working version with fixed link and GET for tracing purposes (#677)

* working version with fixed link and GET for tracing purposes * added integration test * filter on request log
2019-10-09 09:58:35 +02:00
parent aee4b74202
commit 18d43f16d3
11 changed files with 107 additions and 16 deletions
--- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/WebWolfTest.java
+++ b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/WebWolfTest.java
@ -0,0 +1,72 @@
+package org.owasp.webgoat;
+
+import static org.junit.Assert.assertTrue;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.junit.Test;
+
+import io.restassured.RestAssured;
+
+public class WebWolfTest extends IntegrationTest {
+    
+    @Test
+    public void runTests() throws IOException {
+        startLesson("WebWolfIntroduction");
+        
+        //Assignment 3
+        Map<String, Object> params = new HashMap<>();
+        params.clear();
+        params.put("email", getWebgoatUser()+"@webgoat.org");
+        checkAssignment(url("/WebGoat/WebWolf/mail/send"), params, false);
+        
+        String responseBody = RestAssured.given()
+                .when()
+                .relaxedHTTPSValidation()
+                .cookie("WEBWOLFSESSION", getWebWolfCookie())
+                .get(webWolfUrl("/WebWolf/mail"))
+                .then()
+                .extract().response().getBody().asString();
+        
+        String uniqueCode = responseBody.replace("%20", " ");
+        uniqueCode = uniqueCode.substring(21+uniqueCode.lastIndexOf("your unique code is: "),uniqueCode.lastIndexOf("your unique code is: ")+(21+getWebgoatUser().length()));
+        params.clear();
+        params.put("uniqueCode", uniqueCode);
+        checkAssignment(url("/WebGoat/WebWolf/mail"), params, true);
+        
+        //Assignment 4
+        RestAssured.given()
+                        .when()
+                        .relaxedHTTPSValidation()
+                        .cookie("JSESSIONID", getWebGoatCookie())   
+                        .queryParams(params)
+                        .get(url("/WebGoat/WebWolf/landing/password-reset"))                        
+                        .then()
+                        .statusCode(200);
+        RestAssured.given()
+        .when()
+        .relaxedHTTPSValidation()
+        .cookie("WEBWOLFSESSION", getWebWolfCookie())
+        .queryParams(params)
+        .get(webWolfUrl("/landing"))                        
+        .then()
+        .statusCode(200);
+        responseBody = RestAssured.given()
+                .when()
+                .relaxedHTTPSValidation()
+                .cookie("WEBWOLFSESSION", getWebWolfCookie())
+                .get(webWolfUrl("/WebWolf/requests"))
+                .then()
+                .extract().response().getBody().asString();
+        assertTrue(responseBody.contains(uniqueCode));
+        params.clear();
+        params.put("uniqueCode", uniqueCode);
+        checkAssignment(url("/WebGoat/WebWolf/landing"), params, true);
+        
+        checkResults("/WebWolf");
+        
+    }
+    
+}