Search in sources :

Example 1 with Context

use of org.zaproxy.zap.model.Context in project zaproxy by zaproxy.

the class FormBasedAuthenticationMethodType method getPopupFlagLoginRequestMenuFactory.

/**
	 * Gets the popup menu factory for flagging login requests.
	 * 
	 * @return the popup flag login request menu factory
	 */
private PopupMenuItemSiteNodeContextMenuFactory getPopupFlagLoginRequestMenuFactory() {
    PopupMenuItemSiteNodeContextMenuFactory popupFlagLoginRequestMenuFactory = new PopupMenuItemSiteNodeContextMenuFactory(Constant.messages.getString("context.flag.popup")) {

        private static final long serialVersionUID = 8927418764L;

        @Override
        public PopupMenuItemContext getContextMenu(Context context, String parentMenu) {
            return new PopupMenuItemContext(context, parentMenu, MessageFormat.format(Constant.messages.getString("authentication.method.fb.popup.login.request"), context.getName())) {

                private static final long serialVersionUID = 1967885623005183801L;

                private ExtensionUserManagement usersExtension;

                private Context uiSharedContext;

                /**
					 * Make sure the user acknowledges the Users corresponding to this context will
					 * be deleted.
					 * 
					 * @return true, if successful
					 */
                private boolean confirmUsersDeletion(Context uiSharedContext) {
                    usersExtension = (ExtensionUserManagement) Control.getSingleton().getExtensionLoader().getExtension(ExtensionUserManagement.NAME);
                    if (usersExtension != null) {
                        if (usersExtension.getSharedContextUsers(uiSharedContext).size() > 0) {
                            int choice = JOptionPane.showConfirmDialog(this, Constant.messages.getString("authentication.dialog.confirmChange.label"), Constant.messages.getString("authentication.dialog.confirmChange.title"), JOptionPane.OK_CANCEL_OPTION);
                            if (choice == JOptionPane.CANCEL_OPTION) {
                                return false;
                            }
                        }
                    }
                    return true;
                }

                @Override
                public void performAction(SiteNode sn) {
                    // Manually create the UI shared contexts so any modifications are done
                    // on an UI shared Context, so changes can be undone by pressing Cancel
                    SessionDialog sessionDialog = View.getSingleton().getSessionDialog();
                    sessionDialog.recreateUISharedContexts(Model.getSingleton().getSession());
                    uiSharedContext = sessionDialog.getUISharedContext(this.getContext().getIndex());
                    // Do the work/changes on the UI shared context
                    if (this.getContext().getAuthenticationMethod() instanceof FormBasedAuthenticationMethod) {
                        log.info("Selected new login request via PopupMenu. Changing existing Form-Based Authentication instance for Context " + getContext().getIndex());
                        FormBasedAuthenticationMethod method = (FormBasedAuthenticationMethod) uiSharedContext.getAuthenticationMethod();
                        try {
                            method.setLoginRequest(sn);
                        } catch (Exception e) {
                            log.error("Failed to set login request: " + e.getMessage(), e);
                            return;
                        }
                        // Show the session dialog without recreating UI Shared contexts
                        View.getSingleton().showSessionDialog(Model.getSingleton().getSession(), ContextAuthenticationPanel.buildName(this.getContext().getIndex()), false);
                    } else {
                        log.info("Selected new login request via PopupMenu. Creating new Form-Based Authentication instance for Context " + getContext().getIndex());
                        FormBasedAuthenticationMethod method = new FormBasedAuthenticationMethod();
                        try {
                            method.setLoginRequest(sn);
                        } catch (Exception e) {
                            log.error("Failed to set login request: " + e.getMessage(), e);
                            return;
                        }
                        if (!confirmUsersDeletion(uiSharedContext)) {
                            log.debug("Cancelled change of authentication type.");
                            return;
                        }
                        uiSharedContext.setAuthenticationMethod(method);
                        // Show the session dialog without recreating UI Shared contexts
                        // NOTE: First init the panels of the dialog so old users data gets
                        // loaded and just then delete the users
                        // from the UI data model, otherwise the 'real' users from the
                        // non-shared context would be loaded
                        // and would override any deletions made.
                        View.getSingleton().showSessionDialog(Model.getSingleton().getSession(), ContextAuthenticationPanel.buildName(this.getContext().getIndex()), false, new Runnable() {

