def test_authenticate():
up = proxyauth.ProxyAuth()
with taddons.context() as ctx:
ctx.configure(up, auth_nonanonymous=True)
f = tflow.tflow()
assert not f.response
up.authenticate(f)
assert f.response.status_code == 407
f = tflow.tflow()
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test")
up.authenticate(f)
assert not f.response
assert not f.request.headers.get("Proxy-Authorization")
f = tflow.tflow()
f.mode = "transparent"
assert not f.response
up.authenticate(f)
assert f.response.status_code == 401
f = tflow.tflow()
f.mode = "transparent"
f.request.headers["Authorization"] = proxyauth.mkauth("test", "test")
up.authenticate(f)
assert not f.response
assert not f.request.headers.get("Authorization")
def test_check():
up = proxyauth.ProxyAuth()
with taddons.context() as ctx:
ctx.configure(up, proxyauth="any", mode="regular")
f = tflow.tflow()
assert not up.check(f)
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test")
assert up.check(f)
f.request.headers["Proxy-Authorization"] = "invalid"
assert not up.check(f)
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test", scheme="unknown")
assert not up.check(f)
ctx.configure(up, proxyauth="test:test")
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test")
assert up.check(f)
ctx.configure(up, proxyauth="test:foo")
assert not up.check(f)
ctx.configure(up,
proxyauth="@" +
tutils.test_data.path("mitmproxy/net/data/htpasswd"))
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test")
assert up.check(f)
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "foo")
assert not up.check(f)
def test_check():
up = proxyauth.ProxyAuth()
with taddons.context() as ctx:
ctx.configure(up, auth_nonanonymous=True)
f = tflow.tflow()
assert not up.check(f)
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test")
assert up.check(f)
f.request.headers["Proxy-Authorization"] = "invalid"
assert not up.check(f)
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test", scheme="unknown")
assert not up.check(f)
ctx.configure(up, auth_nonanonymous=False, auth_singleuser="******")
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test")
assert up.check(f)
ctx.configure(up, auth_nonanonymous=False, auth_singleuser="******")
assert not up.check(f)
ctx.configure(
up,
auth_singleuser=None,
auth_htpasswd=tutils.test_data.path("mitmproxy/net/data/htpasswd"))
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test")
assert up.check(f)
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "foo")
assert not up.check(f)
def default_addons():
return [
core.Core(),
browser.Browser(),
block.Block(),
anticache.AntiCache(),
anticomp.AntiComp(),
check_ca.CheckCA(),
clientplayback.ClientPlayback(),
command_history.CommandHistory(),
cut.Cut(),
disable_h2c.DisableH2C(),
export.Export(),
onboarding.Onboarding(),
proxyauth.ProxyAuth(),
script.ScriptLoader(),
serverplayback.ServerPlayback(),
mapremote.MapRemote(),
modifybody.ModifyBody(),
modifyheaders.ModifyHeaders(),
stickyauth.StickyAuth(),
stickycookie.StickyCookie(),
streambodies.StreamBodies(),
save.Save(),
upstream_auth.UpstreamAuth(),
]
def default_addons():
return [
core.Core(),
core_option_validation.CoreOptionValidation(),
allowremote.AllowRemote(),
anticache.AntiCache(),
anticomp.AntiComp(),
check_alpn.CheckALPN(),
check_ca.CheckCA(),
clientplayback.ClientPlayback(),
cut.Cut(),
disable_h2c.DisableH2C(),
export.Export(),
onboarding.Onboarding(),
proxyauth.ProxyAuth(),
replace.Replace(),
script.ScriptLoader(),
serverplayback.ServerPlayback(),
setheaders.SetHeaders(),
stickyauth.StickyAuth(),
stickycookie.StickyCookie(),
streambodies.StreamBodies(),
save.Save(),
upstream_auth.UpstreamAuth(),
]
def default_addons():
return [
core.Core(),
browser.Browser(),
block.Block(),
blocklist.BlockList(),
