mitmproxy/netlib/http_auth.py

from __future__ import (absolute_import, print_function, division)
from argparse import Action, ArgumentTypeError
from . import http


class NullProxyAuth(object):
    """
        No proxy auth at all (returns empty challange headers)
    """
    def __init__(self, password_manager):
        self.password_manager = password_manager

    def clean(self, headers):
        """
            Clean up authentication headers, so they're not passed upstream.
        """
        pass

    def authenticate(self, headers):
        """
            Tests that the user is allowed to use the proxy
        """
        return True

    def auth_challenge_headers(self):
        """
            Returns a dictionary containing the headers require to challenge the user
        """
        return {}


class BasicProxyAuth(NullProxyAuth):
    CHALLENGE_HEADER = 'Proxy-Authenticate'
    AUTH_HEADER = 'Proxy-Authorization'

    def __init__(self, password_manager, realm):
        NullProxyAuth.__init__(self, password_manager)
        self.realm = realm

    def clean(self, headers):
        del headers[self.AUTH_HEADER]

    def authenticate(self, headers):
        auth_value = headers.get(self.AUTH_HEADER, [])
        if not auth_value:
            return False
        parts = http.parse_http_basic_auth(auth_value[0])
        if not parts:
            return False
        scheme, username, password = parts
        if scheme.lower()!='basic':
            return False
        if not self.password_manager.test(username, password):
            return False
        self.username = username
        return True

    def auth_challenge_headers(self):
        return {self.CHALLENGE_HEADER:'Basic realm="%s"'%self.realm}


class PassMan(object):
    def test(self, username, password_token):
        return False


class PassManNonAnon(PassMan):
    """
        Ensure the user specifies a username, accept any password.
    """
    def test(self, username, password_token):
        if username:
            return True
        return False


class PassManHtpasswd(PassMan):
    """
        Read usernames and passwords from an htpasswd file
    """
    def __init__(self, path):
        """
            Raises ValueError if htpasswd file is invalid.
        """
        import passlib.apache
        self.htpasswd = passlib.apache.HtpasswdFile(path)

    def test(self, username, password_token):
        return bool(self.htpasswd.check_password(username, password_token))


class PassManSingleUser(PassMan):
    def __init__(self, username, password):
        self.username, self.password = username, password

    def test(self, username, password_token):
        return self.username==username and self.password==password_token


class AuthAction(Action):
    """
    Helper class to allow seamless integration int argparse. Example usage:
    parser.add_argument(
        "--nonanonymous",
        action=NonanonymousAuthAction, nargs=0,
        help="Allow access to any user long as a credentials are specified."
    )
    """
    def __call__(self, parser, namespace, values, option_string=None):
        passman = self.getPasswordManager(values)
        authenticator = BasicProxyAuth(passman, "mitmproxy")
        setattr(namespace, self.dest, authenticator)

    def getPasswordManager(self, s): # pragma: nocover
        raise NotImplementedError()


class SingleuserAuthAction(AuthAction):
    def getPasswordManager(self, s):
        if len(s.split(':')) != 2:
            raise ArgumentTypeError(
                "Invalid single-user specification. Please use the format username:password"
            )
        username, password = s.split(':')
        return PassManSingleUser(username, password)


class NonanonymousAuthAction(AuthAction):
    def getPasswordManager(self, s):
        return PassManNonAnon()


class HtpasswdAuthAction(AuthAction):
    def getPasswordManager(self, s):
        return PassManHtpasswd(s)
minor cleanups 2014-08-16 13:53:07 +00:00			`from __future__ import (absolute_import, print_function, division)`
add custom argparse actions to seamlessly integrate ProxyAuth classes 2013-11-21 00:07:56 +00:00			`from argparse import Action, ArgumentTypeError`
minor cleanups 2014-08-16 13:53:07 +00:00			`from . import http`
Integrate HTTP auth, test to 100% 2013-03-02 21:37:28 +00:00

fix code smell 2015-04-09 00:09:33 +00:00			`class NullProxyAuth(object):`
Integrate HTTP auth, test to 100% 2013-03-02 21:37:28 +00:00			`"""`
			`No proxy auth at all (returns empty challange headers)`
			`"""`
			`def __init__(self, password_manager):`
			`self.password_manager = password_manager`

			`def clean(self, headers):`
			`"""`
			`Clean up authentication headers, so they're not passed upstream.`
			`"""`
			`pass`

			`def authenticate(self, headers):`
			`"""`
			`Tests that the user is allowed to use the proxy`
			`"""`
			`return True`

			`def auth_challenge_headers(self):`
			`"""`
			`Returns a dictionary containing the headers require to challenge the user`
			`"""`
			`return {}`


			`class BasicProxyAuth(NullProxyAuth):`
			`CHALLENGE_HEADER = 'Proxy-Authenticate'`
			`AUTH_HEADER = 'Proxy-Authorization'`
make AuthAction generic 2013-12-08 00:37:45 +00:00
Integrate HTTP auth, test to 100% 2013-03-02 21:37:28 +00:00			`def __init__(self, password_manager, realm):`
			`NullProxyAuth.__init__(self, password_manager)`
			`self.realm = realm`

