-
-
Notifications
You must be signed in to change notification settings - Fork 2.1k
Fix http/s proxy authentication with long username/passwords #16504
Conversation
I'm not sure if the changelog change should be squashed with the actual change or not, please advise. |
It doesn't matter, we squash merge anyway. So don't bother. |
i will apply what the lint said and force push |
446f012
to
4f69a64
Compare
Took me a while, sorry about that :) it's faster than trying to get the infra working on NixOS |
Introduced in #10475 |
The following patch adds a test case which reproduces the issue. Could you apply it and include it as part of this PR? From 5fe76b9434e22bb752c252dd9c66c3c2bfb90dfc Mon Sep 17 00:00:00 2001
From: David Robertson <[email protected]>
Date: Mon, 23 Oct 2023 19:21:23 +0100
Subject: [PATCH] Add test case to detect dodgy b64 encoding
---
tests/http/test_proxyagent.py | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/tests/http/test_proxyagent.py b/tests/http/test_proxyagent.py
index 8164b0b78e..b48c2c293a 100644
--- a/tests/http/test_proxyagent.py
+++ b/tests/http/test_proxyagent.py
@@ -217,6 +217,20 @@ def test_parse_proxy(
)
+class TestBasicProxyCredentials(TestCase):
+ def test_long_user_pass_string_encoded_without_newlines(self) -> None:
+ """Reproduces https://github.com/matrix-org/synapse/pull/16504."""
+ creds = BasicProxyCredentials(
+ b"looooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooonguser:[email protected]:9988"
+ )
+ auth_value = creds.as_proxy_authorization_value()
+ self.assertNotIn(b"\n", auth_value)
+ self.assertEqual(
+ creds.as_proxy_authorization_value(),
+ b"Basic: bG9vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vbmd1c2VyOnBhc3M=",
+ )
+
+
class MatrixFederationAgentTests(TestCase):
def setUp(self) -> None:
self.reactor = ThreadedMemoryReactorClock()
--
2.41.0 |
Signed-off-by: magic_rb <[email protected]>
4f69a64
to
47861e9
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems reasonable to me.
Hmm. That test is failing and I don't know why. |
Oh, it's because I passed the entire auth string into the credentials constructor, rather than just the username:password. I'll fix. |
Thank you! 🎉 |
Pull Request Checklist
EventStore
toEventWorkerStore
.".code blocks
.(run the linters)