From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH] fireinfo: support upstream proxy with authentication Date: Mon, 29 Oct 2018 13:32:06 +0000 Message-ID: <012244772b10b32fb8751ec45f44368cb0d6caf5.camel@ipfire.org> In-Reply-To: <20181027142016.5402-1-peter.mueller@link38.eu> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2143604435772824142==" List-Id: --===============2143604435772824142== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi, On Sat, 2018-10-27 at 16:20 +0200, Peter M=C3=BCller wrote: > Fireinfo could not send its profile to https://fireinfo.ipfire.org/ > if the machine is behind an upstream proxy which requires username > and password. This is fixed by tweaking urllib2's opening handler. >=20 > To apply this on existing installations, the fireinfo package > needs to be shipped during an update. >=20 > Fixes #11905 >=20 > Signed-off-by: Peter M=C3=BCller > --- > src/sendprofile | 11 +++++++++-- > 1 file changed, 9 insertions(+), 2 deletions(-) > mode change 100644 =3D> 100755 src/sendprofile >=20 > diff --git a/src/sendprofile b/src/sendprofile > old mode 100644 > new mode 100755 > index b836567..8c0603f > --- a/src/sendprofile > +++ b/src/sendprofile > @@ -73,10 +73,17 @@ def send_profile(profile): > request.add_header("User-Agent", "fireinfo/%s" % fireinfo.__version__) > =20 > # Set upstream proxy if we have one. > - # XXX this cannot handle authentication > proxy =3D get_upstream_proxy() > + > if proxy["host"]: > - request.set_proxy(proxy["host"], "http") > + # handling upstream proxies with authentication is more > tricky... The commented line is indented with spaces whereas everything else is using tabs. Python doesn't like this to be mixed. > + if proxy["user"] and proxy["pass"]: > + proxy_handler =3D urllib2.ProxyHandler({'https': ' > http://' + proxy["user"] + ':' + proxy["pass"] + '@' + proxy["host"] + '/'}) I am not a fan of formatting strings like this, because I find it hard to rea= d, and this doesn't work when one of the variables isn't a string. > + auth =3D urllib2.HTTPBasicAuthHandler() > + opener =3D urllib2.build_opener(proxy_handler, auth, > urllib2.HTTPHandler) > + urllib2.install_opener(opener) > + else: > + request.set_proxy(proxy["host"], "https") Why does this patch remove the proxy for HTTP without mentioning it? I know t= hat we only send requests via HTTPS now, but I think generally this should be configured just in case. > try: > urllib2.urlopen(request, timeout=3D60) -Michael --===============2143604435772824142==--