anticache.AntiCache(),
anticomp.AntiComp(),
clientplayback.ClientPlayback(),
command_history.CommandHistory(),
comment.Comment(),
cut.Cut(),
disable_h2c.DisableH2C(),
export.Export(),
onboarding.Onboarding(),
proxyauth.ProxyAuth(),
proxyserver.Proxyserver(),
script.ScriptLoader(),
next_layer.NextLayer(),
serverplayback.ServerPlayback(),
mapremote.MapRemote(),
maplocal.MapLocal(),
modifybody.ModifyBody(),
modifyheaders.ModifyHeaders(),
stickyauth.StickyAuth(),
stickycookie.StickyCookie(),
save.Save(),
tlsconfig.TlsConfig(),
upstream_auth.UpstreamAuth(),
]
def test_handlers(self):
up = proxyauth.ProxyAuth()
with taddons.context(up) as ctx:
ctx.configure(up, proxyauth="any", mode="regular")
f = tflow.tflow()
assert not f.response
up.requestheaders(f)
assert f.response.status_code == 407
f = tflow.tflow()
f.request.method = "CONNECT"
assert not f.response
up.http_connect(f)
assert f.response.status_code == 407
f = tflow.tflow()
f.request.method = "CONNECT"
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test"
)
up.http_connect(f)
assert not f.response
f2 = tflow.tflow(client_conn=f.client_conn)
up.requestheaders(f2)
assert not f2.response
assert f2.metadata["proxyauth"] == ('test', 'test')
def test_handlers():
up = proxyauth.ProxyAuth()
with taddons.context() as ctx:
ctx.configure(up, auth_nonanonymous=True, mode="regular")
f = tflow.tflow()
assert not f.response
up.requestheaders(f)
assert f.response.status_code == 407
f = tflow.tflow()
f.request.method = "CONNECT"
assert not f.response
up.http_connect(f)
assert f.response.status_code == 407
f = tflow.tflow()
f.request.method = "CONNECT"
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test"
)
up.http_connect(f)
assert not f.response
f2 = tflow.tflow(client_conn=f.client_conn)
up.requestheaders(f2)
assert not f2.response
def test_authenticate(self):
up = proxyauth.ProxyAuth()
with taddons.context(up, loadcore=False) as ctx:
ctx.configure(up, proxyauth="any", mode="regular")
f = tflow.tflow()
assert not f.response
up.authenticate_http(f)
assert f.response.status_code == 407
f = tflow.tflow()
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test"
)
up.authenticate_http(f)
assert not f.response
assert not f.request.headers.get("Proxy-Authorization")
f = tflow.tflow()
ctx.configure(up, mode="reverse")
assert not f.response
up.authenticate_http(f)
assert f.response.status_code == 401
f = tflow.tflow()
f.request.headers["Authorization"] = proxyauth.mkauth(
"test", "test"
)
up.authenticate_http(f)
assert not f.response
assert not f.request.headers.get("Authorization")
def test_auth_required_response(self, is_http_proxy, expected_status_code,
expected_header):
up = proxyauth.ProxyAuth()
with mock.patch('mitmproxy.addons.proxyauth.ProxyAuth.is_http_proxy',
new=is_http_proxy):
resp = up.make_auth_required_response()
assert resp.status_code == expected_status_code
assert expected_header in resp.headers.keys()
def test_auth_required_response(self, is_proxy_auth, expected_status_code,
expected_header):
up = proxyauth.ProxyAuth()
with mock.patch('mitmproxy.addons.proxyauth.ProxyAuth.is_proxy_auth',
return_value=is_proxy_auth):
resp = up.auth_required_response()
assert resp.status_code == expected_status_code
assert expected_header in resp.headers.keys()
def test_socks5(self):
pa = proxyauth.ProxyAuth()
with taddons.context(pa, loadcore=False) as ctx:
ctx.configure(pa, proxyauth="foo:bar", mode="regular")
data = modes.Socks5AuthData(tflow.tclient_conn(), "foo", "baz")
pa.socks5_auth(data)
assert not data.valid
data.password = "******"
pa.socks5_auth(data)
assert data.valid
def test_configure():
up = proxyauth.ProxyAuth()
with taddons.context() as ctx:
with pytest.raises(exceptions.OptionsError):
