Refactor proxy auth a bit

- Remove authentication scheme option. We only support basic at the moment - we'll add the option back when we diversify. - Add some meta variables to make printout nicer
2013-01-02 17:35:44 +13:00 · 2013-01-02 17:35:44 +13:00 · 09f664cdea
parent 7b3d3dc85e
commit 09f664cdea
2 changed files with 14 additions and 36 deletions
--- a/libmproxy/cmdline.py
+++ b/libmproxy/cmdline.py
@ -338,46 +338,29 @@ def common_options(parser):
    group = parser.add_argument_group(
        "Proxy Authentication",
        """
-            Specification of which users are allowed to access the proxy and the method used for authenticating them.
-            If authscheme is specified, one must specify a list of authorized users and their passwords.
-            In case that authscheme is not specified, or set to None, any list of authorized users will be ignored.
-        """.strip()
+            Specify which users are allowed to access the proxy and the method
+            used for authenticating them. These options are ignored if the
+            proxy is in transparent or reverse proxy mode.
+        """
    )
-
-    group.add_argument(
-        "--authscheme", type=str,
-        action="store", dest="authscheme", default=None, choices=["none", "basic"],
-        help="""
-            Specify the scheme used by the proxy to identify users.
-            If not none, requires the specification of a list of authorized users.
-            This option is ignored if the proxy is in transparent or reverse mode.
-            """.strip()
-
-    )
-
    user_specification_group = group.add_mutually_exclusive_group()
-
-
    user_specification_group.add_argument(
        "--nonanonymous",
        action="store_true", dest="auth_nonanonymous",
-        help="Allow access to any user as long as a username is specified. Ignores the provided password."
+        help="Allow access to any user long as a credentials are specified."
    )

    user_specification_group.add_argument(
        "--singleuser",
        action="store", dest="auth_singleuser", type=str,
-        help="Allows access to a single user as specified by the option value. Specify a username and password in the form username:password."
+        metavar="USER",
+        help="Allows access to a a single user, specified in the form username:password."
    )
-
    user_specification_group.add_argument(
        "--htpasswd",
        action="store", dest="auth_htpasswd", type=argparse.FileType('r'),
+        metavar="PATH",
        help="Allow access to users specified in an Apache htpasswd file."
    )

-
-
-
-
    proxy.certificate_option_group(parser)
--- a/libmproxy/proxy.py
+++ b/libmproxy/proxy.py
@ -544,25 +544,20 @@ def process_proxy_options(parser, options):
        if not os.path.exists(options.certdir) or not os.path.isdir(options.certdir):
            parser.error("Dummy cert directory does not exist or is not a directory: %s"%options.certdir)

-    if options.authscheme and (options.authscheme!='none'):
-        if not (options.auth_nonanonymous or options.auth_singleuser or options.auth_htpasswd):
-            parser.error("Proxy authentication scheme is specified, but no allowed user list is given.")
-        if options.auth_singleuser and len(options.auth_singleuser.split(':'))!=2:
-            parser.error("Authorized user is not given in correct format username:password")
-        if options.auth_nonanonymous:
-            password_manager = authentication.PermissivePasswordManager()
-        elif options.auth_singleuser:
+    if (options.auth_nonanonymous or options.auth_singleuser or options.auth_htpasswd):
+        if options.auth_singleuser:
+            if len(options.auth_singleuser.split(':')) != 2:
+                parser.error("Please specify user in the format username:password")
            username, password = options.auth_singleuser.split(':')
            password_manager = authentication.SingleUserPasswordManager(username, password)
+        elif options.auth_nonanonymous:
+            password_manager = authentication.PermissivePasswordManager()
        elif options.auth_htpasswd:
            password_manager = authentication.HtpasswdPasswordManager(options.auth_htpasswd)
-        # in the meanwhile, basic auth is the only true authentication scheme we support
-        # so just use it
        authenticator = authentication.BasicProxyAuth(password_manager, "mitmproxy")
    else:
        authenticator = authentication.NullProxyAuth(None)

-
    return ProxyConfig(
        certfile = options.cert,
        cacert = cacert,