("foo bar")
@@ -92,19 +85,23 @@ def test_check():
         ctx.configure(up, auth_nonanonymous=True)
         f = tflow.tflow()
         assert not up.check(f)
-        f.request.headers["Proxy-Authorization"] = mkauth("test", "test")
+        f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
+            "test", "test"
+        )
         assert up.check(f)
 
         f.request.headers["Proxy-Authorization"] = "invalid"
         assert not up.check(f)
 
-        f.request.headers["Proxy-Authorization"] = mkauth(
+        f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
             "test", "test", scheme = "unknown"
         )
         assert not up.check(f)
 
         ctx.configure(up, auth_nonanonymous=False, auth_singleuser="test:test")
-        f.request.headers["Proxy-Authorization"] = mkauth("test", "test")
+        f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
+            "test", "test"
+        )
         assert up.check(f)
         ctx.configure(up, auth_nonanonymous=False, auth_singleuser="test:foo")
         assert not up.check(f)
@@ -116,9 +113,13 @@ def test_check():
                 "mitmproxy/net/data/htpasswd"
             )
         )
-        f.request.headers["Proxy-Authorization"] = mkauth("test", "test")
+        f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
+            "test", "test"
+        )
         assert up.check(f)
-        f.request.headers["Proxy-Authorization"] = mkauth("test", "foo")
+        f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
+            "test", "foo"
+        )
         assert not up.check(f)
 
 
@@ -133,7 +134,9 @@ def test_authenticate():
         assert f.response.status_code == 407
 
         f = tflow.tflow()
-        f.request.headers["Proxy-Authorization"] = mkauth("test", "test")
+        f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
+            "test", "test"
+        )
         up.authenticate(f)
         assert not f.response
         assert not f.request.headers.get("Proxy-Authorization")
@@ -146,7 +149,9 @@ def test_authenticate():
 