ctx.configure(up, proxyauth="foo")
ctx.configure(up, proxyauth="foo:bar")
assert up.singleuser == ["foo", "bar"]
ctx.configure(up, proxyauth=None)
assert up.singleuser is None
ctx.configure(up, proxyauth="any")
assert up.nonanonymous
ctx.configure(up, proxyauth=None)
assert not up.nonanonymous
ctx.configure(up, proxyauth="ldap:fake_server:fake_dn:fake_group")
assert up.ldapserver
ctx.configure(up, proxyauth="ldap:fake_server:uid=?,dc=example,dc=com:person")
assert up.ldapserver
ctx.configure(up, proxyauth="ldaps:fake_server.com:uid=?,dc=example,dc=com:person")
assert up.ldapserver
with pytest.raises(exceptions.OptionsError):
ctx.configure(up, proxyauth="ldap:fake_serveruid=?dc=example,dc=com:person")
with pytest.raises(exceptions.OptionsError):
ctx.configure(up, proxyauth="ldapssssssss:fake_server.com:uid=?,dc=example,dc=com:person")
with pytest.raises(exceptions.OptionsError):
ctx.configure(
up,
proxyauth= "@" + tutils.test_data.path("mitmproxy/net/data/server.crt")
)
with pytest.raises(exceptions.OptionsError):
ctx.configure(up, proxyauth="@nonexistent")
ctx.configure(
up,
proxyauth= "@" + tutils.test_data.path(
"mitmproxy/net/data/htpasswd"
)
)
assert up.htpasswd
assert up.htpasswd.check_password("test", "test")
assert not up.htpasswd.check_password("test", "foo")
ctx.configure(up, proxyauth=None)
assert not up.htpasswd
with pytest.raises(exceptions.OptionsError):
ctx.configure(up, proxyauth="any", mode="transparent")
with pytest.raises(exceptions.OptionsError):
ctx.configure(up, proxyauth="any", mode="socks5")
def test_auth(self):
self.master.addons.add(proxyauth.ProxyAuth())
self.master.options.auth_singleuser = "******"
assert self.pathod("202").status_code == 401
p = self.pathoc()
with p.connect():
ret = p.request("""
get
'/p/202'
h'%s'='%s'
""" % ("Authorization", proxyauth.mkauth("test", "test")))
assert ret.status_code == 202
def test_configure(self, monkeypatch, tdata):
monkeypatch.setattr(ldap3, "Server", mock.MagicMock())
monkeypatch.setattr(ldap3, "Connection", mock.MagicMock())
pa = proxyauth.ProxyAuth()
with taddons.context(pa) as ctx:
with pytest.raises(exceptions.OptionsError, match="Invalid proxyauth specification"):
ctx.configure(pa, proxyauth="foo")
ctx.configure(pa, proxyauth="foo:bar")
assert isinstance(pa.validator, proxyauth.SingleUser)
assert pa.validator("foo", "bar")
assert not pa.validator("foo", "baz")
with pytest.raises(exceptions.OptionsError, match="Invalid single-user auth specification."):
ctx.configure(pa, proxyauth="foo:bar:baz")
ctx.configure(pa, proxyauth="any")
assert isinstance(pa.validator, proxyauth.AcceptAll)
assert pa.validator("foo", "bar")
ctx.configure(pa, proxyauth=None)
assert pa.validator is None
ctx.configure(
pa,
proxyauth="ldap:localhost:cn=default,dc=cdhdt,dc=com:password:ou=application,dc=cdhdt,dc=com"
)
assert isinstance(pa.validator, proxyauth.Ldap)
with pytest.raises(exceptions.OptionsError, match="Invalid ldap specification"):
ctx.configure(pa, proxyauth="ldap:test:test:test")
with pytest.raises(exceptions.OptionsError, match="Invalid ldap specification"):
ctx.configure(pa, proxyauth="ldap:fake_serveruid=?dc=example,dc=com:person")
with pytest.raises(exceptions.OptionsError, match="Invalid ldap specification"):
ctx.configure(pa, proxyauth="ldapssssssss:fake_server:dn:password:tree")
with pytest.raises(exceptions.OptionsError, match="Could not open htpasswd file"):
ctx.configure(pa, proxyauth="@" + tdata.path("mitmproxy/net/data/server.crt"))
with pytest.raises(exceptions.OptionsError, match="Could not open htpasswd file"):
ctx.configure(pa, proxyauth="@nonexistent")
ctx.configure(pa, proxyauth="@" + tdata.path("mitmproxy/net/data/htpasswd"))
assert isinstance(pa.validator, proxyauth.Htpasswd)
assert pa.validator("test", "test")
