adjusted WebWolfMacro
This commit is contained in:
committed by
Nanne Baars
parent
b6aa677594
commit
59076fc9ef
@ -38,14 +38,23 @@ public class WebWolfMacro extends InlineMacroProcessor {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Look at the remote address from received from the browser first. This way it will also work if you run
|
* Determine the host from the hostname and ports that were used.
|
||||||
* the browser in a Docker container and WebGoat on your local machine.
|
* The purpose is to make it possible to use the application behind a reverse proxy. For instance in the docker
|
||||||
|
* compose/stack version with webgoat webwolf and nginx proxy.
|
||||||
|
* You do not have to use the indicated hostname, but if you do, you should define two hosts aliases
|
||||||
|
* 127.0.0.1 www.webgoat.local www.webwolf.locaal
|
||||||
*/
|
*/
|
||||||
private String determineHost(String host, String port) {
|
private String determineHost(String host, String port) {
|
||||||
HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes()).getRequest();
|
HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes()).getRequest();
|
||||||
String ip = request.getRemoteAddr();
|
host = request.getHeader("Host");
|
||||||
String hostname = StringUtils.hasText(ip) ? ip : host;
|
int semicolonIndex = host.indexOf(":");
|
||||||
return "http://" + hostname + ":" + port + (includeWebWolfContext() ? "/WebWolf" : "");
|
if (semicolonIndex==-1 || host.endsWith(":80")) {
|
||||||
|
host = host.replace(":80", "").replace("www.webgoat.local", "www.webwolf.local");
|
||||||
|
} else {
|
||||||
|
host = host.substring(0, semicolonIndex);
|
||||||
|
host = host.concat(":").concat(port);
|
||||||
|
}
|
||||||
|
return "http://" + host + (includeWebWolfContext() ? "/WebWolf" : "");
|
||||||
}
|
}
|
||||||
|
|
||||||
protected boolean includeWebWolfContext() {
|
protected boolean includeWebWolfContext() {
|
||||||
|
@ -22,8 +22,19 @@ public abstract class IntegrationTest {
|
|||||||
|
|
||||||
protected static int WG_PORT = 8080;
|
protected static int WG_PORT = 8080;
|
||||||
protected static int WW_PORT = 9090;
|
protected static int WW_PORT = 9090;
|
||||||
private static String WEBGOAT_URL = "http://127.0.0.1:" + WG_PORT + "/WebGoat/";
|
private static String WEBGOAT_HOSTNAME = "127.0.0.1";//"www.webgoat.local";
|
||||||
private static String WEBWOLF_URL = "http://127.0.0.1:" + WW_PORT + "/";
|
private static String WEBWOLF_HOSTNAME = "127.0.0.1";//"www.webwolf.local";
|
||||||
|
|
||||||
|
/*
|
||||||
|
* To test docker compose/stack solution:
|
||||||
|
* add localhost settings in hosts file: 127.0.0.1 www.webgoat.local www.webwolf.local
|
||||||
|
* Then set the above values to the specified host names and set the port to 80
|
||||||
|
*/
|
||||||
|
|
||||||
|
private static String WEBGOAT_HOSTHEADER = WEBGOAT_HOSTNAME +":"+WG_PORT;
|
||||||
|
private static String WEBWOLF_HOSTHEADER = WEBWOLF_HOSTNAME +":"+WW_PORT;
|
||||||
|
private static String WEBGOAT_URL = "http://" + WEBGOAT_HOSTHEADER + "/WebGoat/";
|
||||||
|
private static String WEBWOLF_URL = "http://" + WEBWOLF_HOSTHEADER + "/";
|
||||||
private static boolean WG_SSL = false;//enable this if you want to run the test on ssl
|
private static boolean WG_SSL = false;//enable this if you want to run the test on ssl
|
||||||
|
|
||||||
@Getter
|
@Getter
|
||||||
@ -178,6 +189,7 @@ public abstract class IntegrationTest {
|
|||||||
.formParams(params)
|
.formParams(params)
|
||||||
.post(url)
|
.post(url)
|
||||||
.then()
|
.then()
|
||||||
|
.log().all()
|
||||||
.statusCode(200)
|
.statusCode(200)
|
||||||
.extract().path("lessonCompleted"), CoreMatchers.is(expectedResult));
|
.extract().path("lessonCompleted"), CoreMatchers.is(expectedResult));
|
||||||
}
|
}
|
||||||
@ -277,6 +289,14 @@ public abstract class IntegrationTest {
|
|||||||
result = result.replace("%20", " ");
|
result = result.replace("%20", " ");
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* In order to facilitate tests with
|
||||||
|
* @return
|
||||||
|
*/
|
||||||
|
public String getWebWolfHostHeader() {
|
||||||
|
return WEBWOLF_HOSTHEADER;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -46,6 +46,7 @@ public class PasswordResetLessonTest extends IntegrationTest {
|
|||||||
.formParams("resetLink", link, "password", "123456")
|
.formParams("resetLink", link, "password", "123456")
|
||||||
.post(url("PasswordReset/reset/change-password"))
|
.post(url("PasswordReset/reset/change-password"))
|
||||||
.then()
|
.then()
|
||||||
|
.log().all()
|
||||||
.statusCode(200);
|
.statusCode(200);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -56,6 +57,7 @@ public class PasswordResetLessonTest extends IntegrationTest {
|
|||||||
.cookie("WEBWOLFSESSION", getWebWolfCookie())
|
.cookie("WEBWOLFSESSION", getWebWolfCookie())
|
||||||
.get(webWolfUrl("WebWolf/requests"))
|
.get(webWolfUrl("WebWolf/requests"))
|
||||||
.then()
|
.then()
|
||||||
|
.log().all()
|
||||||
.extract().response().getBody().asString();
|
.extract().response().getBody().asString();
|
||||||
int startIndex = responseBody.lastIndexOf("/PasswordReset/reset/reset-password/");
|
int startIndex = responseBody.lastIndexOf("/PasswordReset/reset/reset-password/");
|
||||||
var link = responseBody.substring(startIndex + "/PasswordReset/reset/reset-password/".length(), responseBody.indexOf(",", startIndex) - 1);
|
var link = responseBody.substring(startIndex + "/PasswordReset/reset/reset-password/".length(), responseBody.indexOf(",", startIndex) - 1);
|
||||||
@ -65,7 +67,7 @@ public class PasswordResetLessonTest extends IntegrationTest {
|
|||||||
private void clickForgotEmailLink(String user) {
|
private void clickForgotEmailLink(String user) {
|
||||||
RestAssured.given()
|
RestAssured.given()
|
||||||
.when()
|
.when()
|
||||||
.header("host", "localhost:9090")
|
.header("host", getWebWolfHostHeader())
|
||||||
.relaxedHTTPSValidation()
|
.relaxedHTTPSValidation()
|
||||||
.cookie("JSESSIONID", getWebGoatCookie())
|
.cookie("JSESSIONID", getWebGoatCookie())
|
||||||
.formParams("email", user)
|
.formParams("email", user)
|
||||||
|
Reference in New Issue
Block a user