httpx 0.19.8 → 0.20.0

data/lib/httpx/plugins/ntlm_authentication.rb

@@ -5,13 +5,10 @@ module HTTPX
     #
     # https://gitlab.com/honeyryderchuck/httpx/wikis/Authentication#ntlm-authentication
     #
-    module NTLMAuthentication
-      NTLMParams = Struct.new(:user, :domain, :password)
-
+    module NTLMAuth
       class << self
         def load_dependencies(_klass)
-          require "base64"
-          require "ntlm"
+          require_relative "authentication/ntlm"
         end
 
         def extra_options(options)
@@ -21,7 +18,7 @@ module HTTPX
 
       module OptionsMethods
         def option_ntlm(value)
-          raise TypeError, ":ntlm must be a #{NTLMParams}" unless value.is_a?(NTLMParams)
+          raise TypeError, ":ntlm must be a #{Authentication::Ntlm}" unless value.is_a?(Authentication::Ntlm)
 
           value
         end
@@ -29,7 +26,7 @@ module HTTPX
 
       module InstanceMethods
         def ntlm_authentication(user, password, domain = nil)
-          with(ntlm: NTLMParams.new(user, domain, password))
+          with(ntlm: Authentication::Ntlm.new(user, password, domain: domain))
         end
 
         alias_method :ntlm_auth, :ntlm_authentication
@@ -39,19 +36,12 @@ module HTTPX
             ntlm = request.options.ntlm
 
             if ntlm
-              request.headers["authorization"] = "NTLM #{NTLM.negotiate(domain: ntlm.domain).to_base64}"
+              request.headers["authorization"] = ntlm.negotiate
               probe_response = wrap { super(request).first }
 
-              if !probe_response.is_a?(ErrorResponse) && probe_response.status == 401 &&
-                 probe_response.headers.key?("www-authenticate") &&
-                 (challenge = probe_response.headers["www-authenticate"][/NTLM (.*)/, 1])
-
-                challenge = Base64.decode64(challenge)
-                ntlm_challenge = NTLM.authenticate(challenge, ntlm.user, ntlm.domain, ntlm.password).to_base64
-
+              if probe_response.status == 401 && ntlm.can_authenticate?(probe_response.headers["www-authenticate"])
                 request.transition(:idle)
-
-                request.headers["authorization"] = "NTLM #{ntlm_challenge}"
+                request.headers["authorization"] = ntlm.authenticate(request, probe_response.headers["www-authenticate"])
                 super(request)
               else
                 probe_response
@@ -63,6 +53,6 @@ module HTTPX
         end
       end
     end
-    register_plugin :ntlm_authentication, NTLMAuthentication
+    register_plugin :ntlm_authentication, NTLMAuth
   end
 end

data/lib/httpx/plugins/proxy/http.rb

@@ -6,6 +6,42 @@ module HTTPX
   module Plugins
     module Proxy
       module HTTP
+        module InstanceMethods
+          def with_proxy_basic_auth(opts)
+            with(proxy: opts.merge(scheme: "basic"))
+          end
+
+          def with_proxy_digest_auth(opts)
+            with(proxy: opts.merge(scheme: "digest"))
+          end
+
+          def with_proxy_ntlm_auth(opts)
+            with(proxy: opts.merge(scheme: "ntlm"))
+          end
+
+          def fetch_response(request, connections, options)
+            response = super
+
+            if response &&
+               response.status == 407 &&
+               !request.headers.key?("proxy-authorization") &&
+               response.headers.key?("proxy-authenticate")
+
+              connection = find_connection(request, connections, options)
+
+              if connection.options.proxy.can_authenticate?(response.headers["proxy-authenticate"])
+                request.transition(:idle)
+                request.headers["proxy-authorization"] =
+                  connection.options.proxy.authenticate(request, response.headers["proxy-authenticate"])
+                connection.send(request)
+                return
+              end
+            end
+
+            response
+          end
+        end
+
         module ConnectionMethods
           def connecting?
             super || @state == :connecting || @state == :connected
@@ -23,11 +59,27 @@ module HTTPX
               @io.connect
               return unless @io.connected?
 