assert not pa.validator("test", "foo")
with pytest.raises(exceptions.OptionsError,
match="Proxy Authentication not supported in transparent mode."):
ctx.configure(pa, proxyauth="any", mode="transparent")
def test_auth(self):
self.master.addons.add(proxyauth.ProxyAuth())
self.master.options.proxyauth = "test:test"
assert self.pathod("202").status_code == 407
p = self.pathoc()
with p.connect():
ret = p.request("""
get
'http://localhost:%s/p/202'
h'%s'='%s'
""" % (self.server.port, "Proxy-Authorization",
proxyauth.mkauth("test", "test")))
assert ret.status_code == 202
def test_check(self, tdata):
up = proxyauth.ProxyAuth()
with taddons.context(up) as ctx:
ctx.configure(up, proxyauth="any", mode="regular")
f = tflow.tflow()
assert not up.check(f)
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test")
assert up.check(f)
f.request.headers["Proxy-Authorization"] = "invalid"
assert not up.check(f)
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test", scheme="unknown")
assert not up.check(f)
ctx.configure(up, proxyauth="test:test")
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test")
assert up.check(f)
ctx.configure(up, proxyauth="test:foo")
assert not up.check(f)
ctx.configure(up,
proxyauth="@" +
tdata.path("mitmproxy/net/data/htpasswd"))
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test")
assert up.check(f)
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "foo")
assert not up.check(f)
with mock.patch('ldap3.Server',
return_value="ldap://fake_server:389 - cleartext"):
with mock.patch('ldap3.Connection', search="test"):
with mock.patch('ldap3.Connection.search',
return_value="test"):
ctx.configure(
up,
proxyauth=
"ldap:localhost:cn=default,dc=cdhdt,dc=com:password:ou=application,dc=cdhdt,dc=com"
)
f.request.headers[
"Proxy-Authorization"] = proxyauth.mkauth(
"test", "test")
assert up.check(f)
f.request.headers[
"Proxy-Authorization"] = proxyauth.mkauth("", "")
assert not up.check(f)
def test_handlers():
up = proxyauth.ProxyAuth()
with taddons.context() as ctx:
ctx.configure(up, auth_nonanonymous=True)
f = tflow.tflow()
assert not f.response
up.requestheaders(f)
assert f.response.status_code == 407
f = tflow.tflow()
f.request.method = "CONNECT"
assert not f.response
up.http_connect(f)
assert f.response.status_code == 407
def test_configure():
up = proxyauth.ProxyAuth()
with taddons.context() as ctx:
tutils.raises(exceptions.OptionsError,
ctx.configure,
up,
auth_singleuser="******")
ctx.configure(up, auth_singleuser="******")
assert up.singleuser == ["foo", "bar"]
ctx.configure(up, auth_singleuser=None)
assert up.singleuser is None
ctx.configure(up, auth_nonanonymous=True)
assert up.nonanonymous
ctx.configure(up, auth_nonanonymous=False)
assert not up.nonanonymous
tutils.raises(exceptions.OptionsError,
ctx.configure,
up,
auth_htpasswd=tutils.test_data.path(
"mitmproxy/net/data/server.crt"))
tutils.raises(exceptions.OptionsError,
ctx.configure,
up,
auth_htpasswd="nonexistent")
ctx.configure(
up,
auth_htpasswd=tutils.test_data.path("mitmproxy/net/data/htpasswd"))
assert up.htpasswd
assert up.htpasswd.check_password("test", "test")
assert not up.htpasswd.check_password("test", "foo")
ctx.configure(up, auth_htpasswd=None)
assert not up.htpasswd
tutils.raises(exceptions.OptionsError,
ctx.configure,
up,
auth_nonanonymous=True,
mode="transparent")
tutils.raises(exceptions.OptionsError,
ctx.configure,
up,
auth_nonanonymous=True,
mode="socks5")
def default_addons():
return [
onboarding.Onboarding(),
proxyauth.ProxyAuth(),
anticache.AntiCache(),
anticomp.AntiComp(),
stickyauth.StickyAuth(),
stickycookie.StickyCookie(),
script.ScriptLoader(),
streamfile.StreamFile(),
streambodies.StreamBodies(),
replace.Replace(),
setheaders.SetHeaders(),
serverplayback.ServerPlayback(),
