Merge pull request #1857 from akto-api-security/feature/edit_automate…

…d_testing_flow_auth feat: made automated login test flow editable
akto-api-security · Dec 30, 2024 · 8c071c2 · 8c071c2
2 parents f5c6bf8 + ef671d2
commit 8c071c2
Show file tree

Hide file tree

Showing 7 changed files with 27 additions and 16 deletions.
diff --git a/apps/dashboard/src/main/java/com/akto/action/testing/TestRolesAction.java b/apps/dashboard/src/main/java/com/akto/action/testing/TestRolesAction.java
@@ -86,7 +86,7 @@ private AuthWithCond makeAuthWithConditionFromParamData(TestRoles role){
 
             for (AuthParamData authParamDataElem : authParamData) {
                 AuthParam param = null;
-                if (authAutomationType.equals(LoginFlowEnums.AuthMechanismTypes.HARDCODED.toString())) {
+                if (authAutomationType.toUpperCase().equals(LoginFlowEnums.AuthMechanismTypes.HARDCODED.toString())) {
                     param = new HardcodedAuthParam(authParamDataElem.getWhere(), authParamDataElem.getKey(), authParamDataElem.getValue(), true);
                 } else {
                     param = new LoginRequestAuthParam(authParamDataElem.getWhere(), authParamDataElem.getKey(), authParamDataElem.getValue(), authParamDataElem.getShowHeader());
@@ -180,8 +180,8 @@ public String updateTestRoles() {
             isAttackerRole = role.getId().equals(attackerRole.getId());
         }
         if (isAttackerRole) {
-            addActionError("Unable to update endpoint conditions for attacker role");
-            return ERROR.toUpperCase();
+            this.orConditions = null;
+            this.andConditions = null;
         }
 
         Conditions orConditions = null;

diff --git a/...oard/web/polaris_web/web/src/apps/dashboard/pages/testing/TestRoleSettings/ParamsCard.jsx b/...oard/web/polaris_web/web/src/apps/dashboard/pages/testing/TestRoleSettings/ParamsCard.jsx
@@ -69,7 +69,7 @@ function ParamsCard({dataObj, handleDelete, showEdit}) {
                 </VerticalStack>
                 <HorizontalStack gap={"2"} align="end">
                     <Button size="slim" onClick={handleDelete} icon={DeleteMajor}><div data-testid="delete_button">Delete</div></Button>
-                    {authMechanism?.type?.toLowerCase() === 'hardcoded' ? <Button size="slim" primary onClick={() => showEdit()}>Edit</Button> : null}
+                    <Button size="slim" primary onClick={() => showEdit()}>Edit</Button>
                 </HorizontalStack>
             </VerticalStack>
         </Box>

diff --git a/...eb/polaris_web/web/src/apps/dashboard/pages/testing/TestRoleSettings/TestRoleSettings.jsx b/...eb/polaris_web/web/src/apps/dashboard/pages/testing/TestRoleSettings/TestRoleSettings.jsx
@@ -81,6 +81,7 @@ function TestRoleSettings() {
     const resetFunc = (newItems) => {
         setChange(false);
         setRoleName(newItems.name || systemRole || "");
+        setAuthMechanism(null)
         dispatchConditions({type:"replace", conditions:transform.createConditions(newItems.endpoints)})
     }
     useEffect(() => {
@@ -130,7 +131,7 @@ function TestRoleSettings() {
     const saveAction = async (updatedAuth=false, authWithCondLists = null) => {
         let andConditions = transform.filterContainsConditions(conditions, 'AND')
         let orConditions = transform.filterContainsConditions(conditions, 'OR')
-        if (!(andConditions || orConditions) || roleName.length === 0) {
+        if (roleName !== 'ATTACKER_TOKEN_ALL' && !(andConditions || orConditions) || roleName.length === 0) {
             func.setToast(true, true, "Please select valid values for a test role")
         } else {
             if (isNew) {
@@ -186,7 +187,7 @@ function TestRoleSettings() {
             setAdvancedHeaderSettingsOpen(true)
         }
         setShowAuthComponent(true)
-        setHardcodedOpen(true)
+        setHardcodedOpen(authObj?.authMechanism?.type === "HardCoded")
         setEditableDocs(index)
     }
 
