def test_check():
up = proxyauth.ProxyAuth()
with taddons.context() as ctx:
ctx.configure(up, auth_nonanonymous=True)
f = tflow.tflow()
assert not up.check(f)
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test")
assert up.check(f)
f.request.headers["Proxy-Authorization"] = "invalid"
assert not up.check(f)
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test", scheme="unknown")
assert not up.check(f)
ctx.configure(up, auth_nonanonymous=False, auth_singleuser="******")
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test")
assert up.check(f)
ctx.configure(up, auth_nonanonymous=False, auth_singleuser="******")
assert not up.check(f)
ctx.configure(
up,
auth_singleuser=None,
auth_htpasswd=tutils.test_data.path("mitmproxy/net/data/htpasswd"))
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test")
assert up.check(f)
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "foo")
assert not up.check(f)
def test_authenticate(self):
up = proxyauth.ProxyAuth()
with taddons.context(up, loadcore=False) as ctx:
ctx.configure(up, proxyauth="any", mode="regular")
f = tflow.tflow()
assert not f.response
up.authenticate(f)
assert f.response.status_code == 407
f = tflow.tflow()
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test"
)
up.authenticate(f)
assert not f.response
assert not f.request.headers.get("Proxy-Authorization")
f = tflow.tflow()
ctx.configure(up, mode="reverse")
assert not f.response
up.authenticate(f)
assert f.response.status_code == 401
f = tflow.tflow()
f.request.headers["Authorization"] = proxyauth.mkauth(
"test", "test"
)
up.authenticate(f)
assert not f.response
assert not f.request.headers.get("Authorization")
def test_authenticate():
up = proxyauth.ProxyAuth()
with taddons.context() as ctx:
ctx.configure(up, auth_nonanonymous=True)
f = tflow.tflow()
assert not f.response
up.authenticate(f)
assert f.response.status_code == 407
f = tflow.tflow()
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test")
up.authenticate(f)
assert not f.response
assert not f.request.headers.get("Proxy-Authorization")
f = tflow.tflow()
f.mode = "transparent"
assert not f.response
up.authenticate(f)
assert f.response.status_code == 401
f = tflow.tflow()
f.mode = "transparent"
f.request.headers["Authorization"] = proxyauth.mkauth("test", "test")
up.authenticate(f)
assert not f.response
assert not f.request.headers.get("Authorization")
def test_authenticate(self):
up = proxyauth.ProxyAuth()
with taddons.context(up, loadcore=False) as ctx:
ctx.configure(up, proxyauth="any", mode="regular")
f = tflow.tflow()
assert not f.response
up.authenticate_http(f)
assert f.response.status_code == 407
f = tflow.tflow()
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test"
)
up.authenticate_http(f)
assert not f.response
assert not f.request.headers.get("Proxy-Authorization")
f = tflow.tflow()
ctx.configure(up, mode="reverse")
assert not f.response
up.authenticate_http(f)
assert f.response.status_code == 401
f = tflow.tflow()
f.request.headers["Authorization"] = proxyauth.mkauth(
"test", "test"
)
up.authenticate_http(f)
assert not f.response
assert not f.request.headers.get("Authorization")
def test_authenticate():
up = proxyauth.ProxyAuth()
with taddons.context() as ctx:
ctx.configure(up, auth_nonanonymous=True)
f = tflow.tflow()
assert not f.response
up.authenticate(f)
assert f.response.status_code == 407
f = tflow.tflow()
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test"
)
up.authenticate(f)
assert not f.response
assert not f.request.headers.get("Proxy-Authorization")
f = tflow.tflow()
f.mode = "transparent"
assert not f.response
up.authenticate(f)
assert f.response.status_code == 401
f = tflow.tflow()
f.mode = "transparent"
f.request.headers["Authorization"] = proxyauth.mkauth(
"test", "test"
)
up.authenticate(f)
assert not f.response
assert not f.request.headers.get("Authorization")
def test_check():
up = proxyauth.ProxyAuth()
