Example 1 with Context
use of org.zaproxy.zap.model.Context in project zaproxy by zaproxy.
the class FormBasedAuthenticationMethodType method getPopupFlagLoginRequestMenuFactory.
/**
* Gets the popup menu factory for flagging login requests.
*
* @return the popup flag login request menu factory
*/
private PopupMenuItemSiteNodeContextMenuFactory getPopupFlagLoginRequestMenuFactory() {
PopupMenuItemSiteNodeContextMenuFactory popupFlagLoginRequestMenuFactory = new PopupMenuItemSiteNodeContextMenuFactory(Constant.messages.getString("context.flag.popup")) {
private static final long serialVersionUID = 8927418764L;
@Override
public PopupMenuItemContext getContextMenu(Context context, String parentMenu) {
return new PopupMenuItemContext(context, parentMenu, MessageFormat.format(Constant.messages.getString("authentication.method.fb.popup.login.request"), context.getName())) {
private static final long serialVersionUID = 1967885623005183801L;
private ExtensionUserManagement usersExtension;
private Context uiSharedContext;
/**
* Make sure the user acknowledges the Users corresponding to this context will
* be deleted.
*
* @return true, if successful
*/
private boolean confirmUsersDeletion(Context uiSharedContext) {
usersExtension = (ExtensionUserManagement) Control.getSingleton().getExtensionLoader().getExtension(ExtensionUserManagement.NAME);
if (usersExtension != null) {
if (usersExtension.getSharedContextUsers(uiSharedContext).size() > 0) {
int choice = JOptionPane.showConfirmDialog(this, Constant.messages.getString("authentication.dialog.confirmChange.label"), Constant.messages.getString("authentication.dialog.confirmChange.title"), JOptionPane.OK_CANCEL_OPTION);
if (choice == JOptionPane.CANCEL_OPTION) {
return false;
}
}
}
return true;
}
@Override
public void performAction(SiteNode sn) {
// Manually create the UI shared contexts so any modifications are done
// on an UI shared Context, so changes can be undone by pressing Cancel
SessionDialog sessionDialog = View.getSingleton().getSessionDialog();
sessionDialog.recreateUISharedContexts(Model.getSingleton().getSession());
uiSharedContext = sessionDialog.getUISharedContext(this.getContext().getIndex());
// Do the work/changes on the UI shared context
if (this.getContext().getAuthenticationMethod() instanceof FormBasedAuthenticationMethod) {
log.info("Selected new login request via PopupMenu. Changing existing Form-Based Authentication instance for Context " + getContext().getIndex());
FormBasedAuthenticationMethod method = (FormBasedAuthenticationMethod) uiSharedContext.getAuthenticationMethod();
try {
method.setLoginRequest(sn);
} catch (Exception e) {
log.error("Failed to set login request: " + e.getMessage(), e);
return;
}
// Show the session dialog without recreating UI Shared contexts
View.getSingleton().showSessionDialog(Model.getSingleton().getSession(), ContextAuthenticationPanel.buildName(this.getContext().getIndex()), false);
} else {
log.info("Selected new login request via PopupMenu. Creating new Form-Based Authentication instance for Context " + getContext().getIndex());
FormBasedAuthenticationMethod method = new FormBasedAuthenticationMethod();
try {
method.setLoginRequest(sn);
} catch (Exception e) {
log.error("Failed to set login request: " + e.getMessage(), e);
return;
}
if (!confirmUsersDeletion(uiSharedContext)) {
log.debug("Cancelled change of authentication type.");
return;
}
uiSharedContext.setAuthenticationMethod(method);
// Show the session dialog without recreating UI Shared contexts
// NOTE: First init the panels of the dialog so old users data gets
// loaded and just then delete the users
// from the UI data model, otherwise the 'real' users from the
// non-shared context would be loaded
// and would override any deletions made.