         f = tflow.tflow()
         f.mode = "transparent"
-        f.request.headers["Authorization"] = mkauth("test", "test")
+        f.request.headers["Authorization"] = proxyauth.mkauth(
+            "test", "test"
+        )
         up.authenticate(f)
         assert not f.response
         assert not f.request.headers.get("Authorization")
diff --git a/test/mitmproxy/net/http/test_authentication.py b/test/mitmproxy/net/http/test_authentication.py
deleted file mode 100644
index 01eae52d..00000000
--- a/test/mitmproxy/net/http/test_authentication.py
+++ /dev/null
@@ -1,122 +0,0 @@
-import binascii
-
-from mitmproxy.test import tutils
-from mitmproxy.net.http import authentication, Headers
-
-
-def test_parse_http_basic_auth():
-    vals = ("basic", "foo", "bar")
-    assert authentication.parse_http_basic_auth(
-        authentication.assemble_http_basic_auth(*vals)
-    ) == vals
-    assert not authentication.parse_http_basic_auth("")
-    assert not authentication.parse_http_basic_auth("foo bar")
-    v = "basic " + binascii.b2a_base64(b"foo").decode("ascii")
-    assert not authentication.parse_http_basic_auth(v)
-
-
-class TestPassManNonAnon:
-
-    def test_simple(self):
-        p = authentication.PassManNonAnon()
-        assert not p.test("", "")
-        assert p.test("user", "")
-
-
-class TestPassManHtpasswd:
-
-    def test_file_errors(self):
-        tutils.raises(
-            "malformed htpasswd file",
-            authentication.PassManHtpasswd,
-            tutils.test_data.path("mitmproxy/net/data/server.crt"))
-
-    def test_simple(self):
-        pm = authentication.PassManHtpasswd(tutils.test_data.path("mitmproxy/net/data/htpasswd"))
-
-        vals = ("basic", "test", "test")
-        authentication.assemble_http_basic_auth(*vals)
-        assert pm.test("test", "test")
-        assert not pm.test("test", "foo")
-        assert not pm.test("foo", "test")
-        assert not pm.test("test", "")
-        assert not pm.test("", "")
-
-
-class TestPassManSingleUser:
-
-    def test_simple(self):
-        pm = authentication.PassManSingleUser("test", "test")
-        assert pm.test("test", "test")
-        assert not pm.test("test", "foo")
-        assert not pm.test("foo", "test")
-
-
-class TestNullProxyAuth:
-
-    def test_simple(self):
-        na = authentication.NullProxyAuth(authentication.PassManNonAnon())
-        assert not na.auth_challenge_headers()
-        assert na.authenticate("foo")
-        na.clean({})
-
-
-class TestBasicProxyAuth:
-
-    def test_simple(self):
-        ba = authentication.BasicProxyAuth(authentication.PassManNonAnon(), "test")
-        headers = Headers()
-        assert ba.auth_challenge_headers()
-        assert not ba.authenticate(headers)
-
-    def test_authenticate_clean(self):
-        ba = authentication.BasicProxyAuth(authentication.PassManNonAnon(), "test")
-
-        headers = Headers()
-        vals = ("basic", "foo", "bar")
-        headers[ba.AUTH_HEADER] = authentication.assemble_http_basic_auth(*vals)
-        assert ba.authenticate(headers)
-
-        ba.clean(headers)
-        assert ba.AUTH_HEADER not in headers
-
-        headers[ba.AUTH_HEADER] = ""
-        assert not ba.authenticate(headers)
-
-        headers[ba.AUTH_HEADER] = "foo"
-        assert not ba.authenticate(headers)
-
-        vals = ("foo", "foo", "bar")
-        headers[ba.AUTH_HEADER] = authentication.assemble_http_basic_auth(*vals)
-        assert not ba.authenticate(headers)
-
-        ba = authentication.BasicProxyAuth(authentication.PassMan(), "test")
-        vals = ("basic", "foo", "bar")
-        headers[ba.AUTH_HEADER] = authentication.assemble_http_basic_auth(*vals)
-        assert not ba.authenticate(headers)
-
-
-class Bunch:
-    pass
-
-
-class TestAuthAction:
-
-    def test_nonanonymous(self):
-        m = Bunch()
-        aa = authentication.NonanonymousAuthAction(None, "authenticator")
-        aa(None, m, None, None)
-        assert m.authenticator
-
-    def test_singleuser(self):
-        m = Bunch()
-        aa = authentication.SingleuserAuthAction(None, "authenticator")
-        aa(None, m, "foo:bar", None)
-        assert m.authenticator
-        tutils.raises("invalid", aa, None, m, "foo", None)
-
-    def test_httppasswd(self):
-        m = Bunch()
-        aa = authentication.HtpasswdAuthAction(None, "authenticator")
-        aa(None, m, tutils.test_data.path("mitmproxy/net/data/htpasswd"), None)
-        assert m.authenticator
diff --git a/test/mitmproxy/test_eventsequence.py b/test/mitmproxy/test_eventsequence.py
index e6eb6569..262df4b0 100644
--- a/test/mitmproxy/test_eventsequence.py
+++ b/test/mitmproxy/test_eventsequence.py
@@ -67,7 +67,8 @@ class TestBasic(tservers.HTTPProxyTest, SequenceTester):
                         da
                     """
                 )
-            assert e.called[-1] == "requestheaders"
+        assert "requestheaders" in e.called
+        assert "responseheaders" not in e.called
 
     def test_connect(self):
         e = Eventer()
diff --git a/test/mitmproxy/test_proxy.py b/test/mitmproxy/test_proxy.py
index 8847c088..aa3b8979 100644
--- a/test/mitmproxy/test_proxy.py
+++ b/test/mitmproxy/test_proxy.py
@@ -113,13 +113,6 @@ class TestProcessProxyOptions:
         self.assert_err("expected one argument", "--upstream-auth")
         self.assert_err("mutually exclusive", "-R", "http://localhost", "-T")
 