                            @Override
                            public void run() {
                                // save as well
                                if (usersExtension != null)
                                    usersExtension.removeSharedContextUsers(uiSharedContext);
                            }
                        });
                    }
                }
            };
        }

        @Override
        public int getParentMenuIndex() {
            return 3;
        }
    };
    return popupFlagLoginRequestMenuFactory;
}
Also used : Context(org.zaproxy.zap.model.Context) PopupMenuItemContext(org.zaproxy.zap.view.popup.PopupMenuItemContext) RecordContext(org.parosproxy.paros.db.RecordContext) ExtensionUserManagement(org.zaproxy.zap.extension.users.ExtensionUserManagement) PopupMenuItemContext(org.zaproxy.zap.view.popup.PopupMenuItemContext) SessionDialog(org.parosproxy.paros.view.SessionDialog) PopupMenuItemSiteNodeContextMenuFactory(org.zaproxy.zap.view.popup.PopupMenuItemSiteNodeContextMenuFactory) URIException(org.apache.commons.httpclient.URIException) HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException) ApiException(org.zaproxy.zap.extension.api.ApiException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) ConfigurationException(org.apache.commons.configuration.ConfigurationException) IOException(java.io.IOException) DatabaseException(org.parosproxy.paros.db.DatabaseException) SiteNode(org.parosproxy.paros.model.SiteNode)

Example 2 with Context

use of org.zaproxy.zap.model.Context in project zaproxy by zaproxy.

the class FormBasedAuthenticationMethodType method getSetMethodForContextApiAction.

@Override
public ApiDynamicActionImplementor getSetMethodForContextApiAction() {
    return new ApiDynamicActionImplementor(API_METHOD_NAME, new String[] { PARAM_LOGIN_URL }, new String[] { PARAM_LOGIN_REQUEST_DATA }) {

        @Override
        public void handleAction(JSONObject params) throws ApiException {
            Context context = ApiUtils.getContextByParamId(params, AuthenticationAPI.PARAM_CONTEXT_ID);
            String loginUrl = ApiUtils.getNonEmptyStringParam(params, PARAM_LOGIN_URL);
            try {
                new URL(loginUrl);
            } catch (Exception ex) {
                throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_LOGIN_URL);
            }
            String postData = "";
            if (params.containsKey(PARAM_LOGIN_REQUEST_DATA)) {
                postData = params.getString(PARAM_LOGIN_REQUEST_DATA);
            }
            // Set the method
            FormBasedAuthenticationMethod method = createAuthenticationMethod(context.getIndex());
            try {
                method.setLoginRequest(loginUrl, postData);
            } catch (Exception e) {
                throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
            }
            if (!context.getAuthenticationMethod().isSameType(method))
                apiChangedAuthenticationMethodForContext(context.getIndex());
            context.setAuthenticationMethod(method);
        }
    };
}
Also used : ApiDynamicActionImplementor(org.zaproxy.zap.extension.api.ApiDynamicActionImplementor) Context(org.zaproxy.zap.model.Context) PopupMenuItemContext(org.zaproxy.zap.view.popup.PopupMenuItemContext) RecordContext(org.parosproxy.paros.db.RecordContext) JSONObject(net.sf.json.JSONObject) URL(java.net.URL) URIException(org.apache.commons.httpclient.URIException) HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException) ApiException(org.zaproxy.zap.extension.api.ApiException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) ConfigurationException(org.apache.commons.configuration.ConfigurationException) IOException(java.io.IOException) DatabaseException(org.parosproxy.paros.db.DatabaseException) ApiException(org.zaproxy.zap.extension.api.ApiException)

Example 3 with Context

use of org.zaproxy.zap.model.Context in project zaproxy by zaproxy.

the class ExtensionForcedUser method onHttpRequestSend.

