From fe01b1435a2acc9896b24a814e535558884a6143 Mon Sep 17 00:00:00 2001 From: Aldo Cortesi Date: Sun, 13 Nov 2016 11:50:28 +1300 Subject: upstream_proxy_auth -> upstream_auth Also clarify what this does in commandline help. --- mitmproxy/addons/__init__.py | 4 +- mitmproxy/addons/upstream_auth.py | 53 ++++++++++++++++++ mitmproxy/addons/upstream_proxy_auth.py | 53 ------------------ mitmproxy/tools/cmdline.py | 4 +- test/mitmproxy/addons/test_upstream_auth.py | 65 +++++++++++++++++++++++ test/mitmproxy/addons/test_upstream_proxy_auth.py | 65 ----------------------- 6 files changed, 122 insertions(+), 122 deletions(-) create mode 100644 mitmproxy/addons/upstream_auth.py delete mode 100644 mitmproxy/addons/upstream_proxy_auth.py create mode 100644 test/mitmproxy/addons/test_upstream_auth.py delete mode 100644 test/mitmproxy/addons/test_upstream_proxy_auth.py diff --git a/mitmproxy/addons/__init__.py b/mitmproxy/addons/__init__.py index d25c231b..d71b8912 100644 --- a/mitmproxy/addons/__init__.py +++ b/mitmproxy/addons/__init__.py @@ -10,7 +10,7 @@ from mitmproxy.addons import serverplayback from mitmproxy.addons import stickyauth from mitmproxy.addons import stickycookie from mitmproxy.addons import streambodies -from mitmproxy.addons import upstream_proxy_auth +from mitmproxy.addons import upstream_auth def default_addons(): @@ -27,5 +27,5 @@ def default_addons(): setheaders.SetHeaders(), serverplayback.ServerPlayback(), clientplayback.ClientPlayback(), - upstream_proxy_auth.UpstreamProxyAuth(), + upstream_auth.UpstreamAuth(), ] diff --git a/mitmproxy/addons/upstream_auth.py b/mitmproxy/addons/upstream_auth.py new file mode 100644 index 00000000..9beecfc0 --- /dev/null +++ b/mitmproxy/addons/upstream_auth.py @@ -0,0 +1,53 @@ +import re +import base64 + +from mitmproxy import exceptions +from mitmproxy.utils import strutils + + +def parse_upstream_auth(auth): + pattern = re.compile(".+:") + if pattern.search(auth) is None: + raise exceptions.OptionsError( + "Invalid upstream auth specification: %s" % auth + ) + return b"Basic" + b" " + base64.b64encode(strutils.always_bytes(auth)) + + +class UpstreamAuth(): + """ + This addon handles authentication to systems upstream from us for the + upstream proxy and reverse proxy mode. There are 3 cases: + + - Upstream proxy CONNECT requests should have authentication added, and + subsequent already connected requests should not. + - Upstream proxy regular requests + - Reverse proxy regular requests (CONNECT is invalid in this mode) + """ + def __init__(self): + self.auth = None + self.root_mode = None + + def configure(self, options, updated): + # FIXME: We're doing this because our proxy core is terminally confused + # at the moment. Ideally, we should be able to check if we're in + # reverse proxy mode at the HTTP layer, so that scripts can put the + # proxy in reverse proxy mode for specific reuests. + if "mode" in updated: + self.root_mode = options.mode + if "upstream_auth" in updated: + if options.upstream_auth is None: + self.auth = None + else: + self.auth = parse_upstream_auth(options.upstream_auth) + + def http_connect(self, f): + if self.auth and f.mode == "upstream": + f.request.headers["Proxy-Authorization"] = self.auth + + def requestheaders(self, f): + if self.auth: + if f.mode == "upstream" and not f.server_conn.via: + f.request.headers["Proxy-Authorization"] = self.auth + elif self.root_mode == "reverse": + f.request.headers["Proxy-Authorization"] = self.auth diff --git a/mitmproxy/addons/upstream_proxy_auth.py b/mitmproxy/addons/upstream_proxy_auth.py deleted file mode 100644 index 8b31c10a..00000000 --- a/mitmproxy/addons/upstream_proxy_auth.py +++ /dev/null @@ -1,53 +0,0 @@ -import re -import base64 - -from mitmproxy import exceptions -from mitmproxy.utils import strutils - - -def parse_upstream_auth(auth): - pattern = re.compile(".+:") - if pattern.search(auth) is None: - raise exceptions.OptionsError( - "Invalid upstream auth specification: %s" % auth - ) - return b"Basic" + b" " + base64.b64encode(strutils.always_bytes(auth)) - - -class UpstreamProxyAuth(): - """ - This addon handles authentication to systems upstream from us for the - upstream proxy and reverse proxy mode. There are 3 cases: - - - Upstream proxy CONNECT requests should have authentication added, and - subsequent already connected requests should not. - - Upstream proxy regular requests - - Reverse proxy regular requests (CONNECT is invalid in this mode) - """ - def __init__(self): - self.auth = None - self.root_mode = None - - def configure(self, options, updated): - # FIXME: We're doing this because our proxy core is terminally confused - # at the moment. Ideally, we should be able to check if we're in - # reverse proxy mode at the HTTP layer, so that scripts can put the - # proxy in reverse proxy mode for specific reuests. - if "mode" in updated: - self.root_mode = options.mode - if "upstream_auth" in updated: - if options.upstream_auth is None: - self.auth = None - else: - self.auth = parse_upstream_auth(options.upstream_auth) - - def http_connect(self, f): - if self.auth and f.mode == "upstream": - f.request.headers["Proxy-Authorization"] = self.auth - - def requestheaders(self, f): - if self.auth: - if f.mode == "upstream" and not f.server_conn.via: - f.request.headers["Proxy-Authorization"] = self.auth - elif self.root_mode == "reverse": - f.request.headers["Proxy-Authorization"] = self.auth diff --git a/mitmproxy/tools/cmdline.py b/mitmproxy/tools/cmdline.py index debe6db9..8b579952 100644 --- a/mitmproxy/tools/cmdline.py +++ b/mitmproxy/tools/cmdline.py @@ -463,8 +463,8 @@ def proxy_options(parser): action="store", dest="upstream_auth", default=None, type=str, help=""" - Proxy Authentication: - username:password + Add HTTP Basic authentcation to upstream proxy and reverse proxy + requests. Format: username:password """ ) rawtcp = group.add_mutually_exclusive_group() diff --git a/test/mitmproxy/addons/test_upstream_auth.py b/test/mitmproxy/addons/test_upstream_auth.py new file mode 100644 index 00000000..985b13a7 --- /dev/null +++ b/test/mitmproxy/addons/test_upstream_auth.py @@ -0,0 +1,65 @@ +import base64 + +from mitmproxy import exceptions +from mitmproxy.test import taddons +from mitmproxy.test import tflow +from mitmproxy.test import tutils +from mitmproxy.addons import upstream_auth + + +def test_configure(): + up = upstream_auth.UpstreamAuth() + with taddons.context() as tctx: + tctx.configure(up, upstream_auth="test:test") + assert up.auth == b"Basic" + b" " + base64.b64encode(b"test:test") + + tctx.configure(up, upstream_auth="test:") + assert up.auth == b"Basic" + b" " + base64.b64encode(b"test:") + + tctx.configure(up, upstream_auth=None) + assert not up.auth + + tutils.raises( + exceptions.OptionsError, + tctx.configure, + up, + upstream_auth="" + ) + tutils.raises( + exceptions.OptionsError, + tctx.configure, + up, + upstream_auth=":" + ) + tutils.raises( + exceptions.OptionsError, + tctx.configure, + up, + upstream_auth=":test" + ) + + +def test_simple(): + up = upstream_auth.UpstreamAuth() + with taddons.context() as tctx: + tctx.configure(up, upstream_auth="foo:bar") + + f = tflow.tflow() + f.mode = "upstream" + up.requestheaders(f) + assert "proxy-authorization" in f.request.headers + + f = tflow.tflow() + up.requestheaders(f) + assert "proxy-authorization" not in f.request.headers + + tctx.configure(up, mode="reverse") + f = tflow.tflow() + f.mode = "transparent" + up.requestheaders(f) + assert "proxy-authorization" in f.request.headers + + f = tflow.tflow() + f.mode = "upstream" + up.http_connect(f) + assert "proxy-authorization" in f.request.headers diff --git a/test/mitmproxy/addons/test_upstream_proxy_auth.py b/test/mitmproxy/addons/test_upstream_proxy_auth.py deleted file mode 100644 index d5d6a3e3..00000000 --- a/test/mitmproxy/addons/test_upstream_proxy_auth.py +++ /dev/null @@ -1,65 +0,0 @@ -import base64 - -from mitmproxy import exceptions -from mitmproxy.test import taddons -from mitmproxy.test import tflow -from mitmproxy.test import tutils -from mitmproxy.addons import upstream_proxy_auth - - -def test_configure(): - up = upstream_proxy_auth.UpstreamProxyAuth() - with taddons.context() as tctx: - tctx.configure(up, upstream_auth="test:test") - assert up.auth == b"Basic" + b" " + base64.b64encode(b"test:test") - - tctx.configure(up, upstream_auth="test:") - assert up.auth == b"Basic" + b" " + base64.b64encode(b"test:") - - tctx.configure(up, upstream_auth=None) - assert not up.auth - - tutils.raises( - exceptions.OptionsError, - tctx.configure, - up, - upstream_auth="" - ) - tutils.raises( - exceptions.OptionsError, - tctx.configure, - up, - upstream_auth=":" - ) - tutils.raises( - exceptions.OptionsError, - tctx.configure, - up, - upstream_auth=":test" - ) - - -def test_simple(): - up = upstream_proxy_auth.UpstreamProxyAuth() - with taddons.context() as tctx: - tctx.configure(up, upstream_auth="foo:bar") - - f = tflow.tflow() - f.mode = "upstream" - up.requestheaders(f) - assert "proxy-authorization" in f.request.headers - - f = tflow.tflow() - up.requestheaders(f) - assert "proxy-authorization" not in f.request.headers - - tctx.configure(up, mode="reverse") - f = tflow.tflow() - f.mode = "transparent" - up.requestheaders(f) - assert "proxy-authorization" in f.request.headers - - f = tflow.tflow() - f.mode = "upstream" - up.http_connect(f) - assert "proxy-authorization" in f.request.headers -- cgit v1.2.3