Example 41 with Context
use of org.zaproxy.zap.model.Context in project zaproxy by zaproxy.
the class CookieBasedSessionManagementMethodType method getSetMethodForContextApiAction.
@Override
public ApiDynamicActionImplementor getSetMethodForContextApiAction() {
return new ApiDynamicActionImplementor(API_METHOD_NAME, null, null) {
@Override
public void handleAction(JSONObject params) throws ApiException {
Context context = ApiUtils.getContextByParamId(params, SessionManagementAPI.PARAM_CONTEXT_ID);
context.setSessionManagementMethod(createSessionManagementMethod(context.getId()));
}
};
}
Also used :
ApiDynamicActionImplementor(org.zaproxy.zap.extension.api.ApiDynamicActionImplementor)
Context(org.zaproxy.zap.model.Context)
JSONObject(net.sf.json.JSONObject)
Example 42 with Context
use of org.zaproxy.zap.model.Context in project zaproxy by zaproxy.
the class ScriptBasedSessionManagementMethodType method getSetMethodForContextApiAction.
@Override
public ApiDynamicActionImplementor getSetMethodForContextApiAction() {
return new ApiDynamicActionImplementor(API_METHOD_NAME, new String[] { PARAM_SCRIPT_NAME }, new String[] { PARAM_SCRIPT_CONFIG_PARAMS }) {
@Override
public void handleAction(JSONObject params) throws ApiException {
Context context = ApiUtils.getContextByParamId(params, SessionManagementAPI.PARAM_CONTEXT_ID);
String scriptName = ApiUtils.getNonEmptyStringParam(params, PARAM_SCRIPT_NAME);
// Prepare the method
ScriptBasedSessionManagementMethod method = createSessionManagementMethod(context.getId());
// Load the script and make sure it exists and follows the required interface
ScriptWrapper script = getScriptsExtension().getScript(scriptName);
if (script == null) {
LOG.error("Unable to find script while loading Script Based Session Management Method for name: " + scriptName);
throw new ApiException(ApiException.Type.SCRIPT_NOT_FOUND, scriptName);
} else {
LOG.info("Loaded script for API:" + script.getName());
}
method.script = script;
SessionScript sessionScript = getScriptInterface(script);
String[] requiredParams = sessionScript.getRequiredParamsNames();
String[] optionalParams = sessionScript.getOptionalParamsNames();
if (LOG.isDebugEnabled()) {
LOG.debug("Loaded session management script - required parameters: " + Arrays.toString(requiredParams) + " - optional parameters: " + Arrays.toString(optionalParams));
}
Map<String, String> paramValues = new HashMap<>();
for (String rp : requiredParams) {
// If one of the required parameters is not present, it will throw
// an exception
String val = ApiUtils.getNonEmptyStringParam(params, rp);
paramValues.put(rp, val);
}
for (String op : optionalParams) paramValues.put(op, ApiUtils.getOptionalStringParam(params, op));
method.paramValues = paramValues;
if (LOG.isDebugEnabled())
LOG.debug("Loaded session management script parameters:" + paramValues);
context.setSessionManagementMethod(method);
}
};
}
Also used :
ApiDynamicActionImplementor(org.zaproxy.zap.extension.api.ApiDynamicActionImplementor)
Context(org.zaproxy.zap.model.Context)
RecordContext(org.parosproxy.paros.db.RecordContext)
JSONObject(net.sf.json.JSONObject)
HashMap(java.util.HashMap)
ScriptWrapper(org.zaproxy.zap.extension.script.ScriptWrapper)
ApiException(org.zaproxy.zap.extension.api.ApiException)
Example 43 with Context
use of org.zaproxy.zap.model.Context in project zaproxy by zaproxy.
the class ExtensionAuthenticationUnitTest method shouldExportAllAuthContextData.
