basic_auth
Validate and test basic authentication mechanisms by verifying username and password inputs to identify potential security vulnerabilities in API endpoints.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| password | Yes | Password for authentication | |
| username | Yes | Username for authentication |
Implementation Reference
- src/tools/authentication.ts:11-41 (registration)Registers the basic_auth tool with input schema (username, password) and inline handler that sets the authentication state using AuthManagerserver.tool( "basic_auth", { username: z.string().describe("Username for authentication"), password: z.string().describe("Password for authentication"), }, async ({ username, password }) => { try { const authManager = AuthManager.getInstance(); const authState = await authManager.setBasicAuth({ username, password }); return { content: [ { type: "text", text: `Successfully set Basic authentication with username: ${username}\nAuthentication type: ${authState.type}\nHeader: Authorization: Basic ***`, }, ], }; } catch (error) { return { content: [ { type: "text", text: `Error setting Basic authentication: ${(error as Error).message}`, }, ], }; } } );
- src/tools/authentication.ts:17-40 (handler)Tool handler function that invokes AuthManager to set Basic Auth credentials and returns formatted responseasync ({ username, password }) => { try { const authManager = AuthManager.getInstance(); const authState = await authManager.setBasicAuth({ username, password }); return { content: [ { type: "text", text: `Successfully set Basic authentication with username: ${username}\nAuthentication type: ${authState.type}\nHeader: Authorization: Basic ***`, }, ], }; } catch (error) { return { content: [ { type: "text", text: `Error setting Basic authentication: ${(error as Error).message}`, }, ], }; } }
- src/tools/authentication.ts:13-16 (schema)Zod input schema defining username and password parameters for the basic_auth tool{ username: z.string().describe("Username for authentication"), password: z.string().describe("Password for authentication"), },
- src/utils/authManager.ts:114-130 (helper)AuthManager.setBasicAuth method: core implementation that encodes credentials to Base64 and updates authentication statepublic async setBasicAuth(credentials: BasicAuthCredentials): Promise<AuthState> { const { username, password } = credentials; // Create Base64 encoded credentials const base64Credentials = Buffer.from(`${username}:${password}`).toString('base64'); this.authState = { type: 'basic', username, password, headers: { 'Authorization': `Basic ${base64Credentials}` } }; return this.getAuthState(); }
- src/utils/authManager.ts:20-23 (helper)Type definition for BasicAuthCredentials used by the basic_auth tool and handlerexport interface BasicAuthCredentials { username: string; password: string; }
- src/tools/index.ts:13-13 (registration)Top-level registration call that includes the authentication tools (including basic_auth) via registerAuthenticationToolsregisterAuthenticationTools(server);