Skip to content

Commit

Permalink
Use POST method when requesting the API login endpoint (#4103)
Browse files Browse the repository at this point in the history
* Use POST method when requesting the API login endpoint

* changelog: add PR entry

Co-authored-by: Matias Ezequiel Moreno <matiasmoreno876@gmail.com>
Co-authored-by: Álex <alex-r-b@hotmail.com>
Co-authored-by: Antonio David Gutiérrez <antonio.gutierrez@wazuh.com>
(cherry picked from commit 3977e45)
  • Loading branch information
mcarmona99 authored and AlexRuiz7 committed Jul 11, 2022
1 parent cc736a0 commit b773f49
Show file tree
Hide file tree
Showing 5 changed files with 51 additions and 44 deletions.
6 changes: 6 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,12 @@

All notable changes to the Wazuh app project will be documented in this file.

## Wazuh v4.4.0 - OpenSearch Dashboards 1.2.0 - Revision 4400

### Changed

- Changed the HTTP verb from `GET` to `POST` in the requests to login to the Wazuh API [#4103](https://github.com/wazuh/wazuh-kibana-app/pull/4103)

## Wazuh v4.3.5 - OpenSearch Dashboards 1.2.0 - Revision 4306

### Added
Expand Down
40 changes: 20 additions & 20 deletions common/api-info/endpoints.json
Original file line number Diff line number Diff line change
Expand Up @@ -6904,25 +6904,6 @@
}
]
},
{
"name": "/security/user/authenticate",
"documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.security_controller.login_user",
"description": "This method should be called to get an API token. This token will expire after auth_token_exp_timeout seconds (default: 900). This value can be changed using PUT /security/config",
"summary": "Login",
"tags": [
"Security"
],
"query": [
{
"name": "raw",
"description": "Format response in plain text",
"required": false,
"schema": {
"type": "boolean"
}
}
]
},
{
"name": "/security/users",
"documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.security_controller.get_users",
Expand Down Expand Up @@ -10851,6 +10832,25 @@
}
]
},
{
"name": "/security/user/authenticate",
"documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.security_controller.login_user",
"description": "This method should be called to get an API token. This token will expire after auth_token_exp_timeout seconds (default: 900). This value can be changed using PUT /security/config",
"summary": "Login",
"tags": [
"Security"
],
"query": [
{
"name": "raw",
"description": "Format response in plain text",
"required": false,
"schema": {
"type": "boolean"
}
}
]
},
{
"name": "/security/user/authenticate/run_as",
"documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.security_controller.run_as_login",
Expand Down Expand Up @@ -12010,4 +12010,4 @@
}
]
}
]
]
5 changes: 3 additions & 2 deletions scripts/generate-api-4.0-info/generate-api-4.0-info.js
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ const main = () => {
if(!WAZUH_API_URL.startsWith('http') ){
exitWithMessage(`Wazuh API url is not valid. It should start with "http". Example: https://172.16.1.2:55000`);
};

// Log the configuration:
console.log('--------------- Configuration ---------------');
console.log(`Wazuh API url: ${WAZUH_API_URL}`);
Expand Down Expand Up @@ -111,6 +111,7 @@ const generateAPISecurityActionsInformation = async () => {
const password = 'wazuh';
try{
const authenticationResponse = await request(`${WAZUH_API_URL}/security/user/authenticate`, {
method: 'POST',
headers: {
'Authorization': 'Basic ' + Buffer.from(username + ':' + password).toString('base64')
}
Expand All @@ -119,7 +120,7 @@ const generateAPISecurityActionsInformation = async () => {
const { token } = JSON.parse(authenticationResponse).data;
const securityActionsResponse = await request(`${WAZUH_API_URL}/security/actions`, {
headers: {
'Authorization': `Bearer ${token}`
'Authorization': `Bearer ${token}`
}
});
const securityActions = JSON.parse(securityActionsResponse).data;
Expand Down
4 changes: 2 additions & 2 deletions server/lib/api-interceptor.ts
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ import { ManageHosts } from './manage-hosts';
import https from 'https';

const httpsAgent = new https.Agent({
rejectUnauthorized: false,
rejectUnauthorized: false,
});

const _axios = axios.create({ httpsAgent });
Expand Down Expand Up @@ -47,7 +47,7 @@ export const authenticate = async (apiHostID: string, authContext?: any): Promis
try{
const api: APIHost = await manageHosts.getHostById(apiHostID);
const optionsRequest = {
method: !!authContext ? 'POST' : 'GET',
method: 'POST',
headers: {
'content-type': 'application/json',
},
Expand Down
40 changes: 20 additions & 20 deletions server/lib/api-request-list.json
Original file line number Diff line number Diff line change
Expand Up @@ -6878,25 +6878,6 @@
}
]
},
{
"name": "/security/user/authenticate",
"documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.security_controller.login_user",
"description": "This method should be called to get an API token. This token will expire after auth_token_exp_timeout seconds (default: 900). This value can be changed using PUT /security/config",
"summary": "Login",
"tags": [
"Security"
],
"query": [
{
"name": "raw",
"description": "Format response in plain text",
"required": false,
"schema": {
"type": "boolean"
}
}
]
},
{
"name": "/security/users",
"documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.security_controller.get_users",
Expand Down Expand Up @@ -10503,6 +10484,25 @@
}
]
},
{
"name": "/security/user/authenticate",
"documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.security_controller.login_user",
"description": "This method should be called to get an API token. This token will expire after auth_token_exp_timeout seconds (default: 900). This value can be changed using PUT /security/config",
"summary": "Login",
"tags": [
"Security"
],
"query": [
{
"name": "raw",
"description": "Format response in plain text",
"required": false,
"schema": {
"type": "boolean"
}
}
]
},
{
"name": "/security/user/authenticate/run_as",
"documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.security_controller.run_as_login",
Expand Down Expand Up @@ -11662,4 +11662,4 @@
}
]
}
]
]

0 comments on commit b773f49

Please sign in to comment.