			`def clean(self, headers):`
			`del headers[self.AUTH_HEADER]`

			`def authenticate(self, headers):`
			`auth_value = headers.get(self.AUTH_HEADER, [])`
			`if not auth_value:`
			`return False`
			`parts = http.parse_http_basic_auth(auth_value[0])`
			`if not parts:`
			`return False`
			`scheme, username, password = parts`
			`if scheme.lower()!='basic':`
			`return False`
			`if not self.password_manager.test(username, password):`
			`return False`
			`self.username = username`
			`return True`

			`def auth_challenge_headers(self):`
			`return {self.CHALLENGE_HEADER:'Basic realm="%s"'%self.realm}`


fix code smell 2015-04-09 00:09:33 +00:00			`class PassMan(object):`
Integrate HTTP auth, test to 100% 2013-03-02 21:37:28 +00:00			`def test(self, username, password_token):`
			`return False`


fix code smell 2015-04-09 00:09:33 +00:00			`class PassManNonAnon(PassMan):`
Integrate HTTP auth, test to 100% 2013-03-02 21:37:28 +00:00			`"""`
			`Ensure the user specifies a username, accept any password.`
			`"""`
			`def test(self, username, password_token):`
			`if username:`
			`return True`
			`return False`


fix code smell 2015-04-09 00:09:33 +00:00			`class PassManHtpasswd(PassMan):`
Integrate HTTP auth, test to 100% 2013-03-02 21:37:28 +00:00			`"""`
			`Read usernames and passwords from an htpasswd file`
			`"""`
use passlib instead of md5crypt 2014-08-16 13:28:09 +00:00			`def __init__(self, path):`
Integrate HTTP auth, test to 100% 2013-03-02 21:37:28 +00:00			`"""`
			`Raises ValueError if htpasswd file is invalid.`
			`"""`
Simplify expected_http_body_size signature, fixing a traceback found in fuzzing 2014-11-07 02:59:00 +00:00			`import passlib.apache`
			`self.htpasswd = passlib.apache.HtpasswdFile(path)`
100% test coverage. 2013-03-02 23:16:09 +00:00
Integrate HTTP auth, test to 100% 2013-03-02 21:37:28 +00:00			`def test(self, username, password_token):`
use passlib instead of md5crypt 2014-08-16 13:28:09 +00:00			`return bool(self.htpasswd.check_password(username, password_token))`
Integrate HTTP auth, test to 100% 2013-03-02 21:37:28 +00:00

fix code smell 2015-04-09 00:09:33 +00:00			`class PassManSingleUser(PassMan):`
Integrate HTTP auth, test to 100% 2013-03-02 21:37:28 +00:00			`def __init__(self, username, password):`
			`self.username, self.password = username, password`

			`def test(self, username, password_token):`
			`return self.username==username and self.password==password_token`
add custom argparse actions to seamlessly integrate ProxyAuth classes 2013-11-21 00:07:56 +00:00

			`class AuthAction(Action):`
			`"""`
			`Helper class to allow seamless integration int argparse. Example usage:`
			`parser.add_argument(`
			`"--nonanonymous",`
			`action=NonanonymousAuthAction, nargs=0,`
			`help="Allow access to any user long as a credentials are specified."`
			`)`
			`"""`
			`def __call__(self, parser, namespace, values, option_string=None):`
			`passman = self.getPasswordManager(values)`
make AuthAction generic 2013-12-08 00:37:45 +00:00			`authenticator = BasicProxyAuth(passman, "mitmproxy")`
			`setattr(namespace, self.dest, authenticator)`
add custom argparse actions to seamlessly integrate ProxyAuth classes 2013-11-21 00:07:56 +00:00
Unit test auth actions. 2013-12-08 00:35:42 +00:00			`def getPasswordManager(self, s): # pragma: nocover`
add custom argparse actions to seamlessly integrate ProxyAuth classes 2013-11-21 00:07:56 +00:00			`raise NotImplementedError()`


			`class SingleuserAuthAction(AuthAction):`
			`def getPasswordManager(self, s):`
			`if len(s.split(':')) != 2:`
Unit test auth actions. 2013-12-08 00:35:42 +00:00			`raise ArgumentTypeError(`
			`"Invalid single-user specification. Please use the format username:password"`
			`)`
add custom argparse actions to seamlessly integrate ProxyAuth classes 2013-11-21 00:07:56 +00:00			`username, password = s.split(':')`
			`return PassManSingleUser(username, password)`


			`class NonanonymousAuthAction(AuthAction):`
			`def getPasswordManager(self, s):`
			`return PassManNonAnon()`


			`class HtpasswdAuthAction(AuthAction):`
			`def getPasswordManager(self, s):`
use passlib instead of md5crypt 2014-08-16 13:28:09 +00:00			`return PassManHtpasswd(s)`
Unit test auth actions. 2013-12-08 00:35:42 +00:00