Merge remote-tracking branch 'upstream/master'

webgoat-container/src/main/java/org/owasp/webgoat/service/HintService.java

@@ -9,6 +9,7 @@ import java.util.ArrayList;
 import java.util.List;
 import javax.servlet.http.HttpSession;
 import org.owasp.webgoat.lessons.AbstractLesson;
+import org.owasp.webgoat.lessons.Category;
 import org.owasp.webgoat.lessons.model.Hint;
 import org.owasp.webgoat.session.WebSession;
 import org.springframework.stereotype.Controller;
@@ -40,11 +41,12 @@ public class HintService extends BaseService {
         if (l == null) {
             return listHints;
         }
-        List<String> hints;
-        hints = l.getHintsPublic(ws);
+        List<String> hints = (l.getCategory().equals(Category.CHALLENGE)) ? null : l.getHintsPublic(ws);
+
         if (hints == null) {
             return listHints;
         }
+
         int idx = 0;
         for (String h : hints) {
             Hint hint = new Hint();

webgoat-container/src/main/java/org/owasp/webgoat/service/LessonInfoService.java

@@ -0,0 +1,42 @@
+package org.owasp.webgoat.service;
+
+import org.owasp.webgoat.lessons.AbstractLesson;
+import org.owasp.webgoat.lessons.model.LessonInfoModel;
+import org.owasp.webgoat.lessons.model.LessonMenuItem;
+import org.owasp.webgoat.session.WebSession;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.http.HttpStatus;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.ExceptionHandler;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.ResponseBody;
+import org.springframework.web.bind.annotation.ResponseStatus;
+
+import javax.servlet.http.HttpSession;
+
+@Controller
+public class LessonInfoService extends BaseService {
+
+    private static final Logger logger = LoggerFactory.getLogger(LessonMenuService.class);
+
+    @RequestMapping(value = "/lessoninfo.mvc", produces = "application/json")
+    public @ResponseBody
+    LessonInfoModel getLessonInfo(HttpSession session) {
+        WebSession webSession = getWebSession(session);
+        return new LessonInfoModel(webSession);
+    }
+
+    @ExceptionHandler(Exception.class)
+    @ResponseBody
+    @ResponseStatus(value = HttpStatus.INTERNAL_SERVER_ERROR)
+    public String handleException(Exception ex) {
+        return "An error occurred retrieving the LessonInfoModel:" + ex.getMessage();
+    }
+
+    protected LessonInfoModel getLessonInfoModel(WebSession webSession) {
+      return new LessonInfoModel(webSession);
+    }
+
+
+}

webgoat-container/src/main/java/org/owasp/webgoat/service/LessonMenuService.java

@@ -88,20 +88,6 @@ public class LessonMenuService extends BaseService {
                 if (lesson.isCompleted(ws)) {
                     lessonItem.setComplete(true);
                 }
-                /* @TODO - do this in a more efficient way 
-                 if (lesson.isAuthorized(ws, role, WebSession.SHOWHINTS)) {
-                 lessonItem.setShowHints(true);
-                 }
-
-                 if (lesson.isAuthorized(ws, role, WebSession.SHOWSOURCE)) {
-                 lessonItem.setShowSource(true);
-                 }
-                 */
-                // special handling for challenge role
-                if (Category.CHALLENGE.equals(lesson.getCategory())) {
-                    lessonItem.setShowHints(lesson.isAuthorized(ws, AbstractLesson.CHALLENGE_ROLE, WebSession.SHOWHINTS));
-                    lessonItem.setShowSource(lesson.isAuthorized(ws, AbstractLesson.CHALLENGE_ROLE, WebSession.SHOWHINTS));
-                }
 
                 categoryItem.addChild(lessonItem);
                 // Does the lesson have stages