Example 26 with ApiException
use of org.zaproxy.zap.extension.api.ApiException in project zaproxy by zaproxy.
the class UsersAPI method handleApiAction.
@Override
public ApiResponse handleApiAction(String name, JSONObject params) throws ApiException {
log.debug("handleApiAction " + name + " " + params.toString());
User user;
Context context;
switch(name) {
case ACTION_NEW_USER:
context = ApiUtils.getContextByParamId(params, PARAM_CONTEXT_ID);
String userName = ApiUtils.getNonEmptyStringParam(params, PARAM_USER_NAME);
user = new User(context.getIndex(), userName);
user.setAuthenticationCredentials(context.getAuthenticationMethod().createAuthenticationCredentials());
extension.getContextUserAuthManager(context.getIndex()).addUser(user);
context.save();
return new ApiResponseElement(PARAM_USER_ID, String.valueOf(user.getId()));
case ACTION_REMOVE_USER:
context = ApiUtils.getContextByParamId(params, PARAM_CONTEXT_ID);
int userId = ApiUtils.getIntParam(params, PARAM_USER_ID);
boolean deleted = extension.getContextUserAuthManager(context.getIndex()).removeUserById(userId);
if (deleted) {
context.save();
return ApiResponseElement.OK;
} else
return ApiResponseElement.FAIL;
case ACTION_SET_ENABLED:
boolean enabled = false;
try {
enabled = params.getBoolean(PARAM_ENABLED);
} catch (JSONException e) {
throw new ApiException(Type.ILLEGAL_PARAMETER, PARAM_ENABLED + " - should be boolean");
}
user = getUser(params);
user.setEnabled(enabled);
user.getContext().save();
return ApiResponseElement.OK;
case ACTION_SET_NAME:
String nameSN = params.getString(PARAM_USER_NAME);
if (nameSN == null || nameSN.isEmpty())
throw new ApiException(Type.MISSING_PARAMETER, PARAM_USER_NAME);
user = getUser(params);
user.setName(nameSN);
user.getContext().save();
return ApiResponseElement.OK;
case ACTION_SET_AUTH_CREDENTIALS:
// Prepare the params
JSONObject actionParams;
if (params.has(PARAM_CREDENTIALS_CONFIG_PARAMS))
actionParams = API.getParams(params.getString(PARAM_CREDENTIALS_CONFIG_PARAMS));
else
actionParams = new JSONObject();
context = ApiUtils.getContextByParamId(params, PARAM_CONTEXT_ID);
actionParams.put(PARAM_CONTEXT_ID, context.getIndex());
actionParams.put(PARAM_USER_ID, getUserId(params));
// Run the method
ApiDynamicActionImplementor a = loadedAuthenticationMethodActions.get(context.getAuthenticationMethod().getType().getUniqueIdentifier());
a.handleAction(actionParams);
context.save();
return ApiResponseElement.OK;
default:
throw new ApiException(Type.BAD_ACTION);
}
}
Also used :
Context(org.zaproxy.zap.model.Context)
ApiDynamicActionImplementor(org.zaproxy.zap.extension.api.ApiDynamicActionImplementor)
User(org.zaproxy.zap.users.User)
JSONObject(net.sf.json.JSONObject)
ApiResponseElement(org.zaproxy.zap.extension.api.ApiResponseElement)
JSONException(net.sf.json.JSONException)
ApiException(org.zaproxy.zap.extension.api.ApiException)
Example 27 with ApiException
use of org.zaproxy.zap.extension.api.ApiException in project zaproxy by zaproxy.
the class HttpSessionsAPI method handleApiAction.
