Merge pull request #1615 from akto-api-security/feature/multiple_head…

…ers_auth allow multiple headers for token
akto-api-security · Oct 14, 2024 · 2f4484d · 2f4484d
2 parents d6fd350 + d31385a
commit 2f4484d
Show file tree

Hide file tree

Showing 6 changed files with 46 additions and 97 deletions.
diff --git a/...eb/polaris_web/web/src/apps/dashboard/pages/testing/TestRoleSettings/TestRoleSettings.jsx b/...eb/polaris_web/web/src/apps/dashboard/pages/testing/TestRoleSettings/TestRoleSettings.jsx
@@ -58,7 +58,7 @@ function TestRoleSettings() {
     const [roleName, setRoleName] = useState(systemRole || "");
     const [change, setChange] = useState(false);
     const [currentInfo, setCurrentInfo] = useState({steps: [], authParams: {}});
-    const [hardCodeAuthInfo, setHardCodeAuthInfo] = useState({authHeaderKey: '',authHeaderValue: ''})
+    const [hardCodeAuthInfo, setHardCodeAuthInfo] = useState({authParams:[]})
     const [showAuthComponent, setShowAuthComponent] = useState(false)
     const [showAuthDeleteModal, setShowAuthDeleteModal] = useState(false)
     const [deletedIndex, setDeletedIndex] = useState(-1);
@@ -169,11 +169,12 @@ function TestRoleSettings() {
         }
     }
 
+
+
     const setHardCodedInfo = (obj) => {
         setHardCodeAuthInfo(prev => ({
             ...prev,
-            authHeaderKey: obj.authHeaderKey,
-            authHeaderValue: obj.authHeaderValue,
+            authParams: obj.authParams
         }))
     }
 
@@ -290,7 +291,6 @@ function TestRoleSettings() {
             steps: obj.steps,
             authParams: obj.authParams
         }))
-
     }
 
     const addAuthButton = (
@@ -304,15 +304,15 @@ function TestRoleSettings() {
         setCurrentInfo({})
         setHeaderKey('')
         setHeaderValue('')
-        setHardCodeAuthInfo({})
+        setHardCodeAuthInfo({authParams:[]})
     }
 
     const handleSaveAuthMechanism = async() => {
         const apiCond = {[headerKey] : headerValue};
         let resp = {}
         if(hardcodedOpen){
             const automationType = "HardCoded";
-            const authParamData = [{key: hardCodeAuthInfo.authHeaderKey, value: hardCodeAuthInfo.authHeaderValue, where: "HEADER"}]
+            const authParamData = hardCodeAuthInfo.authParams
             if(editableDoc > -1){
                 resp = await api.updateAuthInRole(initialItems.name, apiCond, editableDoc, authParamData, automationType)
             }else{

diff --git a/...dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/user_config/AuthParams.jsx b/...dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/user_config/AuthParams.jsx
@@ -5,7 +5,7 @@ import Dropdown from "../../../components/layouts/Dropdown";
 import Store from "../../../store";
 
 
-function AuthParams({ authParams, setAuthParams }) {
+function AuthParams({ authParams, setAuthParams, hideTitle }) {
 
     const setToastConfig = Store(state => state.setToastConfig)
 
@@ -49,7 +49,7 @@ function AuthParams({ authParams, setAuthParams }) {
     }
 
     return (
-        <LegacyCard title="Extract">
+        <LegacyCard title={hideTitle ? '' : "Extract"}>
             <br />
             <Divider />
             <LegacyCard.Section>

diff --git a/.../dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/user_config/HardCoded.jsx b/.../dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/user_config/HardCoded.jsx
@@ -5,97 +5,38 @@ import api from "../api"
 import Store from "../../../store";
 import { useEffect } from "react";
 import TestingStore from "../testingStore";
+import AuthParams from './AuthParams';
 
 function HardCoded({showOnlyApi, extractInformation, setInformation}) {
 
-    const setToastConfig = Store(state => state.setToastConfig)
     const authMechanism = TestingStore(state => state.authMechanism)
-
-    const [userConfig, setUserConfig] = useState({
-        authHeaderKey: "",
-        authHeaderValue: ""
-    })
-    const [hasChanges, setHasChanges] = useState(false)
+    const [authParams, setAuthParams] = useState([{
+        key: "",
+        value: "",
+        where: "HEADER",
+        showHeader: true
+    }])
 
     useEffect(() => {
         if (authMechanism && authMechanism?.type.toUpperCase() === "HARDCODED") {
-            const authParam = authMechanism.authParams[0]
-            setUserConfig({
-                authHeaderKey: authParam.key,
-                authHeaderValue: authParam.value
-            })
+            setAuthParams(authMechanism.authParams)
         }
     }, [authMechanism])
 
     useEffect(()=> {
         if(extractInformation){
-            setInformation(userConfig)
+            setInformation({authParams})
         }else{
             return ;
         }
-    },[userConfig])
-
-    function updateUserConfig(field, value) {
-        setUserConfig(prev => ({
-            ...prev,
-            [field]: value
-        }))
-        setHasChanges(true)
-    }
-
-    async function handleSave() {
-        await api.addAuthMechanism(
-            "HARDCODED",
-            [],
-            [{
-                "key": userConfig.authHeaderKey,
-                "value": userConfig.authHeaderValue,
-                "where": "HEADER"
-            }]
-        )
-        setToastConfig({ isActive: true, isError: false, message: <div data-testid="hardcoded_saved_message">Hard coded auth token saved successfully!</div> })
-    }       
+    },[authParams])
 