View.getSingleton().showSessionDialog(Model.getSingleton().getSession(), ContextAuthenticationPanel.buildName(this.getContext().getIndex()), false, new Runnable() {
@Override
public void run() {
// save as well
if (usersExtension != null)
usersExtension.removeSharedContextUsers(uiSharedContext);
}
});
}
}
};
}
@Override
public int getParentMenuIndex() {
return 3;
}
};
return popupFlagLoginRequestMenuFactory;
}
Also used :
Context(org.zaproxy.zap.model.Context)
PopupMenuItemContext(org.zaproxy.zap.view.popup.PopupMenuItemContext)
RecordContext(org.parosproxy.paros.db.RecordContext)
ExtensionUserManagement(org.zaproxy.zap.extension.users.ExtensionUserManagement)
PopupMenuItemContext(org.zaproxy.zap.view.popup.PopupMenuItemContext)
SessionDialog(org.parosproxy.paros.view.SessionDialog)
PopupMenuItemSiteNodeContextMenuFactory(org.zaproxy.zap.view.popup.PopupMenuItemSiteNodeContextMenuFactory)
URIException(org.apache.commons.httpclient.URIException)
HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException)
ApiException(org.zaproxy.zap.extension.api.ApiException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
ConfigurationException(org.apache.commons.configuration.ConfigurationException)
IOException(java.io.IOException)
DatabaseException(org.parosproxy.paros.db.DatabaseException)
SiteNode(org.parosproxy.paros.model.SiteNode)
Example 2 with Context
use of org.zaproxy.zap.model.Context in project zaproxy by zaproxy.
the class FormBasedAuthenticationMethodType method getSetMethodForContextApiAction.
@Override
public ApiDynamicActionImplementor getSetMethodForContextApiAction() {
return new ApiDynamicActionImplementor(API_METHOD_NAME, new String[] { PARAM_LOGIN_URL }, new String[] { PARAM_LOGIN_REQUEST_DATA }) {
@Override
public void handleAction(JSONObject params) throws ApiException {
Context context = ApiUtils.getContextByParamId(params, AuthenticationAPI.PARAM_CONTEXT_ID);
String loginUrl = ApiUtils.getNonEmptyStringParam(params, PARAM_LOGIN_URL);
try {
new URL(loginUrl);
} catch (Exception ex) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_LOGIN_URL);
}
String postData = "";
if (params.containsKey(PARAM_LOGIN_REQUEST_DATA)) {
postData = params.getString(PARAM_LOGIN_REQUEST_DATA);
}
// Set the method
FormBasedAuthenticationMethod method = createAuthenticationMethod(context.getIndex());
try {
method.setLoginRequest(loginUrl, postData);
} catch (Exception e) {
throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
}
if (!context.getAuthenticationMethod().isSameType(method))
apiChangedAuthenticationMethodForContext(context.getIndex());
context.setAuthenticationMethod(method);
}
};
}
Also used :
ApiDynamicActionImplementor(org.zaproxy.zap.extension.api.ApiDynamicActionImplementor)
Context(org.zaproxy.zap.model.Context)
PopupMenuItemContext(org.zaproxy.zap.view.popup.PopupMenuItemContext)
RecordContext(org.parosproxy.paros.db.RecordContext)
JSONObject(net.sf.json.JSONObject)
URL(java.net.URL)
URIException(org.apache.commons.httpclient.URIException)
HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException)
ApiException(org.zaproxy.zap.extension.api.ApiException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
ConfigurationException(org.apache.commons.configuration.ConfigurationException)
IOException(java.io.IOException)
DatabaseException(org.parosproxy.paros.db.DatabaseException)
ApiException(org.zaproxy.zap.extension.api.ApiException)
Example 3 with Context
use of org.zaproxy.zap.model.Context in project zaproxy by zaproxy.
the class ExtensionForcedUser method onHttpRequestSend.
@Override
public void onHttpRequestSend(HttpMessage msg, int initiator, HttpSender sender) {
if (!forcedUserModeEnabled || msg.getRequestHeader().isImage() || (initiator == HttpSender.AUTHENTICATION_INITIATOR || initiator == HttpSender.CHECK_FOR_UPDATES_INITIATOR || initiator == HttpSender.AUTHENTICATION_POLL_INITIATOR)) {
// Not relevant
return;
}
// The message is already being sent from the POV of another user
if (msg.getRequestingUser() != null)
return;
// Is the message in any of the contexts?
