From a48319e32d3c60cb919ef70706b3a3750406f837 Mon Sep 17 00:00:00 2001 From: Abhinav Singh Date: Tue, 13 Oct 2020 20:56:23 +0530 Subject: [PATCH] Relax proxy auth requirement to allow mixed case for the auth type e.g. "basic", "Basic", "BaSiC" are all allowed (#451) --- proxy/http/proxy/server.py | 6 ++++-- proxy/proxy.py | 2 +- tests/http/test_protocol_handler.py | 9 +++------ tests/test_main.py | 2 +- 4 files changed, 9 insertions(+), 10 deletions(-) diff --git a/proxy/http/proxy/server.py b/proxy/http/proxy/server.py index d0297ea8..168de7e1 100644 --- a/proxy/http/proxy/server.py +++ b/proxy/http/proxy/server.py @@ -535,8 +535,10 @@ class HttpProxyPlugin(HttpProtocolHandlerPlugin): def authenticate(self) -> None: if self.flags.auth_code: - if b'proxy-authorization' not in self.request.headers or \ - self.request.headers[b'proxy-authorization'][1] != self.flags.auth_code: + if b'proxy-authorization' not in self.request.headers: + raise ProxyAuthenticationFailed() + parts = self.request.headers[b'proxy-authorization'][1].split() + if len(parts) != 2 and parts[0].lower() != b'basic' and parts[1] != self.flags.auth_code: raise ProxyAuthenticationFailed() def connect_upstream(self) -> None: diff --git a/proxy/proxy.py b/proxy/proxy.py index 996cccbb..c97646a1 100644 --- a/proxy/proxy.py +++ b/proxy/proxy.py @@ -203,7 +203,7 @@ class Proxy: # Generate auth_code required for basic authentication if enabled auth_code = None if args.basic_auth: - auth_code = b'Basic %s' % base64.b64encode(bytes_(args.basic_auth)) + auth_code = base64.b64encode(bytes_(args.basic_auth)) return Flags( plugins=plugins, diff --git a/tests/http/test_protocol_handler.py b/tests/http/test_protocol_handler.py index 8b7b3295..75f3c544 100644 --- a/tests/http/test_protocol_handler.py +++ b/tests/http/test_protocol_handler.py @@ -174,8 +174,7 @@ class TestHttpProtocolHandler(unittest.TestCase): self._conn = mock_fromfd.return_value self.mock_selector_for_client_read(mock_selector) flags = Flags( - auth_code=b'Basic %s' % - base64.b64encode(b'user:pass')) + auth_code=base64.b64encode(b'user:pass')) flags.plugins = Proxy.load_plugins([ b'proxy.http.proxy.HttpProxyPlugin', b'proxy.http.server.HttpWebServerPlugin', @@ -208,8 +207,7 @@ class TestHttpProtocolHandler(unittest.TestCase): server.buffer_size.return_value = 0 flags = Flags( - auth_code=b'Basic %s' % - base64.b64encode(b'user:pass')) + auth_code=base64.b64encode(b'user:pass')) flags.plugins = Proxy.load_plugins([ b'proxy.http.proxy.HttpProxyPlugin', b'proxy.http.server.HttpWebServerPlugin', @@ -258,8 +256,7 @@ class TestHttpProtocolHandler(unittest.TestCase): mock_selector, server) flags = Flags( - auth_code=b'Basic %s' % - base64.b64encode(b'user:pass')) + auth_code=base64.b64encode(b'user:pass')) flags.plugins = Proxy.load_plugins([ b'proxy.http.proxy.HttpProxyPlugin', b'proxy.http.server.HttpWebServerPlugin' diff --git a/tests/test_main.py b/tests/test_main.py index b9b5651a..1f0d7ebb 100644 --- a/tests/test_main.py +++ b/tests/test_main.py @@ -138,7 +138,7 @@ class TestMain(unittest.TestCase): mock_acceptor_pool.assert_called_once() self.assertEqual( flgs.auth_code, - b'Basic dXNlcjpwYXNz') + b'dXNlcjpwYXNz') @mock.patch('time.sleep') @mock.patch('builtins.print')