Merge pull request #220 from WebGoat/feature/169

Feature/169
2016-04-08 18:27:12 +02:00 · 2016-04-08 18:27:12 +02:00 · 407a5a810b
commit 407a5a810b
parent 46b24d72c9 015dcbde38
10 changed files with 110 additions and 63 deletions
--- a/webgoat-container/documentation/csrf-lesson.gliffy
+++ b/webgoat-container/documentation/csrf-lesson.gliffy
--- a/webgoat-container/documentation/csrf-lessons.png
+++ b/webgoat-container/documentation/csrf-lessons.png
--- a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonAdapter.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonAdapter.java
@ -250,7 +250,7 @@ public abstract class LessonAdapter extends AbstractLesson {
    protected Element makeSuccess(WebSession s) {
        getLessonTracker(s).setCompleted(true);

-        s.setMessage(getLabelManager().get("LessonCompleted"));
+        //s.setMessage(getLabelManager().get("LessonCompleted"));

        return (null);
    }
--- a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/RandomLessonAdapter.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/lessons/RandomLessonAdapter.java
@ -1,14 +1,15 @@

 package org.owasp.webgoat.lessons;

-import java.sql.Connection;
-import java.sql.SQLException;
 import org.owasp.webgoat.session.CreateDB;
 import org.owasp.webgoat.session.DatabaseUtilities;
 import org.owasp.webgoat.session.LessonTracker;
 import org.owasp.webgoat.session.RandomLessonTracker;
 import org.owasp.webgoat.session.WebSession;

+import java.sql.Connection;
+import java.sql.SQLException;
+

 /**
 * <p>Abstract RandomLessonAdapter class.</p>
@ -75,7 +76,7 @@ public abstract class RandomLessonAdapter extends LessonAdapter
        lt.setStageComplete(stage, true);
        if (lt.getCompleted())
        {
-            s.setMessage("Congratulations, you have completed this lab");
+            //s.setMessage("Congratulations, you have completed this lab");
        }
        else
        {
--- a/webgoat-container/src/main/java/org/owasp/webgoat/service/DummyService.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/service/DummyService.java
@ -1,57 +0,0 @@
-/***************************************************************************************************
- * 
- * 
- * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
- * please see http://www.owasp.org/
- * 
- * Copyright (c) 2002 - 20014 Bruce Mayhew
- * 
- * This program is free software; you can redistribute it and/or modify it under the terms of the
- * GNU General Public License as published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- * 
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
- * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- * 
- * You should have received a copy of the GNU General Public License along with this program; if
- * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
- * 
- * Getting Source ==============
- * 
- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
- * projects.
- * 
- */
-package org.owasp.webgoat.service;
-
-import java.util.ArrayList;
-import java.util.List;
-import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.ResponseBody;
-
-/**
- * <p>DummyService class.</p>
- *
- * @author rlawson
- * @version $Id: $Id
- */
-@Controller
-public class DummyService extends BaseService{
-
-    /**
-     * <p>firstNames.</p>
-     *
-     * @return a {@link java.util.List} object.
-     */
-    @RequestMapping(value = "/first.mvc", produces = "application/json")
-    public @ResponseBody
-    List<String> firstNames() {
-        List<String> test = new ArrayList<String>();
-        test.add("one");
-        test.add("two)");
-        return test;
-    }
-}
--- a/webgoat-container/src/main/java/org/owasp/webgoat/service/LessonProgressService.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/service/LessonProgressService.java
@ -0,0 +1,54 @@
+package org.owasp.webgoat.service;
+
+import com.google.common.collect.Maps;
+import org.owasp.webgoat.lessons.AbstractLesson;
+import org.owasp.webgoat.lessons.RandomLessonAdapter;
+import org.owasp.webgoat.lessons.model.LessonInfoModel;
+import org.owasp.webgoat.session.WebSession;
+import org.owasp.webgoat.util.LabelManager;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.ResponseBody;
+
+import javax.servlet.http.HttpSession;
+import java.util.Map;
+
+@Controller
+/**
+ * <p>LessonProgressService class.</p>
+ *
+ * @author webgoat
+ */
+public class LessonProgressService extends BaseService {
+
+    private static final Logger logger = LoggerFactory.getLogger(LessonMenuService.class);
+    private LabelManager labelManager;
+
+    @Autowired
+    public LessonProgressService(final LabelManager labelManager) {
+        this.labelManager = labelManager;
+    }
+
+    /**
+     * <p>LessonProgressService.</p>
+     *
+     * @param session a {@link HttpSession} object.
+     * @return a {@link LessonInfoModel} object.
+     */
+    @RequestMapping(value = "/lessonprogress.mvc", produces = "application/json")
+    @ResponseBody
+    public Map getLessonInfo(HttpSession session) {
+        WebSession webSession = getWebSession(session);
+        AbstractLesson lesson = webSession.getCurrentLesson();
+        boolean lessonCompleted = lesson.isCompleted(webSession);
+        String successMessage = lesson instanceof RandomLessonAdapter ? "Congratulations, you have completed this lab" : labelManager
+                .get("LessonCompleted");
+        Map json = Maps.newHashMap();
+        json.put("lessonCompleted", lessonCompleted);
+        json.put("successMessage", successMessage);
+        return json;
+    }
+}
--- a/webgoat-container/src/main/webapp/WEB-INF/pages/main_new.jsp
+++ b/webgoat-container/src/main/webapp/WEB-INF/pages/main_new.jsp
@ -121,6 +121,7 @@
                                </div>
                            </div>
                            <div class="col-md-12" align="left">
+                                <div id="lesson-progress" class="info"></div>
                                <div id="lesson-content-wrapper" class="panel">