     return (
         <div>
             <Text variant="headingMd">Inject hard-coded attacker auth token</Text>
             <br />
-            <FormLayout>
-                <FormLayout.Group>
-                <TextField
-                    id={"auth-header-key-field"}
-                    label={(
-                        <HorizontalStack gap="2">
-                            <Text>Auth header key</Text>
-                            <Tooltip content="Please enter name of the header which contains your auth token. This field is case-sensitive. eg Authorization" dismissOnMouseOut width="wide" preferredPosition="below">
-                                <Icon source={InfoMinor} color="base" />
-                            </Tooltip>
-                        </HorizontalStack>
-                    )}
-                    value={userConfig.authHeaderKey} placeholder='' onChange={(authHeaderKey) => updateUserConfig("authHeaderKey", authHeaderKey)} />   
-                <TextField 
-                    id={"auth-header-value-field"}
-                    label={(
-                        <HorizontalStack gap="2">
-                            <Text>Auth header value</Text>
-                            <Tooltip content="Please enter the value of the auth token." dismissOnMouseOut width="wide" preferredPosition="below">
-                                <Icon source={InfoMinor} color="base" />
-                            </Tooltip>
-                        </HorizontalStack>
-                    )}
-                    value={userConfig.authHeaderValue} placeholder='' onChange={(authHeaderValue) => updateUserConfig("authHeaderValue", authHeaderValue)} />`
-                </FormLayout.Group>
-            </FormLayout>
+            <AuthParams authParams={authParams} setAuthParams={setAuthParams} hideTitle={true} />
             <br />
-            {showOnlyApi ? null :<Button
-                id={"save-token"}
-                primary
-                disabled={!hasChanges}
-                onClick={handleSave}
-            >
-                <div data-testid="save_token_hardcoded">Save changes</div>
-            </Button>
-            }
         </div>
     )
 }

diff --git a/.../dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/user_config/LoginForm.jsx b/.../dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/user_config/LoginForm.jsx
@@ -30,29 +30,37 @@ function LoginForm({ step, setSteps }) {
     async function handleLoginFlowTest() {
         setTestDisable(true)
         func.setToast(true,  false,  "Running login flow")
-        const response = await api.triggerSingleStep('LOGIN_REQUEST', step.id, [{ ...step }])
-        if (response) {
-            func.setToast(true,  false,  <div data-testid="login_flow_ran_message">Login flow ran successfully!</div>)
-            const testResponse = JSON.parse(response.responses[0])
+        try {
+            const response = await api.triggerSingleStep('LOGIN_REQUEST', step.id, [{ ...step }])
+            if (response) {
+                func.setToast(true,  false,  <div data-testid="login_flow_ran_message">Login flow ran successfully!</div>)
+                const testResponse = JSON.parse(response.responses[0])
 
-            let responseBody
-            try {
-                responseBody = func.formatJsonForEditor(testResponse.body)
-            } catch {
-                responseBody = testResponse.body
-            }
+                let responseBody
+                try {
+                    responseBody = func.formatJsonForEditor(testResponse.body)
+                } catch {
+                    responseBody = testResponse.body
+                }
 
-            setSteps(prev => prev.map((s) => s.id === step.id ? {
-                ...s,
-                testResponse: {
-                    headers: { message: func.formatJsonForEditor(testResponse.headers) },
-                    body: {  message: responseBody }
+                setSteps(prev => prev.map((s) => s.id === step.id ? {
+                    ...s,
+                    testResponse: {
+                        headers: { message: func.formatJsonForEditor(testResponse.headers) },
+                        body: {  message: responseBody }
+                    }
                 }
+                : s))
+                setSelectedApiResponseTab(0)
             }
-            : s))
-            setSelectedApiResponseTab(0)
+
+        } 
+        catch (Exception ) {
+
         }
+
         setTestDisable(false);
+
     }   
 
     return (

diff --git a/apps/testing/src/main/java/com/akto/testing/workflow_node_executor/Utils.java b/apps/testing/src/main/java/com/akto/testing/workflow_node_executor/Utils.java
@@ -506,7 +506,7 @@ public static String executeCode(String ogPayload, Map<String, Object> valuesMap
 
 
     public static String replaceVariables(String payload, Map<String, Object> valuesMap, boolean escapeString) throws Exception {
-        String regex = "\\$\\{(x\\d+\\.[\\w\\-\\[\\].]+|AKTO\\.changes_info\\..*?)\\}"; 
+        String regex = "\\$\\{((x|step)\\d+\\.[\\w\\-\\[\\].]+|AKTO\\.changes_info\\..*?)\\}"; 
         Pattern p = Pattern.compile(regex);
 
         // replace with values

diff --git a/libs/utils/src/main/java/com/akto/testing/Utils.java b/libs/utils/src/main/java/com/akto/testing/Utils.java
@@ -212,7 +212,7 @@ public static String executeCode(String ogPayload, Map<String, Object> valuesMap
 
 
     public static String replaceVariables(String payload, Map<String, Object> valuesMap, boolean escapeString) throws Exception {
-        String regex = "\\$\\{(x\\d+\\.[\\w\\-\\[\\].]+|AKTO\\.changes_info\\..*?)\\}"; 
+        String regex = "\\$\\{((x|step)\\d+\\.[\\w\\-\\[\\].]+|AKTO\\.changes_info\\..*?)\\}"; 
         Pattern p = Pattern.compile(regex);
 
         // replace with values