4 files changed, 84 insertions, 15 deletions

diff --git a/libmproxy/proxy.py b/libmproxy/proxy.py
index 1bf57b8a..9fe878a9 100644
--- a/libmproxy/proxy.py
+++ b/libmproxy/proxy.py
@@ -573,22 +573,19 @@ def process_proxy_options(parser, options):
     if options.cert:
         options.cert = os.path.expanduser(options.cert)
         if not os.path.exists(options.cert):
-            parser.error("Manually created certificate does not exist: %s"%options.cert)
+            return parser.error("Manually created certificate does not exist: %s"%options.cert)
 
     cacert = os.path.join(options.confdir, "mitmproxy-ca.pem")
     cacert = os.path.expanduser(cacert)
     if not os.path.exists(cacert):
         certutils.dummy_ca(cacert)
-    if getattr(options, "cache", None) is not None:
-        options.cache = os.path.expanduser(options.cache)
     body_size_limit = utils.parse_size(options.body_size_limit)
-
     if options.reverse_proxy and options.transparent_proxy:
-        parser.errror("Can't set both reverse proxy and transparent proxy.")
+        return parser.error("Can't set both reverse proxy and transparent proxy.")
 
     if options.transparent_proxy:
         if not platform.resolver:
-            parser.error("Transparent mode not supported on this platform.")
+            return parser.error("Transparent mode not supported on this platform.")
         trans = dict(
             resolver = platform.resolver(),
             sslports = TRANSPARENT_SSL_PORTS
@@ -599,30 +596,33 @@ def process_proxy_options(parser, options):
     if options.reverse_proxy:
         rp = utils.parse_proxy_spec(options.reverse_proxy)
         if not rp:
-            parser.error("Invalid reverse proxy specification: %s"%options.reverse_proxy)
+            return parser.error("Invalid reverse proxy specification: %s"%options.reverse_proxy)
     else:
         rp = None
 
     if options.clientcerts:
         options.clientcerts = os.path.expanduser(options.clientcerts)
         if not os.path.exists(options.clientcerts) or not os.path.isdir(options.clientcerts):
-            parser.error("Client certificate directory does not exist or is not a directory: %s"%options.clientcerts)
+            return parser.error("Client certificate directory does not exist or is not a directory: %s"%options.clientcerts)
 
     if options.certdir:
         options.certdir = os.path.expanduser(options.certdir)
         if not os.path.exists(options.certdir) or not os.path.isdir(options.certdir):
-            parser.error("Dummy cert directory does not exist or is not a directory: %s"%options.certdir)
+            return parser.error("Dummy cert directory does not exist or is not a directory: %s"%options.certdir)
 
     if (options.auth_nonanonymous or options.auth_singleuser or options.auth_htpasswd):
         if options.auth_singleuser:
             if len(options.auth_singleuser.split(':')) != 2:
-                parser.error("Please specify user in the format username:password")
+                return parser.error("Invalid single-user specification. Please use the format username:password")
             username, password = options.auth_singleuser.split(':')
             password_manager = http_auth.PassManSingleUser(username, password)
         elif options.auth_nonanonymous:
             password_manager = http_auth.PassManNonAnon()
         elif options.auth_htpasswd:
-            password_manager = http_auth.PassManHtpasswd(options.auth_htpasswd)
+            try:
+                password_manager = http_auth.PassManHtpasswd(options.auth_htpasswd)
+            except ValueError, v:
+                return parser.error(v.message)
         authenticator = http_auth.BasicProxyAuth(password_manager, "mitmproxy")
     else:
         authenticator = http_auth.NullProxyAuth(None)
diff --git a/test/data/htpasswd b/test/data/htpasswd
new file mode 100644
index 00000000..54c95b8c
--- /dev/null
+++ b/test/data/htpasswd
@@ -0,0 +1 @@
+test:$apr1$/LkYxy3x$WI4.YbiJlu537jLGEW2eu1
diff --git a/test/data/htpasswd.invalid b/test/data/htpasswd.invalid
new file mode 100644
index 00000000..257cc564
--- /dev/null
+++ b/test/data/htpasswd.invalid
@@ -0,0 +1 @@
+foo
diff --git a/test/test_proxy.py b/test/test_proxy.py
index 2babe51c..098a8d63 100644
--- a/test/test_proxy.py
+++ b/test/test_proxy.py
@@ -1,4 +1,5 @@
-from libmproxy import proxy, flow
+import argparse
+from libmproxy import proxy, flow, cmdline
 import tutils
 from libpathod import test
 from netlib import http, tcp
@@ -59,10 +60,76 @@ class TestServerConnection:
         sc.terminate()
 
 
-class TestProcessOptions:
-    def test_auth(self):
-        parser = mock.MagicMock()
+class MockParser:
+    def __init__(self):
+        self.err = None
+
+    def error(self, e):
+        self.err = e
+
+    def __repr__(self):
+        return "ParseError(%s)"%self.err
         
 
+class TestProcessProxyOptions:
+    def p(self, *args):
+        parser = argparse.ArgumentParser()
+        cmdline.common_options(parser)
+        opts = parser.parse_args(args=args)
+        m = MockParser()
+        return m, proxy.process_proxy_options(m, opts)
+
+    def assert_err(self, err, *args):
+        m, p = self.p(*args)
+        assert err.lower() in m.err.lower()
+
+    def assert_noerr(self, *args):
+        m, p = self.p(*args)
+        assert p
+        return p
+
+    def test_simple(self):
+        assert self.p()
+
+    def test_cert(self):
+        self.assert_noerr("--cert", tutils.test_data.path("data/testkey.pem"))
+        self.assert_err("does not exist", "--cert", "nonexistent")
+
+    def test_confdir(self):
+        with tutils.tmpdir() as confdir:
+            self.assert_noerr("--confdir", confdir)
+
+    @mock.patch("libmproxy.platform.resolver", None)
+    def test_no_transparent(self):
+        self.assert_err("transparent mode not supported", "-T")
+
+    @mock.patch("libmproxy.platform.resolver")
+    def test_transparent_reverse(self, o):
+        self.assert_err("can't set both", "-P", "reverse", "-T")
+        self.assert_noerr("-T")
+        assert o.call_count == 1
+        self.assert_err("invalid reverse proxy", "-P", "reverse")
+        self.assert_noerr("-P", "http://localhost")
+
+    def test_certs(self):
+        with tutils.tmpdir() as confdir:
+            self.assert_noerr("--client-certs", confdir)
+            self.assert_err("directory does not exist", "--client-certs", "nonexistent")
+
+            self.assert_noerr("--dummy-certs", confdir)
+            self.assert_err("directory does not exist", "--dummy-certs", "nonexistent")
+
+    def test_auth(self):
+        p = self.assert_noerr("--nonanonymous")
+        assert p.authenticator
+
+        p = self.assert_noerr("--htpasswd", tutils.test_data.path("data/htpasswd"))
+        assert p.authenticator
+        self.assert_err("invalid htpasswd file", "--htpasswd", tutils.test_data.path("data/htpasswd.invalid"))
+
+        p = self.assert_noerr("--singleuser", "test:test")
+        assert p.authenticator
+        self.assert_err("invalid single-user specification", "--singleuser", "test")
+