diff --git a/webgoat-container/documentation/csrf-lesson.gliffy b/webgoat-container/documentation/csrf-lesson.gliffy new file mode 100644 index 000000000..364f3802f --- /dev/null +++ b/webgoat-container/documentation/csrf-lesson.gliffy @@ -0,0 +1 @@ +{"contentType":"application/gliffy+json","version":"1.1","metadata":{"title":"untitled","revision":0,"exportBorder":false},"embeddedResources":{"index":0,"resources":[]},"stage":{"objects":[{"x":201,"y":233,"rotation":0,"id":22,"uid":"com.gliffy.shape.basic.basic_v1.default.line","width":100,"height":100,"lockAspectRatio":false,"lockShape":false,"order":22,"graphic":{"type":"Line","Line":{"strokeWidth":2,"strokeColor":"#000000","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":1,"startArrowRotation":"auto","endArrowRotation":"auto","ortho":false,"interpolationType":"linear","cornerRadius":null,"controlPath":[[0,0],[301.0066444449358,0]],"lockSegments":{}}},"children":[{"x":0,"y":0,"rotation":0,"id":24,"uid":null,"width":118,"height":14,"lockAspectRatio":false,"lockShape":false,"order":"auto","graphic":{"type":"Text","Text":{"tid":null,"valign":"middle","overflow":"both","vposition":"none","hposition":"none","html":"

images gets reloaded

","paddingLeft":2,"paddingRight":2,"paddingBottom":2,"paddingTop":2}},"children":null}],"linkMap":[]},{"x":499,"y":200,"rotation":0,"id":18,"uid":"com.gliffy.shape.basic.basic_v1.default.line","width":100,"height":100,"lockAspectRatio":false,"lockShape":false,"order":18,"graphic":{"type":"Line","Line":{"strokeWidth":2,"strokeColor":"#000000","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":1,"startArrowRotation":"auto","endArrowRotation":"auto","ortho":false,"interpolationType":"linear","cornerRadius":null,"controlPath":[[0,0],[-304.00164473239283,-1.1368683772161603e-13]],"lockSegments":{}}},"children":[{"x":0,"y":0,"rotation":0,"id":19,"uid":null,"width":132,"height":14,"lockAspectRatio":false,"lockShape":false,"order":"auto","graphic":{"type":"Text","Text":{"tid":null,"valign":"middle","overflow":"both","vposition":"none","hposition":"none","html":"

Message gets displayed

","paddingLeft":2,"paddingRight":2,"paddingBottom":2,"paddingTop":2}},"children":null}],"linkMap":[]},{"x":204,"y":174,"rotation":0,"id":15,"uid":"com.gliffy.shape.basic.basic_v1.default.line","width":100,"height":100,"lockAspectRatio":false,"lockShape":false,"order":15,"graphic":{"type":"Line","Line":{"strokeWidth":2,"strokeColor":"#000000","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":1,"startArrowRotation":"auto","endArrowRotation":"auto","ortho":false,"interpolationType":"linear","cornerRadius":null,"controlPath":[[-4.000000000000028,-0.8629150101523919],[296,-0.8629150101523919]],"lockSegments":{}}},"children":[{"x":0,"y":0,"rotation":0,"id":16,"uid":null,"width":112,"height":14,"lockAspectRatio":false,"lockShape":false,"order":"auto","graphic":{"type":"Text","Text":{"tid":null,"valign":"middle","overflow":"both","vposition":"none","hposition":"none","html":"

User clicks message

","paddingLeft":2,"paddingRight":2,"paddingBottom":2,"paddingTop":2}},"children":null}],"linkMap":[]},{"x":499,"y":137,"rotation":0,"id":11,"uid":"com.gliffy.shape.basic.basic_v1.default.line","width":100,"height":100,"lockAspectRatio":false,"lockShape":false,"order":11,"graphic":{"type":"Line","Line":{"strokeWidth":2,"strokeColor":"#000000","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":1,"startArrowRotation":"auto","endArrowRotation":"auto","ortho":false,"interpolationType":"linear","cornerRadius":null,"controlPath":[[1,3],[-299,3]],"lockSegments":{}}},"children":[{"x":0,"y":0,"rotation":0,"id":14,"uid":null,"width":133,"height":14,"lockAspectRatio":false,"lockShape":false,"order":"auto","graphic":{"type":"Text","Text":{"tid":null,"valign":"middle","overflow":"both","vposition":"none","hposition":"none","html":"

