interim missing function ac commit, traversing dev. env.

webgoat-container/src/main/java/org/owasp/webgoat/MvcConfiguration.java

@@ -72,6 +72,7 @@ public class MvcConfiguration extends WebMvcConfigurerAdapter {
         registry.addViewController("/lesson_content").setViewName("lesson_content");
         registry.addViewController("/start.mvc").setViewName("main_new");
         registry.addViewController("/scoreboard").setViewName("scoreboard");
+        //registry.addViewController("/list_users").setViewName("list_users");
     }
 
 

webgoat-container/src/main/java/org/owasp/webgoat/controller/ListUsers.java

@@ -0,0 +1,43 @@
+package org.owasp.webgoat.controller;
+
+import com.sun.corba.se.spi.activation.EndPointInfo;
+import org.owasp.webgoat.assignments.*;
+import org.owasp.webgoat.session.UserSessionData;
+import org.owasp.webgoat.users.UserService;
+import org.owasp.webgoat.users.WebGoatUser;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.*;
+import org.springframework.web.servlet.ModelAndView;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.List;
+
+/**
+ * Created by jason on 1/5/17.
+ */
+
+@Controller
+public class ListUsers {
+
+    @Autowired
+    private UserService userService;
+
+    @RequestMapping(path = {"list_users", "/"}, method = {RequestMethod.GET,RequestMethod.POST})
+    public ModelAndView listUsers(HttpServletRequest request) {
+
+        ModelAndView model = new ModelAndView();
+        model.setViewName("list_users");
+        List<WebGoatUser> allUsers = userService.getAllUsers();
+        model.addObject("numUsers",allUsers.size());
+        model.addObject("allUsers",allUsers);
+
+        return model;
+    }
+
+}

webgoat-container/src/main/java/org/owasp/webgoat/users/UserRepository.java

@@ -2,6 +2,8 @@ package org.owasp.webgoat.users;
 
 import org.springframework.data.mongodb.repository.MongoRepository;
 
+import java.util.List;
+
 /**
  * @author nbaars
  * @since 3/19/17.
@@ -9,4 +11,7 @@ import org.springframework.data.mongodb.repository.MongoRepository;
 public interface UserRepository extends MongoRepository<WebGoatUser, String> {
 
     WebGoatUser findByUsername(String username);
+
+    List<WebGoatUser> findAll();
+
 }

webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java

@@ -5,6 +5,8 @@ import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.stereotype.Service;
 
+import java.util.List;
+
 /**
  * @author nbaars
  * @since 3/19/17.
@@ -31,4 +33,14 @@ public class UserService implements UserDetailsService {
         userRepository.save(new WebGoatUser(username, password));
         userTrackerRepository.save(new UserTracker(username));
     }
+
+    public void addUser(String username, String password, String role) {
+        userRepository.save(new WebGoatUser(username,password,role));
+        userTrackerRepository.save(new UserTracker(username));
+    }
+
+    public List<WebGoatUser> getAllUsers () {
+        return userRepository.findAll();
+    }
+
 }

webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java

@@ -37,6 +37,12 @@ public class WebGoatUser implements UserDetails {
         createUser();
     }
 
+    public WebGoatUser(String username, String password, String role) {
+        this.username = username;
+        this.password = password;
+        this.role = role;
+    }
+
     public void createUser() {
         this.user = new User(username, password, getAuthorities());
     }