515 lines
24 KiB
Python
515 lines
24 KiB
Python
"""Tests for proxy URL parsing and credential extraction."""
|
|
|
|
from unittest.mock import patch
|
|
|
|
from cloakbrowser.browser import (
|
|
_is_socks_proxy,
|
|
_parse_proxy_url,
|
|
_resolve_proxy_config,
|
|
maybe_resolve_geoip,
|
|
)
|
|
|
|
|
|
class TestParseProxyUrl:
|
|
def test_no_credentials(self):
|
|
assert _parse_proxy_url("http://proxy:8080") == {"server": "http://proxy:8080"}
|
|
|
|
def test_with_credentials(self):
|
|
result = _parse_proxy_url("http://user:pass@proxy:8080")
|
|
assert result == {"server": "http://proxy:8080", "username": "user", "password": "pass"}
|
|
|
|
def test_url_encoded_password(self):
|
|
result = _parse_proxy_url("http://user:p%40ss%3Aword@proxy:8080")
|
|
assert result["password"] == "p@ss:word"
|
|
assert result["username"] == "user"
|
|
assert result["server"] == "http://proxy:8080"
|
|
|
|
def test_socks5(self):
|
|
result = _parse_proxy_url("socks5://user:pass@proxy:1080")
|
|
assert result["server"] == "socks5://proxy:1080"
|
|
assert result["username"] == "user"
|
|
assert result["password"] == "pass"
|
|
|
|
def test_no_port(self):
|
|
result = _parse_proxy_url("http://user:pass@proxy")
|
|
assert result["server"] == "http://proxy"
|
|
assert result["username"] == "user"
|
|
|
|
def test_username_only(self):
|
|
result = _parse_proxy_url("http://user@proxy:8080")
|
|
assert result["server"] == "http://proxy:8080"
|
|
assert result["username"] == "user"
|
|
assert "password" not in result
|
|
|
|
|
|
class TestBuildProxyKwargs:
|
|
"""Tests for _resolve_proxy_config (formerly _build_proxy_kwargs) HTTP path."""
|
|
|
|
def test_none(self):
|
|
kwargs, args = _resolve_proxy_config(None)
|
|
assert kwargs == {}
|
|
assert args == []
|
|
|
|
def test_simple_proxy(self):
|
|
kwargs, args = _resolve_proxy_config("http://proxy:8080")
|
|
assert kwargs == {"proxy": {"server": "http://proxy:8080"}}
|
|
assert args == []
|
|
|
|
@patch("cloakbrowser.config.get_chromium_version", return_value="146.0.7680.177.5")
|
|
@patch("cloakbrowser.config.get_platform_tag", return_value="linux-x64")
|
|
def test_proxy_with_auth(self, *_):
|
|
kwargs, args = _resolve_proxy_config("http://user:pass@proxy:8080")
|
|
assert kwargs == {}
|
|
assert args == ["--proxy-server=http://user:pass@proxy:8080"]
|
|
|
|
def test_proxy_dict_passthrough(self):
|
|
proxy_dict = {"server": "http://proxy:8080", "bypass": ".google.com,localhost"}
|
|
kwargs, args = _resolve_proxy_config(proxy_dict)
|
|
assert kwargs == {"proxy": proxy_dict}
|
|
assert args == []
|
|
|
|
@patch("cloakbrowser.config.get_platform_tag", return_value="linux-x64")
|
|
def test_pinned_old_version_disables_inline_auth(self, _mock):
|
|
# Pin a binary BELOW the inline-auth floor (146.0.7680.177.5) on a
|
|
# platform that otherwise supports it. The gate must read the pin — an
|
|
# older binary lacks inline proxy auth — and fall back to Playwright's
|
|
# dict, else rolled-back binaries break proxy auth (#182).
|
|
kwargs, args = _resolve_proxy_config(
|
|
"http://user:pass@proxy:8080", browser_version="146.0.7680.177.3"
|
|
)
|
|
assert args == []
|
|
assert kwargs == {"proxy": {"server": "http://proxy:8080", "username": "user", "password": "pass"}}
|
|
|
|
@patch("cloakbrowser.config.get_chromium_version", return_value="146.0.7680.177.5")
|
|
@patch("cloakbrowser.config.get_platform_tag", return_value="linux-x64")
|
|
def test_pinned_new_version_keeps_inline_auth(self, *_):
