ForcedUserAPI.java

/*
 * Zed Attack Proxy (ZAP) and its related class files.
 * 
 * ZAP is an HTTP/HTTPS proxy for assessing web application security.
 * 
 * Copyright 2013 The ZAP Development Team
 * 
 * Licensed under the Apache License, Version 2.0 (the "License"); 
 * you may not use this file except in compliance with the License. 
 * You may obtain a copy of the License at 
 * 
 *   http://www.apache.org/licenses/LICENSE-2.0 
 *   
 * Unless required by applicable law or agreed to in writing, software 
 * distributed under the License is distributed on an "AS IS" BASIS, 
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
 * See the License for the specific language governing permissions and 
 * limitations under the License. 
 */
package org.zaproxy.zap.extension.forceduser;

import net.sf.json.JSONObject;

import org.apache.log4j.Logger;
import net.sf.json.JSONException;
import org.zaproxy.zap.extension.api.ApiAction;
import org.zaproxy.zap.extension.api.ApiException;
import org.zaproxy.zap.extension.api.ApiException.Type;
import org.zaproxy.zap.extension.api.ApiImplementor;
import org.zaproxy.zap.extension.api.ApiResponse;
import org.zaproxy.zap.extension.api.ApiResponseElement;
import org.zaproxy.zap.extension.api.ApiView;
import org.zaproxy.zap.extension.authentication.AuthenticationAPI;
import org.zaproxy.zap.model.Context;
import org.zaproxy.zap.users.User;
import org.zaproxy.zap.utils.ApiUtils;

/**
 * The API for managing the Forced User for a Context.
 */
public class ForcedUserAPI extends ApiImplementor {

	private static final Logger log = Logger.getLogger(AuthenticationAPI.class);

	private static final String PREFIX = "forcedUser";

	private static final String VIEW_GET_FORCED_USER = "getForcedUser";
	private static final String VIEW_IS_FORCED_USER_MODE_ENABLED = "isForcedUserModeEnabled";

	private static final String ACTION_SET_FORCED_USER = "setForcedUser";
	private static final String ACTION_SET_FORCED_USER_MODE_ENABLED = "setForcedUserModeEnabled";

	private static final String PARAM_USER_ID = "userId";
	private static final String PARAM_CONTEXT_ID = "contextId";
	private static final String PARAM_MODE_ENABLED = "boolean";

	private ExtensionForcedUser extension;

	public ForcedUserAPI(ExtensionForcedUser extension) {
		super();
		this.extension = extension;

		this.addApiView(new ApiView(VIEW_IS_FORCED_USER_MODE_ENABLED));
		this.addApiView(new ApiView(VIEW_GET_FORCED_USER, new String[] { PARAM_CONTEXT_ID }));

		this.addApiAction(new ApiAction(ACTION_SET_FORCED_USER, new String[] { PARAM_CONTEXT_ID,
				PARAM_USER_ID }));
		this.addApiAction(new ApiAction(ACTION_SET_FORCED_USER_MODE_ENABLED,
				new String[] { PARAM_MODE_ENABLED }));
	}

	@Override
	public ApiResponse handleApiView(String name, JSONObject params) throws ApiException {
		log.debug("handleApiView " + name + " " + params.toString());

		switch (name) {
		case VIEW_GET_FORCED_USER:
			Context context = ApiUtils.getContextByParamId(params, PARAM_CONTEXT_ID);
			User forcedUser = extension.getForcedUser(context.getIndex());
			if (forcedUser != null)
				return new ApiResponseElement("forcedUserId", Integer.toString(forcedUser.getId()));
			else
				return new ApiResponseElement("forcedUserId", "");
		case VIEW_IS_FORCED_USER_MODE_ENABLED:
			return new ApiResponseElement("forcedModeEnabled", Boolean.toString(extension
					.isForcedUserModeEnabled()));
		default:
			throw new ApiException(Type.BAD_VIEW);
		}
	}

	@Override
	public ApiResponse handleApiAction(String name, JSONObject params) throws ApiException {
		log.debug("handleApiAction " + name + " " + params.toString());
		Context context;
		switch (name) {
		case ACTION_SET_FORCED_USER:
			context = ApiUtils.getContextByParamId(params, PARAM_CONTEXT_ID);
			int userId = ApiUtils.getIntParam(params, PARAM_USER_ID);
			try {
				extension.setForcedUser(context.getIndex(), userId);
			} catch (IllegalStateException ex) {
				throw new ApiException(Type.USER_NOT_FOUND);
			}
			context.save();
			return ApiResponseElement.OK;
		case ACTION_SET_FORCED_USER_MODE_ENABLED:
			if (!params.containsKey(PARAM_MODE_ENABLED))
				throw new ApiException(Type.MISSING_PARAMETER, PARAM_MODE_ENABLED);
			boolean newModeStatus;
			try {
				newModeStatus = params.getBoolean(PARAM_MODE_ENABLED);
			} catch (JSONException ex) {
				throw new ApiException(Type.ILLEGAL_PARAMETER, PARAM_MODE_ENABLED);
			}
			extension.setForcedUserModeEnabled(newModeStatus);
			return ApiResponseElement.OK;
		default:
			throw new ApiException(Type.BAD_ACTION);
		}
	}

	@Override
	public String getPrefix() {
		return PREFIX;
	}

}