Messages are displayed

","paddingLeft":2,"paddingRight":2,"paddingBottom":2,"paddingTop":2}},"children":null}],"linkMap":[]},{"x":205,"y":119,"rotation":0,"id":7,"uid":"com.gliffy.shape.basic.basic_v1.default.line","width":100,"height":100,"lockAspectRatio":false,"lockShape":false,"order":7,"graphic":{"type":"Line","Line":{"strokeWidth":2,"strokeColor":"#000000","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":1,"startArrowRotation":"auto","endArrowRotation":"auto","ortho":false,"interpolationType":"linear","cornerRadius":null,"controlPath":[[-5,-2.137084989847608],[295,-2.137084989847608]],"lockSegments":{}}},"children":[{"x":0,"y":0,"rotation":0,"id":10,"uid":null,"width":117,"height":14,"lockAspectRatio":false,"lockShape":false,"order":"auto","graphic":{"type":"Text","Text":{"tid":null,"valign":"middle","overflow":"both","vposition":"none","hposition":"none","html":"

Users types message

","paddingLeft":2,"paddingRight":2,"paddingBottom":2,"paddingTop":2}},"children":null}],"linkMap":[]},{"x":40,"y":90,"rotation":0,"id":0,"uid":"com.gliffy.shape.basic.basic_v1.default.square","width":160,"height":160,"lockAspectRatio":true,"lockShape":false,"order":0,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":2,"strokeColor":"#333333","fillColor":"#FFFFFF","gradient":false,"dropShadow":false,"state":0,"shadowX":0,"shadowY":0,"opacity":1}},"children":[{"x":2,"y":0,"rotation":0,"id":5,"uid":null,"width":156,"height":14,"lockAspectRatio":false,"lockShape":false,"order":"auto","graphic":{"type":"Text","Text":{"tid":null,"valign":"middle","overflow":"none","vposition":"none","hposition":"none","html":"

CSRF-Lesson

","paddingLeft":2,"paddingRight":2,"paddingBottom":2,"paddingTop":2}},"children":null}],"linkMap":[]},{"x":500,"y":90,"rotation":0,"id":4,"uid":"com.gliffy.shape.basic.basic_v1.default.square","width":160,"height":160,"lockAspectRatio":true,"lockShape":false,"order":1,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":2,"strokeColor":"#333333","fillColor":"#FFFFFF","gradient":false,"dropShadow":false,"state":0,"shadowX":0,"shadowY":0,"opacity":1}},"children":[{"x":2,"y":0,"rotation":0,"id":6,"uid":null,"width":156,"height":14,"lockAspectRatio":false,"lockShape":false,"order":"auto","graphic":{"type":"Text","Text":{"tid":null,"valign":"middle","overflow":"none","vposition":"none","hposition":"none","html":"

WebGoat-Server

","paddingLeft":2,"paddingRight":2,"paddingBottom":2,"paddingTop":2}},"children":null}],"linkMap":[]}],"background":"#FFFFFF","width":660,"height":250,"maxWidth":5000,"maxHeight":5000,"nodeIndex":25,"autoFit":true,"exportBorder":false,"gridOn":true,"snapToGrid":true,"drawingGuidesOn":true,"pageBreaksOn":false,"printGridOn":false,"printPaper":"LETTER","printShrinkToFit":false,"printPortrait":true,"shapeStyles":{"com.gliffy.shape.basic.basic_v1.default":{"fill":"#FFFFFF","stroke":"#333333","strokeWidth":2}},"lineStyles":{"global":{"endArrow":1}},"textStyles":{},"themeData":null}} \ No newline at end of file diff --git a/webgoat-container/documentation/csrf-lessons.png b/webgoat-container/documentation/csrf-lessons.png new file mode 100644 index 000000000..6360d337d Binary files /dev/null and b/webgoat-container/documentation/csrf-lessons.png differ diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonAdapter.java b/webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonAdapter.java index 2f3bf9d11..cf64c520b 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonAdapter.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonAdapter.java @@ -250,7 +250,7 @@ public abstract class LessonAdapter extends AbstractLesson { protected Element makeSuccess(WebSession s) { getLessonTracker(s).setCompleted(true); - s.setMessage(getLabelManager().get("LessonCompleted")); + //s.setMessage(getLabelManager().get("LessonCompleted")); return (null); } diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/RandomLessonAdapter.java b/webgoat-container/src/main/java/org/owasp/webgoat/lessons/RandomLessonAdapter.java index 97f222fb2..e4a815f1c 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/RandomLessonAdapter.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/lessons/RandomLessonAdapter.java @@ -1,14 +1,15 @@ package org.owasp.webgoat.lessons; -import java.sql.Connection; -import java.sql.SQLException; import org.owasp.webgoat.session.CreateDB; import org.owasp.webgoat.session.DatabaseUtilities; import org.owasp.webgoat.session.LessonTracker; import org.owasp.webgoat.session.RandomLessonTracker; import org.owasp.webgoat.session.WebSession; +import java.sql.Connection; +import java.sql.SQLException; + /** *