                                </div>
--- a/webgoat-container/src/main/webapp/js/goatApp/controller/LessonController.js
+++ b/webgoat-container/src/main/webapp/js/goatApp/controller/LessonController.js
@ -15,7 +15,9 @@ define(['jquery',
    'goatApp/view/UserAndInfoView',
    'goatApp/view/MenuButtonView',
    'goatApp/model/LessonInfoModel',
-    'goatApp/view/TitleView'
+    'goatApp/view/TitleView',
+    'goatApp/model/LessonProgressModel',
+    'goatApp/view/LessonProgressView'
    ], 
    function($,
        _,
@ -34,13 +36,18 @@ define(['jquery',
        UserAndInfoView,
        MenuButtonView,
        LessonInfoModel,
-        TitleView
+        TitleView,
+        LessonProgressModel,
+        LessonProgressView
+
    ) {
        'use strict'
        
        
        var Controller = function(options) {
            this.lessonContent = new LessonContentModel();
+            this.lessonProgressModel = new LessonProgressModel();
+            this.lessonProgressView = new LessonProgressView(this.lessonProgressModel);
            this.lessonView = options.lessonView;

            _.extend(Controller.prototype,Backbone.Events);
@ -127,6 +134,7 @@ define(['jquery',
                    $('.lesson-help').hide();
                }
                this.trigger('menu:reload');
+                this.lessonProgressModel.completed();
            };

            this.addCurHelpState = function (curHelp) {
--- a/webgoat-container/src/main/webapp/js/goatApp/model/LessonProgressModel.js
+++ b/webgoat-container/src/main/webapp/js/goatApp/model/LessonProgressModel.js
@ -0,0 +1,13 @@
+define(['jquery',
+        'underscore',
+        'backbone'],
+    function ($,
+              _,
+              Backbone) {
+        return Backbone.Model.extend({
+            url: 'service/lessonprogress.mvc',
+            completed: function () {
+                this.fetch();
+            }
+        });
+    });
--- a/webgoat-container/src/main/webapp/js/goatApp/view/LessonProgressView.js
+++ b/webgoat-container/src/main/webapp/js/goatApp/view/LessonProgressView.js
@ -0,0 +1,26 @@
+define(['jquery',
+        'underscore',
+        'backbone',
+        'goatApp/model/LessonProgressModel'],
+    function ($,
+              _,
+              Backbone,
+              LessonProgressModel) {
+        return Backbone.View.extend({
+            el: '#lesson-progress',
+            initialize: function (lessonProgressModel) {
+                this.model = lessonProgressModel;
+
+                if (this.model) {
+                    this.listenTo(this.model, 'change', this.render);
+                }
+            },
+            render: function () {
+                if (this.model.get("lessonCompleted")) {
+                    this.$el.html(this.model.get('successMessage'));
+                } else {
+                    this.$el.html("");
+                }
+            }
+        });
+    });