@Override
public ApiResponse handleApiAction(String name, JSONObject params) throws ApiException {
if (log.isDebugEnabled()) {
log.debug("Request for handleApiAction: " + name + " (params: " + params.toString() + ")");
}
HttpSessionsSite site;
switch(name) {
case ACTION_CREATE_EMPTY_SESSION:
site = extension.getHttpSessionsSite(ApiUtils.getAuthority(params.getString(ACTION_PARAM_SITE)), true);
if (site == null) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, ACTION_PARAM_SITE);
}
final String sessionName = getParam(params, ACTION_PARAM_SESSION, "");
if ("".equals(sessionName)) {
site.createEmptySession();
} else {
site.createEmptySession(sessionName);
}
return ApiResponseElement.OK;
case ACTION_REMOVE_SESSION:
site = extension.getHttpSessionsSite(ApiUtils.getAuthority(params.getString(ACTION_PARAM_SITE)), false);
if (site == null) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, ACTION_PARAM_SITE);
}
HttpSession sessionRS = site.getHttpSession(params.getString(ACTION_PARAM_SESSION));
if (sessionRS == null) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, ACTION_PARAM_SESSION);
}
site.removeHttpSession(sessionRS);
return ApiResponseElement.OK;
case ACTION_SET_ACTIVE_SESSION:
site = extension.getHttpSessionsSite(ApiUtils.getAuthority(params.getString(ACTION_PARAM_SITE)), false);
if (site == null) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, ACTION_PARAM_SITE);
}
String sname = params.getString(ACTION_PARAM_SESSION);
for (HttpSession session : site.getHttpSessions()) {
if (session.getName().equals(sname)) {
site.setActiveSession(session);
return ApiResponseElement.OK;
}
}
// At this point, the given name does not match any session name
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, ACTION_PARAM_SESSION);
case ACTION_UNSET_ACTIVE_SESSION:
site = extension.getHttpSessionsSite(ApiUtils.getAuthority(params.getString(ACTION_PARAM_SITE)), false);
if (site == null) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, ACTION_PARAM_SITE);
}
site.unsetActiveSession();
return ApiResponseElement.OK;
case ACTION_ADD_SESSION_TOKEN:
extension.addHttpSessionToken(ApiUtils.getAuthority(params.getString(ACTION_PARAM_SITE)), params.getString(ACTION_PARAM_TOKEN_NAME));
return ApiResponseElement.OK;
case ACTION_REMOVE_SESSION_TOKEN:
extension.removeHttpSessionToken(ApiUtils.getAuthority(params.getString(ACTION_PARAM_SITE)), params.getString(ACTION_PARAM_TOKEN_NAME));
return ApiResponseElement.OK;
case ACTION_SET_SESSION_TOKEN:
site = extension.getHttpSessionsSite(ApiUtils.getAuthority(params.getString(ACTION_PARAM_SITE)), false);
if (site == null) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, ACTION_PARAM_SITE);
}
HttpSession sessionSST = site.getHttpSession(params.getString(ACTION_PARAM_SESSION));
if (sessionSST == null) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, ACTION_PARAM_SESSION);
}
extension.addHttpSessionToken(ApiUtils.getAuthority(params.getString(ACTION_PARAM_SITE)), params.getString(ACTION_PARAM_TOKEN_NAME));
sessionSST.setTokenValue(params.getString(ACTION_PARAM_TOKEN_NAME), new Cookie(null, /* domain */
params.getString(ACTION_PARAM_TOKEN_NAME), params.getString(ACTION_PARAM_TOKEN_VALUE)));
return ApiResponseElement.OK;
case ACTION_RENAME_SESSION:
site = extension.getHttpSessionsSite(ApiUtils.getAuthority(params.getString(ACTION_PARAM_SITE)), false);
if (site == null) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, ACTION_PARAM_SITE);
}
if (!site.renameHttpSession(params.getString(ACTION_PARAM_SESSION_OLD_NAME), params.getString(ACTION_PARAM_SESSION_NEW_NAME))) {
throw new ApiException(ApiException.Type.INTERNAL_ERROR, Constant.messages.getString("httpsessions.api.error.rename"));
}
return ApiResponseElement.OK;
default:
throw new ApiException(ApiException.Type.BAD_ACTION);
}
}
Also used :
Cookie(org.apache.commons.httpclient.Cookie)
ApiException(org.zaproxy.zap.extension.api.ApiException)
Example 28 with ApiException
use of org.zaproxy.zap.extension.api.ApiException in project zaproxy by zaproxy.
the class ApiUtils method getContextByParamId.