List<Context> contexts = Model.getSingleton().getSession().getContexts();
User requestingUser = null;
for (Context context : contexts) {
if (context.isInContext(msg.getRequestHeader().getURI().toString())) {
// Is there enough info
if (contextForcedUsersMap.containsKey(context.getId())) {
requestingUser = contextForcedUsersMap.get(context.getId());
break;
}
}
}
if (requestingUser == null || !requestingUser.isEnabled())
return;
if (log.isDebugEnabled()) {
log.debug("Modifying request message (" + msg.getRequestHeader().getURI() + ") to match user: " + requestingUser);
}
msg.setRequestingUser(requestingUser);
}
Also used :
Context(org.zaproxy.zap.model.Context)
RecordContext(org.parosproxy.paros.db.RecordContext)
User(org.zaproxy.zap.users.User)
Example 4 with Context
use of org.zaproxy.zap.model.Context in project zaproxy by zaproxy.
the class PopupFlagCustomPageIndicatorMenu method performAction.
private void performAction() {
Context currentContext = Model.getSingleton().getSession().getContext(this.contextId);
DialogAddCustomPage dialogAddCustomPage = getDialogAddCustomPage(currentContext, getSelectedText());
dialogAddCustomPage.setVisible(true);
currentContext.addCustomPage(dialogAddCustomPage.getCustomPage());
}
Also used :
Context(org.zaproxy.zap.model.Context)
Example 5 with Context
use of org.zaproxy.zap.model.Context in project zaproxy by zaproxy.
the class ForcedUserAPI method handleApiAction.
@Override
public ApiResponse handleApiAction(String name, JSONObject params) throws ApiException {
log.debug("handleApiAction " + name + " " + params.toString());
Context context;
switch(name) {
case ACTION_SET_FORCED_USER:
context = ApiUtils.getContextByParamId(params, PARAM_CONTEXT_ID);
int userId = ApiUtils.getIntParam(params, PARAM_USER_ID);
try {
extension.setForcedUser(context.getId(), userId);
} catch (IllegalStateException ex) {
throw new ApiException(Type.USER_NOT_FOUND);
}
context.save();
return ApiResponseElement.OK;
case ACTION_SET_FORCED_USER_MODE_ENABLED:
if (!params.containsKey(PARAM_MODE_ENABLED))
throw new ApiException(Type.MISSING_PARAMETER, PARAM_MODE_ENABLED);
boolean newModeStatus;
try {
newModeStatus = params.getBoolean(PARAM_MODE_ENABLED);
} catch (JSONException ex) {
throw new ApiException(Type.ILLEGAL_PARAMETER, PARAM_MODE_ENABLED);
}
extension.setForcedUserModeEnabled(newModeStatus);
return ApiResponseElement.OK;
default:
throw new ApiException(Type.BAD_ACTION);
}
}
Also used :
Context(org.zaproxy.zap.model.Context)
JSONException(net.sf.json.JSONException)
ApiException(org.zaproxy.zap.extension.api.ApiException)
Aggregations
Context (org.zaproxy.zap.model.Context)89
ApiException (org.zaproxy.zap.extension.api.ApiException)22
Test (org.junit.jupiter.api.Test)21
ZapXmlConfiguration (org.zaproxy.zap.utils.ZapXmlConfiguration)17
WithConfigsTest (org.zaproxy.zap.WithConfigsTest)16
User (org.zaproxy.zap.users.User)15
JSONObject (net.sf.json.JSONObject)14
Configuration (org.apache.commons.configuration.Configuration)14
Session (org.parosproxy.paros.model.Session)14
ApiDynamicActionImplementor (org.zaproxy.zap.extension.api.ApiDynamicActionImplementor)13
RecordContext (org.parosproxy.paros.db.RecordContext)12
DatabaseException (org.parosproxy.paros.db.DatabaseException)10
ConfigurationException (org.apache.commons.configuration.ConfigurationException)9
HttpMessage (org.parosproxy.paros.network.HttpMessage)9
ExtensionUserManagement (org.zaproxy.zap.extension.users.ExtensionUserManagement)9
ArrayList (java.util.ArrayList)8
JMenuItem (javax.swing.JMenuItem)7
ExtensionPopupMenuItem (org.parosproxy.paros.extension.ExtensionPopupMenuItem)7
SiteNode (org.parosproxy.paros.model.SiteNode)7
IOException (java.io.IOException)6