clientplayback.ClientPlayback(),
upstream_auth.UpstreamAuth(),
]
def test_configure():
up = proxyauth.ProxyAuth()
with taddons.context() as ctx:
with pytest.raises(exceptions.OptionsError):
ctx.configure(up, proxyauth="foo")
ctx.configure(up, proxyauth="foo:bar")
assert up.singleuser == ["foo", "bar"]
ctx.configure(up, proxyauth=None)
assert up.singleuser is None
ctx.configure(up, proxyauth="any")
assert up.nonanonymous
ctx.configure(up, proxyauth=None)
assert not up.nonanonymous
with pytest.raises(exceptions.OptionsError):
ctx.configure(
up,
proxyauth= "@" + tutils.test_data.path("mitmproxy/net/data/server.crt")
)
with pytest.raises(exceptions.OptionsError):
ctx.configure(up, proxyauth="@nonexistent")
ctx.configure(
up,
proxyauth= "@" + tutils.test_data.path(
"mitmproxy/net/data/htpasswd"
)
)
assert up.htpasswd
assert up.htpasswd.check_password("test", "test")
assert not up.htpasswd.check_password("test", "foo")
ctx.configure(up, proxyauth=None)
assert not up.htpasswd
with pytest.raises(exceptions.OptionsError):
ctx.configure(up, proxyauth="any", mode="transparent")
with pytest.raises(exceptions.OptionsError):
ctx.configure(up, proxyauth="any", mode="socks5")
ctx.configure(up, mode="regular")
assert up.mode == "regular"
async def test_allowremote(allow_remote, ip, should_be_killed):
ar = allowremote.AllowRemote()
up = proxyauth.ProxyAuth()
with taddons.context(ar, up) as tctx:
tctx.options.allow_remote = allow_remote
with mock.patch('mitmproxy.proxy.protocol.base.Layer') as layer:
layer.client_conn.address = (ip, 12345)
ar.clientconnect(layer)
if should_be_killed:
assert await tctx.master.await_log("Client connection was killed", "warn")
else:
assert tctx.master.logs == []
tctx.master.clear()
tctx.options.proxyauth = "any"
ar.clientconnect(layer)
assert tctx.master.logs == []
def default_addons():
return [
anticache.AntiCache(),
anticomp.AntiComp(),
check_alpn.CheckALPN(),
check_ca.CheckCA(),
clientplayback.ClientPlayback(),
disable_h2c_upgrade.DisableH2CleartextUpgrade(),
onboarding.Onboarding(),
proxyauth.ProxyAuth(),
replace.Replace(),
replace.ReplaceFile(),
script.ScriptLoader(),
serverplayback.ServerPlayback(),
setheaders.SetHeaders(),
stickyauth.StickyAuth(),
stickycookie.StickyCookie(),
streambodies.StreamBodies(),
streamfile.StreamFile(),
upstream_auth.UpstreamAuth(),
]
def default_addons():
return [
core.Core(),
browser.Browser(),
block.Block(),
anticache.AntiCache(),
anticomp.AntiComp(),
check_ca.CheckCA(),
clientplayback.ClientPlayback(),
cut.Cut(),
disable_h2c.DisableH2C(),
export.Export(),
onboarding.Onboarding(),
proxyauth.ProxyAuth(),
replace.Replace(),
script.ScriptLoader(),
serverplayback.ServerPlayback(),
setheaders.SetHeaders(),
stickyauth.StickyAuth(),
stickycookie.StickyCookie(),
streambodies.StreamBodies(),
save.Save(),
upstream_auth.UpstreamAuth(),
]
def test_which_auth_header(self, is_http_proxy, expected):
up = proxyauth.ProxyAuth()
with mock.patch('mitmproxy.addons.proxyauth.ProxyAuth.is_http_proxy', new=is_http_proxy):
assert up.http_auth_header == expected
def test_is_http_proxy(self, mode, expected):
up = proxyauth.ProxyAuth()
with taddons.context(up, loadcore=False) as ctx:
ctx.options.mode = mode
assert up.is_http_proxy is expected
def test_is_proxy_auth(self, mode, expected):
up = proxyauth.ProxyAuth()
with taddons.context() as ctx:
ctx.options.mode = mode
assert up.is_proxy_auth() is expected
def test_configure(self, monkeypatch, tdata):
monkeypatch.setattr(ldap3, "Server", lambda *_, **__: True)
monkeypatch.setattr(ldap3, "Connection", lambda *_, **__: True)
pa = proxyauth.ProxyAuth()
with taddons.context(pa) as ctx:
with pytest.raises(exceptions.OptionsError,
match="Invalid proxyauth specification"):
