Examples with ApiDynamicActionImplementor org.zaproxy.zap.extension.api.ApiDynamicActionImplementor used on opensource projects

Example 6 with ApiDynamicActionImplementor

use of org.zaproxy.zap.extension.api.ApiDynamicActionImplementor in project zaproxy by zaproxy.

the class UsersAPI method handleApiAction.

@Override
public ApiResponse handleApiAction(String name, JSONObject params) throws ApiException {
    log.debug("handleApiAction " + name + " " + params.toString());
    User user;
    Context context;
    switch(name) {
        case ACTION_NEW_USER:
            context = ApiUtils.getContextByParamId(params, PARAM_CONTEXT_ID);
            String userName = ApiUtils.getNonEmptyStringParam(params, PARAM_USER_NAME);
            user = new User(context.getIndex(), userName);
            user.setAuthenticationCredentials(context.getAuthenticationMethod().createAuthenticationCredentials());
            extension.getContextUserAuthManager(context.getIndex()).addUser(user);
            context.save();
            return new ApiResponseElement(PARAM_USER_ID, String.valueOf(user.getId()));
        case ACTION_REMOVE_USER:
            context = ApiUtils.getContextByParamId(params, PARAM_CONTEXT_ID);
            int userId = ApiUtils.getIntParam(params, PARAM_USER_ID);
            boolean deleted = extension.getContextUserAuthManager(context.getIndex()).removeUserById(userId);
            if (deleted) {
                context.save();
                return ApiResponseElement.OK;
            } else
                return ApiResponseElement.FAIL;
        case ACTION_SET_ENABLED:
            boolean enabled = false;
            try {
                enabled = params.getBoolean(PARAM_ENABLED);
            } catch (JSONException e) {
                throw new ApiException(Type.ILLEGAL_PARAMETER, PARAM_ENABLED + " - should be boolean");
            }
            user = getUser(params);
            user.setEnabled(enabled);
            user.getContext().save();
            return ApiResponseElement.OK;
        case ACTION_SET_NAME:
            String nameSN = params.getString(PARAM_USER_NAME);
            if (nameSN == null || nameSN.isEmpty())
                throw new ApiException(Type.MISSING_PARAMETER, PARAM_USER_NAME);
            user = getUser(params);
            user.setName(nameSN);
            user.getContext().save();
            return ApiResponseElement.OK;
        case ACTION_SET_AUTH_CREDENTIALS:
            // Prepare the params
            JSONObject actionParams;
            if (params.has(PARAM_CREDENTIALS_CONFIG_PARAMS))
                actionParams = API.getParams(params.getString(PARAM_CREDENTIALS_CONFIG_PARAMS));
            else
                actionParams = new JSONObject();
            context = ApiUtils.getContextByParamId(params, PARAM_CONTEXT_ID);
            actionParams.put(PARAM_CONTEXT_ID, context.getIndex());
            actionParams.put(PARAM_USER_ID, getUserId(params));
            // Run the method
            ApiDynamicActionImplementor a = loadedAuthenticationMethodActions.get(context.getAuthenticationMethod().getType().getUniqueIdentifier());
            a.handleAction(actionParams);
            context.save();
            return ApiResponseElement.OK;
        default:
            throw new ApiException(Type.BAD_ACTION);
    }
}

Example 7 with ApiDynamicActionImplementor

use of org.zaproxy.zap.extension.api.ApiDynamicActionImplementor in project zaproxy by zaproxy.

the class CookieBasedSessionManagementMethodType method getSetMethodForContextApiAction.

