Fix http/s proxy authentication with long username/passwords (#16504)
3 files changed, 23 insertions, 1 deletions
| diff --git a/changelog.d/16504.bugfix b/changelog.d/16504.bugfix
new file mode 100644
index 0000000000..60839c474b
--- /dev/null
+++ b/changelog.d/16504.bugfix
@@ -0,0 +1 @@
+Fix a bug introduced in Synapse 1.41 where HTTP(S) forward proxy authorization would fail when using basic HTTP authentication with a long `username:password` string.
diff --git a/synapse/http/connectproxyclient.py b/synapse/http/connectproxyclient.py
 index 636efc33e8..59b914b87e 100644
--- a/synapse/http/connectproxyclient.py
+++ b/synapse/http/connectproxyclient.py
@@ -59,7 +59,7 @@ class BasicProxyCredentials(ProxyCredentials):
             a Proxy-Authorization header.
         """
         # Encode as base64 and prepend the authorization type
-        return b"Basic " + base64.encodebytes(self.username_password)
+        return b"Basic " + base64.b64encode(self.username_password)
 
 
 @attr.s(auto_attribs=True)
diff --git a/tests/http/test_proxyagent.py b/tests/http/test_proxyagent.py
 index 8164b0b78e..41dfd5dc17 100644
--- a/tests/http/test_proxyagent.py
+++ b/tests/http/test_proxyagent.py
@@ -217,6 +217,27 @@ class ProxyParserTests(TestCase):
         )
 
 
+class TestBasicProxyCredentials(TestCase):
+    def test_long_user_pass_string_encoded_without_newlines(self) -> None:
+        """Reproduces https://github.com/matrix-org/synapse/pull/16504."""
+        proxy_connection_string = b"looooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooonguser:pass@proxy.local:9988"
+        _, _, _, creds = parse_proxy(proxy_connection_string)
+        assert creds is not None  # for mypy's benefit
+        self.assertIsInstance(creds, BasicProxyCredentials)
+
+        auth_value = creds.as_proxy_authorization_value()
+        self.assertNotIn(b"\n", auth_value)
+        self.assertEqual(
+            creds.as_proxy_authorization_value(),
+            b"Basic bG9vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vbmd1c2VyOnBhc3M=",
+        )
+        basic_auth_payload = creds.as_proxy_authorization_value().split(b" ")[1]
+        self.assertEqual(
+            base64.b64decode(basic_auth_payload),
+            b"looooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooonguser:pass",
+        )
+
+
 class MatrixFederationAgentTests(TestCase):
     def setUp(self) -> None:
         self.reactor = ThreadedMemoryReactorClock()
 |