Abstract RandomLessonAdapter class.

@@ -75,7 +76,7 @@ public abstract class RandomLessonAdapter extends LessonAdapter lt.setStageComplete(stage, true); if (lt.getCompleted()) { - s.setMessage("Congratulations, you have completed this lab"); + //s.setMessage("Congratulations, you have completed this lab"); } else { diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/service/DummyService.java b/webgoat-container/src/main/java/org/owasp/webgoat/service/DummyService.java deleted file mode 100644 index 61dfaba8a..000000000 --- a/webgoat-container/src/main/java/org/owasp/webgoat/service/DummyService.java +++ /dev/null @@ -1,57 +0,0 @@ -/*************************************************************************************************** - * - * - * This file is part of WebGoat, an Open Web Application Security Project utility. For details, - * please see http://www.owasp.org/ - * - * Copyright (c) 2002 - 20014 Bruce Mayhew - * - * This program is free software; you can redistribute it and/or modify it under the terms of the - * GNU General Public License as published by the Free Software Foundation; either version 2 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without - * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public License along with this program; if - * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA - * 02111-1307, USA. - * - * Getting Source ============== - * - * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software - * projects. - * - */ -package org.owasp.webgoat.service; - -import java.util.ArrayList; -import java.util.List; -import org.springframework.stereotype.Controller; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.ResponseBody; - -/** - *

DummyService class.

- * - * @author rlawson - * @version $Id: $Id - */ -@Controller -public class DummyService extends BaseService{ - - /** - *

firstNames.

- * - * @return a {@link java.util.List} object. - */ - @RequestMapping(value = "/first.mvc", produces = "application/json") - public @ResponseBody - List firstNames() { - List test = new ArrayList(); - test.add("one"); - test.add("two)"); - return test; - } -} diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/service/LessonProgressService.java b/webgoat-container/src/main/java/org/owasp/webgoat/service/LessonProgressService.java new file mode 100644 index 000000000..23701894d --- /dev/null +++ b/webgoat-container/src/main/java/org/owasp/webgoat/service/LessonProgressService.java @@ -0,0 +1,54 @@ +package org.owasp.webgoat.service; + +import com.google.common.collect.Maps; +import org.owasp.webgoat.lessons.AbstractLesson; +import org.owasp.webgoat.lessons.RandomLessonAdapter; +import org.owasp.webgoat.lessons.model.LessonInfoModel; +import org.owasp.webgoat.session.WebSession; +import org.owasp.webgoat.util.LabelManager; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.ResponseBody; + +import javax.servlet.http.HttpSession; +import java.util.Map; + +@Controller +/** + *

LessonProgressService class.

+ * + * @author webgoat + */ +public class LessonProgressService extends BaseService { + + private static final Logger logger = LoggerFactory.getLogger(LessonMenuService.class); + private LabelManager labelManager; + + @Autowired + public LessonProgressService(final LabelManager labelManager) { + this.labelManager = labelManager; + } + + /** + *

LessonProgressService.

