def test_authenticate_clean(self): ba = authentication.BasicProxyAuth(authentication.PassManNonAnon(), "test") headers = Headers() vals = ("basic", "foo", "bar") headers[ba.AUTH_HEADER] = authentication.assemble_http_basic_auth( *vals) assert ba.authenticate(headers) ba.clean(headers) assert ba.AUTH_HEADER not in headers headers[ba.AUTH_HEADER] = "" assert not ba.authenticate(headers) headers[ba.AUTH_HEADER] = "foo" assert not ba.authenticate(headers) vals = ("foo", "foo", "bar") headers[ba.AUTH_HEADER] = authentication.assemble_http_basic_auth( *vals) assert not ba.authenticate(headers) ba = authentication.BasicProxyAuth(authentication.PassMan(), "test") vals = ("basic", "foo", "bar") headers[ba.AUTH_HEADER] = authentication.assemble_http_basic_auth( *vals) assert not ba.authenticate(headers)
def test_simple(self): ba = authentication.BasicProxyAuth(authentication.PassManNonAnon(), "test") headers = Headers() assert ba.auth_challenge_headers() assert not ba.authenticate(headers)
def test_simple(self): p = authentication.PassManNonAnon() assert not p.test("", "") assert p.test("user", "")
def test_simple(self): na = authentication.NullProxyAuth(authentication.PassManNonAnon()) assert not na.auth_challenge_headers() assert na.authenticate("foo") na.clean({})
def configure(self, options: moptions.Options, updated: Any) -> None: if options.add_upstream_certs_to_client_chain and not options.ssl_insecure: raise exceptions.OptionsError( "The verify-upstream-cert requires certificate verification to be disabled. " "If upstream certificates are verified then extra upstream certificates are " "not available for inclusion to the client chain.") if options.ssl_insecure: self.openssl_verification_mode_server = SSL.VERIFY_NONE else: self.openssl_verification_mode_server = SSL.VERIFY_PEER self.check_ignore = HostMatcher(options.ignore_hosts) self.check_tcp = HostMatcher(options.tcp_hosts) self.openssl_method_client, self.openssl_options_client = \ tcp.sslversion_choices[options.ssl_version_client] self.openssl_method_server, self.openssl_options_server = \ tcp.sslversion_choices[options.ssl_version_server] certstore_path = os.path.expanduser(options.cadir) if not os.path.exists(os.path.dirname(certstore_path)): raise exceptions.OptionsError( "Certificate Authority parent directory does not exist: %s" % os.path.dirname(options.cadir)) self.certstore = certs.CertStore.from_store(certstore_path, CONF_BASENAME) if options.clientcerts: clientcerts = os.path.expanduser(options.clientcerts) if not os.path.exists(clientcerts): raise exceptions.OptionsError( "Client certificate path does not exist: %s" % options.clientcerts) self.clientcerts = clientcerts for spec, cert in options.certs: cert = os.path.expanduser(cert) if not os.path.exists(cert): raise exceptions.OptionsError( "Certificate file does not exist: %s" % cert) try: self.certstore.add_cert_file(spec, cert) except crypto.Error: raise exceptions.OptionsError( "Invalid certificate format: %s" % cert) self.upstream_server = None self.upstream_auth = None if options.upstream_server: self.upstream_server = parse_server_spec(options.upstream_server) if options.upstream_auth: self.upstream_auth = parse_upstream_auth(options.upstream_auth) self.authenticator = authentication.NullProxyAuth(None) needsauth = any([ options.auth_nonanonymous, options.auth_singleuser, options.auth_htpasswd ]) if needsauth: if options.mode == "transparent": raise exceptions.OptionsError( "Proxy Authentication not supported in transparent mode.") elif options.mode == "socks5": raise exceptions.OptionsError( "Proxy Authentication not supported in SOCKS mode. " "https://github.com/mitmproxy/mitmproxy/issues/738") elif options.auth_singleuser: parts = options.auth_singleuser.split(':') if len(parts) != 2: raise exceptions.OptionsError( "Invalid single-user specification. " "Please use the format username:password") password_manager = authentication.PassManSingleUser(*parts) elif options.auth_nonanonymous: password_manager = authentication.PassManNonAnon() elif options.auth_htpasswd: try: password_manager = authentication.PassManHtpasswd( options.auth_htpasswd) except ValueError as v: raise exceptions.OptionsError(str(v)) if options.mode == "reverse": self.authenticator = authentication.BasicWebsiteAuth( password_manager, self.upstream_server.address) else: self.authenticator = authentication.BasicProxyAuth( password_manager, "mitmproxy")