From d31385abeef2020299872639cdbe9caf7df60cf3 Mon Sep 17 00:00:00 2001 From: Ankush Jain Date: Sun, 13 Oct 2024 14:37:33 -0700 Subject: [PATCH] allow multiple headers for token --- .../TestRoleSettings/TestRoleSettings.jsx | 12 +-- .../pages/testing/user_config/AuthParams.jsx | 4 +- .../pages/testing/user_config/HardCoded.jsx | 81 +++---------------- .../pages/testing/user_config/LoginForm.jsx | 42 ++++++---- .../testing/workflow_node_executor/Utils.java | 2 +- .../src/main/java/com/akto/testing/Utils.java | 2 +- 6 files changed, 46 insertions(+), 97 deletions(-) diff --git a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/TestRoleSettings/TestRoleSettings.jsx b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/TestRoleSettings/TestRoleSettings.jsx index 05d7dee2b1..4239158613 100644 --- a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/TestRoleSettings/TestRoleSettings.jsx +++ b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/TestRoleSettings/TestRoleSettings.jsx @@ -58,7 +58,7 @@ function TestRoleSettings() { const [roleName, setRoleName] = useState(systemRole || ""); const [change, setChange] = useState(false); const [currentInfo, setCurrentInfo] = useState({steps: [], authParams: {}}); - const [hardCodeAuthInfo, setHardCodeAuthInfo] = useState({authHeaderKey: '',authHeaderValue: ''}) + const [hardCodeAuthInfo, setHardCodeAuthInfo] = useState({authParams:[]}) const [showAuthComponent, setShowAuthComponent] = useState(false) const [showAuthDeleteModal, setShowAuthDeleteModal] = useState(false) const [deletedIndex, setDeletedIndex] = useState(-1); @@ -169,11 +169,12 @@ function TestRoleSettings() { } } + + const setHardCodedInfo = (obj) => { setHardCodeAuthInfo(prev => ({ ...prev, - authHeaderKey: obj.authHeaderKey, - authHeaderValue: obj.authHeaderValue, + authParams: obj.authParams })) } @@ -290,7 +291,6 @@ function TestRoleSettings() { steps: obj.steps, authParams: obj.authParams })) - } const addAuthButton = ( @@ -304,7 +304,7 @@ function TestRoleSettings() { setCurrentInfo({}) setHeaderKey('') setHeaderValue('') - setHardCodeAuthInfo({}) + setHardCodeAuthInfo({authParams:[]}) } const handleSaveAuthMechanism = async() => { @@ -312,7 +312,7 @@ function TestRoleSettings() { let resp = {} if(hardcodedOpen){ const automationType = "HardCoded"; - const authParamData = [{key: hardCodeAuthInfo.authHeaderKey, value: hardCodeAuthInfo.authHeaderValue, where: "HEADER"}] + const authParamData = hardCodeAuthInfo.authParams if(editableDoc > -1){ resp = await api.updateAuthInRole(initialItems.name, apiCond, editableDoc, authParamData, automationType) }else{ diff --git a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/user_config/AuthParams.jsx b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/user_config/AuthParams.jsx index 5a8f6ccd30..3c49c0afbf 100644 --- a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/user_config/AuthParams.jsx +++ b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/user_config/AuthParams.jsx @@ -5,7 +5,7 @@ import Dropdown from "../../../components/layouts/Dropdown"; import Store from "../../../store"; -function AuthParams({ authParams, setAuthParams }) { +function AuthParams({ authParams, setAuthParams, hideTitle }) { const setToastConfig = Store(state => state.setToastConfig) @@ -49,7 +49,7 @@ function AuthParams({ authParams, setAuthParams }) { } return ( - +
diff --git a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/user_config/HardCoded.jsx b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/user_config/HardCoded.jsx index 0129df3167..4dda42c878 100644 --- a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/user_config/HardCoded.jsx +++ b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/user_config/HardCoded.jsx @@ -5,97 +5,38 @@ import api from "../api" import Store from "../../../store"; import { useEffect } from "react"; import TestingStore from "../testingStore"; +import AuthParams from './AuthParams'; function HardCoded({showOnlyApi, extractInformation, setInformation}) { - const setToastConfig = Store(state => state.setToastConfig) const authMechanism = TestingStore(state => state.authMechanism) - - const [userConfig, setUserConfig] = useState({ - authHeaderKey: "", - authHeaderValue: "" - }) - const [hasChanges, setHasChanges] = useState(false) + const [authParams, setAuthParams] = useState([{ + key: "", + value: "", + where: "HEADER", + showHeader: true + }]) useEffect(() => { if (authMechanism && authMechanism?.type.toUpperCase() === "HARDCODED") { - const authParam = authMechanism.authParams[0] - setUserConfig({ - authHeaderKey: authParam.key, - authHeaderValue: authParam.value - }) + setAuthParams(authMechanism.authParams) } }, [authMechanism]) useEffect(()=> { if(extractInformation){ - setInformation(userConfig) + setInformation({authParams}) }else{ return ; } - },[userConfig]) - - function updateUserConfig(field, value) { - setUserConfig(prev => ({ - ...prev, - [field]: value - })) - setHasChanges(true) - } - - async function handleSave() { - await api.addAuthMechanism( - "HARDCODED", - [], - [{ - "key": userConfig.authHeaderKey, - "value": userConfig.authHeaderValue, - "where": "HEADER" - }] - ) - setToastConfig({ isActive: true, isError: false, message:
Hard coded auth token saved successfully!