|
|
# Pinning a version at/above the floor keeps inline credentials.
|
|
kwargs, args = _resolve_proxy_config(
|
|
"http://user:pass@proxy:8080", browser_version="146.0.7680.177.5"
|
|
)
|
|
assert kwargs == {}
|
|
assert args == ["--proxy-server=http://user:pass@proxy:8080"]
|
|
|
|
@patch("cloakbrowser.config.get_chromium_version", return_value="146.0.7680.177.5")
|
|
@patch("cloakbrowser.config.get_platform_tag", return_value="linux-x64")
|
|
def test_proxy_dict_with_auth(self, *_):
|
|
proxy_dict = {
|
|
"server": "http://proxy:8080",
|
|
"username": "user",
|
|
"password": "pass",
|
|
"bypass": ".example.com",
|
|
}
|
|
kwargs, args = _resolve_proxy_config(proxy_dict)
|
|
assert kwargs == {}
|
|
assert args == [
|
|
"--proxy-server=http://user:pass@proxy:8080",
|
|
"--proxy-bypass-list=.example.com",
|
|
]
|
|
|
|
|
|
class TestMaybeResolveGeoip:
|
|
@patch("cloakbrowser.geoip.resolve_proxy_geo_with_ip", return_value=("America/New_York", "en-US", "1.2.3.4"))
|
|
def test_geoip_with_string_proxy(self, mock_geo):
|
|
tz, locale, ip = maybe_resolve_geoip(True, "http://proxy:8080", None, None)
|
|
mock_geo.assert_called_once_with("http://proxy:8080")
|
|
assert tz == "America/New_York"
|
|
assert locale == "en-US"
|
|
assert ip == "1.2.3.4"
|
|
|
|
@patch("cloakbrowser.geoip.resolve_proxy_geo_with_ip", return_value=("Europe/London", "en-GB", "5.6.7.8"))
|
|
def test_geoip_with_dict_proxy_extracts_server(self, mock_geo):
|
|
proxy_dict = {"server": "http://proxy:8080", "bypass": ".google.com"}
|
|
tz, locale, ip = maybe_resolve_geoip(True, proxy_dict, None, None)
|
|
mock_geo.assert_called_once_with("http://proxy:8080")
|
|
assert tz == "Europe/London"
|
|
assert locale == "en-GB"
|
|
|
|
def test_geoip_disabled_skips_resolution(self):
|
|
tz, locale, ip = maybe_resolve_geoip(False, "http://proxy:8080", None, None)
|
|
assert tz is None
|
|
assert locale is None
|
|
assert ip is None
|
|
|
|
@patch(
|
|
"cloakbrowser.geoip.resolve_proxy_geo_with_ip",
|
|
return_value=("America/New_York", "en-US", "1.2.3.4"),
|
|
)
|
|
def test_geoip_no_proxy_uses_machine_ip(self, mock_geo):
|
|
# No proxy → resolve the machine's own public IP (proxy_url=None).
|
|
tz, locale, ip = maybe_resolve_geoip(True, None, None, None)
|
|
mock_geo.assert_called_once_with(None)
|
|
assert tz == "America/New_York"
|
|
assert locale == "en-US"
|
|
assert ip == "1.2.3.4"
|
|
|
|
@patch("cloakbrowser.geoip.resolve_proxy_geo_with_ip", return_value=("Asia/Tokyo", "ja-JP", "9.8.7.6"))
|
|
def test_geoip_preserves_explicit_timezone(self, mock_geo):
|
|
tz, locale, _ip = maybe_resolve_geoip(True, "http://proxy:8080", "Europe/Berlin", None)
|
|
assert tz == "Europe/Berlin"
|
|
assert locale == "ja-JP"
|
|
|
|
@patch("cloakbrowser.geoip.resolve_proxy_geo_with_ip", return_value=("America/New_York", "en-US", "1.2.3.4"))
|
|
def test_geoip_normalizes_bare_proxy_with_creds(self, mock_geo):
