-
-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow to add/remove authentication and session management methods #7857
base: main
Are you sure you want to change the base?
Conversation
Signed-off-by: forgedhallpass <13679401+forgedhallpass@users.noreply.github.com>
zap/src/main/java/org/zaproxy/zap/extension/authentication/ExtensionAuthentication.java
Outdated
Show resolved
Hide resolved
I guess this is WIP since only addresses part of the referenced issue? |
Please, check this comment as well: #6218 (comment) (to make sure it addresses those cases). |
For this particular PR the scope was only the authentication, as the title suggests. That is why the ticket was only referenced via its ID, but without any of the That being said, if I'll have time I might consider looking into the other part as well, because it should be fairly similar. Will get back to you on this. |
Signed-off-by: forgedhallpass <13679401+forgedhallpass@users.noreply.github.com>
* reformat code with spotless Signed-off-by: forgedhallpass <13679401+forgedhallpass@users.noreply.github.com>
…es through API * related PR on ZAP: zaproxy/zaproxy#7857 Signed-off-by: forgedhallpass <13679401+forgedhallpass@users.noreply.github.com>
@kingthorin @thc202 the second part, related to session management has also been added to the PR. |
@@ -106,8 +113,9 @@ public String getUIName() { | |||
@Override | |||
public void hook(ExtensionHook extensionHook) { | |||
super.hook(extensionHook); | |||
this.extensionHook = extensionHook; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This will not work, once the hook phase is done any additions to the extensionHook
have no effect.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am not entirely sure I understand what do you mean. Adding a new AbstractAuthenticationMethodOptionsPanel
to the UI from a ZAP extension through a dynamically added AuthenticationMethodType
was working.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The class AbstractAuthenticationMethodOptionsPanel
is unrelated to the ExtensionHook
(that's part of the method itself), change your method to use the extensionHook
. Start ZAP, install your add-on, and see if it works properly.
This is now closing the issue but it still lacks necessary functionality (most of the points mentioned in #6218 (comment)). |
I believe the PR covers what the ticket is asking for. I've tested it and it's working. Your points around the contexts, together with the support for reloading add-ons is a separate topic itself. Please note that first time contributors might not have the full picture of the project. If you create a follow-up ticket and provide clear requirements I might give it a shot. |
They are not separate topics, the authentication and session management methods are an integral part of the contexts (see I don't expect anyone to know everything, if the issue is not clear enough just ask. I linked the other comment because it mentions what needs to be considered to address the issue. If you prefer that I update the issue with those points I can do that as well. |
Implemented option to dynamically add
AuthenticationMethodType
s andSessionManagementMethodType
s from extensions to be used through the REST API.Closes #2620