Merge pull request #296 from pusher/fix-basic-auth-and-proxy

igrigorik · igrigorik · commit 0502cbca9a8c · 2016-05-07T09:14:25.000-07:00
Fix basic auth and proxy
diff --git a/lib/em-http/http_encoding.rb b/lib/em-http/http_encoding.rb
@@ -53,7 +53,12 @@ def encode_request(method, uri, query, connopts)
       # uri in request header, as opposed to a relative path.
       # Don't modify the header with CONNECT proxies. It's unneeded and will
       # cause 400 Bad Request errors with many standard setups.
-      query = uri.join(query) if connopts.proxy && !connopts.connect_proxy?
+      if connopts.proxy && !connopts.connect_proxy?
+        query = uri.join(query)
+        # Drop the userinfo, it's been converted to a header and won't be
+        # accepted by the proxy
+        query.userinfo = nil
+      end
 
       HTTP_REQUEST_HEADER % [method.to_s.upcase, query]
     end
diff --git a/spec/http_proxy_spec.rb b/spec/http_proxy_spec.rb
@@ -52,6 +52,23 @@
       }
     end
 
+    it "should strip basic auth from before the host in URI sent to proxy" do
+      EventMachine.run {
+
+        http = EventMachine::HttpRequest.new('http://user:pass@127.0.0.1:8090/echo_authorization_header', proxy).get
+
+        http.errback { failed(http) }
+        http.callback {
+          http.response_header.status.should == 200
+          # The test proxy server gives the requested uri back in this header
+          http.response_header['X_THE_REQUESTED_URI'].should == 'http://127.0.0.1:8090/echo_authorization_header'
+          # Ensure the basic auth was converted to a header correctly
+          http.response.should match('authorization:Basic dXNlcjpwYXNz')
+          EventMachine.stop
+        }
+      }
+    end
+
     it "should include query parameters specified in the options" do
       EventMachine.run {
         http = EventMachine::HttpRequest.new('http://127.0.0.1:8090/', proxy).get :query => { 'q' => 'test' }
diff --git a/spec/stallion.rb b/spec/stallion.rb
@@ -17,7 +17,7 @@ def ride
 
     def match?(request)
       method = request['REQUEST_METHOD']
-      right_method = @methods.empty? or @methods.include?(method)
+      @methods.empty? or @methods.include?(method)
     end
   end
 
@@ -36,7 +36,7 @@ def in(path, *methods, &block)
 
     def call(request, response)
       @request, @response = request, response
-      @boxes.each do |(path, methods), mount|
+      @boxes.each do |_, mount|
         if mount.match?(request)
           mount.ride
         end
@@ -96,6 +96,9 @@ def self.call(env)
     elsif stable.request.path_info == '/echo_content_length_from_header'
       stable.response.write "content-length:#{stable.request.env["CONTENT_LENGTH"]}"
 
+    elsif stable.request.path_info == '/echo_authorization_header'
+      stable.response.write "authorization:#{stable.request.env["HTTP_AUTHORIZATION"]}"
+
     elsif stable.request.head? && stable.request.path_info == '/'
       stable.response.status = 200
 
