diff --git a/proxy/http/proxy/server.py b/proxy/http/proxy/server.py index d0297ea83f..168de7e1a5 100644 --- a/proxy/http/proxy/server.py +++ b/proxy/http/proxy/server.py @@ -535,8 +535,10 @@ def wrap_client(self) -> None: def authenticate(self) -> None: if self.flags.auth_code: - if b'proxy-authorization' not in self.request.headers or \ - self.request.headers[b'proxy-authorization'][1] != self.flags.auth_code: + if b'proxy-authorization' not in self.request.headers: + raise ProxyAuthenticationFailed() + parts = self.request.headers[b'proxy-authorization'][1].split() + if len(parts) != 2 and parts[0].lower() != b'basic' and parts[1] != self.flags.auth_code: raise ProxyAuthenticationFailed() def connect_upstream(self) -> None: diff --git a/proxy/proxy.py b/proxy/proxy.py index 996cccbb77..c97646a146 100644 --- a/proxy/proxy.py +++ b/proxy/proxy.py @@ -203,7 +203,7 @@ def initialize(input_args: Optional[List[str]], **opts: Any) -> Flags: # Generate auth_code required for basic authentication if enabled auth_code = None if args.basic_auth: - auth_code = b'Basic %s' % base64.b64encode(bytes_(args.basic_auth)) + auth_code = base64.b64encode(bytes_(args.basic_auth)) return Flags( plugins=plugins, diff --git a/tests/http/test_protocol_handler.py b/tests/http/test_protocol_handler.py index 8b7b3295c8..75f3c544ec 100644 --- a/tests/http/test_protocol_handler.py +++ b/tests/http/test_protocol_handler.py @@ -174,8 +174,7 @@ def test_proxy_authentication_failed( self._conn = mock_fromfd.return_value self.mock_selector_for_client_read(mock_selector) flags = Flags( - auth_code=b'Basic %s' % - base64.b64encode(b'user:pass')) + auth_code=base64.b64encode(b'user:pass')) flags.plugins = Proxy.load_plugins([ b'proxy.http.proxy.HttpProxyPlugin', b'proxy.http.server.HttpWebServerPlugin', @@ -208,8 +207,7 @@ def test_authenticated_proxy_http_get( server.buffer_size.return_value = 0 flags = Flags( - auth_code=b'Basic %s' % - base64.b64encode(b'user:pass')) + auth_code=base64.b64encode(b'user:pass')) flags.plugins = Proxy.load_plugins([ b'proxy.http.proxy.HttpProxyPlugin', b'proxy.http.server.HttpWebServerPlugin', @@ -258,8 +256,7 @@ def test_authenticated_proxy_http_tunnel( mock_selector, server) flags = Flags( - auth_code=b'Basic %s' % - base64.b64encode(b'user:pass')) + auth_code=base64.b64encode(b'user:pass')) flags.plugins = Proxy.load_plugins([ b'proxy.http.proxy.HttpProxyPlugin', b'proxy.http.server.HttpWebServerPlugin' diff --git a/tests/test_main.py b/tests/test_main.py index b9b5651aae..1f0d7ebbc7 100644 --- a/tests/test_main.py +++ b/tests/test_main.py @@ -138,7 +138,7 @@ def test_basic_auth( mock_acceptor_pool.assert_called_once() self.assertEqual( flgs.auth_code, - b'Basic dXNlcjpwYXNz') + b'dXNlcjpwYXNz') @mock.patch('time.sleep') @mock.patch('builtins.print')