@@ -234,7 +235,7 @@ function TestRoleSettings() {
         }
     }
 
-    const conditionsCard = (
+    const conditionsCard = roleName !== 'ATTACKER_TOKEN_ALL' ? (
         <LegacyCard title="Details" key="condition">
             <TestRolesConditionsPicker
                 title="Role endpoint conditions"
@@ -244,7 +245,7 @@ function TestRoleSettings() {
                 selectOptions={selectOptions}
             />
         </LegacyCard>
-    )
+    ) : (<></>)
 
     const deleteModalComp = (
         <Modal
@@ -305,6 +306,9 @@ function TestRoleSettings() {
         setHeaderKey('')
         setHeaderValue('')
         setHardCodeAuthInfo({authParams:[]})
+        setAuthMechanism(null)
+        setHardcodedOpen(true)
+        setEditableDocs(-1)
     }
 
     const handleSaveAuthMechanism = async() => {
@@ -332,8 +336,15 @@ function TestRoleSettings() {
                         errorFilePath: null,
                     }
                 }
+
+                if(editableDoc > -1) {
+                    resp = await api.updateAuthInRole(initialItems.name, apiCond, editableDoc, currentInfo.authParams, automationType, currentInfo.steps, recordedLoginFlowInput)
+                } else {
+                    resp = await api.addAuthToRole(initialItems.name, apiCond, currentInfo.authParams, automationType, currentInfo.steps, recordedLoginFlowInput)
+                }
+            } else {
+                func.setToast(true, true, "Request data cannot be empty!")
             }
-            resp = await api.addAuthToRole(initialItems.name, apiCond, currentInfo.authParams, automationType, currentInfo.steps, recordedLoginFlowInput)
         }
         handleCancel()
         await saveAction(true, resp.selectedRole.authWithCondList)

diff --git a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/api.js b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/api.js
@@ -256,11 +256,11 @@ export default {
             data: {roleName, index}
         })
     },
-    updateAuthInRole(roleName, apiCond ,index, authParamData, authAutomationType) {
+    updateAuthInRole(roleName, apiCond ,index, authParamData, authAutomationType, reqData, recordedLoginFlowInput) {
         return request({
             url: '/api/updateAuthInRole',
             method: 'post',
-            data: {roleName, apiCond, index, authParamData, authAutomationType}
+            data: {roleName, apiCond, index, authParamData, authAutomationType, reqData, recordedLoginFlowInput}
         })
     },
     deleteTestRuns(testRunIds){

diff --git a/...dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/user_config/AuthParams.jsx b/...dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/user_config/AuthParams.jsx
@@ -60,7 +60,7 @@ function AuthParams({ authParams, setAuthParams, hideTitle }) {
                                 <div style={{ display: "grid", gridTemplateColumns: "auto max-content auto max-content auto max-content", gap: "30px", alignItems: "center"}}>
                                     <Dropdown
                                         id={"auth-param-menu"}
-                                        menuItems={authParamOptions} initial={authParam.where === "HEADER" ? "Header": "Body"}
+                                        menuItems={authParamOptions} initial={authParam.where}
                                         selected={(authParamLocation) => handleUpdate(index, "where", authParamLocation)} />
                                     <Text variant="bodyMd">Key: </Text>
                                     <TextField id={`auth-param-key-${index}`} value={authParam.key} onChange={(key) => handleUpdate(index, "key", key)} />

diff --git a/...hboard/web/polaris_web/web/src/apps/dashboard/pages/testing/user_config/JsonRecording.jsx b/...hboard/web/polaris_web/web/src/apps/dashboard/pages/testing/user_config/JsonRecording.jsx
@@ -25,7 +25,7 @@ function JsonRecording({extractInformation, showOnlyApi, setStoreData}) {
     }])
 
     useEffect(() => {
-        if (!extractInformation) {
+        if (extractInformation) {
             if (authMechanism && authMechanism.type === "LOGIN_REQUEST" && authMechanism.requestData[0].type === "RECORDED_FLOW") {
                 setTokenFetchCommand(authMechanism.requestData[0].tokenFetchCommand)
                 setAuthParams(authMechanism.authParams)
@@ -35,7 +35,7 @@ function JsonRecording({extractInformation, showOnlyApi, setStoreData}) {
         } else {
             return;
         }
-    }, [])
+    }, [authMechanism])
 
     const inputRef = useRef(null);
 

diff --git a/...ard/web/polaris_web/web/src/apps/dashboard/pages/testing/user_config/LoginStepBuilder.jsx b/...ard/web/polaris_web/web/src/apps/dashboard/pages/testing/user_config/LoginStepBuilder.jsx
@@ -49,7 +49,7 @@ function LoginStepBuilder({extractInformation, showOnlyApi, setStoreData}) {
 
     useEffect(() => {
 
-        if(!extractInformation){
+        if(extractInformation){
             setIsLoading(true)
             if (authMechanism && authMechanism.type === "LOGIN_REQUEST" && authMechanism.requestData[0].type !== "RECORDED_FLOW") {
                 setSteps(authMechanism.requestData.map((step, index) => ({
@@ -65,7 +65,7 @@ function LoginStepBuilder({extractInformation, showOnlyApi, setStoreData}) {
         }else{
             return;
         }
-    }, [])
+    }, [authMechanism])
 
     const stepOptions = [
         { label: "Call API", value: "LOGIN_FORM" },