|
|
# "user:pass@host:port" must be normalized to http:// before geoip lookup.
|
|
tz, locale, _ip = maybe_resolve_geoip(True, "user:pass@proxy:8080", None, None)
|
|
mock_geo.assert_called_once_with("http://user:pass@proxy:8080")
|
|
assert tz == "America/New_York"
|
|
assert locale == "en-US"
|
|
|
|
@patch("cloakbrowser.geoip.resolve_proxy_geo_with_ip", return_value=("America/New_York", "en-US", "1.2.3.4"))
|
|
def test_geoip_normalizes_schemeless_proxy_no_creds(self, mock_geo):
|
|
# "host:port" (no @ and no scheme) must also be normalized.
|
|
tz, locale, _ip = maybe_resolve_geoip(True, "proxy:8080", None, None)
|
|
mock_geo.assert_called_once_with("http://proxy:8080")
|
|
assert tz == "America/New_York"
|
|
|
|
@patch("cloakbrowser.geoip.resolve_proxy_geo_with_ip", return_value=("Europe/Berlin", "de-DE", "5.6.7.8"))
|
|
def test_geoip_socks5_dict_reconstructs_credentials(self, mock_geo):
|
|
proxy_dict = {"server": "socks5://proxy:1080", "username": "user", "password": "pass"}
|
|
tz, locale, ip = maybe_resolve_geoip(True, proxy_dict, None, None)
|
|
mock_geo.assert_called_once_with("socks5://user:pass@proxy:1080")
|
|
assert tz == "Europe/Berlin"
|
|
assert locale == "de-DE"
|
|
|
|
@patch("cloakbrowser.geoip.resolve_proxy_geo_with_ip", return_value=("Europe/Berlin", "de-DE", "5.6.7.8"))
|
|
def test_geoip_socks5_dict_no_auth_uses_server(self, mock_geo):
|
|
proxy_dict = {"server": "socks5://proxy:1080"}
|
|
tz, locale, ip = maybe_resolve_geoip(True, proxy_dict, None, None)
|
|
mock_geo.assert_called_once_with("socks5://proxy:1080")
|
|
|
|
@patch("cloakbrowser.geoip.resolve_proxy_geo_with_ip", return_value=("Europe/London", "en-GB", "1.1.1.1"))
|
|
def test_geoip_http_dict_does_not_inline_creds(self, mock_geo):
|
|
# HTTP dict: credentials stay separate, only server URL passed
|
|
proxy_dict = {"server": "http://proxy:8080", "username": "user", "password": "pass"}
|
|
tz, locale, ip = maybe_resolve_geoip(True, proxy_dict, None, None)
|
|
mock_geo.assert_called_once_with("http://proxy:8080")
|
|
|
|
|
|
class TestBareProxyFormat:
|
|
"""_parse_proxy_url must handle bare 'user:pass@host:port' strings (no scheme)."""
|
|
|
|
def test_bare_with_credentials(self):
|
|
r = _parse_proxy_url("user:pass@proxy:8080")
|
|
assert r["username"] == "user"
|
|
assert r["password"] == "pass"
|
|
assert r["server"] == "http://proxy:8080"
|
|
|
|
def test_bare_credentials_not_in_server(self):
|
|
r = _parse_proxy_url("user:pass@proxy1.example.com:5610")
|
|
assert "user" not in r["server"]
|
|
assert "pass" not in r["server"]
|
|
|
|
def test_bare_username_only(self):
|
|
r = _parse_proxy_url("user@proxy:8080")
|
|
assert r["username"] == "user"
|
|
assert "password" not in r
|
|
assert r["server"] == "http://proxy:8080"
|
|
|
|
def test_bare_no_port(self):
|
|
r = _parse_proxy_url("user:pass@proxy.example.com")
|
|
assert r["username"] == "user"
|
|
assert r["password"] == "pass"
|
|
assert r["server"] == "http://proxy.example.com"
|
|
|
|
def test_bare_no_credentials_passthrough(self):
|
|
# "host:port" without @ — no scheme, no creds — pass through unchanged
|
|
r = _parse_proxy_url("proxy:8080")
|
|
assert r == {"server": "proxy:8080"}
|
|
|
|
@patch("cloakbrowser.config.get_chromium_version", return_value="146.0.7680.177.5")
|
|
@patch("cloakbrowser.config.get_platform_tag", return_value="linux-x64")
|
|
def test_resolve_proxy_config_bare(self, *_):
|
|