-    def test_socks_auth(self):
-        self.assert_err(
-            "Proxy Authentication not supported in SOCKS mode.",
-            "--socks",
-            "--nonanonymous"
-        )
-
     def test_client_certs(self):
         with tutils.tmpdir() as cadir:
             self.assert_noerr("--client-certs", cadir)
@@ -137,26 +130,6 @@ class TestProcessProxyOptions:
             tutils.test_data.path("mitmproxy/data/testkey.pem"))
         self.assert_err("does not exist", "--cert", "nonexistent")
 
-    def test_auth(self):
-        p = self.assert_noerr("--nonanonymous")
-        assert p.authenticator
-
-        p = self.assert_noerr(
-            "--htpasswd",
-            tutils.test_data.path("mitmproxy/data/htpasswd"))
-        assert p.authenticator
-        self.assert_err(
-            "malformed htpasswd file",
-            "--htpasswd",
-            tutils.test_data.path("mitmproxy/data/htpasswd.invalid"))
-
-        p = self.assert_noerr("--singleuser", "test:test")
-        assert p.authenticator
-        self.assert_err(
-            "invalid single-user specification",
-            "--singleuser",
-            "test")
-
     def test_insecure(self):
         p = self.assert_noerr("--insecure")
         assert p.openssl_verification_mode_server == SSL.VERIFY_NONE
diff --git a/test/mitmproxy/test_server.py b/test/mitmproxy/test_server.py
index 5a5b6817..9429ab0f 100644
--- a/test/mitmproxy/test_server.py
+++ b/test/mitmproxy/test_server.py
@@ -6,6 +6,7 @@ from mitmproxy.test import tutils
 from mitmproxy import controller
 from mitmproxy import options
 from mitmproxy.addons import script
+from mitmproxy.addons import proxyauth
 from mitmproxy import http
 from mitmproxy.proxy.config import HostMatcher, parse_server_spec
 import mitmproxy.net.http
@@ -13,7 +14,6 @@ from mitmproxy.net import tcp
 from mitmproxy.net import socks
 from mitmproxy import certs
 from mitmproxy import exceptions
-from mitmproxy.net.http import authentication
 from mitmproxy.net.http import http1
 from mitmproxy.net.tcp import Address
 from pathod import pathoc
@@ -285,6 +285,7 @@ class TestHTTP(tservers.HTTPProxyTest, CommonMixin):
 
 class TestHTTPAuth(tservers.HTTPProxyTest):
     def test_auth(self):
+        self.master.addons.add(proxyauth.ProxyAuth())
         self.master.options.auth_singleuser = "test:test"
         assert self.pathod("202").status_code == 407
         p = self.pathoc()
@@ -295,14 +296,15 @@ class TestHTTPAuth(tservers.HTTPProxyTest):
                 h'%s'='%s'
             """ % (
                 self.server.port,
-                mitmproxy.net.http.authentication.BasicProxyAuth.AUTH_HEADER,
-                authentication.assemble_http_basic_auth("basic", "test", "test")
+                "Proxy-Authorization",
+                proxyauth.mkauth("test", "test")
             ))
         assert ret.status_code == 202
 
 
 class TestHTTPReverseAuth(tservers.ReverseProxyTest):
     def test_auth(self):
+        self.master.addons.add(proxyauth.ProxyAuth())
         self.master.options.auth_singleuser = "test:test"
         assert self.pathod("202").status_code == 401
         p = self.pathoc()
@@ -312,8 +314,8 @@ class TestHTTPReverseAuth(tservers.ReverseProxyTest):
                 '/p/202'
                 h'%s'='%s'
             """ % (
-                mitmproxy.net.http.authentication.BasicWebsiteAuth.AUTH_HEADER,
-                authentication.assemble_http_basic_auth("basic", "test", "test")
+                "Authorization",
+                proxyauth.mkauth("test", "test")
             ))
         assert ret.status_code == 202