use of org.zaproxy.zap.model.Context in project zaproxy by zaproxy.
the class CookieBasedSessionManagementMethodType method getSetMethodForContextApiAction.
@Override
public ApiDynamicActionImplementor getSetMethodForContextApiAction() {
return new ApiDynamicActionImplementor(API_METHOD_NAME, null, null) {
@Override
public void handleAction(JSONObject params) throws ApiException {
Context context = ApiUtils.getContextByParamId(params, SessionManagementAPI.PARAM_CONTEXT_ID);
context.setSessionManagementMethod(createSessionManagementMethod(context.getId()));
}
};
}
use of org.zaproxy.zap.model.Context in project zaproxy by zaproxy.
the class ScriptBasedSessionManagementMethodType method getSetMethodForContextApiAction.
@Override
public ApiDynamicActionImplementor getSetMethodForContextApiAction() {
return new ApiDynamicActionImplementor(API_METHOD_NAME, new String[] { PARAM_SCRIPT_NAME }, new String[] { PARAM_SCRIPT_CONFIG_PARAMS }) {
@Override
public void handleAction(JSONObject params) throws ApiException {
Context context = ApiUtils.getContextByParamId(params, SessionManagementAPI.PARAM_CONTEXT_ID);
String scriptName = ApiUtils.getNonEmptyStringParam(params, PARAM_SCRIPT_NAME);
// Prepare the method
ScriptBasedSessionManagementMethod method = createSessionManagementMethod(context.getId());
// Load the script and make sure it exists and follows the required interface
ScriptWrapper script = getScriptsExtension().getScript(scriptName);
if (script == null) {
LOG.error("Unable to find script while loading Script Based Session Management Method for name: " + scriptName);
throw new ApiException(ApiException.Type.SCRIPT_NOT_FOUND, scriptName);
} else {
LOG.info("Loaded script for API:" + script.getName());
}
method.script = script;
SessionScript sessionScript = getScriptInterface(script);
String[] requiredParams = sessionScript.getRequiredParamsNames();
String[] optionalParams = sessionScript.getOptionalParamsNames();
if (LOG.isDebugEnabled()) {
LOG.debug("Loaded session management script - required parameters: " + Arrays.toString(requiredParams) + " - optional parameters: " + Arrays.toString(optionalParams));
}
Map<String, String> paramValues = new HashMap<>();
for (String rp : requiredParams) {
// If one of the required parameters is not present, it will throw
// an exception
String val = ApiUtils.getNonEmptyStringParam(params, rp);
paramValues.put(rp, val);
}
for (String op : optionalParams) paramValues.put(op, ApiUtils.getOptionalStringParam(params, op));
method.paramValues = paramValues;
if (LOG.isDebugEnabled())
LOG.debug("Loaded session management script parameters:" + paramValues);
context.setSessionManagementMethod(method);
}
};
}
use of org.zaproxy.zap.model.Context in project zaproxy by zaproxy.
the class ExtensionAuthenticationUnitTest method shouldExportAllAuthContextData.
@Test
void shouldExportAllAuthContextData() {
// Given
Context context = new Context(null, 0);
String loggedInIndicator = "logged in";
String loggedOutIndicator = "logged out";
String pollUrl = "https://www.example.com/poll";
String pollData = "example-poll-data";
String pollHeaders = "aaa : bbb\\Nccc : ddd";
int pollFreq = 55;
FormBasedAuthenticationMethodType type = new FormBasedAuthenticationMethodType();
FormBasedAuthenticationMethod method = type.createAuthenticationMethod(0);
method.setAuthCheckingStrategy(AuthCheckingStrategy.POLL_URL);
method.setPollUrl(pollUrl);
method.setPollData(pollData);
method.setPollHeaders(pollHeaders);
method.setPollFrequencyUnits(AuthPollFrequencyUnits.REQUESTS);
method.setPollFrequency(pollFreq);
method.setLoggedInIndicatorPattern(loggedInIndicator);
method.setLoggedOutIndicatorPattern(loggedOutIndicator);
context.setAuthenticationMethod(method);
Configuration config = new ZapXmlConfiguration();
// When
extensionAuthentication.exportContextData(context, config);
// Then
assertThat(config.getInt(AuthenticationMethod.CONTEXT_CONFIG_AUTH_TYPE), is(2));
assertThat(config.getString(AuthenticationMethod.CONTEXT_CONFIG_AUTH_STRATEGY), is(AuthCheckingStrategy.POLL_URL.name()));
assertThat(config.getString(AuthenticationMethod.CONTEXT_CONFIG_AUTH_POLL_URL), is(pollUrl));
assertThat(config.getString(AuthenticationMethod.CONTEXT_CONFIG_AUTH_POLL_DATA), is(pollData));
assertThat(config.getString(AuthenticationMethod.CONTEXT_CONFIG_AUTH_POLL_HEADERS), is(pollHeaders));
assertThat(config.getInt(AuthenticationMethod.CONTEXT_CONFIG_AUTH_POLL_FREQ), is(pollFreq));
assertThat(config.getString(AuthenticationMethod.CONTEXT_CONFIG_AUTH_POLL_UNITS), is(AuthPollFrequencyUnits.REQUESTS.name()));
assertThat(config.getString(AuthenticationMethod.CONTEXT_CONFIG_AUTH_LOGGEDIN), is(loggedInIndicator));
assertThat(config.getString(AuthenticationMethod.CONTEXT_CONFIG_AUTH_LOGGEDOUT), is(loggedOutIndicator));
}
use of org.zaproxy.zap.model.Context in project zaproxy by zaproxy.
the class ExtensionAuthenticationUnitTest method shouldImportContextWithNoAuthenticationMethod.
@Test
void shouldImportContextWithNoAuthenticationMethod() throws ConfigurationException {
// Given
Context context = mock(Context.class);
Configuration config = new ZapXmlConfiguration();
// When
extensionAuthentication.importContextData(context, config);
// Then
verify(context, times(0)).setAuthenticationMethod(any());
}
use of org.zaproxy.zap.model.Context in project zaproxy by zaproxy.
the class ExtensionAuthorizationUnitTest method shouldImportContextWithUnknownAuthorizationDetectionMethod.
@Test
void shouldImportContextWithUnknownAuthorizationDetectionMethod() throws ConfigurationException {
// Given
Context context = mock(Context.class);
Configuration config = new ZapXmlConfiguration();
config.setProperty("context.authorization.type", Integer.MIN_VALUE);
// When
extensionAuthorization.importContextData(context, config);
// Then
verify(context, times(0)).setAuthorizationDetectionMethod(any());
}
Aggregations