diff --git a/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js b/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js
index fbc2abf94..0ef51ad2d 100644
--- a/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js
+++ b/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js
@@ -91,6 +91,7 @@ define(['jquery',
this.curForm = curForm;
this.$curFeedback = $(curForm).closest('.attack-container').find('.attack-feedback');
this.$curOutput = $(curForm).closest('.attack-container').find('.attack-output');
+
var formUrl = $(curForm).attr('action');
var formMethod = $(curForm).attr('method');
var contentType = ($(curForm).attr('contentType')) ? $(curForm).attr('contentType') : 'application/x-www-form-urlencoded; charset=UTF-8';
@@ -100,9 +101,9 @@ define(['jquery',
method:formMethod,
contentType:contentType,
data: submitData,
- complete: function (data) {
- callbackFunction();
- }
+ //complete: function (data) {
+ //callbackFunction(data);
+ //}
}).then(self.onSuccessResponse.bind(self), self.onErrorResponse.bind(self));
return false;
},
@@ -110,13 +111,20 @@ define(['jquery',
onSuccessResponse: function(data) {
this.renderFeedback(data.feedback);
this.renderOutput(data.output || "");
+
+ var successCallBackFunctionName = this.$form.attr('successCallback');
+ var failureCallbackFunctionName = this.$form.attr('failureCallback');
+ //var submitData = (typeof webgoat.customjs[prepareDataFunctionName] === 'function') ? webgoat.customjs[prepareDataFunctionName]() : $(curForm).serialize();
+ successCallbackFunction = (typeof webgoat.customjs[successCallBackFunctionName] === 'function') ? webgoat.customjs[successCallBackFunctionName] : function() {};
+ failureCallbackFunction = (typeof webgoat.customjs[failureCallbackFunctionName] === 'function') ? webgoat.customjs[failureCallbackFunctionName] : function() {};
//TODO: refactor back assignmentCompleted in Java
if (data.lessonCompleted || data.assignmentCompleted) {
-
this.markAssignmentComplete();
+ successCallbackFunction(data); //data is likely not useful, except maybe the output ...
this.trigger('assignment:complete');
} else {
- this.markAssignmentIncomplete();
+ this.markAssignmentIncomplete(data); //again, data might be useful, especially the output
+ failureCallbackFunction();
}
return false;
},
diff --git a/webgoat-lessons/auth-bypass/src/main/resources/html/AuthBypass.html b/webgoat-lessons/auth-bypass/src/main/resources/html/AuthBypass.html
index e5d8f7f93..88a7c908b 100644
--- a/webgoat-lessons/auth-bypass/src/main/resources/html/AuthBypass.html
+++ b/webgoat-lessons/auth-bypass/src/main/resources/html/AuthBypass.html
@@ -20,9 +20,9 @@
<!-- modify the action to point to the intended endpoint and set other attributes as desired -->
<script th:src="@{/lesson_js/bypass.js}" />
- <form class="attack-form" accept-charset="UNKNOWN"
+ <form class="attack-form" accept-charset="UNKNOWN" id="verify-account-form"
method="POST" name="form"
- callback="onBypassResponse"
+ successCallback="onBypassResponse"
action="/WebGoat/auth-bypass/verify-account"
enctype="application/json;charset=UTF-8">
<p>Verify Your Account by answering the questions below:</p>
@@ -40,6 +40,27 @@
<input name="submit" value="Submit" type="submit"/>
</form>
+
+ <form class="attack-form" accept-charset="UNKNOWN" id="change-password-form"
+ method="POST" name="form"
+ successCallback="onBypassResponse"
+ action="/WebGoat/auth-bypass/verify-account"
+ enctype="application/json;charset=UTF-8"
+ style="display:none"><!-- start off hidden -->
+ <p>Please provide a new password for your account</p>
+
+ <p>Password:</p>
+ <input name="newPassword" value="" type="password" /><br/>
+
+ <p>Confirm Password:</p>
+ <input name="newPasswordConfirm" value="" type="password" /><br/><br />
+
+ <input type="hidden" name="userId" value="12309746" />
+
+ <input name="submit" value="Submit" type="submit"/>
+
+ </form>
+
<!-- do not remove the two following div's, this is where your feedback/output will land -->
<!-- the attack response will include a 'feedback' and that will automatically go here -->
<div class="attack-feedback"></div>
diff --git a/webgoat-lessons/auth-bypass/src/main/resources/js/bypass.js b/webgoat-lessons/auth-bypass/src/main/resources/js/bypass.js
index a00baad1f..acbc26899 100644
--- a/webgoat-lessons/auth-bypass/src/main/resources/js/bypass.js
+++ b/webgoat-lessons/auth-bypass/src/main/resources/js/bypass.js
@@ -1,7 +1,8 @@
// need custom js for this?
-webgoat.customjs.onBypassResponse = function(e) {
- console.warn("showPasswordChange fired - "+ data)
+webgoat.customjs.onBypassResponse = function(data) {
+ webgoat.customjs.jquery('#verify-account-form').hide();
+ webgoat.customjs.jquery('#change-password-form').show();
}
var onViewProfile = function () {
diff --git a/webgoat-lessons/xxe/src/main/resources/html/XXE.html b/webgoat-lessons/xxe/src/main/resources/html/XXE.html
index 7b0d74867..e46925552 100644
--- a/webgoat-lessons/xxe/src/main/resources/html/XXE.html
+++ b/webgoat-lessons/xxe/src/main/resources/html/XXE.html
@@ -25,7 +25,7 @@
<form class="attack-form" accept-charset="UNKNOWN"
method="POST" name="form"
prepareData="simpleXXE"
- callback="simpleXXECallback"
+ successCallback="simpleXXECallback"
contentType="application/xml"
action="/WebGoat/xxe/simple">
<div class="container-fluid">
@@ -81,7 +81,7 @@
<form class="attack-form" accept-charset="UNKNOWN"
method="POST" name="form"
prepareData="contentTypeXXE"
- callback="contentTypeXXECallback"
+ successCallback="contentTypeXXECallback"
action="xxe/content-type"
contentType="application/json">
<div class="container-fluid">
@@ -146,7 +146,7 @@
<form class="attack-form" accept-charset="UNKNOWN"
method="POST" name="form"
prepareData="blindXXE"
- callback="blindXXECallback"
+ successCallback="blindXXECallback"
action="/WebGoat/xxe/blind"
contentType="application/xml">
<div class="container-fluid">