with taddons.context() as ctx:
ctx.configure(up, proxyauth="any", mode="regular")
f = tflow.tflow()
assert not up.check(f)
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test")
assert up.check(f)
f.request.headers["Proxy-Authorization"] = "invalid"
assert not up.check(f)
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test", scheme="unknown")
assert not up.check(f)
ctx.configure(up, proxyauth="test:test")
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test")
assert up.check(f)
ctx.configure(up, proxyauth="test:foo")
assert not up.check(f)
ctx.configure(up,
proxyauth="@" +
tutils.test_data.path("mitmproxy/net/data/htpasswd"))
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test")
assert up.check(f)
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "foo")
assert not up.check(f)
def test_handlers(self):
up = proxyauth.ProxyAuth()
with taddons.context(up) as ctx:
ctx.configure(up, proxyauth="any", mode="regular")
f = tflow.tflow()
assert not f.response
up.requestheaders(f)
assert f.response.status_code == 407
f = tflow.tflow()
f.request.method = "CONNECT"
assert not f.response
up.http_connect(f)
assert f.response.status_code == 407
f = tflow.tflow()
f.request.method = "CONNECT"
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test"
)
up.http_connect(f)
assert not f.response
f2 = tflow.tflow(client_conn=f.client_conn)
up.requestheaders(f2)
assert not f2.response
assert f2.metadata["proxyauth"] == ('test', 'test')
def test_handlers():
up = proxyauth.ProxyAuth()
with taddons.context() as ctx:
ctx.configure(up, auth_nonanonymous=True, mode="regular")
f = tflow.tflow()
assert not f.response
up.requestheaders(f)
assert f.response.status_code == 407
f = tflow.tflow()
f.request.method = "CONNECT"
assert not f.response
up.http_connect(f)
assert f.response.status_code == 407
f = tflow.tflow()
f.request.method = "CONNECT"
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test"
)
up.http_connect(f)
assert not f.response
f2 = tflow.tflow(client_conn=f.client_conn)
up.requestheaders(f2)
assert not f2.response
def test_handlers(self):
up = proxyauth.ProxyAuth()
with taddons.context(up) as ctx:
ctx.configure(up, proxyauth="any", mode="regular")
f = tflow.tflow()
assert not f.response
up.requestheaders(f)
assert f.response.status_code == 407
f = tflow.tflow()
f.request.method = "CONNECT"
assert not f.response
up.http_connect(f)
assert f.response.status_code == 407
f = tflow.tflow()
f.request.method = "CONNECT"
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test"
)
up.http_connect(f)
assert not f.response
f2 = tflow.tflow(client_conn=f.client_conn)
up.requestheaders(f2)
assert not f2.response
assert f2.metadata["proxyauth"] == ('test', 'test')
def test_parse_http_basic_auth():
assert proxyauth.parse_http_basic_auth(proxyauth.mkauth(
"test", "test")) == ("basic", "test", "test")
assert not proxyauth.parse_http_basic_auth("")
assert not proxyauth.parse_http_basic_auth("foo bar")
v = "basic " + binascii.b2a_base64(b"foo").decode("ascii")
assert not proxyauth.parse_http_basic_auth(v)
def test_parse_http_basic_auth():
assert proxyauth.parse_http_basic_auth(
proxyauth.mkauth("test", "test")
) == ("basic", "test", "test")
assert not proxyauth.parse_http_basic_auth("")
assert not proxyauth.parse_http_basic_auth("foo bar")
v = "basic " + binascii.b2a_base64(b"foo").decode("ascii")
assert not proxyauth.parse_http_basic_auth(v)
def test_check(self):
up = proxyauth.ProxyAuth()
with taddons.context(up) as ctx:
ctx.configure(up, proxyauth="any", mode="regular")
f = tflow.tflow()
assert not up.check(f)
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test"
)
assert up.check(f)
f.request.headers["Proxy-Authorization"] = "invalid"
assert not up.check(f)
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test", scheme="unknown"
)
assert not up.check(f)
ctx.configure(up, proxyauth="test:test")
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test"
