From 46f3b609c6230d2681a1b7b4aedcf07061cf910b Mon Sep 17 00:00:00 2001
From: ayushaga14 <ayush@akto.io>
Date: Wed, 14 Aug 2024 17:03:21 +0530
Subject: [PATCH 1/2] add check for custom auth header
---
.../akto/test_editor/auth/AuthValidator.java | 22 +++++++++++--------
.../testing/yaml_tests/YamlTestTemplate.java | 4 ++--
2 files changed, 15 insertions(+), 11 deletions(-)
diff --git a/apps/testing/src/main/java/com/akto/test_editor/auth/AuthValidator.java b/apps/testing/src/main/java/com/akto/test_editor/auth/AuthValidator.java
index 30a9b00586..9f121e03d1 100644
--- a/apps/testing/src/main/java/com/akto/test_editor/auth/AuthValidator.java
+++ b/apps/testing/src/main/java/com/akto/test_editor/auth/AuthValidator.java
@@ -20,13 +20,13 @@
public class AuthValidator {
- public static boolean validate(Auth auth, RawApi rawApi, AuthMechanism authMechanism) {
+ public static boolean validate(Auth auth, RawApi rawApi, AuthMechanism authMechanism, List<CustomAuthType> customAuthTypes) {
if (auth == null) {
return true;
}
- List<String> headerKeys = getHeaders(auth, authMechanism);
+ List<String> headerKeys = getHeaders(auth, authMechanism, customAuthTypes);
auth.setHeaders(headerKeys);
@@ -48,7 +48,7 @@ public static boolean validate(Auth auth, RawApi rawApi, AuthMechanism authMecha
return true;
}
- public static List<String> getHeaders(Auth auth, AuthMechanism authMechanism) {
+ public static List<String> getHeaders(Auth auth, AuthMechanism authMechanism, List<CustomAuthType> customAuthTypes) {
if (auth != null && auth.getHeaders() != null && auth.getHeaders().size() > 0) {
return auth.getHeaders();
@@ -56,14 +56,18 @@ public static List<String> getHeaders(Auth auth, AuthMechanism authMechanism) {
List<String> headerKeys = new ArrayList<>();
- if (authMechanism == null || authMechanism.getAuthParams() == null || authMechanism.getAuthParams().size() == 0) {
- return null;
+ if (authMechanism != null && authMechanism.getAuthParams() != null && authMechanism.getAuthParams().size() > 0) {
+ for (AuthParam authParam: authMechanism.getAuthParams()) {
+ String key = authParam.getKey();
+ if (key == null) continue;
+ headerKeys.add(key.toLowerCase());
+ }
}
- for (AuthParam authParam: authMechanism.getAuthParams()) {
- String key = authParam.getKey();
- if (key == null) continue;
- headerKeys.add(key.toLowerCase());
+ if (customAuthTypes != null) {
+ for(CustomAuthType customAuthType: customAuthTypes) {
+ headerKeys.addAll(customAuthType.getHeaderKeys());
+ }
}
return headerKeys;
diff --git a/apps/testing/src/main/java/com/akto/testing/yaml_tests/YamlTestTemplate.java b/apps/testing/src/main/java/com/akto/testing/yaml_tests/YamlTestTemplate.java
index 62f34c1efc..a27d60fd2c 100644
--- a/apps/testing/src/main/java/com/akto/testing/yaml_tests/YamlTestTemplate.java
+++ b/apps/testing/src/main/java/com/akto/testing/yaml_tests/YamlTestTemplate.java
@@ -92,14 +92,14 @@ public Set<String> requireConfig(){
@Override
public ValidationResult filter() {
// loggerMaker.infoAndAddToDb("filter started" + logId, LogDb.TESTING);
- List<String> authHeaders = AuthValidator.getHeaders(this.auth, this.authMechanism);
+ List<String> authHeaders = AuthValidator.getHeaders(this.auth, this.authMechanism, this.customAuthTypes);
// loggerMaker.infoAndAddToDb("found authHeaders " + authHeaders + " " + logId, LogDb.TESTING);
if (authHeaders != null && authHeaders.size() > 0) {
this.varMap.put("auth_headers", authHeaders);
}
if (this.auth != null && this.auth.getAuthenticated() != null) {
// loggerMaker.infoAndAddToDb("validating auth, authenticated value is " + this.auth.getAuthenticated() + " " + logId, LogDb.TESTING);
- boolean validAuthHeaders = AuthValidator.validate(this.auth, this.rawApi, this.authMechanism);
+ boolean validAuthHeaders = AuthValidator.validate(this.auth, this.rawApi, this.authMechanism, this.customAuthTypes);
if (!validAuthHeaders) {
ValidationResult validationResult = new ValidationResult(false, "No valid auth headers");
// loggerMaker.infoAndAddToDb("invalid auth, skipping filter " + logId, LogDb.TESTING);
From 60e5de0d558a79b0852e2ac3ecb6445d92a0da1c Mon Sep 17 00:00:00 2001
From: ayushaga14 <ayush@akto.io>
Date: Wed, 14 Aug 2024 17:21:25 +0530
Subject: [PATCH 2/2] fix
---
.../main/java/com/akto/test_editor/auth/AuthValidator.java | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/apps/testing/src/main/java/com/akto/test_editor/auth/AuthValidator.java b/apps/testing/src/main/java/com/akto/test_editor/auth/AuthValidator.java
index 9f121e03d1..dd9f260565 100644
--- a/apps/testing/src/main/java/com/akto/test_editor/auth/AuthValidator.java
+++ b/apps/testing/src/main/java/com/akto/test_editor/auth/AuthValidator.java
@@ -41,11 +41,11 @@ public static boolean validate(Auth auth, RawApi rawApi, AuthMechanism authMecha
for (String header: headerKeys) {
contains = headers.containsKey(header) || CookieTransformer.isKeyPresentInCookie(cookieList, header);
res = auth.getAuthenticated() && contains;
- if (!res) {
- return res;
+ if (res) {
+ return true;
}
}
- return true;
+ return false;
}
public static List<String> getHeaders(Auth auth, AuthMechanism authMechanism, List<CustomAuthType> customAuthTypes) {