-              @parser = registry(@io.protocol).new(@write_buffer, @options.merge(max_concurrent_requests: 1))
-              @parser.extend(ProxyParser)
-              @parser.once(:response, &method(:__http_on_connect))
-              @parser.on(:close) { transition(:closing) }
-              __http_proxy_connect
+              @parser || begin
+                @parser = registry(@io.protocol).new(@write_buffer, @options.merge(max_concurrent_requests: 1))
+                parser = @parser
+                parser.extend(ProxyParser)
+                parser.on(:response, &method(:__http_on_connect))
+                parser.on(:close) { transition(:closing) }
+                parser.on(:reset) do
+                  if parser.empty?
+                    reset
+                  else
+                    transition(:closing)
+                    transition(:closed)
+                    emit(:reset)
+
+                    parser.reset if @parser
+                    transition(:idle)
+                    transition(:connecting)
+                  end
+                end
+                __http_proxy_connect(parser)
+              end
               return if @state == :connected
             when :connected
               return unless @state == :idle || @state == :connecting
@@ -44,13 +96,13 @@ module HTTPX
             super
           end
 
-          def __http_proxy_connect
+          def __http_proxy_connect(parser)
             req = @pending.first
-            # if the first request after CONNECT is to an https address, it is assumed that
-            # all requests in the queue are not only ALL HTTPS, but they also share the certificate,
-            # and therefore, will share the connection.
-            #
-            if req.uri.scheme == "https"
+            if req && req.uri.scheme == "https"
+              # if the first request after CONNECT is to an https address, it is assumed that
+              # all requests in the queue are not only ALL HTTPS, but they also share the certificate,
+              # and therefore, will share the connection.
+              #
               connect_request = ConnectRequest.new(req.uri, @options)
               @inflight += 1
               parser.send(connect_request)
@@ -59,7 +111,7 @@ module HTTPX
             end
           end
 
-          def __http_on_connect(_, response)
+          def __http_on_connect(request, response)
             @inflight -= 1
             if response.status == 200
               req = @pending.first
@@ -67,6 +119,14 @@ module HTTPX
               @io = ProxySSL.new(@io, request_uri, @options)
               transition(:connected)
               throw(:called)
+            elsif response.status == 407 &&
+                  !request.headers.key?("proxy-authorization") &&
+                  @options.proxy.can_authenticate?(response.headers["proxy-authenticate"])
+
+              request.transition(:idle)
+              request.headers["proxy-authorization"] = @options.proxy.authenticate(request, response.headers["proxy-authenticate"])
+              @parser.send(request)
+              @inflight += 1
             else
               pending = @pending + @parser.pending
               while (req = pending.shift)
@@ -88,7 +148,10 @@ module HTTPX
             extra_headers = super
 
             proxy_params = @options.proxy
-            extra_headers["proxy-authorization"] = "Basic #{proxy_params.token_authentication}" if proxy_params.authenticated?
+            if proxy_params.scheme == "basic"
+              # opt for basic auth
+              extra_headers["proxy-authorization"] = proxy_params.authenticate(extra_headers)
+            end
             extra_headers["proxy-connection"] = extra_headers.delete("connection") if extra_headers.key?("connection")
             extra_headers
           end

data/lib/httpx/plugins/proxy/socks5.rb

@@ -18,6 +18,10 @@ module HTTPX
 
         Error = Socks5Error
 
+        def self.load_dependencies(*)
+          require_relative "../authentication/socks5"
+        end
+
         module ConnectionMethods
           def call
             super
@@ -156,16 +160,14 @@ module HTTPX
 
           def negotiate(parameters)
             methods = [NOAUTH]
-            methods << PASSWD if parameters.authenticated?
+            methods << PASSWD if parameters.can_authenticate?
             methods.unshift(methods.size)
             methods.unshift(VERSION)
             methods.pack("C*")
           end
 
           def authenticate(parameters)
-            user = parameters.username
-            password = parameters.password
-            [0x01, user.bytesize, user, password.bytesize, password].pack("CCA*CA*")
+            parameters.authenticate
           end
 
           def connect(uri)

data/lib/httpx/plugins/proxy.rb

@@ -19,22 +19,43 @@ module HTTPX
       PROXY_ERRORS = [TimeoutError, IOError, SystemCallError, Error].freeze
 
       class Parameters
-        attr_reader :uri, :username, :password
+        attr_reader :uri, :username, :password, :scheme
 
-        def initialize(uri:, username: nil, password: nil)
+        def initialize(uri:, scheme: nil, username: nil, password: nil, **extra)
           @uri = uri.is_a?(URI::Generic) ? uri : URI(uri)
           @username = username || @uri.user
           @password = password || @uri.password
+
+          return unless @username && @password
+
+          scheme ||= case @uri.scheme
+                     when "socks5"
+                       @uri.scheme
+                     when "http", "https"
+                       "basic"
+                     else
+                       return
+          end
+
+          @scheme = scheme
+
+          auth_scheme = scheme.to_s.capitalize
+
+          require_relative "authentication/#{scheme}" unless defined?(Authentication) && Authentication.const_defined?(auth_scheme, false)
+
+          @authenticator = Authentication.const_get(auth_scheme).new(@username, @password, **extra)
         end
 
