Search in sources :

Example 46 with Context

use of org.zaproxy.zap.model.Context in project zaproxy by zaproxy.

the class ContextAPI method handleApiView.

@Override
public ApiResponse handleApiView(String name, JSONObject params) throws ApiException {
    log.debug("handleApiView " + name + " " + params.toString());
    ApiResponse result;
    ApiResponseList resultList;
    TechSet techSet;
    switch(name) {
        case VIEW_EXCLUDE_REGEXS:
            result = new ApiResponseElement(name, getContext(params).getExcludeFromContextRegexs().toString());
            break;
        case VIEW_INCLUDE_REGEXS:
            result = new ApiResponseElement(name, getContext(params).getIncludeInContextRegexs().toString());
            break;
        case VIEW_CONTEXT_LIST:
            List<String> contextNames = new ArrayList<>();
            List<Context> contexts = Model.getSingleton().getSession().getContexts();
            for (Context context : contexts) {
                contextNames.add(context.getName());
            }
            result = new ApiResponseElement(name, contextNames.toString());
            break;
        case VIEW_CONTEXT:
            result = new ApiResponseElement(buildResponseFromContext(getContext(params)));
            break;
        case VIEW_ALL_TECHS:
            resultList = new ApiResponseList(name);
            for (Tech tech : Tech.builtInTech) {
                resultList.addItem(new ApiResponseElement(TECH_NAME, tech.toString()));
            }
            result = resultList;
            break;
        case VIEW_INCLUDED_TECHS:
            resultList = new ApiResponseList(name);
            techSet = getContext(params).getTechSet();
            for (Tech tech : techSet.getIncludeTech()) {
                resultList.addItem(new ApiResponseElement(TECH_NAME, tech.toString()));
            }
            result = resultList;
            break;
        case VIEW_EXCLUDED_TECHS:
            resultList = new ApiResponseList(name);
            techSet = getContext(params).getTechSet();
            for (Tech tech : techSet.getExcludeTech()) {
                resultList.addItem(new ApiResponseElement(TECH_NAME, tech.toString()));
            }
            result = resultList;
            break;
        default:
            throw new ApiException(Type.BAD_VIEW);
    }
    return result;
}
Also used : Context(org.zaproxy.zap.model.Context) Tech(org.zaproxy.zap.model.Tech) TechSet(org.zaproxy.zap.model.TechSet) ApiResponseElement(org.zaproxy.zap.extension.api.ApiResponseElement) ArrayList(java.util.ArrayList)

Example 47 with Context

use of org.zaproxy.zap.model.Context in project zaproxy by zaproxy.

the class HttpAuthSessionManagementMethodType method getSetMethodForContextApiAction.

@Override
public ApiDynamicActionImplementor getSetMethodForContextApiAction() {
    return new ApiDynamicActionImplementor(API_METHOD_NAME, null, null) {

        @Override
        public void handleAction(JSONObject params) throws ApiException {
            Context context = ApiUtils.getContextByParamId(params, SessionManagementAPI.PARAM_CONTEXT_ID);
            context.setSessionManagementMethod(createSessionManagementMethod(context.getIndex()));
        }
    };
}
Also used : ApiDynamicActionImplementor(org.zaproxy.zap.extension.api.ApiDynamicActionImplementor) Context(org.zaproxy.zap.model.Context) JSONObject(net.sf.json.JSONObject)

Example 48 with Context

use of org.zaproxy.zap.model.Context in project zaproxy by zaproxy.

the class GenericAuthenticationCredentials method getSetCredentialsForUserApiAction.

/**
	 * Gets the api action for setting a {@link GenericAuthenticationCredentials} for an User.
	 * 
	 * @param methodType the method type for which this is called
	 * @return api action implementation
	 */
public static ApiDynamicActionImplementor getSetCredentialsForUserApiAction(final AuthenticationMethodType methodType) {
    return new ApiDynamicActionImplementor(ACTION_SET_CREDENTIALS, null, new String[] { PARAM_CONFIG_PARAMS }) {

        @Override
        public void handleAction(JSONObject params) throws ApiException {
            Context context = ApiUtils.getContextByParamId(params, UsersAPI.PARAM_CONTEXT_ID);
            int userId = ApiUtils.getIntParam(params, UsersAPI.PARAM_USER_ID);
            // Make sure the type of authentication method is compatible
            if (!methodType.isTypeForMethod(context.getAuthenticationMethod()))
                throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, "User's credentials should match authentication method type of the context: " + context.getAuthenticationMethod().getType().getName());
            // NOTE: no need to check if extension is loaded as this method is called only if
            // the Users extension is loaded
            ExtensionUserManagement extensionUserManagement = (ExtensionUserManagement) Control.getSingleton().getExtensionLoader().getExtension(ExtensionUserManagement.NAME);
            User user = extensionUserManagement.getContextUserAuthManager(context.getIndex()).getUserById(userId);
            if (user == null)
                throw new ApiException(ApiException.Type.USER_NOT_FOUND, UsersAPI.PARAM_USER_ID);
            // Build and set the credentials
            GenericAuthenticationCredentials credentials = (GenericAuthenticationCredentials) context.getAuthenticationMethod().createAuthenticationCredentials();
            for (String paramName : credentials.paramNames) credentials.setParam(paramName, ApiUtils.getNonEmptyStringParam(params, paramName));
            user.setAuthenticationCredentials(credentials);
        }
    };
}
Also used : ApiDynamicActionImplementor(org.zaproxy.zap.extension.api.ApiDynamicActionImplementor) Context(org.zaproxy.zap.model.Context) ExtensionUserManagement(org.zaproxy.zap.extension.users.ExtensionUserManagement) User(org.zaproxy.zap.users.User) JSONObject(net.sf.json.JSONObject) ApiException(org.zaproxy.zap.extension.api.ApiException)

Example 49 with Context

use of org.zaproxy.zap.model.Context in project zaproxy by zaproxy.

the class ManualAuthenticationMethodType method getSetMethodForContextApiAction.