@Test
void shouldExportAllAuthContextData() {
// Given
Context context = new Context(null, 0);
String loggedInIndicator = "logged in";
String loggedOutIndicator = "logged out";
String pollUrl = "https://www.example.com/poll";
String pollData = "example-poll-data";
String pollHeaders = "aaa : bbb\\Nccc : ddd";
int pollFreq = 55;
FormBasedAuthenticationMethodType type = new FormBasedAuthenticationMethodType();
FormBasedAuthenticationMethod method = type.createAuthenticationMethod(0);
method.setAuthCheckingStrategy(AuthCheckingStrategy.POLL_URL);
method.setPollUrl(pollUrl);
method.setPollData(pollData);
method.setPollHeaders(pollHeaders);
method.setPollFrequencyUnits(AuthPollFrequencyUnits.REQUESTS);
method.setPollFrequency(pollFreq);
method.setLoggedInIndicatorPattern(loggedInIndicator);
method.setLoggedOutIndicatorPattern(loggedOutIndicator);
context.setAuthenticationMethod(method);
Configuration config = new ZapXmlConfiguration();
// When
extensionAuthentication.exportContextData(context, config);
// Then
assertThat(config.getInt(AuthenticationMethod.CONTEXT_CONFIG_AUTH_TYPE), is(2));
assertThat(config.getString(AuthenticationMethod.CONTEXT_CONFIG_AUTH_STRATEGY), is(AuthCheckingStrategy.POLL_URL.name()));
assertThat(config.getString(AuthenticationMethod.CONTEXT_CONFIG_AUTH_POLL_URL), is(pollUrl));
assertThat(config.getString(AuthenticationMethod.CONTEXT_CONFIG_AUTH_POLL_DATA), is(pollData));
assertThat(config.getString(AuthenticationMethod.CONTEXT_CONFIG_AUTH_POLL_HEADERS), is(pollHeaders));
assertThat(config.getInt(AuthenticationMethod.CONTEXT_CONFIG_AUTH_POLL_FREQ), is(pollFreq));
assertThat(config.getString(AuthenticationMethod.CONTEXT_CONFIG_AUTH_POLL_UNITS), is(AuthPollFrequencyUnits.REQUESTS.name()));
assertThat(config.getString(AuthenticationMethod.CONTEXT_CONFIG_AUTH_LOGGEDIN), is(loggedInIndicator));
assertThat(config.getString(AuthenticationMethod.CONTEXT_CONFIG_AUTH_LOGGEDOUT), is(loggedOutIndicator));
}
Also used :
Context(org.zaproxy.zap.model.Context)
Configuration(org.apache.commons.configuration.Configuration)
ZapXmlConfiguration(org.zaproxy.zap.utils.ZapXmlConfiguration)
ZapXmlConfiguration(org.zaproxy.zap.utils.ZapXmlConfiguration)
FormBasedAuthenticationMethod(org.zaproxy.zap.authentication.FormBasedAuthenticationMethodType.FormBasedAuthenticationMethod)
FormBasedAuthenticationMethodType(org.zaproxy.zap.authentication.FormBasedAuthenticationMethodType)
Test(org.junit.jupiter.api.Test)
WithConfigsTest(org.zaproxy.zap.WithConfigsTest)
Example 44 with Context
use of org.zaproxy.zap.model.Context in project zaproxy by zaproxy.
the class ExtensionAuthenticationUnitTest method shouldImportContextWithNoAuthenticationMethod.
@Test
void shouldImportContextWithNoAuthenticationMethod() throws ConfigurationException {
// Given
Context context = mock(Context.class);
Configuration config = new ZapXmlConfiguration();
// When
extensionAuthentication.importContextData(context, config);
// Then
verify(context, times(0)).setAuthenticationMethod(any());
}
Also used :
Context(org.zaproxy.zap.model.Context)
Configuration(org.apache.commons.configuration.Configuration)
ZapXmlConfiguration(org.zaproxy.zap.utils.ZapXmlConfiguration)
ZapXmlConfiguration(org.zaproxy.zap.utils.ZapXmlConfiguration)
Test(org.junit.jupiter.api.Test)
WithConfigsTest(org.zaproxy.zap.WithConfigsTest)
Example 45 with Context
use of org.zaproxy.zap.model.Context in project zaproxy by zaproxy.
the class ExtensionAuthorizationUnitTest method shouldImportContextWithUnknownAuthorizationDetectionMethod.
@Test
void shouldImportContextWithUnknownAuthorizationDetectionMethod() throws ConfigurationException {
// Given
Context context = mock(Context.class);
Configuration config = new ZapXmlConfiguration();
config.setProperty("context.authorization.type", Integer.MIN_VALUE);
// When
extensionAuthorization.importContextData(context, config);
// Then
verify(context, times(0)).setAuthorizationDetectionMethod(any());
}
Also used :
Context(org.zaproxy.zap.model.Context)
Configuration(org.apache.commons.configuration.Configuration)
ZapXmlConfiguration(org.zaproxy.zap.utils.ZapXmlConfiguration)
ZapXmlConfiguration(org.zaproxy.zap.utils.ZapXmlConfiguration)
Test(org.junit.jupiter.api.Test)
Aggregations
Context (org.zaproxy.zap.model.Context)89
ApiException (org.zaproxy.zap.extension.api.ApiException)22
Test (org.junit.jupiter.api.Test)21
ZapXmlConfiguration (org.zaproxy.zap.utils.ZapXmlConfiguration)17
WithConfigsTest (org.zaproxy.zap.WithConfigsTest)16
User (org.zaproxy.zap.users.User)15
JSONObject (net.sf.json.JSONObject)14
Configuration (org.apache.commons.configuration.Configuration)14
Session (org.parosproxy.paros.model.Session)14
ApiDynamicActionImplementor (org.zaproxy.zap.extension.api.ApiDynamicActionImplementor)13
RecordContext (org.parosproxy.paros.db.RecordContext)12
DatabaseException (org.parosproxy.paros.db.DatabaseException)10
ConfigurationException (org.apache.commons.configuration.ConfigurationException)9
HttpMessage (org.parosproxy.paros.network.HttpMessage)9
ExtensionUserManagement (org.zaproxy.zap.extension.users.ExtensionUserManagement)9
ArrayList (java.util.ArrayList)8
JMenuItem (javax.swing.JMenuItem)7
ExtensionPopupMenuItem (org.parosproxy.paros.extension.ExtensionPopupMenuItem)7
SiteNode (org.parosproxy.paros.model.SiteNode)7
IOException (java.io.IOException)6