-        def authenticated?
-          @username && @password
+        def can_authenticate?(*args)
+          return false unless @authenticator
+
+          @authenticator.can_authenticate?(*args)
         end
 
-        def token_authentication
-          return unless authenticated?
+        def authenticate(*args)
+          return unless @authenticator
 
-          Base64.strict_encode64("#{@username}:#{@password}")
+          @authenticator.authenticate(*args)
         end
 
         def ==(other)
@@ -42,7 +63,8 @@ module HTTPX
           when Parameters
             @uri == other.uri &&
               @username == other.username &&
-              @password == other.password
+              @password == other.password &&
+              @scheme == other.scheme
           when URI::Generic, String
             proxy_uri = @uri.dup
             proxy_uri.user = @username

data/lib/httpx/plugins/response_cache/store.rb

@@ -37,6 +37,7 @@ module HTTPX::Plugins
             return unless request.headers.same_headers?(original_request.headers)
           else
             return unless vary.split(/ *, */).all? do |cache_field|
+              cache_field.downcase!
               !original_request.headers.key?(cache_field) || request.headers[cache_field] == original_request.headers[cache_field]
             end
           end

data/lib/httpx/request.rb

@@ -49,7 +49,9 @@ module HTTPX
         origin = @options.origin
         raise(Error, "invalid URI: #{@uri}") unless origin
 
-        @uri = origin.merge(@uri)
+        base_path = @options.base_path
+
+        @uri = origin.merge("#{base_path}#{@uri}")
       end
 
       raise(Error, "unknown method: #{verb}") unless METHODS.include?(@verb)

data/lib/httpx/session.rb

@@ -106,16 +106,21 @@ module HTTPX
     end
 
     def build_altsvc_connection(existing_connection, connections, alt_origin, origin, alt_params, options)
+      # do not allow security downgrades on altsvc negotiation
+      return if existing_connection.origin.scheme == "https" && alt_origin.scheme != "https"
+
       altsvc = AltSvc.cached_altsvc_set(origin, alt_params.merge("origin" => alt_origin))
 
       # altsvc already exists, somehow it wasn't advertised, probably noop
       return unless altsvc
 
-      connection = pool.find_connection(alt_origin, options) || build_connection(alt_origin, options)
+      alt_options = options.merge(ssl: options.ssl.merge(hostname: URI(origin).host))
+
+      connection = pool.find_connection(alt_origin, alt_options) || build_connection(alt_origin, alt_options)
       # advertised altsvc is the same origin being used, ignore
       return if connection == existing_connection
 
-      set_connection_callbacks(connection, connections, options)
+      set_connection_callbacks(connection, connections, alt_options)
 
       log(level: 1) { "#{origin} alt-svc: #{alt_origin}" }
 

data/lib/httpx/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module HTTPX
-  VERSION = "0.19.8"
+  VERSION = "0.20.0"
 end

data/sig/chainable.rbs

@@ -13,9 +13,9 @@ module HTTPX
             | (options) { (Session) -> void } -> void
 
     def plugin: (:authentication, ?options) -> Plugins::sessionAuthentication
-              | (:basic_authentication, ?options) -> Plugins::sessionBasicAuthentication
-              | (:digest_authentication, ?options) -> Plugins::sessionDigestAuthentication
-              | (:ntlm_authentication, ?options) -> Plugins::sessionNTLMAuthentication
+              | (:basic_authentication, ?options) -> Plugins::sessionBasicAuth
+              | (:digest_authentication, ?options) -> Plugins::sessionDigestAuth
+              | (:ntlm_authentication, ?options) -> Plugins::sessionNTLMAuth
               | (:aws_sdk_authentication, ?options) -> Plugins::sessionAwsSdkAuthentication
               | (:compression, ?options) -> Session
               | (:cookies, ?options) -> Plugins::sessionCookies
@@ -25,7 +25,7 @@ module HTTPX
               | (:h2c, ?options) -> Session
               | (:multipart, ?options) -> Session
               | (:persistent, ?options) -> Plugins::sessionPersistent
-              | (:proxy, ?options) -> Plugins::sessionProxy
+              | (:proxy, ?options) -> (Plugins::sessionProxy & Plugins::httpProxy)
               | (:push_promise, ?options) -> Plugins::sessionPushPromise
               | (:retries, ?options) -> Plugins::sessionRetries
               | (:rate_limiter, ?options) -> Session

