dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

final tests and fixed the issue of getting the name of the loggedinuser

Browse Source
This commit is contained in:
Rene Zubcevic
2019-10-14 21:14:18 +02:00
committed by Nanne Baars
parent 00873cfe3f
commit 6dc679e7b8
2 changed files with 82 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRFLogin.java
View File

@ -22,9 +22,10 @@
package org.owasp.webgoat.csrf;
import javax.servlet.http.HttpServletRequest;
import org.owasp.webgoat.assignments.AssignmentEndpoint;
import org.owasp.webgoat.assignments.AssignmentHints;
import org.owasp.webgoat.assignments.AssignmentPath;
import org.owasp.webgoat.assignments.AttackResult;
import org.owasp.webgoat.users.UserTracker;
import org.owasp.webgoat.users.UserTrackerRepository;
@ -46,8 +47,8 @@ public class CSRFLogin extends AssignmentEndpoint {
@PostMapping(path = "/csrf/login", produces = {"application/json"})
@ResponseBody
public AttackResult completed() {
String userName = getWebSession().getUserName();
public AttackResult completed(HttpServletRequest request) {
String userName = request.getUserPrincipal().getName();
if (userName.startsWith("csrf")) {
markAssignmentSolvedWithRealUser(userName.substring("csrf-".length()));
return trackProgress(success().feedback("csrf-login-success").build());