add support for Authentication, Request headers & Excluded Urls - Frontend
- backend counterpart: #225406 (closed)
Summary
This is the second frontend iteration for building the DAST site profile form MVC. At this point, we should have a basic form already done, and we're going to add the Authentication section, as well as the Request headers field.
Designs
See the epic at &3771 (closed)
Implementation plan
-
Create Feature flag ( :security_on_demand_scans_site_authentication_request_headers
) TBD -
Add the Authentication section to the form with the following fields: -
Enable authentication: radio buttons, if true
:-
Authenticated Site: the URL where the login form can be found -
Username -
Password -
Username Form Field: name of the username field in the sign-in form -
Password Form Field: name of the password field in the sign-in form
-
-
-
Add the Request Headers field: textarea, optional. -
Add the Excluded URLs field: textarea, optional -
Add form-validation: -
Authenticated Site: not empty, valid URL -
Password, Username, Username Form Field, Password Form Field: not empty
-
-
Extend the GraphQL mutation[2] to include the new fields.
[2] Proposed GraphQL mutation:
--- proposal_iteration1.graphl
+++ proposal_iteration2.graphl
@@ -2,12 +2,26 @@ mutation dastSiteProfileCreate(
$fullPath: ID!
$profileName: String!
$targetUrl: String
+ $authUrl: String
+ $authUsernameField: String
+ $authPasswordField: String
+ $authPassword: String
+ $excludedUrls: String
+ $requestHeaders: String
) {
dastSiteProfileCreate(
input: {
fullPath: $fullPath
profileName: $profileName
targetUrl: $targetUrl
+ auth: {
+ url: $authUrl
+ usernameField: $authUsernameField
+ passwordField: $authPasswordField
+ password: $authPassword
+ }
+ excludedUrls: $excludedUrls
+ requestHeaders: $requestHeaders
}
) {
id
Edited by Seth Berger