/**
* Gets the {@link Context} whose id is provided as a parameter with the given name. Throws an
* exception accordingly if not found or valid.
*
* @param params the params
* @param contextIdParamName the context id param name
* @return the context
* @throws ApiException the api exception
*/
public static Context getContextByParamId(JSONObject params, String contextIdParamName) throws ApiException {
int contextId = getIntParam(params, contextIdParamName);
Context context = Model.getSingleton().getSession().getContext(contextId);
if (context == null) {
throw new ApiException(Type.CONTEXT_NOT_FOUND, contextIdParamName);
}
return context;
}
Also used :
Context(org.zaproxy.zap.model.Context)
ApiException(org.zaproxy.zap.extension.api.ApiException)
Example 29 with ApiException
use of org.zaproxy.zap.extension.api.ApiException in project zaproxy by zaproxy.
the class AuthenticationAPI method getContext.
/**
* Gets the context from the parameters or throws a Missing Parameter exception, if any problems
* occured.
*
* @param params the params
* @return the context
* @throws ApiException the api exception
*/
private Context getContext(JSONObject params) throws ApiException {
// NOTE: Still use this method as maybe we'll switch to using context names instead of id
int contextId = getContextId(params);
Context context = Model.getSingleton().getSession().getContext(contextId);
if (context == null)
throw new ApiException(Type.CONTEXT_NOT_FOUND, PARAM_CONTEXT_ID);
return context;
}
Also used :
Context(org.zaproxy.zap.model.Context)
ApiException(org.zaproxy.zap.extension.api.ApiException)
Example 30 with ApiException
use of org.zaproxy.zap.extension.api.ApiException in project zaproxy by zaproxy.
the class ApiUtils method getOptionalEnumParam.
/**
* Gets an optional enum param, returning {@code null} if the parameter was not found.
*
* @param <E> the type of the enum that will be returned
* @param params the params
* @param paramName the param name
* @param enumType the type of the enum
* @return the enum, or {@code null}
* @throws ApiException if the param value does not match any of the possible enum values
*/
public static <E extends Enum<E>> E getOptionalEnumParam(JSONObject params, String paramName, Class<E> enumType) throws ApiException {
String enumValS = params.optString(paramName, null);
E enumVal = null;
if (enumValS != null && !enumValS.isEmpty()) {
try {
enumVal = Enum.valueOf(enumType, enumValS);
} catch (Exception ex) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, paramName + ": " + ex.getLocalizedMessage());
}
}
return enumVal;
}
Also used :
ApiException(org.zaproxy.zap.extension.api.ApiException)
ApiException(org.zaproxy.zap.extension.api.ApiException)
Aggregations
ApiException (org.zaproxy.zap.extension.api.ApiException)44
Context (org.zaproxy.zap.model.Context)18
ApiResponseElement (org.zaproxy.zap.extension.api.ApiResponseElement)12
ApiResponseList (org.zaproxy.zap.extension.api.ApiResponseList)12
JSONObject (net.sf.json.JSONObject)11
DatabaseException (org.parosproxy.paros.db.DatabaseException)10
User (org.zaproxy.zap.users.User)9
ApiDynamicActionImplementor (org.zaproxy.zap.extension.api.ApiDynamicActionImplementor)8
HashMap (java.util.HashMap)7
PatternSyntaxException (java.util.regex.PatternSyntaxException)6
JSONException (net.sf.json.JSONException)6
HttpMalformedHeaderException (org.parosproxy.paros.network.HttpMalformedHeaderException)6
ApiResponse (org.zaproxy.zap.extension.api.ApiResponse)6
GenericScanner2 (org.zaproxy.zap.model.GenericScanner2)6
ArrayList (java.util.ArrayList)5
ConfigurationException (org.apache.commons.configuration.ConfigurationException)5
ExtensionUserManagement (org.zaproxy.zap.extension.users.ExtensionUserManagement)5
URIException (org.apache.commons.httpclient.URIException)4
Plugin (org.parosproxy.paros.core.scanner.Plugin)4
Session (org.parosproxy.paros.model.Session)4
