dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor to support cleaner scoping && success and failure callbacks

Browse Source
This commit is contained in:
Jason White 2017-07-18 17:39:58 -04:00
parent ce7c271bb5
commit 0cb4faf15f
4 changed files with 42 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js
View File

@ -91,6 +91,7 @@ define(['jquery',
this.curForm = curForm; this.curForm = curForm;
this.$curFeedback = $(curForm).closest('.attack-container').find('.attack-feedback'); this.$curFeedback = $(curForm).closest('.attack-container').find('.attack-feedback');
this.$curOutput = $(curForm).closest('.attack-container').find('.attack-output'); this.$curOutput = $(curForm).closest('.attack-container').find('.attack-output');
var formUrl = $(curForm).attr('action'); var formUrl = $(curForm).attr('action');
var formMethod = $(curForm).attr('method'); var formMethod = $(curForm).attr('method');
var contentType = ($(curForm).attr('contentType')) ? $(curForm).attr('contentType') : 'application/x-www-form-urlencoded; charset=UTF-8'; var contentType = ($(curForm).attr('contentType')) ? $(curForm).attr('contentType') : 'application/x-www-form-urlencoded; charset=UTF-8';
@ -100,9 +101,9 @@ define(['jquery',
method:formMethod, method:formMethod,
contentType:contentType, contentType:contentType,
data: submitData, data: submitData,
complete: function (data) { //complete: function (data) {
callbackFunction(); //callbackFunction(data);
} //}
}).then(self.onSuccessResponse.bind(self), self.onErrorResponse.bind(self)); }).then(self.onSuccessResponse.bind(self), self.onErrorResponse.bind(self));
return false; return false;
}, },
@ -110,13 +111,20 @@ define(['jquery',
onSuccessResponse: function(data) { onSuccessResponse: function(data) {
this.renderFeedback(data.feedback); this.renderFeedback(data.feedback);
this.renderOutput(data.output || ""); this.renderOutput(data.output || "");
var successCallBackFunctionName = this.$form.attr('successCallback');
var failureCallbackFunctionName = this.$form.attr('failureCallback');
//var submitData = (typeof webgoat.customjs[prepareDataFunctionName] === 'function') ? webgoat.customjs[prepareDataFunctionName]() : $(curForm).serialize();
successCallbackFunction = (typeof webgoat.customjs[successCallBackFunctionName] === 'function') ? webgoat.customjs[successCallBackFunctionName] : function() {};
failureCallbackFunction = (typeof webgoat.customjs[failureCallbackFunctionName] === 'function') ? webgoat.customjs[failureCallbackFunctionName] : function() {};
//TODO: refactor back assignmentCompleted in Java //TODO: refactor back assignmentCompleted in Java
if (data.lessonCompleted || data.assignmentCompleted) { if (data.lessonCompleted || data.assignmentCompleted) {
this.markAssignmentComplete(); this.markAssignmentComplete();
successCallbackFunction(data); //data is likely not useful, except maybe the output ...
this.trigger('assignment:complete'); this.trigger('assignment:complete');
} else { } else {
this.markAssignmentIncomplete(); this.markAssignmentIncomplete(data); //again, data might be useful, especially the output
failureCallbackFunction();
} }
return false; return false;
}, },

25
webgoat-lessons/auth-bypass/src/main/resources/html/AuthBypass.html
View File

@ -20,9 +20,9 @@
<!-- modify the action to point to the intended endpoint and set other attributes as desired --> <!-- modify the action to point to the intended endpoint and set other attributes as desired -->
<script th:src="@{/lesson_js/bypass.js}" /> <script th:src="@{/lesson_js/bypass.js}" />
<form class="attack-form" accept-charset="UNKNOWN" <form class="attack-form" accept-charset="UNKNOWN" id="verify-account-form"
method="POST" name="form" method="POST" name="form"
callback="onBypassResponse" successCallback="onBypassResponse"
action="/WebGoat/auth-bypass/verify-account" action="/WebGoat/auth-bypass/verify-account"
enctype="application/json;charset=UTF-8"> enctype="application/json;charset=UTF-8">
<p>Verify Your Account by answering the questions below:</p> <p>Verify Your Account by answering the questions below:</p>
@ -40,6 +40,27 @@
<input name="submit" value="Submit" type="submit"/> <input name="submit" value="Submit" type="submit"/>
</form> </form>
<form class="attack-form" accept-charset="UNKNOWN" id="change-password-form"
method="POST" name="form"
successCallback="onBypassResponse"
action="/WebGoat/auth-bypass/verify-account"
enctype="application/json;charset=UTF-8"
style="display:none"><!-- start off hidden -->
<p>Please provide a new password for your account</p>
<p>Password:</p>
<input name="newPassword" value="" type="password" /><br/>
<p>Confirm Password:</p>
<input name="newPasswordConfirm" value="" type="password" /><br/><br />
<input type="hidden" name="userId" value="12309746" />
<input name="submit" value="Submit" type="submit"/>
</form>
<!-- do not remove the two following div's, this is where your feedback/output will land --> <!-- do not remove the two following div's, this is where your feedback/output will land -->
<!-- the attack response will include a 'feedback' and that will automatically go here --> <!-- the attack response will include a 'feedback' and that will automatically go here -->
<div class="attack-feedback"></div> <div class="attack-feedback"></div>

5
webgoat-lessons/auth-bypass/src/main/resources/js/bypass.js
View File

@ -1,7 +1,8 @@
// need custom js for this? // need custom js for this?
webgoat.customjs.onBypassResponse = function(e) { webgoat.customjs.onBypassResponse = function(data) {
console.warn("showPasswordChange fired - "+ data) webgoat.customjs.jquery('#verify-account-form').hide();
webgoat.customjs.jquery('#change-password-form').show();
} }
var onViewProfile = function () { var onViewProfile = function () {

6
webgoat-lessons/xxe/src/main/resources/html/XXE.html
View File

@ -25,7 +25,7 @@
<form class="attack-form" accept-charset="UNKNOWN" <form class="attack-form" accept-charset="UNKNOWN"
method="POST" name="form" method="POST" name="form"
prepareData="simpleXXE" prepareData="simpleXXE"
callback="simpleXXECallback" successCallback="simpleXXECallback"
contentType="application/xml" contentType="application/xml"
action="/WebGoat/xxe/simple"> action="/WebGoat/xxe/simple">
<div class="container-fluid"> <div class="container-fluid">
@ -81,7 +81,7 @@
<form class="attack-form" accept-charset="UNKNOWN" <form class="attack-form" accept-charset="UNKNOWN"
method="POST" name="form" method="POST" name="form"
prepareData="contentTypeXXE" prepareData="contentTypeXXE"
callback="contentTypeXXECallback" successCallback="contentTypeXXECallback"
action="xxe/content-type" action="xxe/content-type"
contentType="application/json"> contentType="application/json">
<div class="container-fluid"> <div class="container-fluid">
@ -146,7 +146,7 @@
<form class="attack-form" accept-charset="UNKNOWN" <form class="attack-form" accept-charset="UNKNOWN"
method="POST" name="form" method="POST" name="form"
prepareData="blindXXE" prepareData="blindXXE"
callback="blindXXECallback" successCallback="blindXXECallback"
action="/WebGoat/xxe/blind" action="/WebGoat/xxe/blind"
contentType="application/xml"> contentType="application/xml">
<div class="container-fluid"> <div class="container-fluid">