From 35ac213a7dfe88f7d074be417608ed30bd2df67a Mon Sep 17 00:00:00 2001 From: dgtlmoon Date: Mon, 19 Dec 2022 19:40:16 +0100 Subject: [PATCH] Adding auth check --- changedetectionio/run_proxy_tests.sh | 11 +++-- .../tests/proxy_list/squid-auth.conf | 48 +++++++++++++++++++ .../tests/proxy_list/squid-passwords.txt | 1 + .../proxy_list/test_select_custom_proxy.py | 7 ++- 4 files changed, 63 insertions(+), 4 deletions(-) create mode 100644 changedetectionio/tests/proxy_list/squid-auth.conf create mode 100644 changedetectionio/tests/proxy_list/squid-passwords.txt diff --git a/changedetectionio/run_proxy_tests.sh b/changedetectionio/run_proxy_tests.sh index 22551aa4..a7ac8805 100755 --- a/changedetectionio/run_proxy_tests.sh +++ b/changedetectionio/run_proxy_tests.sh @@ -9,8 +9,13 @@ docker run --network changedet-network -d --name squid-one --hostname squid-one docker run --network changedet-network -d --name squid-two --hostname squid-two --rm -v `pwd`/tests/proxy_list/squid.conf:/etc/squid/conf.d/debian.conf ubuntu/squid:4.13-21.10_edge # Used for configuring a custom proxy URL via the UI -# @todo maybe test with auth config too? -docker run --network changedet-network -d --name squid-custom --hostname squid-squid-custom --rm -v `pwd`/tests/proxy_list/squid.conf:/etc/squid/conf.d/debian.conf ubuntu/squid:4.13-21.10_edge +docker run --network changedet-network -d \ + --name squid-custom \ + --hostname squid-squid-custom \ + --rm \ + -v `pwd`/tests/proxy_list/squid-auth.conf:/etc/squid/conf.d/debian.conf \ + -v `pwd`/tests/proxy_list/squid-passwords.txt:/etc/squid3/passwords \ + ubuntu/squid:4.13-21.10_edge ## 2nd test actually choose the preferred proxy from proxies.json @@ -49,6 +54,6 @@ docker run --network changedet-network \ docker logs squid-custom 2>/dev/null|grep "TCP_TUNNEL.200.*changedetection.io" if [ $? -ne 0 ] then - echo "Did not see a request to chosen.changedetection.io in the squid logs (while checking preferred proxy - squid two)" + echo "Did not see a valid request to changedetection.io in the squid logs (while checking preferred proxy - squid two)" exit 1 fi diff --git a/changedetectionio/tests/proxy_list/squid-auth.conf b/changedetectionio/tests/proxy_list/squid-auth.conf new file mode 100644 index 00000000..2f6d9905 --- /dev/null +++ b/changedetectionio/tests/proxy_list/squid-auth.conf @@ -0,0 +1,48 @@ +acl localnet src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN) +acl localnet src 10.0.0.0/8 # RFC 1918 local private network (LAN) +acl localnet src 100.64.0.0/10 # RFC 6598 shared address space (CGN) +acl localnet src 169.254.0.0/16 # RFC 3927 link-local (directly plugged) machines +acl localnet src 172.16.0.0/12 # RFC 1918 local private network (LAN) +acl localnet src 192.168.0.0/16 # RFC 1918 local private network (LAN) +acl localnet src fc00::/7 # RFC 4193 local private network range +acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines +acl localnet src 159.65.224.174 +acl SSL_ports port 443 +acl Safe_ports port 80 # http +acl Safe_ports port 21 # ftp +acl Safe_ports port 443 # https +acl Safe_ports port 70 # gopher +acl Safe_ports port 210 # wais +acl Safe_ports port 1025-65535 # unregistered ports +acl Safe_ports port 280 # http-mgmt +acl Safe_ports port 488 # gss-http +acl Safe_ports port 591 # filemaker +acl Safe_ports port 777 # multiling http +acl CONNECT method CONNECT + +http_access deny !Safe_ports +http_access deny CONNECT !SSL_ports +#http_access allow localhost manager +http_access deny manager +#http_access allow localhost +#http_access allow localnet + +auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid3/passwords +auth_param basic realm proxy +acl authenticated proxy_auth REQUIRED +http_access allow authenticated +http_access deny all + + +http_port 3128 +coredump_dir /var/spool/squid +refresh_pattern ^ftp: 1440 20% 10080 +refresh_pattern ^gopher: 1440 0% 1440 +refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 +refresh_pattern \/(Packages|Sources)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims +refresh_pattern \/Release(|\.gpg)$ 0 0% 0 refresh-ims +refresh_pattern \/InRelease$ 0 0% 0 refresh-ims +refresh_pattern \/(Translation-.*)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims +refresh_pattern . 0 20% 4320 +logfile_rotate 0 + diff --git a/changedetectionio/tests/proxy_list/squid-passwords.txt b/changedetectionio/tests/proxy_list/squid-passwords.txt new file mode 100644 index 00000000..357aa81a --- /dev/null +++ b/changedetectionio/tests/proxy_list/squid-passwords.txt @@ -0,0 +1 @@ +test:$apr1$xvhFolTA$E/kz5/Rw1ewcyaSUdwqZs. diff --git a/changedetectionio/tests/proxy_list/test_select_custom_proxy.py b/changedetectionio/tests/proxy_list/test_select_custom_proxy.py index f9d31a0d..0628f3b1 100644 --- a/changedetectionio/tests/proxy_list/test_select_custom_proxy.py +++ b/changedetectionio/tests/proxy_list/test_select_custom_proxy.py @@ -16,7 +16,8 @@ def test_select_custom(client, live_server): "application-ignore_whitespace": "y", "application-fetch_backend": "html_requests", "requests-extra_proxies-0-proxy_name": "custom-test-proxy", - "requests-extra_proxies-0-proxy_url": "http://squid-custom:3128", + # test:awesome is set in tests/proxy_list/squid-passwords.txt + "requests-extra_proxies-0-proxy_url": "http://test:awesome@squid-custom:3128", }, follow_redirects=True ) @@ -34,5 +35,9 @@ def test_select_custom(client, live_server): assert b"1 Imported" in res.data wait_for_all_checks(client) + res = client.get(url_for("index")) + assert b'Proxy Authentication Required' not in res.data + + # # Now we should see the request in the container logs for "squid-squid-custom" because it will be the only default