refactor to support cleaner scoping && success and failure callbacks

2017-07-18 17:39:58 -04:00
parent ce7c271bb5
commit 0cb4faf15f
4 changed files with 42 additions and 12 deletions
--- a/webgoat-lessons/auth-bypass/src/main/resources/html/AuthBypass.html
+++ b/webgoat-lessons/auth-bypass/src/main/resources/html/AuthBypass.html
@ -20,9 +20,9 @@

            <!-- modify the action to point to the intended endpoint and set other attributes as desired -->
            <script th:src="@{/lesson_js/bypass.js}" />
-            <form class="attack-form" accept-charset="UNKNOWN"
+            <form class="attack-form" accept-charset="UNKNOWN" id="verify-account-form"
                  method="POST" name="form"
-                  callback="onBypassResponse"
+                  successCallback="onBypassResponse"
                  action="/WebGoat/auth-bypass/verify-account"
                  enctype="application/json;charset=UTF-8">
                <p>Verify Your Account by answering the questions below:</p>
@ -40,6 +40,27 @@
                <input name="submit" value="Submit" type="submit"/>

            </form>
+
+            <form class="attack-form" accept-charset="UNKNOWN" id="change-password-form"
+                  method="POST" name="form"
+                  successCallback="onBypassResponse"
+                  action="/WebGoat/auth-bypass/verify-account"
+                  enctype="application/json;charset=UTF-8"
+                  style="display:none"><!-- start off hidden -->
+                <p>Please provide a new password for your account</p>
+
+                <p>Password:</p>
+                <input name="newPassword" value="" type="password" /><br/>
+
+                <p>Confirm Password:</p>
+                <input name="newPasswordConfirm" value="" type="password" /><br/><br />
+
+                <input type="hidden" name="userId" value="12309746" />
+
+                <input name="submit" value="Submit" type="submit"/>
+
+            </form>
+
            <!-- do not remove the two following div's, this is where your feedback/output will land -->
            <!-- the attack response will include a 'feedback' and that will automatically go here -->
            <div class="attack-feedback"></div>
--- a/webgoat-lessons/auth-bypass/src/main/resources/js/bypass.js
+++ b/webgoat-lessons/auth-bypass/src/main/resources/js/bypass.js
@ -1,7 +1,8 @@
 // need custom js for this?

-webgoat.customjs.onBypassResponse = function(e) {
-    console.warn("showPasswordChange fired - "+ data)
+webgoat.customjs.onBypassResponse = function(data) {
+    webgoat.customjs.jquery('#verify-account-form').hide();
+    webgoat.customjs.jquery('#change-password-form').show();
 }

 var onViewProfile = function () {
--- a/webgoat-lessons/xxe/src/main/resources/html/XXE.html
+++ b/webgoat-lessons/xxe/src/main/resources/html/XXE.html
@ -25,7 +25,7 @@
        <form class="attack-form" accept-charset="UNKNOWN"
              method="POST" name="form"
              prepareData="simpleXXE"
-              callback="simpleXXECallback"
+              successCallback="simpleXXECallback"
              contentType="application/xml"
              action="/WebGoat/xxe/simple">
            <div class="container-fluid">
@ -81,7 +81,7 @@
        <form class="attack-form" accept-charset="UNKNOWN"
              method="POST" name="form"
              prepareData="contentTypeXXE"
-              callback="contentTypeXXECallback"
+              successCallback="contentTypeXXECallback"
              action="xxe/content-type"
              contentType="application/json">
            <div class="container-fluid">
@ -146,7 +146,7 @@
        <form class="attack-form" accept-charset="UNKNOWN"
              method="POST" name="form"
              prepareData="blindXXE"
-              callback="blindXXECallback"
+              successCallback="blindXXECallback"
              action="/WebGoat/xxe/blind"
              contentType="application/xml">
            <div class="container-fluid">