+ * + * @param session a {@link HttpSession} object. + * @return a {@link LessonInfoModel} object. + */ + @RequestMapping(value = "/lessonprogress.mvc", produces = "application/json") + @ResponseBody + public Map getLessonInfo(HttpSession session) { + WebSession webSession = getWebSession(session); + AbstractLesson lesson = webSession.getCurrentLesson(); + boolean lessonCompleted = lesson.isCompleted(webSession); + String successMessage = lesson instanceof RandomLessonAdapter ? "Congratulations, you have completed this lab" : labelManager + .get("LessonCompleted"); + Map json = Maps.newHashMap(); + json.put("lessonCompleted", lessonCompleted); + json.put("successMessage", successMessage); + return json; + } +} diff --git a/webgoat-container/src/main/webapp/WEB-INF/pages/main_new.jsp b/webgoat-container/src/main/webapp/WEB-INF/pages/main_new.jsp index 990737a3e..356706e1b 100644 --- a/webgoat-container/src/main/webapp/WEB-INF/pages/main_new.jsp +++ b/webgoat-container/src/main/webapp/WEB-INF/pages/main_new.jsp @@ -121,6 +121,7 @@
+
diff --git a/webgoat-container/src/main/webapp/js/goatApp/controller/LessonController.js b/webgoat-container/src/main/webapp/js/goatApp/controller/LessonController.js index 43964bbe4..06440f32a 100644 --- a/webgoat-container/src/main/webapp/js/goatApp/controller/LessonController.js +++ b/webgoat-container/src/main/webapp/js/goatApp/controller/LessonController.js @@ -15,7 +15,9 @@ define(['jquery', 'goatApp/view/UserAndInfoView', 'goatApp/view/MenuButtonView', 'goatApp/model/LessonInfoModel', - 'goatApp/view/TitleView' + 'goatApp/view/TitleView', + 'goatApp/model/LessonProgressModel', + 'goatApp/view/LessonProgressView' ], function($, _, @@ -34,13 +36,18 @@ define(['jquery', UserAndInfoView, MenuButtonView, LessonInfoModel, - TitleView + TitleView, + LessonProgressModel, + LessonProgressView + ) { 'use strict' var Controller = function(options) { this.lessonContent = new LessonContentModel(); + this.lessonProgressModel = new LessonProgressModel(); + this.lessonProgressView = new LessonProgressView(this.lessonProgressModel); this.lessonView = options.lessonView; _.extend(Controller.prototype,Backbone.Events); @@ -127,6 +134,7 @@ define(['jquery', $('.lesson-help').hide(); } this.trigger('menu:reload'); + this.lessonProgressModel.completed(); }; this.addCurHelpState = function (curHelp) { diff --git a/webgoat-container/src/main/webapp/js/goatApp/model/LessonProgressModel.js b/webgoat-container/src/main/webapp/js/goatApp/model/LessonProgressModel.js new file mode 100644 index 000000000..2582583ac --- /dev/null +++ b/webgoat-container/src/main/webapp/js/goatApp/model/LessonProgressModel.js @@ -0,0 +1,13 @@ +define(['jquery', + 'underscore', + 'backbone'], + function ($, + _, + Backbone) { + return Backbone.Model.extend({ + url: 'service/lessonprogress.mvc', + completed: function () { + this.fetch(); + } + }); + }); \ No newline at end of file diff --git a/webgoat-container/src/main/webapp/js/goatApp/view/LessonProgressView.js b/webgoat-container/src/main/webapp/js/goatApp/view/LessonProgressView.js new file mode 100644 index 000000000..0c3e892b1 --- /dev/null +++ b/webgoat-container/src/main/webapp/js/goatApp/view/LessonProgressView.js @@ -0,0 +1,26 @@ +define(['jquery', + 'underscore', + 'backbone', + 'goatApp/model/LessonProgressModel'], + function ($, + _, + Backbone, + LessonProgressModel) { + return Backbone.View.extend({ + el: '#lesson-progress', + initialize: function (lessonProgressModel) { + this.model = lessonProgressModel; + + if (this.model) { + this.listenTo(this.model, 'change', this.render); + } + }, + render: function () { + if (this.model.get("lessonCompleted")) { + this.$el.html(this.model.get('successMessage')); + } else { + this.$el.html(""); + } + } + }); + }); \ No newline at end of file