kwargs, args = _resolve_proxy_config("user:pass@proxy:8080")
|
|
assert kwargs == {}
|
|
assert args == ["--proxy-server=http://user:pass@proxy:8080"]
|
|
|
|
|
|
class TestIsSocksProxy:
|
|
def test_socks5_string(self):
|
|
assert _is_socks_proxy("socks5://user:pass@host:1080") is True
|
|
|
|
def test_socks5h_string(self):
|
|
assert _is_socks_proxy("socks5h://host:1080") is True
|
|
|
|
def test_socks5_uppercase(self):
|
|
assert _is_socks_proxy("SOCKS5://host:1080") is True
|
|
|
|
def test_http_string(self):
|
|
assert _is_socks_proxy("http://host:8080") is False
|
|
|
|
def test_dict_socks5(self):
|
|
assert _is_socks_proxy({"server": "socks5://host:1080"}) is True
|
|
|
|
def test_dict_http(self):
|
|
assert _is_socks_proxy({"server": "http://host:8080"}) is False
|
|
|
|
def test_none(self):
|
|
assert _is_socks_proxy(None) is False
|
|
|
|
|
|
class TestResolveProxyConfig:
|
|
def test_none(self):
|
|
kwargs, args = _resolve_proxy_config(None)
|
|
assert kwargs == {}
|
|
assert args == []
|
|
|
|
@patch("cloakbrowser.config.get_chromium_version", return_value="146.0.7680.177.5")
|
|
@patch("cloakbrowser.config.get_platform_tag", return_value="linux-x64")
|
|
def test_http_string_with_creds_returns_chrome_arg(self, *_):
|
|
kwargs, args = _resolve_proxy_config("http://user:pass@proxy:8080")
|
|
assert kwargs == {}
|
|
assert args == ["--proxy-server=http://user:pass@proxy:8080"]
|
|
|
|
def test_http_string_no_creds_returns_playwright_dict(self):
|
|
kwargs, args = _resolve_proxy_config("http://proxy:8080")
|
|
assert "proxy" in kwargs
|
|
assert kwargs["proxy"]["server"] == "http://proxy:8080"
|
|
assert args == []
|
|
|
|
def test_http_dict_passthrough(self):
|
|
proxy = {"server": "http://proxy:8080", "bypass": ".example.com"}
|
|
kwargs, args = _resolve_proxy_config(proxy)
|
|
assert kwargs == {"proxy": proxy}
|
|
assert args == []
|
|
|
|
def test_socks5_string_returns_chrome_arg(self):
|
|
kwargs, args = _resolve_proxy_config("socks5://user:pass@host:1080")
|
|
assert kwargs == {}
|
|
assert args == ["--proxy-server=socks5://user:pass@host:1080"]
|
|
|
|
def test_socks5_no_auth_returns_chrome_arg(self):
|
|
kwargs, args = _resolve_proxy_config("socks5://host:1080")
|
|
assert kwargs == {}
|
|
assert args == ["--proxy-server=socks5://host:1080"]
|
|
|
|
def test_socks5h_returns_chrome_arg(self):
|
|
kwargs, args = _resolve_proxy_config("socks5h://user:pass@host:1080")
|
|
assert kwargs == {}
|
|
assert args == ["--proxy-server=socks5h://user:pass@host:1080"]
|
|
|
|
def test_socks5_dict_reconstructs_url(self):
|
|
proxy = {"server": "socks5://host:1080", "username": "user", "password": "p@ss"}
|
|
kwargs, args = _resolve_proxy_config(proxy)
|
|
assert kwargs == {}
|
|
assert len(args) == 1
|
|
assert args[0].startswith("--proxy-server=socks5://user:p%40ss@host:1080")
|
|
|
|
def test_socks5_dict_ipv6_preserves_brackets(self):
|
|
proxy = {"server": "socks5://[::1]:1080", "username": "user", "password": "pass"}
|
|
kwargs, args = _resolve_proxy_config(proxy)
|
|
assert kwargs == {}
|
|
assert "[::1]" in args[0]
|
|
|
|
def test_socks5_dict_with_bypass(self):
|
|
proxy = {"server": "socks5://host:1080", "bypass": ".example.com"}
|
|
kwargs, args = _resolve_proxy_config(proxy)
|
|
assert kwargs == {}
|
|
assert "--proxy-server=socks5://host:1080" in args
|
|
assert "--proxy-bypass-list=.example.com" in args
|
|
|
|
def test_socks5_string_encodes_equals_in_password(self):
