zap_auth doesn't support logins with username with type=email

ICTU / zap2docker-auth-weekly

Zap baseline scanner in Docker with authentication

Apache License 2.0

104 stars 70 forks source link

zap_auth doesn't support logins with username with type=email #31

Closed iTaybb closed 3 years ago

iTaybb commented 3 years ago

Assuming html login form username is actually an email, this control:

<input name="email" placeholder="Email" type="email" class="form-control">

won't be identified, even when run with auth.username_field="email"

It would seem that this happens as the code in zap_auth.py explicitly looks for @type='text' or not(@type) controls.

dicksnel commented 3 years ago

@iTaybb I just made a commit which includes username fields with type=email. Can you pull the latest image and try again?

iTaybb commented 3 years ago

It seems that with the latest image, the code crashes:

Traceback (most recent call last):
   File "/zap/zap_auth.py", line 77, in login
     self.auto_login(config)
   File "/zap/zap_auth.py", line 163, in auto_login
     self.submit_form(username_element)
   File "/zap/zap_auth.py", line 169, in submit_form
     if self.config.auth_submitaction == "click":
 AttributeError: 'ZapAuth' object has no attribute 'config'

dicksnel commented 3 years ago

@iTaybb oops... fixed the bug. Can you try again?

iTaybb commented 3 years ago

Looks great! 10x