)
assert up.check(f)
ctx.configure(up, proxyauth="test:foo")
assert not up.check(f)
ctx.configure(
up,
proxyauth="@" + tutils.test_data.path(
"mitmproxy/net/data/htpasswd"
)
)
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test"
)
assert up.check(f)
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "foo"
)
assert not up.check(f)
with mock.patch('ldap3.Server', return_value="ldap://fake_server:389 - cleartext"):
with mock.patch('ldap3.Connection', search="test"):
with mock.patch('ldap3.Connection.search', return_value="test"):
ctx.configure(
up,
proxyauth="ldap:localhost:cn=default,dc=cdhdt,dc=com:password:ou=application,dc=cdhdt,dc=com"
)
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test"
)
assert up.check(f)
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"", ""
)
assert not up.check(f)
def test_check():
up = proxyauth.ProxyAuth()
with taddons.context() as ctx:
ctx.configure(up, auth_nonanonymous=True)
f = tflow.tflow()
assert not up.check(f)
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test"
)
assert up.check(f)
f.request.headers["Proxy-Authorization"] = "invalid"
assert not up.check(f)
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test", scheme = "unknown"
)
assert not up.check(f)
ctx.configure(up, auth_nonanonymous=False, auth_singleuser="******")
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test"
)
assert up.check(f)
ctx.configure(up, auth_nonanonymous=False, auth_singleuser="******")
assert not up.check(f)
ctx.configure(
up,
auth_singleuser = None,
auth_htpasswd = tutils.test_data.path(
"mitmproxy/net/data/htpasswd"
)
)
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test"
)
assert up.check(f)
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "foo"
)
assert not up.check(f)
def test_parse_http_basic_auth():
assert proxyauth.parse_http_basic_auth(proxyauth.mkauth(
"test", "test")) == ("basic", "test", "test")
with pytest.raises(ValueError):
proxyauth.parse_http_basic_auth("")
with pytest.raises(ValueError):
proxyauth.parse_http_basic_auth("foo bar")
with pytest.raises(ValueError):
proxyauth.parse_http_basic_auth("basic abc")
with pytest.raises(ValueError):
v = "basic " + binascii.b2a_base64(b"foo").decode("ascii")
proxyauth.parse_http_basic_auth(v)
def test_auth(self):
self.master.addons.add(proxyauth.ProxyAuth())
self.master.options.auth_singleuser = "******"
assert self.pathod("202").status_code == 401
p = self.pathoc()
with p.connect():
ret = p.request("""
get
'/p/202'
h'%s'='%s'
""" % ("Authorization", proxyauth.mkauth("test", "test")))
assert ret.status_code == 202
def test_parse_http_basic_auth():
assert proxyauth.parse_http_basic_auth(
proxyauth.mkauth("test", "test")
) == ("basic", "test", "test")
with pytest.raises(ValueError):
proxyauth.parse_http_basic_auth("")
with pytest.raises(ValueError):
proxyauth.parse_http_basic_auth("foo bar")
with pytest.raises(ValueError):
proxyauth.parse_http_basic_auth("basic abc")
with pytest.raises(ValueError):
v = "basic " + binascii.b2a_base64(b"foo").decode("ascii")
proxyauth.parse_http_basic_auth(v)
def test_auth(self):
self.master.addons.add(proxyauth.ProxyAuth())
self.master.options.proxyauth = "test:test"
assert self.pathod("202").status_code == 407
p = self.pathoc()
with p.connect():
ret = p.request("""
get
'http://localhost:%s/p/202'
h'%s'='%s'
""" % (self.server.port, "Proxy-Authorization",
proxyauth.mkauth("test", "test")))
assert ret.status_code == 202
def test_auth(self):
self.master.addons.add(proxyauth.ProxyAuth())
self.master.options.auth_singleuser = "******"
assert self.pathod("202").status_code == 401
p = self.pathoc()
with p.connect():
ret = p.request("""
get
'/p/202'
h'%s'='%s'
""" % (
"Authorization",
proxyauth.mkauth("test", "test")
))
assert ret.status_code == 202
def test_check(self, tdata):
up = proxyauth.ProxyAuth()
with taddons.context(up) as ctx:
ctx.configure(up, proxyauth="any", mode="regular")
