s3cmd icon indicating copy to clipboard operation
s3cmd copied to clipboard

Published 20 hours ago verified publisher icon s3tools

Add support for authenticated proxies

Open mikoim opened this issue 4 years ago • 3 comments

This PR allows s3cmd to use an authenticated proxy server. fix #1128

Changed behavior

  • proxy_host accepts username and password (e.g., proxy_host = username:password@hostname)
  • s3cmd --configure can handle a credential from environment variable http_proxy or https_proxy (if use_https = True)

TODO

  • [x] use_https = True -> Set Proxy-Authenticate header via HTTPConnection.set_tunnel()
  • [ ] use_https = False -> Need help
  • [ ] replace split() with urlparse() https://github.com/s3tools/s3cmd/pull/1129/files#diff-a33e8f45f499529c23e3ee67788fb744R237-R238

mikoim avatar Sep 03 '20 09:09 mikoim

Thank you for your contribution! Here are my suggestions for a few improvements:

  • don't use encode/decode but, "deunicodise_s" and "unicodise_s" from Utils. And so, there will be no need to specify the encoding. (as there is no issue to decode ascii with utf-8).

  • Instead of creating new config entries for proxy_username, proxy_password, it would be better to reuse the proxy_host entry so, configuration is not changed. the id would be to support a syntax like: proxy_host = login:pass@myhost For that, nothing special to do, just at the time of usage, you have 2 choices:

    • Just detect the @ in proxy_host and split by @ and : to extract login/pass/host.

    • Use urlparse to extract the info.

  • For use_https = False, it looks like that there is no nice way to do that, but I'm still thinking about it.

fviard avatar Sep 08 '20 10:09 fviard

@fviard Thank you for your advice. For backward-compatibility, proxy_host and proxy_port should be kept, but I guess that the format "login:pass@myhost" is not common. How about introducing new parameter like a proxy_url, which supports "schema://username:password@host:port/"?

mikoim avatar Sep 15 '20 10:09 mikoim

Thank your for your update and sorry for the long delay of my reply, sadly it was a very busy month :-s

@fviard Thank you for your advice. For backward-compatibility, proxy_host and proxy_port should be kept, but I guess that the format "login:pass@myhost" is not common. How about introducing new parameter like a proxy_url, which supports "schema://username:password@host:port/"?

Your point makes sense, but I'm a little bit reluctant to add a new option because of the confusion that it would induce. (As I think that s3cmd is already a little bit scary as it has a lot of options) And we would have still to support the proxy_host/proxy_port option for a long time for backward compatibility.

But something that could be done, I think, is to already accept url with that pattern in proxy_host. Like, if there is a port in proxy_host, it overrides proxy_port.

fviard avatar Oct 12 '20 00:10 fviard