Skip to content

Support proxy authentication if proxy URL contains username/password #14

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jun 11, 2017
Merged

Support proxy authentication if proxy URL contains username/password #14

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 30 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ Async HTTP CONNECT proxy connector, use any TCP/IP protocol through an HTTP prox
* [Secure TLS connections](#secure-tls-connections)
* [Connection timeout](#connection-timeout)
* [DNS resolution](#dns-resolution)
* [Authentication](#authentication)
* [Advanced secure proxy connections](#advanced-secure-proxy-connections)
* [Install](#install)
* [Tests](#tests)
Expand Down Expand Up @@ -267,6 +268,35 @@ $connector = Connector($loop, array(
> Also note how local DNS resolution is in fact entirely handled outside of this
HTTP CONNECT client implementation.

#### Authentication

If your HTTP proxy server requires authentication, you may pass the username and
password as part of the HTTP proxy URL like this:

```php
$proxy = new ProxyConnector('http://user:pass@127.0.0.1:8080', $connector);
```

Note that both the username and password must be percent-encoded if they contain
special characters:

```php
$user = 'he:llo';
$pass = 'p@ss';

$proxy = new ProxyConnector(
rawurlencode($user) . ':' . rawurlencode($pass) . '@127.0.0.1:8080',
$connector
);
```

> The authentication details will be used for basic authentication and will be
transferred in the `Proxy-Authorization` HTTP request header for each
connection attempt.
If the authentication details are missing or not accepted by the remote HTTP
proxy server, it is expected to reject each connection attempt with a
`407` (Proxy Authentication Required) response status code.

#### Advanced secure proxy connections

Note that communication between the client and the proxy is usually via an
Expand Down
14 changes: 12 additions & 2 deletions src/ProxyConnector.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ class ProxyConnector implements ConnectorInterface
{
private $connector;
private $proxyUri;
private $proxyAuth = '';

/**
* Instantiate a new ProxyConnector which uses the given $proxyUrl
Expand Down Expand Up @@ -73,6 +74,13 @@ public function __construct($proxyUrl, ConnectorInterface $connector)

$this->connector = $connector;
$this->proxyUri = $parts['scheme'] . '://' . $parts['host'] . ':' . $parts['port'];

// prepare Proxy-Authorization header if URI contains username/password
if (isset($parts['user']) || isset($parts['pass'])) {
$this->proxyAuth = 'Proxy-Authorization: Basic ' . base64_encode(
rawurldecode($parts['user'] . ':' . (isset($parts['pass']) ? $parts['pass'] : ''))
) . "\r\n";
}
}

public function connect($uri)
Expand Down Expand Up @@ -116,7 +124,9 @@ public function connect($uri)
$proxyUri .= '#' . $parts['fragment'];
}

return $this->connector->connect($proxyUri)->then(function (ConnectionInterface $stream) use ($host, $port) {
$auth = $this->proxyAuth;

return $this->connector->connect($proxyUri)->then(function (ConnectionInterface $stream) use ($host, $port, $auth) {
$deferred = new Deferred(function ($_, $reject) use ($stream) {
$reject(new RuntimeException('Operation canceled while waiting for response from proxy'));
$stream->close();
Expand Down Expand Up @@ -176,7 +186,7 @@ public function connect($uri)
$deferred->reject(new RuntimeException('Connection to proxy lost while waiting for response'));
});

$stream->write("CONNECT " . $host . ":" . $port . " HTTP/1.1\r\nHost: " . $host . ":" . $port . "\r\n\r\n");
$stream->write("CONNECT " . $host . ":" . $port . " HTTP/1.1\r\nHost: " . $host . ":" . $port . "\r\n" . $auth . "\r\n");

return $deferred->promise();
});
Expand Down
44 changes: 43 additions & 1 deletion tests/ProxyConnectorTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,7 @@ public function testCancelPromiseWillCancelPendingConnection()
public function testWillWriteToOpenConnection()
{
$stream = $this->getMockBuilder('React\Socket\Connection')->disableOriginalConstructor()->setMethods(array('close', 'write'))->getMock();
$stream->expects($this->once())->method('write');
$stream->expects($this->once())->method('write')->with("CONNECT google.com:80 HTTP/1.1\r\nHost: google.com:80\r\n\r\n");

$promise = \React\Promise\resolve($stream);
$this->connector->expects($this->once())->method('connect')->willReturn($promise);
Expand All @@ -98,6 +98,48 @@ public function testWillWriteToOpenConnection()
$proxy->connect('google.com:80');
}

public function testWillProxyAuthorizationHeaderIfProxyUriContainsAuthentication()
{
$stream = $this->getMockBuilder('React\Socket\Connection')->disableOriginalConstructor()->setMethods(array('close', 'write'))->getMock();
$stream->expects($this->once())->method('write')->with("CONNECT google.com:80 HTTP/1.1\r\nHost: google.com:80\r\nProxy-Authorization: Basic dXNlcjpwYXNz\r\n\r\n");

$promise = \React\Promise\resolve($stream);
$this->connector->expects($this->once())->method('connect')->willReturn($promise);

$proxy = new ProxyConnector('user:pass@proxy.example.com', $this->connector);

$proxy->connect('google.com:80');
}

public function testWillProxyAuthorizationHeaderIfProxyUriContainsOnlyUsernameWithoutPassword()
{
$stream = $this->getMockBuilder('React\Socket\Connection')->disableOriginalConstructor()->setMethods(array('close', 'write'))->getMock();
$stream->expects($this->once())->method('write')->with("CONNECT google.com:80 HTTP/1.1\r\nHost: google.com:80\r\nProxy-Authorization: Basic dXNlcjo=\r\n\r\n");

$promise = \React\Promise\resolve($stream);
$this->connector->expects($this->once())->method('connect')->willReturn($promise);

$proxy = new ProxyConnector('user@proxy.example.com', $this->connector);

$proxy->connect('google.com:80');
}

public function testWillProxyAuthorizationHeaderIfProxyUriContainsAuthenticationWithPercentEncoding()
{
$user = 'h@llÖ';
$pass = '%secret?';

$stream = $this->getMockBuilder('React\Socket\Connection')->disableOriginalConstructor()->setMethods(array('close', 'write'))->getMock();
$stream->expects($this->once())->method('write')->with("CONNECT google.com:80 HTTP/1.1\r\nHost: google.com:80\r\nProxy-Authorization: Basic " . base64_encode($user . ':' . $pass) . "\r\n\r\n");

$promise = \React\Promise\resolve($stream);
$this->connector->expects($this->once())->method('connect')->willReturn($promise);

$proxy = new ProxyConnector(rawurlencode($user) . ':' . rawurlencode($pass) . '@proxy.example.com', $this->connector);

$proxy->connect('google.com:80');
}

public function testRejectsInvalidUri()
{
$this->connector->expects($this->never())->method('connect');
Expand Down