Skip to content

authhelper: add MS login handling to BBA #6664

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 14, 2025
Merged

authhelper: add MS login handling to BBA #6664

merged 1 commit into from
Aug 14, 2025

Conversation

thc202
Copy link
Member

@thc202 thc202 commented Aug 13, 2025

Handle MS login through BBA.

@psiinon
Copy link
Member

psiinon commented Aug 13, 2025
edited
Loading

Logo
Checkmarx One – Scan Summary & Details2957cc4e-43e8-40e5-b59d-6ac0449435ca

New Issues (1)

Checkmarx found the following issues in this Pull Request

Severity Issue Source File / Package Checkmarx Insight
LOW Heap_Inspection /addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/internal/auth/DefaultAuthenticator.java: 50
detailsMethod at line 50 of /addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/internal/auth/DefaultAuthenticator.java defines password, whic...
ID: yng1ZYrEupwF1dVcRSKDpMmJ0g0%3D
Attack Vector
Fixed Issues (1)

Great job! The following issues were fixed in this Pull Request

Severity Issue Source File / Package
LOW Heap_Inspection /addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthUtils.java: 627

@thc202 thc202 force-pushed the authhelper/bba-ms-login branch 3 times, most recently from 3d17fc0 to ab45753 Compare August 14, 2025 09:13
@thc202 thc202 marked this pull request as ready for review August 14, 2025 09:26
@kingthorin kingthorin requested a review from Copilot August 14, 2025 14:54
Copilot
Copilot AI reviewed Aug 14, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds Microsoft login handling to Browser Based Authentication (BBA) by implementing a dedicated authenticator for Microsoft login flows. The changes introduce a new plugin-style architecture where multiple authenticators can be attempted in sequence.

Key changes:

  • Introduces a new MsLoginAuthenticator class to handle Microsoft-specific login flows
  • Refactors existing authentication logic into a DefaultAuthenticator
  • Creates an Authenticator interface to support multiple authentication strategies

Reviewed Changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 6 comments.

Show a summary per file
File Description
MsLoginAuthenticator.java New authenticator implementation for Microsoft login flows with state machine logic
DefaultAuthenticator.java Extracted existing authentication logic into a dedicated authenticator class
Authenticator.java New interface defining the contract for authentication implementations
AuthUtils.java Refactored to use authenticator chain pattern and made helper methods public
Messages.properties Added diagnostic message keys for Microsoft login steps
CHANGELOG.md Documented the new Microsoft login support feature

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@thc202 thc202 force-pushed the authhelper/bba-ms-login branch from ab45753 to 5cee12c Compare August 14, 2025 15:10
@thc202
authhelper: add MS login handling to BBA
ff33300 
Handle MS login through BBA.

Signed-off-by: thc202 <[email protected]>
@thc202 thc202 force-pushed the authhelper/bba-ms-login branch from 5cee12c to ff33300 Compare August 14, 2025 15:45
@kingthorin kingthorin enabled auto-merge August 14, 2025 15:46
@kingthorin kingthorin merged commit bdbcd47 into zaproxy:main Aug 14, 2025
8 of 9 checks passed
@github-actions github-actions bot locked and limited conversation to collaborators Aug 14, 2025
@thc202 thc202 deleted the authhelper/bba-ms-login branch August 14, 2025 15:51
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

Copilot code review Copilot Copilot left review comments

@psiinon psiinon psiinon approved these changes

@kingthorin kingthorin kingthorin approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@thc202 @psiinon @kingthorin