@Override
public ApiDynamicActionImplementor getSetMethodForContextApiAction() {
    return new ApiDynamicActionImplementor(API_METHOD_NAME, null, null) {

        @Override
        public void handleAction(JSONObject params) throws ApiException {
            Context context = ApiUtils.getContextByParamId(params, AuthenticationAPI.PARAM_CONTEXT_ID);
            ManualAuthenticationMethod method = createAuthenticationMethod(context.getIndex());
            if (!context.getAuthenticationMethod().isSameType(method)) {
                apiChangedAuthenticationMethodForContext(context.getIndex());
            }
            context.setAuthenticationMethod(method);
        }
    };
}
Also used : ApiDynamicActionImplementor(org.zaproxy.zap.extension.api.ApiDynamicActionImplementor) Context(org.zaproxy.zap.model.Context) JSONObject(net.sf.json.JSONObject)

Example 50 with Context

use of org.zaproxy.zap.model.Context in project zaproxy by zaproxy.

the class ManualAuthenticationMethodType method getSetCredentialsForUserApiAction.

@Override
public ApiDynamicActionImplementor getSetCredentialsForUserApiAction() {
    return new ApiDynamicActionImplementor(ACTION_SET_CREDENTIALS, new String[] { PARAM_SESSION_NAME }, null) {

        @Override
        public void handleAction(JSONObject params) throws ApiException {
            Context context = ApiUtils.getContextByParamId(params, UsersAPI.PARAM_CONTEXT_ID);
            int userId = ApiUtils.getIntParam(params, UsersAPI.PARAM_USER_ID);
            // Make sure the type of authentication method is compatible
            if (!isTypeForMethod(context.getAuthenticationMethod())) {
                throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, "User's credentials should match authentication method type of the context: " + context.getAuthenticationMethod().getType().getName());
            }
            // NOTE: no need to check if extension is loaded as this method
            // is called only if
            // the Users
            // extension is loaded
            ExtensionUserManagement extensionUserManagement = (ExtensionUserManagement) Control.getSingleton().getExtensionLoader().getExtension(ExtensionUserManagement.NAME);
            User user = extensionUserManagement.getContextUserAuthManager(context.getIndex()).getUserById(userId);
            if (user == null) {
                throw new ApiException(Type.USER_NOT_FOUND, UsersAPI.PARAM_USER_ID);
            }
            String sessionName = ApiUtils.getNonEmptyStringParam(params, PARAM_SESSION_NAME);
            // Get the matching session
            ExtensionHttpSessions extensionHttpSessions = (ExtensionHttpSessions) Control.getSingleton().getExtensionLoader().getExtension(ExtensionHttpSessions.NAME);
            if (extensionHttpSessions == null) {
                throw new ApiException(Type.NO_IMPLEMENTOR, "HttpSessions extension is not loaded.");
            }
            List<HttpSession> sessions = extensionHttpSessions.getHttpSessionsForContext(context);
            HttpSession matchedSession = null;
            for (HttpSession session : sessions) {
                if (session.getName().equals(sessionName)) {
                    matchedSession = session;
                    break;
                }
            }
            if (matchedSession == null) {
                throw new ApiException(ApiException.Type.DOES_NOT_EXIST, PARAM_SESSION_NAME);
            }
            // Set the credentials
            ManualAuthenticationCredentials credentials = createAuthenticationCredentials();
            credentials.setSelectedSession(matchedSession);
            user.setAuthenticationCredentials(credentials);
        }
    };
}
Also used : ApiDynamicActionImplementor(org.zaproxy.zap.extension.api.ApiDynamicActionImplementor) Context(org.zaproxy.zap.model.Context) ExtensionUserManagement(org.zaproxy.zap.extension.users.ExtensionUserManagement) User(org.zaproxy.zap.users.User) JSONObject(net.sf.json.JSONObject) HttpSession(org.zaproxy.zap.extension.httpsessions.HttpSession) ExtensionHttpSessions(org.zaproxy.zap.extension.httpsessions.ExtensionHttpSessions) ApiException(org.zaproxy.zap.extension.api.ApiException)

Aggregations

Context (org.zaproxy.zap.model.Context)59 ApiException (org.zaproxy.zap.extension.api.ApiException)19 Session (org.parosproxy.paros.model.Session)14 User (org.zaproxy.zap.users.User)14 JSONObject (net.sf.json.JSONObject)12 ApiDynamicActionImplementor (org.zaproxy.zap.extension.api.ApiDynamicActionImplementor)11 RecordContext (org.parosproxy.paros.db.RecordContext)9 ArrayList (java.util.ArrayList)8 DatabaseException (org.parosproxy.paros.db.DatabaseException)8 JMenuItem (javax.swing.JMenuItem)7 ConfigurationException (org.apache.commons.configuration.ConfigurationException)7 ExtensionPopupMenuItem (org.parosproxy.paros.extension.ExtensionPopupMenuItem)7 ApiResponseElement (org.zaproxy.zap.extension.api.ApiResponseElement)6 ExtensionUserManagement (org.zaproxy.zap.extension.users.ExtensionUserManagement)6 JSONException (net.sf.json.JSONException)4 URIException (org.apache.commons.httpclient.URIException)4 SiteNode (org.parosproxy.paros.model.SiteNode)4 SessionDialog (org.parosproxy.paros.view.SessionDialog)4 Tech (org.zaproxy.zap.model.Tech)4 IOException (java.io.IOException)3