[PLGN-45]- Custom Auth- fixed bug where we cannot pass the API Key fr…

…om the input into the Authentication header if it contains a prefix (#2143) [PLGN-45]- Fix validator issue
rapid7 · Nov 27, 2023 · 08bea17 · 08bea17
1 parent ee0ee11
commit 08bea17
Show file tree

Hide file tree

Showing 8 changed files with 15 additions and 8 deletions.
diff --git a/plugins/rest/.CHECKSUM b/plugins/rest/.CHECKSUM
@@ -1,7 +1,7 @@
 {
-	"spec": "01bf89086f7b69361309c6adf67f9ed3",
-	"manifest": "6a4dfbf514cf030c250d577eecf8ff21",
-	"setup": "0dba8c490db609ae9977ade0756dbaa6",
+	"spec": "824d8daed5906eb3eb6a7941f2b25f62",
+	"manifest": "605d494d836f7a167cc056175e8c452b",
+	"setup": "775bc205b08880dafc532003dc63eda8",
 	"schemas": [
 		{
 			"identifier": "delete/schema.py",

diff --git a/plugins/rest/Dockerfile b/plugins/rest/Dockerfile
@@ -1,4 +1,4 @@
-FROM rapid7/insightconnect-python-3-38-plugin:5
+FROM rapid7/insightconnect-python-3-plugin:5
 
 LABEL organization=rapid7
 LABEL sdk=python

diff --git a/plugins/rest/bin/komand_rest b/plugins/rest/bin/komand_rest
@@ -6,7 +6,7 @@ from sys import argv
 
 Name = "HTTP Requests"
 Vendor = "rapid7"
-Version = "6.0.3"
+Version = "6.0.4"
 Description = "The HTTP Requests plugin makes it easy to integrate with RESTful services"
 
 

diff --git a/plugins/rest/help.md b/plugins/rest/help.md
@@ -342,6 +342,7 @@ Any issues connecting to the remote service should be present in the log of the
 
 # Version History
 
+* 6.0.4 - Custom Auth: Fix bug where we could not pass the API Key from the input into the Authentication header if the header value included a prefix
 * 6.0.3 - Added empty `__init__.py` file to `unit_test` folder | Refreshed with new tooling | Updated `requirements.txt`
 * 6.0.2 - Fixed a bug that would cause an incorrect error message whenever a 400 error was received and the response object was a list
 * 6.0.1 - Improved ability of 'Body Any' input to handle non-standard characters and JSON input

diff --git a/plugins/rest/komand_rest/util/util.py b/plugins/rest/komand_rest/util/util.py
@@ -161,7 +161,7 @@ def check_auth_type_validity(
     def create_headers_for_custom_auth(self, headers: dict, secret_key) -> dict:
         new_headers = {}
         for key, value in headers.items():
-            if value == self.CUSTOM_SECRET_INPUT:
+            if self.CUSTOM_SECRET_INPUT in value:
                 if not secret_key:
                     raise PluginException(
                         cause="'CUSTOM_SECRET_INPUT' used in authentication header, but no secret provided.",

diff --git a/plugins/rest/plugin.spec.yaml b/plugins/rest/plugin.spec.yaml
@@ -4,7 +4,7 @@ products: [insightconnect]
 name: rest
 title: HTTP Requests
 description: The HTTP Requests plugin makes it easy to integrate with RESTful services
-version: 6.0.3
+version: 6.0.4
 vendor: rapid7
 support: community
 supported_versions: ["2023-10-19"]

diff --git a/plugins/rest/setup.py b/plugins/rest/setup.py
@@ -3,7 +3,7 @@
 
 
 setup(name="rest-rapid7-plugin",
-      version="6.0.3",
+      version="6.0.4",
       description="The HTTP Requests plugin makes it easy to integrate with RESTful services",
       author="rapid7",
       author_email="",

diff --git a/plugins/rest/unit_test/test_utils.py b/plugins/rest/unit_test/test_utils.py
@@ -175,6 +175,12 @@ def test_custom_auth_success(self):
         api.with_credentials("Custom", secret_key="Key")
         self.assertEqual(api.default_headers["TEST"], "Key")
 
+    def test_custom_auth_with_prefix_success(self):
+        log = logging.getLogger("Test")
+        api = RestAPI("www.google.com", log, True, {"TEST": "ApiKey CUSTOM_SECRET_INPUT"})
+        api.with_credentials("Custom", secret_key="Key")
+        self.assertEqual(api.default_headers["TEST"], "Key")
+
     def test_custom_auth_not_provided(self):
         log = logging.getLogger("Test")
         api = RestAPI("www.google.com", log, True, {"TEST": "CUSTOM_SECRET_INPUT"})