data/sig/plugins/authentication/basic.rbs

@@ -0,0 +1,19 @@
+module HTTPX
+  module Plugins
+    module Authentication
+      class Basic
+        @user: String
+        @password: String
+
+        def can_authenticate?: (String? authenticate) -> boolish
+
+        def authenticate: (*untyped) -> String
+
+        private
+
+        def initialize: (string user, string password, *untyped) -> void
+
+      end
+    end
+  end
+end

data/sig/plugins/authentication/digest.rbs

@@ -0,0 +1,24 @@
+module HTTPX
+  module Plugins
+    module Authentication
+      class Digest
+        @user: String
+        @password: String
+
+        def can_authenticate?: (String? authenticate) -> boolish
+
+        def authenticate: (Request request, String authenticate) -> String
+
+        private
+
+        def generate_header: (String meth, String uri, String authenticate) -> String
+
+        def initialize: (string user, string password) -> void
+
+        def make_cnonce: () -> String
+
+        def next_nonce: () -> Integer
+      end
+    end
+  end
+end

data/sig/plugins/authentication/ntlm.rbs

@@ -0,0 +1,20 @@
+module HTTPX
+  module Plugins
+    module Authentication
+      class Ntlm
+        @user: String
+        @password: String
+        @domain: String?
+
+        def can_authenticate?: (String? authenticate) -> boolish
+
+        def authenticate: (Request request, String authenticate) -> String
+
+        private
+
+        def initialize: (string user, string password, ?domain: String?) -> void
+
+      end
+    end
+  end
+end

data/sig/plugins/authentication/socks5.rbs

@@ -0,0 +1,18 @@
+module HTTPX
+  module Plugins
+    module Authentication
+      class Socks5
+        @user: String
+        @password: String
+
+        def can_authenticate?: (*untyped) -> boolish
+
+        def authenticate: (*untyped) -> String
+
+        private
+
+        def initialize: (string user, string password) -> void
+      end
+    end
+  end
+end

data/sig/plugins/basic_authentication.rbs

@@ -1,6 +1,6 @@
 module HTTPX
   module Plugins
-    module BasicAuthentication
+    module BasicAuth
       def self.load_dependencies: (singleton(Session)) -> void
 
       def self.configure: (singleton(Session)) -> void
@@ -10,6 +10,6 @@ module HTTPX
       end
     end
 
-    type sessionBasicAuthentication = sessionAuthentication & Authentication::InstanceMethods & BasicAuthentication::InstanceMethods
+    type sessionBasicAuth = sessionAuthentication & Authentication::InstanceMethods & BasicAuth::InstanceMethods
   end
 end

data/sig/plugins/digest_authentication.rbs

@@ -1,10 +1,10 @@
 module HTTPX
   module Plugins
-    module DigestAuthentication
+    module DigestAuth
       DigestError: singleton(Error)
 
       interface _DigestOptions
-        def digest: () -> Digest?
+        def digest: () -> Authentication::Digest?
       end
 
       def self.extra_options: (Options) -> (Options & _DigestOptions)
@@ -14,18 +14,8 @@ module HTTPX
       module InstanceMethods
         def digest_authentication: (string user, string password) -> instance
       end
-
-      class Digest
-        def generate_header: (Request, Response, ?bool?) -> String
-
-        private
-
-        def initialize: (string user, string password) -> untyped
-        def make_cnonce: () -> String
-        def next_nonce: () -> Integer
-      end
     end
 
-    type sessionDigestAuthentication = sessionAuthentication & DigestAuthentication::InstanceMethods
+    type sessionDigestAuth = sessionAuthentication & DigestAuth::InstanceMethods
   end
 end

data/sig/plugins/ntlm_authentication.rbs

@@ -1,9 +1,9 @@
 module HTTPX
   module Plugins
-    module NTLMAuthentication
+    module NTLMAuth
 
       interface _NTLMOptions
-        def ntlm: () -> NTLMParams?
+        def ntlm: () -> Authentication::Ntlm?
       end
 
       def self.extra_options: (Options) -> (Options & _NTLMOptions)
@@ -14,13 +14,8 @@ module HTTPX
         def ntlm_authentication: (string user, string password, ?string? domain) -> instance
       end
 
-      class NTLMParams
-        attr_reader user: String
-        attr_reader password: String
-        attr_reader domain: String?
-      end
     end
 
