From 12f4222b2e973a9a68588b4a78b241d3124074d6 Mon Sep 17 00:00:00 2001
From: Matthew Kienow <matthew_kienow@rapid7.com>
Date: Fri, 28 Dec 2018 16:29:33 -0500
Subject: [PATCH 1/2] Fix to ensure authentication

---
 lib/msf/core/web_services/servlet/login_servlet.rb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/msf/core/web_services/servlet/login_servlet.rb b/lib/msf/core/web_services/servlet/login_servlet.rb
index 1a84015c21..1552919abe 100644
--- a/lib/msf/core/web_services/servlet/login_servlet.rb
+++ b/lib/msf/core/web_services/servlet/login_servlet.rb
@@ -21,6 +21,7 @@ module LoginServlet
 
   def self.get_logins
     lambda {
+      warden.authenticate!
       begin
         sanitized_params = sanitize_params(params, env['rack.request.query_hash'])
         data = get_db.logins(sanitized_params)
@@ -34,6 +35,7 @@ module LoginServlet
 
   def self.create_login
     lambda {
+      warden.authenticate!
       begin
         opts = parse_json_request(request, false)
         opts[:core][:workspace] = get_db.workspaces(id: opts[:workspace_id]).first
@@ -48,6 +50,7 @@ module LoginServlet
 
   def self.update_login
     lambda {
+      warden.authenticate!
       begin
         opts = parse_json_request(request, false)
         tmp_params = sanitize_params(params)
@@ -62,6 +65,7 @@ module LoginServlet
 
   def self.delete_logins
     lambda {
+      warden.authenticate!
       begin
         opts = parse_json_request(request, false)
         data = get_db.delete_logins(opts)

From 66d0ffd602d561ca823c4bdeb2d642a3104fd18c Mon Sep 17 00:00:00 2001
From: Matthew Kienow <matthew_kienow@rapid7.com>
Date: Fri, 28 Dec 2018 16:30:23 -0500
Subject: [PATCH 2/2] Correct documentation error

---
 documentation/api/v1/login_api_doc.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/documentation/api/v1/login_api_doc.rb b/documentation/api/v1/login_api_doc.rb
index b100e62383..b28bf6ffff 100644
--- a/documentation/api/v1/login_api_doc.rb
+++ b/documentation/api/v1/login_api_doc.rb
@@ -153,7 +153,7 @@ module LoginApiDoc
   end
 
   swagger_path '/api/v1/logins/{id}' do
-    # Swagger documentation for api/v1/logins/:id GET
+    # Swagger documentation for /api/v1/logins/:id GET
     operation :get do
       key :description, 'Return specific login that is stored in the database.'
       key :tags, [ 'login' ]