From 79a7dd3e883a78c006e0e1fe83597372ede8973d Mon Sep 17 00:00:00 2001 From: Christian Frichot Date: Sun, 15 Apr 2012 16:38:38 +0800 Subject: [PATCH] RESTful Admin API Class now includes a LOGIN method --- core/main/rest/handlers/admin.rb | 35 ++++++++++++++++++++++++++++++-- 1 file changed, 33 insertions(+), 2 deletions(-) diff --git a/core/main/rest/handlers/admin.rb b/core/main/rest/handlers/admin.rb index 51fa7555e..ac1e6c046 100644 --- a/core/main/rest/handlers/admin.rb +++ b/core/main/rest/handlers/admin.rb @@ -30,8 +30,39 @@ module BeEF 'Expires' => '0' end - get '/' do - "Hiya" + # @note Authenticate using the config set username/password to retrieve the "token" used for subsquent calls. + # Return the secret token used for subsquene tAPI calls. + # + # Input must be specified in JSON format + # + # +++ Example: +++ + #POST /api/admin/login HTTP/1.1 + #Host: 127.0.0.1:3000 + #Content-Type: application/json; charset=UTF-8 + #Content-Length: 18 + # + #{"username":"beef", "password":"beef"} + #===response (snip)=== + #HTTP/1.1 200 OK + #Content-Type: application/json; charset=UTF-8 + #Content-Length: 35 + # + #{"success":"true","token":"122323121"} + # + post '/login' do + request.body.rewind + begin + data = JSON.parse request.body.read + # check username and password + if not (data['username'].eql? config.get('beef.extension.admin_ui.username') and data['password'].eql? config.get('beef.extension.admin_ui.password') ) + BeEF::Core::Logger.instance.register('Authentication', "User with ip #{request.ip} has failed to authenticate in the application.") + halt 401 + else + '{"success":"true","token":"' + config.get('beef.api_token') + '"' + end + rescue Exception => e + error 400 + end end private