From 5df6e987ebc9468bf4e4f06fe2ef7aa0db0eebe5 Mon Sep 17 00:00:00 2001 From: ronanclancy Date: Tue, 26 Mar 2019 10:01:07 +0000 Subject: [PATCH 1/3] Fim simple email assignment typo --- .../java/org/owasp/webgoat/plugin/SimpleMailAssignment.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/plugin/SimpleMailAssignment.java b/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/plugin/SimpleMailAssignment.java index a2c551687..e32815d66 100644 --- a/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/plugin/SimpleMailAssignment.java +++ b/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/plugin/SimpleMailAssignment.java @@ -63,7 +63,7 @@ public class SimpleMailAssignment extends AssignmentEndpoint { .recipient(username) .title("Simple e-mail assignment") .time(LocalDateTime.now()) - .contents("Thanks your resetting your password, your new password is: " + StringUtils.reverse(username)) + .contents("Thanks for resetting your password, your new password is: " + StringUtils.reverse(username)) .sender("webgoat@owasp.org") .build(); try { From 93830ac15b70d7d7392d052a2b0b1eae6f7cec4c Mon Sep 17 00:00:00 2001 From: zubcevic Date: Wed, 20 Mar 2019 18:44:15 +0100 Subject: [PATCH 2/3] adjusted to findByUser --- .../challenge/src/main/java/org/owasp/webgoat/plugin/Flag.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/Flag.java b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/Flag.java index 7d5c85967..fada70230 100644 --- a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/Flag.java +++ b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/Flag.java @@ -56,7 +56,7 @@ public class Flag extends Endpoint { @RequestMapping(method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE) @ResponseBody public AttackResult postFlag(@RequestParam String flag) { - UserTracker userTracker = userTrackerRepository.findOne(webSession.getUserName()); + UserTracker userTracker = userTrackerRepository.findByUser(webSession.getUserName()); String currentChallenge = webSession.getCurrentLesson().getName(); int challengeNumber = Integer.valueOf(currentChallenge.substring(currentChallenge.length() - 1, currentChallenge.length())); String expectedFlag = FLAGS.get(challengeNumber); From bb7fb3f197f3a01cd2a070fc8decc070724ed72e Mon Sep 17 00:00:00 2001 From: rjclancy Date: Tue, 26 Mar 2019 12:05:42 +0000 Subject: [PATCH 3/3] add UserService unit test, modify UserService --- .../org/owasp/webwolf/user/UserService.java | 19 +++--- .../owasp/webwolf/user/UserServiceTest.java | 66 +++++++++++++++++++ 2 files changed, 76 insertions(+), 9 deletions(-) create mode 100644 webwolf/src/test/java/org/owasp/webwolf/user/UserServiceTest.java diff --git a/webwolf/src/main/java/org/owasp/webwolf/user/UserService.java b/webwolf/src/main/java/org/owasp/webwolf/user/UserService.java index 319a9a355..85c1576ff 100644 --- a/webwolf/src/main/java/org/owasp/webwolf/user/UserService.java +++ b/webwolf/src/main/java/org/owasp/webwolf/user/UserService.java @@ -1,6 +1,6 @@ package org.owasp.webwolf.user; -import lombok.AllArgsConstructor; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.stereotype.Service; @@ -10,26 +10,27 @@ import org.springframework.stereotype.Service; * @since 3/19/17. */ @Service -@AllArgsConstructor public class UserService implements UserDetailsService { - private final UserRepository userRepository; + private UserRepository userRepository; + + @Autowired + public UserService(final UserRepository userRepository) { + this.userRepository = userRepository; + } @Override - public WebGoatUser loadUserByUsername(String username) throws UsernameNotFoundException { + public WebGoatUser loadUserByUsername(final String username) throws UsernameNotFoundException { WebGoatUser webGoatUser = userRepository.findByUsername(username); if (webGoatUser == null) { throw new UsernameNotFoundException("User not found"); - } else { - webGoatUser.createUser(); } + webGoatUser.createUser(); return webGoatUser; } - public void addUser(String username, String password) { + public void addUser(final String username, final String password) { userRepository.save(new WebGoatUser(username, password)); } - - } diff --git a/webwolf/src/test/java/org/owasp/webwolf/user/UserServiceTest.java b/webwolf/src/test/java/org/owasp/webwolf/user/UserServiceTest.java new file mode 100644 index 000000000..63da863bf --- /dev/null +++ b/webwolf/src/test/java/org/owasp/webwolf/user/UserServiceTest.java @@ -0,0 +1,66 @@ +package org.owasp.webwolf.user; + + +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.Mock; +import org.springframework.security.core.userdetails.UsernameNotFoundException; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import static org.mockito.Mockito.*; + +@RunWith(SpringJUnit4ClassRunner.class) +public class UserServiceTest { + + @Mock + private UserRepository mockUserRepository; + + private UserService cut; + + @Before + public void setup(){ + cut = new UserService(mockUserRepository); + } + + @Test + public void testLoadUserByUsername(){ + // setup + final String username = "guest"; + final String password = "123"; + + WebGoatUser user = new WebGoatUser(username, password); + when(mockUserRepository.findByUsername(username)).thenReturn(user); + + // execute + final WebGoatUser webGoatUser = cut.loadUserByUsername(username); + + // verify + Assert.assertEquals(username, webGoatUser.getUsername()); + Assert.assertEquals(password, webGoatUser.getPassword()); + } + + @Test(expected = UsernameNotFoundException.class) + public void testLoadUserByUsername_NULL(){ + // setup + final String username = "guest"; + when(mockUserRepository.findByUsername(username)).thenReturn(null); + + // execute + cut.loadUserByUsername(username); + } + + @Test + public void testAddUser(){ + // setup + final String username = "guest"; + final String password = "guest"; + + // execute + cut.addUser(username, password); + + // verify + verify(mockUserRepository, times(1)).save(any(WebGoatUser.class)); + } +}