From 100391fdb79b1416f04d829b498daaf2548b5276 Mon Sep 17 00:00:00 2001 From: Darien Raymond Date: Sat, 28 Oct 2017 14:25:22 +0200 Subject: [PATCH] fix http basic auth. fix #659 --- proxy/http/server.go | 20 +++++++++++++++++++- testing/scenarios/http_test.go | 10 ++++++++-- 2 files changed, 27 insertions(+), 3 deletions(-) diff --git a/proxy/http/server.go b/proxy/http/server.go index bceef6a71..e5a0a10aa 100644 --- a/proxy/http/server.go +++ b/proxy/http/server.go @@ -3,6 +3,7 @@ package http import ( "bufio" "context" + "encoding/base64" "io" "net/http" "runtime" @@ -69,6 +70,23 @@ func isTimeout(err error) bool { return ok && nerr.Timeout() } +func parseBasicAuth(auth string) (username, password string, ok bool) { + const prefix = "Basic " + if !strings.HasPrefix(auth, prefix) { + return + } + c, err := base64.StdEncoding.DecodeString(auth[len(prefix):]) + if err != nil { + return + } + cs := string(c) + s := strings.IndexByte(cs, ':') + if s < 0 { + return + } + return cs[:s], cs[s+1:], true +} + func (s *Server) Process(ctx context.Context, network net.Network, conn internet.Connection, dispatcher dispatcher.Interface) error { reader := bufio.NewReaderSize(conn, 2048) @@ -85,7 +103,7 @@ Start: } if len(s.config.Accounts) > 0 { - user, pass, ok := request.BasicAuth() + user, pass, ok := parseBasicAuth(request.Header.Get("Proxy-Authorization")) if !ok || !s.config.HasAccount(user, pass) { _, err := conn.Write([]byte("HTTP/1.1 401 UNAUTHORIZED\r\n\r\n")) return err diff --git a/testing/scenarios/http_test.go b/testing/scenarios/http_test.go index fbd12dfbe..d92d99f70 100644 --- a/testing/scenarios/http_test.go +++ b/testing/scenarios/http_test.go @@ -73,6 +73,12 @@ func TestHttpConformance(t *testing.T) { CloseAllServers(servers) } +func setProxyBasicAuth(req *http.Request, user, pass string) { + req.SetBasicAuth(user, pass) + req.Header.Set("Proxy-Authorization", req.Header.Get("Authorization")) + req.Header.Del("Authorization") +} + func TestHttpBasicAuth(t *testing.T) { assert := With(t) @@ -131,7 +137,7 @@ func TestHttpBasicAuth(t *testing.T) { req, err := http.NewRequest("GET", "http://127.0.0.1:"+httpServerPort.String(), nil) assert(err, IsNil) - req.SetBasicAuth("a", "c") + setProxyBasicAuth(req, "a", "c") resp, err := client.Do(req) assert(err, IsNil) assert(resp.StatusCode, Equals, 401) @@ -141,7 +147,7 @@ func TestHttpBasicAuth(t *testing.T) { req, err := http.NewRequest("GET", "http://127.0.0.1:"+httpServerPort.String(), nil) assert(err, IsNil) - req.SetBasicAuth("a", "b") + setProxyBasicAuth(req, "a", "b") resp, err := client.Do(req) assert(err, IsNil) assert(resp.StatusCode, Equals, 200)