use of org.zaproxy.zap.model.Context in project zaproxy by zaproxy.
the class ContextAPI method handleApiView.
@Override
public ApiResponse handleApiView(String name, JSONObject params) throws ApiException {
log.debug("handleApiView " + name + " " + params.toString());
ApiResponse result;
ApiResponseList resultList;
TechSet techSet;
switch(name) {
case VIEW_EXCLUDE_REGEXS:
result = new ApiResponseElement(name, getContext(params).getExcludeFromContextRegexs().toString());
break;
case VIEW_INCLUDE_REGEXS:
result = new ApiResponseElement(name, getContext(params).getIncludeInContextRegexs().toString());
break;
case VIEW_CONTEXT_LIST:
List<String> contextNames = new ArrayList<>();
List<Context> contexts = Model.getSingleton().getSession().getContexts();
for (Context context : contexts) {
contextNames.add(context.getName());
}
result = new ApiResponseElement(name, contextNames.toString());
break;
case VIEW_CONTEXT:
result = new ApiResponseElement(buildResponseFromContext(getContext(params)));
break;
case VIEW_ALL_TECHS:
resultList = new ApiResponseList(name);
for (Tech tech : Tech.builtInTech) {
resultList.addItem(new ApiResponseElement(TECH_NAME, tech.toString()));
}
result = resultList;
break;
case VIEW_INCLUDED_TECHS:
resultList = new ApiResponseList(name);
techSet = getContext(params).getTechSet();
for (Tech tech : techSet.getIncludeTech()) {
resultList.addItem(new ApiResponseElement(TECH_NAME, tech.toString()));
}
result = resultList;
break;
case VIEW_EXCLUDED_TECHS:
resultList = new ApiResponseList(name);
techSet = getContext(params).getTechSet();
for (Tech tech : techSet.getExcludeTech()) {
resultList.addItem(new ApiResponseElement(TECH_NAME, tech.toString()));
}
result = resultList;
break;
default:
throw new ApiException(Type.BAD_VIEW);
}
return result;
}
use of org.zaproxy.zap.model.Context in project zaproxy by zaproxy.
the class HttpAuthSessionManagementMethodType method getSetMethodForContextApiAction.
@Override
public ApiDynamicActionImplementor getSetMethodForContextApiAction() {
return new ApiDynamicActionImplementor(API_METHOD_NAME, null, null) {
@Override
public void handleAction(JSONObject params) throws ApiException {
Context context = ApiUtils.getContextByParamId(params, SessionManagementAPI.PARAM_CONTEXT_ID);
context.setSessionManagementMethod(createSessionManagementMethod(context.getIndex()));
}
};
}
use of org.zaproxy.zap.model.Context in project zaproxy by zaproxy.
the class GenericAuthenticationCredentials method getSetCredentialsForUserApiAction.
/**
* Gets the api action for setting a {@link GenericAuthenticationCredentials} for an User.
*
* @param methodType the method type for which this is called
* @return api action implementation
*/
public static ApiDynamicActionImplementor getSetCredentialsForUserApiAction(final AuthenticationMethodType methodType) {
return new ApiDynamicActionImplementor(ACTION_SET_CREDENTIALS, null, new String[] { PARAM_CONFIG_PARAMS }) {
@Override
public void handleAction(JSONObject params) throws ApiException {
Context context = ApiUtils.getContextByParamId(params, UsersAPI.PARAM_CONTEXT_ID);
int userId = ApiUtils.getIntParam(params, UsersAPI.PARAM_USER_ID);
// Make sure the type of authentication method is compatible
if (!methodType.isTypeForMethod(context.getAuthenticationMethod()))
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, "User's credentials should match authentication method type of the context: " + context.getAuthenticationMethod().getType().getName());
// NOTE: no need to check if extension is loaded as this method is called only if
// the Users extension is loaded
ExtensionUserManagement extensionUserManagement = (ExtensionUserManagement) Control.getSingleton().getExtensionLoader().getExtension(ExtensionUserManagement.NAME);
User user = extensionUserManagement.getContextUserAuthManager(context.getIndex()).getUserById(userId);
if (user == null)
throw new ApiException(ApiException.Type.USER_NOT_FOUND, UsersAPI.PARAM_USER_ID);
// Build and set the credentials
GenericAuthenticationCredentials credentials = (GenericAuthenticationCredentials) context.getAuthenticationMethod().createAuthenticationCredentials();
for (String paramName : credentials.paramNames) credentials.setParam(paramName, ApiUtils.getNonEmptyStringParam(params, paramName));
user.setAuthenticationCredentials(credentials);
}
};
}
use of org.zaproxy.zap.model.Context in project zaproxy by zaproxy.
