dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Travis now builds Docker and create a Github release.

Browse Source 
Removed ActiveMQ between WebGoat and WebWolf they now act as standalone applications
This commit is contained in:
Nanne Baars
2017-10-13 23:30:22 +02:00
parent 50543a9b55
commit 3ee1a1ca16
43 changed files with 291 additions and 453 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/Email.java Normal file
View File

@ -0,0 +1,22 @@
package org.owasp.webgoat.plugin;
import lombok.Builder;
import lombok.Data;
import java.io.Serializable;
import java.time.LocalDateTime;
/**
* @author nbaars
* @since 8/20/17.
*/
@Builder
@Data
public class Email implements Serializable {
private LocalDateTime time;
private String contents;
private String sender;
private String title;
private String recipient;
}

13
webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge7/Assignment7.java
View File

@ -5,16 +5,17 @@ import lombok.extern.slf4j.Slf4j;
import org.owasp.webgoat.assignments.AssignmentEndpoint;
import org.owasp.webgoat.assignments.AssignmentPath;
import org.owasp.webgoat.assignments.AttackResult;
import org.owasp.webgoat.mail.IncomingMailEvent;
import org.owasp.webgoat.plugin.Email;
import org.owasp.webgoat.plugin.SolutionConstants;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.io.ClassPathResource;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.jms.core.JmsTemplate;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.client.RestTemplate;
import javax.servlet.http.HttpServletRequest;
import java.net.URI;
@ -43,7 +44,9 @@ public class Assignment7 extends AssignmentEndpoint {
"Kind regards, \nTeam WebGoat";
@Autowired
private JmsTemplate jmsTemplate;
private RestTemplate restTemplate;
@Value("${webworf.url.mail}")
private String webWolfMailURL;
@GetMapping("/reset-password/{link}")
public ResponseEntity<String> resetPassword(@PathVariable(value = "link") String link) {
@ -62,13 +65,13 @@ public class Assignment7 extends AssignmentEndpoint {
String username = email.substring(0, email.indexOf("@"));
if (StringUtils.hasText(username)) {
URI uri = new URI(request.getRequestURL().toString());
IncomingMailEvent mail = IncomingMailEvent.builder()
Email mail = Email.builder()
.title("Your password reset link for challenge 7")
.contents(String.format(TEMPLATE, uri.getScheme() + "://" + uri.getHost(), new PasswordResetLink().createPasswordReset(username, "webgoat")))
.sender("password-reset@webgoat-cloud.net")
.recipient(username)
.time(LocalDateTime.now()).build();
jmsTemplate.convertAndSend("mailbox", mail);
restTemplate.postForEntity(webWolfMailURL, mail, Object.class);
}
}
return success().feedback("email.send").feedbackArgs(email).build();

12
webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge9/Assignment9.java
View File

@ -7,14 +7,14 @@ import lombok.extern.slf4j.Slf4j;
import org.owasp.webgoat.assignments.AssignmentEndpoint;
import org.owasp.webgoat.assignments.AssignmentPath;
import org.owasp.webgoat.assignments.AttackResult;
import org.owasp.webgoat.mail.IncomingMailEvent;
import org.owasp.webgoat.plugin.Email;
import org.owasp.webgoat.users.UserRepository;
import org.owasp.webgoat.users.WebGoatUser;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.jms.core.JmsTemplate;
import org.springframework.ui.Model;
import org.springframework.util.StringUtils;
import org.springframework.validation.BindingResult;
@ -53,9 +53,11 @@ public class Assignment9 extends AssignmentEndpoint {
"Kind regards, \nTeam WebGoat";
@Autowired
private JmsTemplate jmsTemplate;
private RestTemplate restTemplate;
@Autowired
private UserRepository userRepository;
@Value("${webwolf.url}")
private String webWolfURL;
@RequestMapping(method = POST, value = "/create-password-reset-link")
@ResponseBody
@ -79,13 +81,13 @@ public class Assignment9 extends AssignmentEndpoint {
WebGoatUser webGoatUser = userRepository.findByUsername(email.substring(0, email.indexOf("@")));
if (webGoatUser != null) {
username = webGoatUser.getUsername();
IncomingMailEvent mail = IncomingMailEvent.builder()
Email mail = Email.builder()
.title("Your password reset link for challenge 9")
.contents(String.format(TEMPLATE, host, resetLink))
.sender("password-reset@webgoat-cloud.net")
.recipient(username)
.time(LocalDateTime.now()).build();
jmsTemplate.convertAndSend("mailbox", mail);
restTemplate.postForEntity(webWolfURL + "/WebWolf/mail", mail, Object.class);
}
}