net/tshttpproxy: support HTTP proxy environment credentials on Windows too

and some minor style nits. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2025-02-18 02:48:40 +00:00 · 2021-02-17 21:23:39 -08:00 · 2021-02-17 21:23:39 -08:00 · 6a2c6541da
commit 6a2c6541da
parent 96a488e37e
2 changed files with 18 additions and 16 deletions
--- a/net/tshttpproxy/tshttpproxy.go
+++ b/net/tshttpproxy/tshttpproxy.go
@ -71,10 +71,6 @@ func GetAuthHeader(u *url.URL) (string, error) {
 	if fake := os.Getenv("TS_DEBUG_FAKE_PROXY_AUTH"); fake != "" {
 		return fake, nil
 	}
-	if sysAuthHeader != nil {
-		return sysAuthHeader(u)
-	}
-
 	if user := u.User.Username(); user != "" {
 		pass, ok := u.User.Password()
 		if !ok {
@ -85,7 +81,9 @@ func GetAuthHeader(u *url.URL) (string, error) {
 		req.SetBasicAuth(user, pass)
 		return req.Header.Get("Authorization"), nil
 	}
-
+	if sysAuthHeader != nil {
+		return sysAuthHeader(u)
+	}
 	return "", nil
 }

--- a/net/tshttpproxy/tshttpproxy_test.go
+++ b/net/tshttpproxy/tshttpproxy_test.go
@ -2,48 +2,52 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.

-// +build !windows
-
 package tshttpproxy

 import (
 	"net/url"
+	"runtime"
+	"strings"
 	"testing"
 )

 func TestGetAuthHeaderNoResult(t *testing.T) {
-	const proxyURL = `http://127.0.0.1:38274`
+	const proxyURL = "http://127.0.0.1:38274"

 	u, err := url.Parse(proxyURL)
 	if err != nil {
 		t.Fatalf("can't parse %q: %v", proxyURL, err)
 	}

-	ahval, err := GetAuthHeader(u)
+	got, err := GetAuthHeader(u)
 	if err != nil {
 		t.Fatalf("can't get auth header value: %v", err)
 	}

-	if ahval != "" {
-		t.Fatalf("wanted auth header value to be empty, got: %q", ahval)
+	if runtime.GOOS == "windows" && strings.HasPrefix(got, "Negotiate") {
+		t.Logf("didn't get empty result, but got acceptable Windows Negotiate header")
+		return
+	}
+	if got != "" {
+		t.Fatalf("GetAuthHeader(%q) = %q; want empty string", proxyURL, got)
 	}
 }

 func TestGetAuthHeaderBasicAuth(t *testing.T) {
-	const proxyURL = `http://user:password@127.0.0.1:38274`
-	const expect = `Basic dXNlcjpwYXNzd29yZA==`
+	const proxyURL = "http://user:password@127.0.0.1:38274"
+	const want = "Basic dXNlcjpwYXNzd29yZA=="

 	u, err := url.Parse(proxyURL)
 	if err != nil {
 		t.Fatalf("can't parse %q: %v", proxyURL, err)
 	}

-	ahval, err := GetAuthHeader(u)
+	got, err := GetAuthHeader(u)
 	if err != nil {
 		t.Fatalf("can't get auth header value: %v", err)
 	}

-	if ahval != expect {
-		t.Fatalf("wrong auth header value: want: %q, got: %q", expect, ahval)
+	if got != want {
+		t.Fatalf("GetAuthHeader(%q) = %q; want %q", proxyURL, got, want)
 	}
 }