@Override
public void onHttpRequestSend(HttpMessage msg, int initiator, HttpSender sender) {
    if (!forcedUserModeEnabled || msg.getRequestHeader().isImage() || (initiator == HttpSender.AUTHENTICATION_INITIATOR || initiator == HttpSender.CHECK_FOR_UPDATES_INITIATOR || initiator == HttpSender.AUTHENTICATION_POLL_INITIATOR)) {
        // Not relevant
        return;
    }
    // The message is already being sent from the POV of another user
    if (msg.getRequestingUser() != null)
        return;
    // Is the message in any of the contexts?
    List<Context> contexts = Model.getSingleton().getSession().getContexts();
    User requestingUser = null;
    for (Context context : contexts) {
        if (context.isInContext(msg.getRequestHeader().getURI().toString())) {
            // Is there enough info
            if (contextForcedUsersMap.containsKey(context.getId())) {
                requestingUser = contextForcedUsersMap.get(context.getId());
                break;
            }
        }
    }
    if (requestingUser == null || !requestingUser.isEnabled())
        return;
    if (log.isDebugEnabled()) {
        log.debug("Modifying request message (" + msg.getRequestHeader().getURI() + ") to match user: " + requestingUser);
    }
    msg.setRequestingUser(requestingUser);
}
Also used : Context(org.zaproxy.zap.model.Context) RecordContext(org.parosproxy.paros.db.RecordContext) User(org.zaproxy.zap.users.User)

Example 4 with Context

use of org.zaproxy.zap.model.Context in project zaproxy by zaproxy.

the class PopupFlagCustomPageIndicatorMenu method performAction.

private void performAction() {
    Context currentContext = Model.getSingleton().getSession().getContext(this.contextId);
    DialogAddCustomPage dialogAddCustomPage = getDialogAddCustomPage(currentContext, getSelectedText());
    dialogAddCustomPage.setVisible(true);
    currentContext.addCustomPage(dialogAddCustomPage.getCustomPage());
}
Also used : Context(org.zaproxy.zap.model.Context)

Example 5 with Context

use of org.zaproxy.zap.model.Context in project zaproxy by zaproxy.

the class ForcedUserAPI method handleApiAction.

@Override
public ApiResponse handleApiAction(String name, JSONObject params) throws ApiException {
    log.debug("handleApiAction " + name + " " + params.toString());
    Context context;
    switch(name) {
        case ACTION_SET_FORCED_USER:
            context = ApiUtils.getContextByParamId(params, PARAM_CONTEXT_ID);
            int userId = ApiUtils.getIntParam(params, PARAM_USER_ID);
            try {
                extension.setForcedUser(context.getId(), userId);
            } catch (IllegalStateException ex) {
                throw new ApiException(Type.USER_NOT_FOUND);
            }
            context.save();
            return ApiResponseElement.OK;
        case ACTION_SET_FORCED_USER_MODE_ENABLED:
            if (!params.containsKey(PARAM_MODE_ENABLED))
                throw new ApiException(Type.MISSING_PARAMETER, PARAM_MODE_ENABLED);
            boolean newModeStatus;
            try {
                newModeStatus = params.getBoolean(PARAM_MODE_ENABLED);
            } catch (JSONException ex) {
                throw new ApiException(Type.ILLEGAL_PARAMETER, PARAM_MODE_ENABLED);
            }
            extension.setForcedUserModeEnabled(newModeStatus);
            return ApiResponseElement.OK;
        default:
            throw new ApiException(Type.BAD_ACTION);
    }
}
Also used : Context(org.zaproxy.zap.model.Context) JSONException(net.sf.json.JSONException) ApiException(org.zaproxy.zap.extension.api.ApiException)

Aggregations

Context (org.zaproxy.zap.model.Context)89 ApiException (org.zaproxy.zap.extension.api.ApiException)22 Test (org.junit.jupiter.api.Test)21 ZapXmlConfiguration (org.zaproxy.zap.utils.ZapXmlConfiguration)17 WithConfigsTest (org.zaproxy.zap.WithConfigsTest)16 User (org.zaproxy.zap.users.User)15 JSONObject (net.sf.json.JSONObject)14 Configuration (org.apache.commons.configuration.Configuration)14 Session (org.parosproxy.paros.model.Session)14 ApiDynamicActionImplementor (org.zaproxy.zap.extension.api.ApiDynamicActionImplementor)13 RecordContext (org.parosproxy.paros.db.RecordContext)12 DatabaseException (org.parosproxy.paros.db.DatabaseException)10 ConfigurationException (org.apache.commons.configuration.ConfigurationException)9 HttpMessage (org.parosproxy.paros.network.HttpMessage)9 ExtensionUserManagement (org.zaproxy.zap.extension.users.ExtensionUserManagement)9 ArrayList (java.util.ArrayList)8 JMenuItem (javax.swing.JMenuItem)7 ExtensionPopupMenuItem (org.parosproxy.paros.extension.ExtensionPopupMenuItem)7 SiteNode (org.parosproxy.paros.model.SiteNode)7 IOException (java.io.IOException)6