f = tflow.tflow()
assert not up.check(f)
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test")
assert up.check(f)
f.request.headers["Proxy-Authorization"] = "invalid"
assert not up.check(f)
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test", scheme="unknown")
assert not up.check(f)
ctx.configure(up, proxyauth="test:test")
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test")
assert up.check(f)
ctx.configure(up, proxyauth="test:foo")
assert not up.check(f)
ctx.configure(up,
proxyauth="@" +
tdata.path("mitmproxy/net/data/htpasswd"))
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test")
assert up.check(f)
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "foo")
assert not up.check(f)
with mock.patch('ldap3.Server',
return_value="ldap://fake_server:389 - cleartext"):
with mock.patch('ldap3.Connection', search="test"):
with mock.patch('ldap3.Connection.search',
return_value="test"):
ctx.configure(
up,
proxyauth=
"ldap:localhost:cn=default,dc=cdhdt,dc=com:password:ou=application,dc=cdhdt,dc=com"
)
f.request.headers[
"Proxy-Authorization"] = proxyauth.mkauth(
"test", "test")
assert up.check(f)
f.request.headers[
"Proxy-Authorization"] = proxyauth.mkauth("", "")
assert not up.check(f)
def test_auth(self):
self.master.addons.add(proxyauth.ProxyAuth())
self.master.addons.trigger(
"configure", self.master.options.keys()
)
self.master.options.proxyauth = "test:test"
assert self.pathod("202").status_code == 407
p = self.pathoc()
with p.connect():
ret = p.request("""
get
'http://localhost:%s/p/202'
h'%s'='%s'
""" % (
self.server.port,
"Proxy-Authorization",
proxyauth.mkauth("test", "test")
))
assert ret.status_code == 202
def test_mkauth_scheme(self):
assert proxyauth.mkauth('username', 'password') == 'basic dXNlcm5hbWU6cGFzc3dvcmQ=\n'
def test_parse_http_basic_auth(self):
input = proxyauth.mkauth("test", "test")
assert proxyauth.parse_http_basic_auth(input) == ("basic", "test", "test")
def test_mkauth(self, scheme, expected):
assert proxyauth.mkauth('username', 'password', scheme) == expected
def test_mkauth(self, scheme, expected):
assert proxyauth.mkauth('username', 'password', scheme) == expected
def test_mkauth_scheme(self):
assert proxyauth.mkauth('username', 'password') == 'basic dXNlcm5hbWU6cGFzc3dvcmQ=\n'
def test_parse_http_basic_auth(self):
input = proxyauth.mkauth("test", "test")
assert proxyauth.parse_http_basic_auth(input) == ("basic", "test", "test")
def test_check(monkeypatch):
up = proxyauth.ProxyAuth()
with taddons.context() as ctx:
ctx.configure(up, proxyauth="any", mode="regular")
f = tflow.tflow()
assert not up.check(f)
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test"
)
assert up.check(f)
f.request.headers["Proxy-Authorization"] = "invalid"
assert not up.check(f)
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test", scheme="unknown"
)
assert not up.check(f)
ctx.configure(up, proxyauth="test:test")
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test"
)
assert up.check(f)
ctx.configure(up, proxyauth="test:foo")
assert not up.check(f)
ctx.configure(
up,
proxyauth="@" + tutils.test_data.path(
"mitmproxy/net/data/htpasswd"
)
)
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test"
)
assert up.check(f)
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "foo"
)
assert not up.check(f)
ctx.configure(
up,
proxyauth="ldap:fake-server:cn=?,ou=test,o=lab:test"
)
conn = ldap3.Connection("fake-server", user="******", password="******", client_strategy=ldap3.MOCK_SYNC)
conn.bind()
conn.strategy.add_entry('cn=user0,ou=test,o=lab', {'userPassword': '******', 'sn': 'user0_sn', 'revision': 0, 'objectClass': 'test'})
def conn_mp(ldap, user, password, **kwargs):
return conn
monkeypatch.setattr(ldap3, "Connection", conn_mp)
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"user0", "test0"
)
assert up.check(f)
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"", ""
)
assert not up.check(f)