@Override
public ApiDynamicActionImplementor getSetMethodForContextApiAction() {
    return new ApiDynamicActionImplementor(API_METHOD_NAME, null, null) {

        @Override
        public void handleAction(JSONObject params) throws ApiException {
            Context context = ApiUtils.getContextByParamId(params, SessionManagementAPI.PARAM_CONTEXT_ID);
            context.setSessionManagementMethod(createSessionManagementMethod(context.getIndex()));
        }
    };
}

Example 8 with ApiDynamicActionImplementor

use of org.zaproxy.zap.extension.api.ApiDynamicActionImplementor in project zaproxy by zaproxy.

the class HttpAuthSessionManagementMethodType method getSetMethodForContextApiAction.

@Override
public ApiDynamicActionImplementor getSetMethodForContextApiAction() {
    return new ApiDynamicActionImplementor(API_METHOD_NAME, null, null) {

        @Override
        public void handleAction(JSONObject params) throws ApiException {
            Context context = ApiUtils.getContextByParamId(params, SessionManagementAPI.PARAM_CONTEXT_ID);
            context.setSessionManagementMethod(createSessionManagementMethod(context.getIndex()));
        }
    };
}

Example 9 with ApiDynamicActionImplementor

use of org.zaproxy.zap.extension.api.ApiDynamicActionImplementor in project zaproxy by zaproxy.

the class GenericAuthenticationCredentials method getSetCredentialsForUserApiAction.

/**
	 * Gets the api action for setting a {@link GenericAuthenticationCredentials} for an User.
	 * 
	 * @param methodType the method type for which this is called
	 * @return api action implementation
	 */
public static ApiDynamicActionImplementor getSetCredentialsForUserApiAction(final AuthenticationMethodType methodType) {
    return new ApiDynamicActionImplementor(ACTION_SET_CREDENTIALS, null, new String[] { PARAM_CONFIG_PARAMS }) {

        @Override
        public void handleAction(JSONObject params) throws ApiException {
            Context context = ApiUtils.getContextByParamId(params, UsersAPI.PARAM_CONTEXT_ID);
            int userId = ApiUtils.getIntParam(params, UsersAPI.PARAM_USER_ID);
            // Make sure the type of authentication method is compatible
            if (!methodType.isTypeForMethod(context.getAuthenticationMethod()))
                throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, "User's credentials should match authentication method type of the context: " + context.getAuthenticationMethod().getType().getName());
            // NOTE: no need to check if extension is loaded as this method is called only if
            // the Users extension is loaded
            ExtensionUserManagement extensionUserManagement = (ExtensionUserManagement) Control.getSingleton().getExtensionLoader().getExtension(ExtensionUserManagement.NAME);
            User user = extensionUserManagement.getContextUserAuthManager(context.getIndex()).getUserById(userId);
            if (user == null)
                throw new ApiException(ApiException.Type.USER_NOT_FOUND, UsersAPI.PARAM_USER_ID);
            // Build and set the credentials
            GenericAuthenticationCredentials credentials = (GenericAuthenticationCredentials) context.getAuthenticationMethod().createAuthenticationCredentials();
            for (String paramName : credentials.paramNames) credentials.setParam(paramName, ApiUtils.getNonEmptyStringParam(params, paramName));
            user.setAuthenticationCredentials(credentials);
        }
    };
}

Example 10 with ApiDynamicActionImplementor

use of org.zaproxy.zap.extension.api.ApiDynamicActionImplementor in project zaproxy by zaproxy.

the class ManualAuthenticationMethodType method getSetMethodForContextApiAction.

@Override
public ApiDynamicActionImplementor getSetMethodForContextApiAction() {
    return new ApiDynamicActionImplementor(API_METHOD_NAME, null, null) {

        @Override
        public void handleAction(JSONObject params) throws ApiException {
            Context context = ApiUtils.getContextByParamId(params, AuthenticationAPI.PARAM_CONTEXT_ID);
            ManualAuthenticationMethod method = createAuthenticationMethod(context.getIndex());
            if (!context.getAuthenticationMethod().isSameType(method)) {
                apiChangedAuthenticationMethodForContext(context.getIndex());
            }
            context.setAuthenticationMethod(method);
        }
    };
}