zap-extensions icon indicating copy to clipboard operation
zap-extensions copied to clipboard

Published 20 hours ago verified publisher icon zaproxy

authentication helper add-on 1.0.0

Open KajanM opened this issue 5 years ago • 12 comments

as discussed in GSoC meetings, an add-on to help set up authentication in ZAP. This PR addresses guided configuration and authentication status scanning.

Main tracker issue: ZAPROXY-4705

  • [ ] set release date in about.html
  • [x] trigger the process by right-clicking a node in ContextsSitePanel
  • [x] trigger the process from Tools menu
  • [x] trigger the process from AuthenticationStatusPanel toolbar
  • [x] a dynamic checklist indicating the status of required configurations using icons
  • [x] a label indicating the overall configuration status and next desired user action
  • [x] link to relevant configuration dialog for each checklist item ~~link to the context status checklist item will~~ ~~automatically create a context for a target without context and then it will show context properties dialog~~ ~~show context properties dialog for a target with the context defined~~
  • [x] refresh button to rerun the check with updated settings
  • [x] links to the checklist item are enabled/disabled based on the current configuration to guide the user
  • [x] a panel showing authentication, logged in, logged out indicator status with other relevant message details
  • [x] support multiple authentication methods
  • [x] run multiple scans from different or same user's perspective
  • [x] an options panel to add exclude regexes
  • [x] recheck the authentication status by selecting URI from AuthenticationStatusPanel
  • [x] help contents
  • [x] test cases

KajanM avatar Jul 11 '18 04:07 KajanM

ready for a review :)

KajanM avatar Jul 22 '18 06:07 KajanM

is it safe to change the local and remote branch names to authenticationhelper-addon now?

KajanM avatar Aug 05 '18 06:08 KajanM

That would require opening a new PR.

thc202 avatar Aug 06 '18 07:08 thc202

OK, then I am leaving the branch name as it is.

KajanM avatar Aug 06 '18 08:08 KajanM

@KajanM is the release date really the only thing missing here?

kingthorin avatar Sep 11 '18 13:09 kingthorin

@kingthorin There is one pending feature that can be addressed in this PR which is to highlight the occurrence(s) of the found logged in or(and) logged out indicator(s) in the response tab. I plan to add this feature in a later release so that I can allocate time to make the automatic authentication configuration logic robust.

All other functionalities are implemented, however, this PR is not completely reviewed yet. Please note, since some UI changes and automatic authentication configuration logic requires recent ZAP version, those changes are tackled separately in https://github.com/KajanM/zap-extensions/tree/authenticationhelper-addon-1.1.0

IMHO if ZAP 2.8.0 release is somewhere soon then it is preferable to release the 1.1.0 version of the add-on as 1.0.0.

If it makes sense to make the 1.1.0 version of the add-on available for ZAP weekly release let me know.

KajanM avatar Sep 11 '18 16:09 KajanM

Thanks for the update.

kingthorin avatar Sep 11 '18 18:09 kingthorin

@KajanM could you include the 1.1.0 changes in this PR? You can set the extension manifest to <not-before-version>2.8.0</not-before-version> then it can be built/published to the marketplace and people can load it in dev builds and we can do a full review and any outstanding modifications etc for 2.8.0.

kingthorin avatar Mar 22 '19 13:03 kingthorin

@kingthorin I am sorry since we moved to bitbucket, I just noticed the comment. Is it ok to do it this weekend?

KajanM avatar Apr 03 '19 00:04 KajanM

Ya I think that’s fine, thanks for getting back to us 😀

kingthorin avatar Apr 03 '19 00:04 kingthorin

Thanks

KajanM avatar Apr 03 '19 01:04 KajanM

The pull request is now updated (after build changes, zaproxy/zaproxy#5302).

thc202 avatar Apr 29 '19 16:04 thc202