ctx.configure(pa, proxyauth="foo")
with pytest.raises(
exceptions.OptionsError,
match="Invalid single-user auth specification."):
ctx.configure(pa, proxyauth="foo:bar:baz")
ctx.configure(pa, proxyauth="foo:bar")
assert pa.singleuser == ["foo", "bar"]
ctx.configure(pa, proxyauth=None)
assert pa.singleuser is None
ctx.configure(pa, proxyauth="any")
assert pa.nonanonymous
ctx.configure(pa, proxyauth=None)
assert not pa.nonanonymous
ctx.configure(
pa,
proxyauth=
"ldap:localhost:cn=default,dc=cdhdt,dc=com:password:ou=application,dc=cdhdt,dc=com"
)
assert pa.ldapserver
ctx.configure(
pa,
proxyauth=
"ldaps:localhost:cn=default,dc=cdhdt,dc=com:password:ou=application,dc=cdhdt,dc=com"
)
assert pa.ldapserver
with pytest.raises(exceptions.OptionsError,
match="Invalid ldap specification"):
ctx.configure(pa, proxyauth="ldap:test:test:test")
with pytest.raises(exceptions.OptionsError,
match="Invalid ldap specification"):
ctx.configure(
pa,
proxyauth="ldap:fake_serveruid=?dc=example,dc=com:person")
with pytest.raises(exceptions.OptionsError,
match="Invalid ldap specification"):
ctx.configure(
pa, proxyauth="ldapssssssss:fake_server:dn:password:tree")
with pytest.raises(exceptions.OptionsError,
match="Could not open htpasswd file"):
ctx.configure(pa,
proxyauth="@" +
tdata.path("mitmproxy/net/data/server.crt"))
with pytest.raises(exceptions.OptionsError,
match="Could not open htpasswd file"):
ctx.configure(pa, proxyauth="@nonexistent")
ctx.configure(pa,
proxyauth="@" +
tdata.path("mitmproxy/net/data/htpasswd"))
assert pa.htpasswd
assert pa.htpasswd.check_password("test", "test")
assert not pa.htpasswd.check_password("test", "foo")
ctx.configure(pa, proxyauth=None)
assert not pa.htpasswd
with pytest.raises(
exceptions.OptionsError,
match=
"Proxy Authentication not supported in transparent mode."):
ctx.configure(pa, proxyauth="any", mode="transparent")
with pytest.raises(
exceptions.OptionsError,
match="Proxy Authentication not supported in SOCKS mode."):
ctx.configure(pa, proxyauth="any", mode="socks5")
def test_which_auth_header(self, is_proxy_auth, expected):
up = proxyauth.ProxyAuth()
with mock.patch('mitmproxy.addons.proxyauth.ProxyAuth.is_proxy_auth',
return_value=is_proxy_auth):
assert up.which_auth_header() == expected
def test_check(monkeypatch):
up = proxyauth.ProxyAuth()
with taddons.context() as ctx:
ctx.configure(up, proxyauth="any", mode="regular")
f = tflow.tflow()
assert not up.check(f)
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test"
)
assert up.check(f)
f.request.headers["Proxy-Authorization"] = "invalid"
assert not up.check(f)
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test", scheme="unknown"
)
assert not up.check(f)
ctx.configure(up, proxyauth="test:test")
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test"
)
assert up.check(f)
ctx.configure(up, proxyauth="test:foo")
assert not up.check(f)
ctx.configure(
up,
proxyauth="@" + tutils.test_data.path(
"mitmproxy/net/data/htpasswd"
)
)
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "test"
)
assert up.check(f)
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"test", "foo"
)
assert not up.check(f)
ctx.configure(
up,
proxyauth="ldap:fake-server:cn=?,ou=test,o=lab:test"
)
conn = ldap3.Connection("fake-server", user="******", password="******", client_strategy=ldap3.MOCK_SYNC)
conn.bind()
conn.strategy.add_entry('cn=user0,ou=test,o=lab', {'userPassword': '******', 'sn': 'user0_sn', 'revision': 0, 'objectClass': 'test'})
def conn_mp(ldap, user, password, **kwargs):
return conn
monkeypatch.setattr(ldap3, "Connection", conn_mp)
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"user0", "test0"
)
assert up.check(f)
f.request.headers["Proxy-Authorization"] = proxyauth.mkauth(
"", ""
)
assert not up.check(f)