|
|
# Chromium's --proxy-server parser truncates passwords at '=' (#157).
|
|
# Wrapper must auto URL-encode before passing to Chrome.
|
|
_, args = _resolve_proxy_config("socks5://user:pass=123@host:1080")
|
|
assert args == ["--proxy-server=socks5://user:pass%3D123@host:1080"]
|
|
|
|
def test_socks5_string_encodes_at_in_password(self):
|
|
_, args = _resolve_proxy_config("socks5://user:p@ss@host:1080")
|
|
# Note: parsing "user:p@ss@host" — urlparse takes everything up to LAST @
|
|
# as userinfo, so password = "p@ss".
|
|
assert args == ["--proxy-server=socks5://user:p%40ss@host:1080"]
|
|
|
|
def test_socks5_string_encoding_idempotent(self):
|
|
# Already-encoded input should remain encoded (not double-encoded).
|
|
_, args = _resolve_proxy_config("socks5://user:pass%3D123@host:1080")
|
|
assert args == ["--proxy-server=socks5://user:pass%3D123@host:1080"]
|
|
|
|
def test_socks5_string_logs_info_when_reencoding(self, caplog):
|
|
# When wrapper actually rewrites the URL (e.g. unencoded '=' in pwd),
|
|
# surface an INFO log so users debugging SOCKS5 connectivity (#157)
|
|
# can see what the wrapper did instead of being silently surprised.
|
|
import logging
|
|
with caplog.at_level(logging.INFO, logger="cloakbrowser"):
|
|
_resolve_proxy_config("socks5://user:pass=123@host:1080")
|
|
assert any("Auto URL-encoded SOCKS5" in r.message for r in caplog.records)
|
|
# Credentials must not leak into the log.
|
|
for r in caplog.records:
|
|
assert "pass=123" not in r.message
|
|
assert "pass%3D123" not in r.message
|
|
|
|
def test_socks5_string_silent_when_already_encoded(self, caplog):
|
|
# Idempotent path: pre-encoded URL produces no log noise.
|
|
import logging
|
|
with caplog.at_level(logging.INFO, logger="cloakbrowser"):
|
|
_resolve_proxy_config("socks5://user:pass%3D123@host:1080")
|
|
assert not any("Auto URL-encoded SOCKS5" in r.message for r in caplog.records)
|
|
|
|
def test_socks5_string_silent_when_no_credentials(self, caplog):
|
|
# No userinfo at all → no encoding work → no log.
|
|
import logging
|
|
with caplog.at_level(logging.INFO, logger="cloakbrowser"):
|
|
_resolve_proxy_config("socks5://host:1080")
|
|
assert not any("Auto URL-encoded SOCKS5" in r.message for r in caplog.records)
|
|
|
|
def test_socks5_string_silent_when_only_cosmetic_change(self, caplog):
|
|
# urlparse lowercases scheme and hostname, but credentials are
|
|
# untouched. The log must NOT fire for these cosmetic-only rewrites
|
|
# (regression for Copilot's review on PR #209).
|
|
import logging
|
|
with caplog.at_level(logging.INFO, logger="cloakbrowser"):
|
|
_resolve_proxy_config("socks5://USER:pass@HOST.com:1080")
|
|
assert not any("Auto URL-encoded SOCKS5" in r.message for r in caplog.records)
|
|
|
|
def test_socks5_string_no_creds_unchanged(self):
|
|
_, args = _resolve_proxy_config("socks5://host:1080")
|
|
assert args == ["--proxy-server=socks5://host:1080"]
|
|
|
|
def test_socks5_string_password_only_still_encoded(self):
|
|
# Empty username with password: fix must still re-encode the password
|
|
# (regression test for empty-username bypass).
|
|
_, args = _resolve_proxy_config("socks5://:pass=123@host:1080")
|
|
assert args == ["--proxy-server=socks5://:pass%3D123@host:1080"]
|
|
|
|
def test_socks5_string_empty_password_preserves_colon(self):
|
|
# `user:@host` (empty password) must NOT collapse to `user@host` —
|
|
# semantics differ between the two forms.
|
|
_, args = _resolve_proxy_config("socks5://user:@host:1080")
|
|
assert args == ["--proxy-server=socks5://user:@host:1080"]
|
|
|
|
def test_socks5_string_literal_percent_in_password(self):
