- Introduced user registration

- Now using Spring Boot for classloading, this way local development does not need to restart the complete server
- Fixed all kinds of dependencies on the names of the lessons necessary to keep in mind during the creation of a lesson.
- Simplied loading of resources, by adding resource mappings in MvcConfig.
- Refactored plugin loading, now only one class is left for loading the lessons.

webgoat-container/src/main/java/org/owasp/webgoat/users/RegistrationController.java

@@ -0,0 +1,61 @@
+package org.owasp.webgoat.users;
+
+import lombok.AllArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.owasp.webgoat.session.WebGoatUser;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Controller;
+import org.springframework.validation.BindingResult;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.ModelAttribute;
+import org.springframework.web.bind.annotation.PostMapping;
+
+import javax.validation.Valid;
+
+/**
+ * @author nbaars
+ * @since 3/19/17.
+ */
+@Controller
+@AllArgsConstructor
+@Slf4j
+public class RegistrationController {
+
+    private UserValidator userValidator;
+    private UserService userService;
+    private AuthenticationManager authenticationManager;
+
+    @GetMapping("/registration")
+    public String showForm(UserForm userForm) {
+        return "registration";
+    }
+
+    @PostMapping("/register.mvc")
+    public String registration(@ModelAttribute("userForm") @Valid UserForm userForm, BindingResult bindingResult) {
+        userValidator.validate(userForm, bindingResult);
+
+        if (bindingResult.hasErrors()) {
+            return "registration";
+        }
+        userService.addUser(userForm.getUsername(), userForm.getPassword());
+        autologin(userForm.getUsername(), userForm.getPassword());
+
+        return "redirect:/attack";
+    }
+
+    private void autologin(String username, String password) {
+        WebGoatUser user = userService.loadUserByUsername(username);
+        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(user, password, user.getAuthorities());
+
+        authenticationManager.authenticate(usernamePasswordAuthenticationToken);
+
+        if (usernamePasswordAuthenticationToken.isAuthenticated()) {
+            SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
+            log.debug("Login for {} successfully!", username);
+        }
+    }
+
+
+}

webgoat-container/src/main/java/org/owasp/webgoat/users/UserForm.java

@@ -0,0 +1,28 @@
+package org.owasp.webgoat.users;
+
+import lombok.Getter;
+import lombok.Setter;
+
+import javax.validation.constraints.NotNull;
+import javax.validation.constraints.Size;
+
+/**
+ * @author nbaars
+ * @since 3/19/17.
+ */
+@Getter
+@Setter
+public class UserForm {
+
+    @NotNull
+    @Size(min=6, max=10)
+    private String username;
+    @NotNull
+    @Size(min=6, max=10)
+    private String password;
+    @NotNull
+    @Size(min=6, max=10)
+    private String matchingPassword;
+    @NotNull
+    private String agree;
+}

webgoat-container/src/main/java/org/owasp/webgoat/users/UserRepository.java

@@ -0,0 +1,13 @@
+package org.owasp.webgoat.users;
+
+import org.owasp.webgoat.session.WebGoatUser;
+import org.springframework.data.repository.CrudRepository;
+
+/**
+ * @author nbaars
+ * @since 3/19/17.
+ */
+public interface UserRepository extends CrudRepository<WebGoatUser, Long> {
+
+    WebGoatUser findByUsername(String username);
+}

webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java

@@ -0,0 +1,29 @@
+package org.owasp.webgoat.users;
+
+import lombok.AllArgsConstructor;
+import org.owasp.webgoat.session.WebGoatUser;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.stereotype.Service;
+
+/**
+ * @author nbaars
+ * @since 3/19/17.
+ */
+@Service
+@AllArgsConstructor
+public class UserService implements UserDetailsService {
+
+    private final UserRepository userRepository;
+
+    @Override
+    public WebGoatUser loadUserByUsername(String username) throws UsernameNotFoundException {
+        WebGoatUser webGoatUser = userRepository.findByUsername(username);
+        webGoatUser.createUser();
+        return webGoatUser;
+    }
+
+    public void addUser(String username, String password) {
+        userRepository.save(new WebGoatUser(username, password));
+    }
+}

webgoat-container/src/main/java/org/owasp/webgoat/users/UserValidator.java

@@ -0,0 +1,34 @@
+package org.owasp.webgoat.users;
+
+import org.springframework.stereotype.Component;
+import org.springframework.validation.Errors;
+import org.springframework.validation.Validator;
+
+/**
+ * @author nbaars
+ * @since 3/19/17.
+ */
+@Component
+public class UserValidator implements Validator {
+
+//    @Autowired
+//    private UserService userService;
+
+    @Override
+    public boolean supports(Class<?> aClass) {
+        return UserForm.class.equals(aClass);
+    }
+
+    @Override
+    public void validate(Object o, Errors errors) {
+        UserForm userForm = (UserForm) o;
+
+//        if (userService.findByUsername(userForm.getUsername()) != null) {
+//            errors.rejectValue("username", "Duplicate.userForm.username");
+//        }
+
+        if (!userForm.getMatchingPassword().equals(userForm.getPassword())) {
+            errors.rejectValue("matchingPassword", "password.diff");
+        }
+    }
+}