-    type sessionNTLMAuthentication = sessionAuthentication & NTLMAuthentication::InstanceMethods
+    type sessionNTLMAuth = sessionAuthentication & NTLMAuth::InstanceMethods
   end
 end

data/sig/plugins/proxy/http.rbs

@@ -2,13 +2,23 @@ module HTTPX
   module Plugins
     module Proxy
       module HTTP
-      
+
+        module InstanceMethods
+          def with_proxy_basic_auth: (Hash[Symbol, untyped] opts) -> instance
+
+          def with_proxy_digest_auth: (Hash[Symbol, untyped] opts) -> instance
+
+          def with_proxy_ntlm_auth: (Hash[Symbol, untyped] opts) -> instance
+        end
+
         module ConnectionMethods
-          def __http_proxy_connect: () ->  void
+          def __http_proxy_connect: (Connection::_Parser parser) ->  void
           def __http_on_connect: (top, Response) ->  void
         end
-        
+
       end
     end
+
+    type httpProxy = Session & Proxy::HTTP::InstanceMethods
   end
 end

data/sig/plugins/proxy.rbs

@@ -11,15 +11,17 @@ module HTTPX
         attr_reader uri: URI::Generic
         attr_reader username: String?
         attr_reader password: String?
+        attr_reader scheme: String?
 
-        def authenticated?: () -> boolish
-        def token_authentication: () -> String?
+        def can_authenticate?: (*untyped) -> boolish
+
+        def authenticate: (*untyped) -> String?
 
         def ==: (untyped) -> bool
 
         private
 
-        def initialize: (uri: generic_uri, ?username: String, ?password: String) -> untyped
+        def initialize: (uri: generic_uri, ?scheme: String, ?username: String, ?password: String, **extra) -> untyped
       end
 
       def self.configure: (singleton(Session)) -> void

data/sig/session.rbs

@@ -33,7 +33,7 @@ module HTTPX
 
     def set_connection_callbacks: (Connection, Array[Connection], Options) -> void
 
-    def build_altsvc_connection: (Connection, Array[Connection], URI::Generic, String, Hash[String, String], Options) -> Connection?
+    def build_altsvc_connection: (Connection existing_connection, Array[Connection] connections, URI::Generic alt_origin, String origin, Hash[String, String] alt_params, Options options) -> Connection?
 
     def build_requests: (verb | string, uri, options) -> Array[Request]
                       | (Array[[verb | string, uri, options]], options) -> Array[Request]

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: httpx
 version: !ruby/object:Gem::Version
-  version: 0.19.8
+  version: 0.20.0
 platform: ruby
 authors:
 - Tiago Cardoso
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-05-06 00:00:00.000000000 Z
+date: 2022-05-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: http-2-next
@@ -80,6 +80,7 @@ extra_rdoc_files:
 - doc/release_notes/0_19_7.md
 - doc/release_notes/0_19_8.md
 - doc/release_notes/0_1_0.md
+- doc/release_notes/0_20_0.md
 - doc/release_notes/0_2_0.md
 - doc/release_notes/0_2_1.md
 - doc/release_notes/0_3_0.md
@@ -152,6 +153,7 @@ files:
 - doc/release_notes/0_19_7.md
 - doc/release_notes/0_19_8.md
 - doc/release_notes/0_1_0.md
+- doc/release_notes/0_20_0.md
 - doc/release_notes/0_2_0.md
 - doc/release_notes/0_2_1.md
 - doc/release_notes/0_3_0.md
@@ -176,6 +178,7 @@ files:
 - lib/httpx.rb
 - lib/httpx/adapters/datadog.rb
 - lib/httpx/adapters/faraday.rb
+- lib/httpx/adapters/sentry.rb
 - lib/httpx/adapters/webmock.rb
 - lib/httpx/altsvc.rb
 - lib/httpx/buffer.rb
@@ -197,6 +200,10 @@ files:
 - lib/httpx/options.rb
 - lib/httpx/parser/http1.rb
 - lib/httpx/plugins/authentication.rb
+- lib/httpx/plugins/authentication/basic.rb
+- lib/httpx/plugins/authentication/digest.rb
+- lib/httpx/plugins/authentication/ntlm.rb
+- lib/httpx/plugins/authentication/socks5.rb
 - lib/httpx/plugins/aws_sdk_authentication.rb
 - lib/httpx/plugins/aws_sigv4.rb
 - lib/httpx/plugins/basic_authentication.rb
@@ -274,6 +281,10 @@ files:
 - sig/options.rbs
 - sig/parser/http1.rbs
 - sig/plugins/authentication.rbs
+- sig/plugins/authentication/basic.rbs
+- sig/plugins/authentication/digest.rbs
+- sig/plugins/authentication/ntlm.rbs
+- sig/plugins/authentication/socks5.rbs
 - sig/plugins/aws_sdk_authentication.rbs
 - sig/plugins/aws_sigv4.rbs
 - sig/plugins/basic_authentication.rbs