|
|
# Literal '%' not followed by 2 hex digits must be encoded as '%25'
|
|
# so Chrome decodes it back to '%'. Must not crash.
|
|
_, args = _resolve_proxy_config("socks5://user:100%sure@host:1080")
|
|
assert args == ["--proxy-server=socks5://user:100%25sure@host:1080"]
|
|
|
|
def test_socks5_string_malformed_port_passes_through(self, caplog):
|
|
# Invalid port (non-numeric) raises in urlparse.port. Wrapper should
|
|
# log a warning and pass original through to Chromium.
|
|
import logging
|
|
with caplog.at_level(logging.WARNING, logger="cloakbrowser"):
|
|
_, args = _resolve_proxy_config("socks5://user:pass@host:abc")
|
|
assert args == ["--proxy-server=socks5://user:pass@host:abc"]
|
|
assert any("Malformed SOCKS5" in r.message for r in caplog.records)
|
|
|
|
def test_socks5_string_malformed_ipv6_passes_through(self, caplog):
|
|
# Broken IPv6 bracket — must not crash, and must reach Chromium
|
|
# verbatim so its own error surfaces instead of a silent rewrite.
|
|
import logging
|
|
with caplog.at_level(logging.WARNING, logger="cloakbrowser"):
|
|
_, args = _resolve_proxy_config("socks5://user:pass@[::1")
|
|
assert args == ["--proxy-server=socks5://user:pass@[::1"]
|
|
|
|
def test_socks5_string_preserves_path_and_query(self):
|
|
# Nonstandard for SOCKS5, but don't silently drop user-supplied suffixes.
|
|
# Matches JS behavior.
|
|
_, args = _resolve_proxy_config("socks5://user:pass@host:1080/p?x=1#f")
|
|
assert args[0] == "--proxy-server=socks5://user:pass@host:1080/p?x=1#f"
|
|
|
|
def test_socks5_string_ipv6_with_special_char_password(self):
|
|
# IPv6 host + special char in password — both must be handled.
|
|
_, args = _resolve_proxy_config("socks5://user:pass=eq@[::1]:1080")
|
|
assert args[0] == "--proxy-server=socks5://user:pass%3Deq@[::1]:1080"
|
|
|
|
def test_socks5_string_port_zero_preserved(self):
|
|
# Port 0 is an unusual but valid URL component; don't silently strip it.
|
|
_, args = _resolve_proxy_config("socks5://user:pass=1@host:0")
|
|
assert args[0] == "--proxy-server=socks5://user:pass%3D1@host:0"
|
|
|
|
# --- HTTP with credentials → --proxy-server (supported platforms + version) ---
|
|
|
|
@patch("cloakbrowser.config.get_chromium_version", return_value="146.0.7680.177.5")
|
|
@patch("cloakbrowser.config.get_platform_tag", return_value="linux-x64")
|
|
def test_http_string_with_creds_on_supported_platform(self, *_):
|
|
kwargs, args = _resolve_proxy_config("http://user:pass@proxy:8080")
|
|
assert kwargs == {}
|
|
assert args == ["--proxy-server=http://user:pass@proxy:8080"]
|
|
|
|
@patch("cloakbrowser.config.get_chromium_version", return_value="146.0.7680.177.5")
|
|
@patch("cloakbrowser.config.get_platform_tag", return_value="linux-x64")
|
|
def test_http_dict_with_creds_on_supported_platform(self, *_):
|
|
proxy = {"server": "http://proxy:8080", "username": "user", "password": "pass"}
|
|
kwargs, args = _resolve_proxy_config(proxy)
|
|
assert kwargs == {}
|
|
assert args == ["--proxy-server=http://user:pass@proxy:8080"]
|
|
|
|
@patch("cloakbrowser.config.get_chromium_version", return_value="146.0.7680.177.5")
|
|
@patch("cloakbrowser.config.get_platform_tag", return_value="linux-x64")
|
|
def test_http_dict_with_creds_and_bypass(self, *_):
|
|
proxy = {
|
|
"server": "http://proxy:8080",
|
|
"username": "user",
|
|
"password": "pass",
|
|
"bypass": ".google.com",
|
|
}
|
|
kwargs, args = _resolve_proxy_config(proxy)
|
|
assert kwargs == {}
|
|
