From d150d8d8c6f6db7a59d4f11dd32ad3e7eefc9388 Mon Sep 17 00:00:00 2001
From: Balazs Toth <balazs.toth@balabit.com>
Date: Mon, 4 Nov 2019 11:07:54 +0100
Subject: [PATCH 1/2] lib/client: check http proxy settings correctly

We need to check if server and port are set explicitly,
because otherwise it could lead to a traceback in case
http proxy settings are not set in the box config.

References: jira PAM-11154
Signed-off-by: Balazs Toth <balazs.toth@balabit.com>
---
 lib/client.py            |  4 +++-
 lib/tests/test_client.py | 12 ++++++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/lib/client.py b/lib/client.py
index 638bfbc..954088b 100644
--- a/lib/client.py
+++ b/lib/client.py
@@ -44,7 +44,9 @@ def __init__(self, ikey, skey, host, timeout=30, ignore_connection_error=False,
         logger.info('Client initialized.')
 
     def _set_http_proxy_settings(self, http_proxy_settings):
-        if not http_proxy_settings:
+        if (not http_proxy_settings
+                or not http_proxy_settings.get('server')
+                or not http_proxy_settings.get('port')):
             return
         if http_proxy_settings.get('username') and http_proxy_settings.get('password'):
             # rfc7617 The 'Basic' HTTP Authentication Scheme
diff --git a/lib/tests/test_client.py b/lib/tests/test_client.py
index b1ef864..08abd5a 100644
--- a/lib/tests/test_client.py
+++ b/lib/tests/test_client.py
@@ -143,6 +143,18 @@ def test_duo_set_proxy():
     assert client._duo.proxy_port == 3128
 
 
+def test_duo_proxy_is_not_set_when_settings_omitted():
+    client = Client('ikey', 'skey', 'host', http_proxy_settings=None)
+    assert client._duo.proxy_host is None
+    assert client._duo.proxy_port is None
+
+
+def test_duo_proxy_is_not_set_when_proxy_settings_not_set():
+    client = Client('ikey', 'skey', 'host', http_proxy_settings=dict(username='u', password='p'))
+    assert client._duo.proxy_host is None
+    assert client._duo.proxy_port is None
+
+
 def test_duo_set_proxy_auth():
     client = Client(
         'ikey', 'skey', 'host', http_proxy_settings=dict(server='proxy', port='3128', username='u', password='p')

From 585295b037f9fabf8735de62c1638660390c26ec Mon Sep 17 00:00:00 2001
From: Balazs Toth <balazs.toth@balabit.com>
Date: Mon, 4 Nov 2019 11:29:44 +0100
Subject: [PATCH 2/2] MANIFEST: bump version

References: jira PAM-11154
Signed-off-by: Balazs Toth <balazs.toth@balabit.com>
---
 CHANGELOG | 4 ++++
 MANIFEST  | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG b/CHANGELOG
index 77cccc1..1aabef8 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,3 +1,7 @@
+2.0.3 2019-11-04
+
+Bugfix, check http proxy settings before getting them.
+
 2.0.2 2019-07-01
 
 Use common HTTPS proxy settings. Add proxy basic authentication capability.
diff --git a/MANIFEST b/MANIFEST
index 70fa680..b2e0173 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -1,6 +1,6 @@
 api: 1.2
 type: aa
 name: SPS_Duo
-version: 2.0.2
+version: 2.0.3
 description: Duo Multi-Factor Authentication plugin
 entry_point: main.py