the class ManualAuthenticationMethodType method getSetMethodForContextApiAction.
@Override
public ApiDynamicActionImplementor getSetMethodForContextApiAction() {
return new ApiDynamicActionImplementor(API_METHOD_NAME, null, null) {
@Override
public void handleAction(JSONObject params) throws ApiException {
Context context = ApiUtils.getContextByParamId(params, AuthenticationAPI.PARAM_CONTEXT_ID);
ManualAuthenticationMethod method = createAuthenticationMethod(context.getIndex());
if (!context.getAuthenticationMethod().isSameType(method)) {
apiChangedAuthenticationMethodForContext(context.getIndex());
}
context.setAuthenticationMethod(method);
}
};
}
use of org.zaproxy.zap.model.Context in project zaproxy by zaproxy.
the class ManualAuthenticationMethodType method getSetCredentialsForUserApiAction.
@Override
public ApiDynamicActionImplementor getSetCredentialsForUserApiAction() {
return new ApiDynamicActionImplementor(ACTION_SET_CREDENTIALS, new String[] { PARAM_SESSION_NAME }, null) {
@Override
public void handleAction(JSONObject params) throws ApiException {
Context context = ApiUtils.getContextByParamId(params, UsersAPI.PARAM_CONTEXT_ID);
int userId = ApiUtils.getIntParam(params, UsersAPI.PARAM_USER_ID);
// Make sure the type of authentication method is compatible
if (!isTypeForMethod(context.getAuthenticationMethod())) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, "User's credentials should match authentication method type of the context: " + context.getAuthenticationMethod().getType().getName());
}
// NOTE: no need to check if extension is loaded as this method
// is called only if
// the Users
// extension is loaded
ExtensionUserManagement extensionUserManagement = (ExtensionUserManagement) Control.getSingleton().getExtensionLoader().getExtension(ExtensionUserManagement.NAME);
User user = extensionUserManagement.getContextUserAuthManager(context.getIndex()).getUserById(userId);
if (user == null) {
throw new ApiException(Type.USER_NOT_FOUND, UsersAPI.PARAM_USER_ID);
}
String sessionName = ApiUtils.getNonEmptyStringParam(params, PARAM_SESSION_NAME);
// Get the matching session
ExtensionHttpSessions extensionHttpSessions = (ExtensionHttpSessions) Control.getSingleton().getExtensionLoader().getExtension(ExtensionHttpSessions.NAME);
if (extensionHttpSessions == null) {
throw new ApiException(Type.NO_IMPLEMENTOR, "HttpSessions extension is not loaded.");
}
List<HttpSession> sessions = extensionHttpSessions.getHttpSessionsForContext(context);
HttpSession matchedSession = null;
for (HttpSession session : sessions) {
if (session.getName().equals(sessionName)) {
matchedSession = session;
break;
}
}
if (matchedSession == null) {
throw new ApiException(ApiException.Type.DOES_NOT_EXIST, PARAM_SESSION_NAME);
}
// Set the credentials
ManualAuthenticationCredentials credentials = createAuthenticationCredentials();
credentials.setSelectedSession(matchedSession);
user.setAuthenticationCredentials(credentials);
}
};
}
Aggregations