assert "--proxy-server=http://user:pass@proxy:8080" in args
|
|
assert "--proxy-bypass-list=.google.com" in args
|
|
|
|
@patch("cloakbrowser.config.get_chromium_version", return_value="146.0.7680.177.5")
|
|
@patch("cloakbrowser.config.get_platform_tag", return_value="linux-x64")
|
|
def test_http_string_encodes_special_chars_in_password(self, *_):
|
|
_, args = _resolve_proxy_config("http://user:pass=123@proxy:8080")
|
|
assert args == ["--proxy-server=http://user:pass%3D123@proxy:8080"]
|
|
|
|
@patch("cloakbrowser.config.get_chromium_version", return_value="146.0.7680.177.5")
|
|
@patch("cloakbrowser.config.get_platform_tag", return_value="linux-x64")
|
|
def test_http_string_encoding_idempotent(self, *_):
|
|
_, args = _resolve_proxy_config("http://user:pass%3D123@proxy:8080")
|
|
assert args == ["--proxy-server=http://user:pass%3D123@proxy:8080"]
|
|
|
|
@patch("cloakbrowser.config.get_chromium_version", return_value="146.0.7680.177.5")
|
|
@patch("cloakbrowser.config.get_platform_tag", return_value="windows-x64")
|
|
def test_http_string_with_creds_on_windows(self, *_):
|
|
kwargs, args = _resolve_proxy_config("http://user:pass@proxy:8080")
|
|
assert kwargs == {}
|
|
assert args == ["--proxy-server=http://user:pass@proxy:8080"]
|
|
|
|
# --- HTTP with credentials on binaries without inline proxy auth → fallback ---
|
|
# Free macOS (145.x) and linux-arm64 (146.0.7680.177.3) predate the inline
|
|
# proxy-auth patch, so their credentialed HTTP proxies route through
|
|
# Playwright's proxy dict instead of --proxy-server.
|
|
|
|
@patch("cloakbrowser.config.get_platform_tag", return_value="darwin-arm64")
|
|
def test_http_string_with_creds_on_macos_falls_back(self, _mock):
|
|
kwargs, args = _resolve_proxy_config("http://user:pass@proxy:8080")
|
|
assert "proxy" in kwargs
|
|
assert kwargs["proxy"]["username"] == "user"
|
|
assert args == []
|
|
|
|
@patch("cloakbrowser.config.get_platform_tag", return_value="darwin-arm64")
|
|
def test_http_dict_with_creds_on_macos_falls_back(self, _mock):
|
|
proxy = {"server": "http://proxy:8080", "username": "user", "password": "pass"}
|
|
kwargs, args = _resolve_proxy_config(proxy)
|
|
assert kwargs == {"proxy": proxy}
|
|
assert args == []
|
|
|
|
@patch("cloakbrowser.config.get_platform_tag", return_value="linux-arm64")
|
|
def test_http_string_with_creds_on_linux_arm_falls_back(self, _mock):
|
|
kwargs, args = _resolve_proxy_config("http://user:pass@proxy:8080")
|
|
assert "proxy" in kwargs
|
|
assert args == []
|
|
|
|
@patch("cloakbrowser.config.get_platform_tag", return_value="darwin-arm64")
|
|
def test_http_with_creds_on_macos_inline_when_pinned_new(self, _mock):
|
|
# A macOS binary at/above the floor (e.g. a pinned 148 build with the
|
|
# inline proxy-auth patch) uses --proxy-server, not the fallback.
|
|
kwargs, args = _resolve_proxy_config(
|
|
"http://user:pass@proxy:8080", browser_version="148.0.7778.215.3"
|
|
)
|
|
assert kwargs == {}
|
|
assert args == ["--proxy-server=http://user:pass@proxy:8080"]
|
|
|
|
# --- HTTP without credentials (all platforms) ---
|
|
|
|
def test_http_no_creds_returns_playwright_dict(self):
|
|
kwargs, args = _resolve_proxy_config("http://proxy:8080")
|
|
assert "proxy" in kwargs
|
|
assert args == []
|
|
|
|
def test_http_dict_no_creds_returns_playwright_dict(self):
|
|
proxy = {"server": "http://proxy:8080", "bypass": ".example.com"}
|
|
kwargs, args = _resolve_proxy_config(proxy)
|
|
assert kwargs == {"proxy": proxy}
|
|
assert args == []
|