}) - } + },[authParams]) return (
Inject hard-coded attacker auth token
- - - - Auth header key - - - - - )} - value={userConfig.authHeaderKey} placeholder='' onChange={(authHeaderKey) => updateUserConfig("authHeaderKey", authHeaderKey)} /> - - Auth header value - - - - - )} - value={userConfig.authHeaderValue} placeholder='' onChange={(authHeaderValue) => updateUserConfig("authHeaderValue", authHeaderValue)} />` - - +
- {showOnlyApi ? null : - }
) } diff --git a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/user_config/LoginForm.jsx b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/user_config/LoginForm.jsx index b1fd3b4a70..cdbb86620e 100644 --- a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/user_config/LoginForm.jsx +++ b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/user_config/LoginForm.jsx @@ -30,29 +30,37 @@ function LoginForm({ step, setSteps }) { async function handleLoginFlowTest() { setTestDisable(true) func.setToast(true, false, "Running login flow") - const response = await api.triggerSingleStep('LOGIN_REQUEST', step.id, [{ ...step }]) - if (response) { - func.setToast(true, false,
Login flow ran successfully!
) - const testResponse = JSON.parse(response.responses[0]) + try { + const response = await api.triggerSingleStep('LOGIN_REQUEST', step.id, [{ ...step }]) + if (response) { + func.setToast(true, false,
Login flow ran successfully!
) + const testResponse = JSON.parse(response.responses[0]) - let responseBody - try { - responseBody = func.formatJsonForEditor(testResponse.body) - } catch { - responseBody = testResponse.body - } + let responseBody + try { + responseBody = func.formatJsonForEditor(testResponse.body) + } catch { + responseBody = testResponse.body + } - setSteps(prev => prev.map((s) => s.id === step.id ? { - ...s, - testResponse: { - headers: { message: func.formatJsonForEditor(testResponse.headers) }, - body: { message: responseBody } + setSteps(prev => prev.map((s) => s.id === step.id ? { + ...s, + testResponse: { + headers: { message: func.formatJsonForEditor(testResponse.headers) }, + body: { message: responseBody } + } } + : s)) + setSelectedApiResponseTab(0) } - : s)) - setSelectedApiResponseTab(0) + + } + catch (Exception ) { + } + setTestDisable(false); + } return ( diff --git a/apps/testing/src/main/java/com/akto/testing/workflow_node_executor/Utils.java b/apps/testing/src/main/java/com/akto/testing/workflow_node_executor/Utils.java index 216d4afec7..161266f0ec 100644 --- a/apps/testing/src/main/java/com/akto/testing/workflow_node_executor/Utils.java +++ b/apps/testing/src/main/java/com/akto/testing/workflow_node_executor/Utils.java @@ -506,7 +506,7 @@ public static String executeCode(String ogPayload, Map valuesMap public static String replaceVariables(String payload, Map valuesMap, boolean escapeString) throws Exception { - String regex = "\\$\\{(x\\d+\\.[\\w\\-\\[\\].]+|AKTO\\.changes_info\\..*?)\\}"; + String regex = "\\$\\{((x|step)\\d+\\.[\\w\\-\\[\\].]+|AKTO\\.changes_info\\..*?)\\}"; Pattern p = Pattern.compile(regex); // replace with values diff --git a/libs/utils/src/main/java/com/akto/testing/Utils.java b/libs/utils/src/main/java/com/akto/testing/Utils.java index 31c291e2fa..afc88df0df 100644 --- a/libs/utils/src/main/java/com/akto/testing/Utils.java +++ b/libs/utils/src/main/java/com/akto/testing/Utils.java @@ -212,7 +212,7 @@ public static String executeCode(String ogPayload, Map valuesMap public static String replaceVariables(String payload, Map valuesMap, boolean escapeString) throws Exception { - String regex = "\\$\\{(x\\d+\\.[\\w\\-\\[\\].]+|AKTO\\.changes_info\\..*?)\\}"; + String regex = "\\$\\{((x|step)\\d+\\.[\\w\\-\\[\\].]+|AKTO\\.changes_info\\..*?)\\}"; Pattern p = Pattern.compile(regex); // replace with values