Merge pull request #304 from psiinon/js-auth/rel-dirs

Use relative dirs for JS auth plans

Author: thc202

af-plans/juiceshop-selenium-auth/README.md

@@ -5,6 +5,8 @@ This directory contains [Automation Framework](https://www.zaproxy.org/docs/auto
 Note that ZAP _can_ authenticate to Juice Shop _without_ using Selenium, and normally this is what we would recommend.
 However, in this case we are using it to show how to use Selenium to authenticate to your app if there is no alternative.
 
+There is a related blog post: https://www.zaproxy.org/blog/2023-02-01-authenticating-using-selenium/
+
 ## Requirements
 
 To run this plan you need to:
@@ -15,8 +17,7 @@ To run this plan you need to:
 * Add a user to Juice Shop with the credentials:
   * username: [email protected]
   * password: test123
-* Edit all of the automation plans and shell scripts to replace `/full/path/` to be the local full path of your scripts
-* Edit all of the shell scripts to correct the path to your ZAP installation
+* Edit all of the shell scripts to correct the path to your ZAP installation and to the plans
 * Ensure that the user credentials are available via the environmental variables (these _should_ be set up correctly via the supplied scripts):
   * JS_USER: [email protected]
   * JS_PWD: test123
@@ -78,8 +79,7 @@ Note that Firefox reports lots of messages to standard output - these are diffic
 
 The following related enhancements are planned:
 
-* Publishing a ZAP blog post explaining how and why these scripts work
-* Enhancing the Automation Framework to support relative file names
-* Enhancing ZAP to support header based session management
+* Add example docker commands
+* Update the plan to use header based session management
 * More investigations into why there are so many auth tokens and cookies absent in browser requests
 

af-plans/juiceshop-selenium-auth/juiceshop-auth.yaml

@@ -10,7 +10,7 @@ env:
     authentication:
       method: "script"
       parameters:
-        script: "/full/path/JuiceShopAuthentication.js"
+        script: "JuiceShopAuthentication.js"
         scriptEngine: "Oracle Nashorn"
       verification:
         method: "poll"
@@ -22,7 +22,7 @@ env:
     sessionManagement:
       method: "script"
       parameters:
-        script: "/full/path/JuiceShopSession.js"
+        script: "JuiceShopSession.js"
         scriptEngine: "Oracle Nashorn"
     technology:
       exclude: []
@@ -47,7 +47,7 @@ jobs:
     type: "httpsender"
     engine: "Oracle Nashorn"
     name: "JuiceShopHttpSender.js"
-    file: "/full/path/JuiceShopHttpSender.js"
+    file: "JuiceShopHttpSender.js"
     target: ""
 - name: "script"
   type: "script"
@@ -56,7 +56,7 @@ jobs:
     type: "selenium"
     engine: Oracle Nashorn"
     name: "JuiceShopSelenium.js"
-    file: "/full/path/JuiceShopSelenium.js"
+    file: "JuiceShopSelenium.js"
     target: ""
 - parameters: 
     user: "test"

af-plans/juiceshop-selenium-auth/juiceshop-test.yaml

@@ -10,7 +10,7 @@ env:
     authentication:
       method: "script"
       parameters:
-        script: "/full/path/JuiceShopAuthentication.js"
+        script: "JuiceShopAuthentication.js"
         scriptEngine: "Oracle Nashorn"
       verification:
         method: "poll"
@@ -22,7 +22,7 @@ env:
     sessionManagement:
       method: "script"
       parameters:
-        script: "/full/path/JuiceShopSession.js"
+        script: "JuiceShopSession.js"
         scriptEngine: "Oracle Nashorn"
     technology:
       exclude: []
@@ -47,7 +47,7 @@ jobs:
     type: "httpsender"
     engine: "Oracle Nashorn"
     name: "JuiceShopHttpSender.js"
-    file: "/full/path/JuiceShopHttpSender.js"
+    file: "JuiceShopHttpSender.js"
     target: ""
 - name: "script"
   type: "script"
@@ -56,7 +56,7 @@ jobs:
     type: "selenium"
     engine: Oracle Nashorn"
     name: "JuiceShopSelenium.js"
-    file: "/full/path/JuiceShopSelenium.js"
+    file: "JuiceShopSelenium.js"
     target: ""
 - name: "request - check auth works"
   type: "requestor"