Land #11183, add authentication to LoginServlet endpoints

documentation/api/v1/login_api_doc.rb

@@ -153,7 +153,7 @@ module LoginApiDoc
   end
 
   swagger_path '/api/v1/logins/{id}' do
-    # Swagger documentation for api/v1/logins/:id GET
+    # Swagger documentation for /api/v1/logins/:id GET
     operation :get do
       key :description, 'Return specific login that is stored in the database.'
       key :tags, [ 'login' ]

lib/msf/core/web_services/servlet/login_servlet.rb

@@ -21,6 +21,7 @@ module LoginServlet
 
   def self.get_logins
     lambda {
+      warden.authenticate!
       begin
         sanitized_params = sanitize_params(params, env['rack.request.query_hash'])
         data = get_db.logins(sanitized_params)
@@ -34,6 +35,7 @@ module LoginServlet
 
   def self.create_login
     lambda {
+      warden.authenticate!
       begin
         opts = parse_json_request(request, false)
         opts[:core][:workspace] = get_db.workspaces(id: opts[:workspace_id]).first
@@ -48,6 +50,7 @@ module LoginServlet
 
   def self.update_login
     lambda {
+      warden.authenticate!
       begin
         opts = parse_json_request(request, false)
         tmp_params = sanitize_params(params)
@@ -62,6 +65,7 @@ module LoginServlet
 
   def self.delete_logins
     lambda {
+      warden.authenticate!
       begin
         opts = parse_json_request(request, false)
         data = get_db.delete_logins(opts)