feat: Introduce Playwright for UI testing

Instead of using Robot Framework which does not run during a `mvn install`. Playwright seems to be the better approach. We can now write them as normal JUnit test and they are executed during a build. Additionally this PR solves some interesting bugs found during writing Playwright tests: - A reset of a lesson removes all assignments as a result another user wouldn't see any assignments - If someone solves an assignment the assignment automatically got solved for a new user since the assignment included the `solved` flag which immediately got copied to new lesson progress. - Introduction of assignment progress linking a assignment not directly to all users.
2025-01-26 16:59:59 +01:00
parent 9d5ab5fb21
commit 8e45316638
47 changed files with 599 additions and 281 deletions
--- a/src/it/java/org/owasp/webgoat/integration/WebWolfIntegrationTest.java
+++ b/src/it/java/org/owasp/webgoat/integration/WebWolfIntegrationTest.java
@ -0,0 +1,77 @@
+package org.owasp.webgoat.integration;
+
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import io.restassured.RestAssured;
+import java.util.HashMap;
+import java.util.Map;
+import org.junit.jupiter.api.Test;
+
+public class WebWolfIntegrationTest extends IntegrationTest {
+
+  @Test
+  public void runTests() {
+    startLesson("WebWolfIntroduction");
+
+    // Assignment 3
+    Map<String, Object> params = new HashMap<>();
+    params.put("email", this.getUser() + "@webgoat.org");
+    checkAssignment(url("WebWolf/mail/send"), params, false);
+
+    String responseBody =
+        RestAssured.given()
+            .when()
+            .relaxedHTTPSValidation()
+            .cookie("WEBWOLFSESSION", getWebWolfCookie())
+            .get(new WebWolfUrlBuilder().path("mail").build())
+            .then()
+            .extract()
+            .response()
+            .getBody()
+            .asString();
+
+    String uniqueCode = responseBody.replace("%20", " ");
+    uniqueCode =
+        uniqueCode.substring(
+            21 + uniqueCode.lastIndexOf("your unique code is: "),
+            uniqueCode.lastIndexOf("your unique code is: ") + (21 + this.getUser().length()));
+    params.clear();
+    params.put("uniqueCode", uniqueCode);
+    checkAssignment(url("WebWolf/mail"), params, true);
+
+    // Assignment 4
+    RestAssured.given()
+        .when()
+        .relaxedHTTPSValidation()
+        .cookie("JSESSIONID", getWebGoatCookie())
+        .queryParams(params)
+        .get(url("WebWolf/landing/password-reset"))
+        .then()
+        .statusCode(200);
+    RestAssured.given()
+        .when()
+        .relaxedHTTPSValidation()
+        .cookie("WEBWOLFSESSION", getWebWolfCookie())
+        .queryParams(params)
+        .get(new WebWolfUrlBuilder().path("landing").build())
+        .then()
+        .statusCode(200);
+    responseBody =
+        RestAssured.given()
+            .when()
+            .relaxedHTTPSValidation()
+            .cookie("WEBWOLFSESSION", getWebWolfCookie())
+            .get(new WebWolfUrlBuilder().path("requests").build())
+            .then()
+            .extract()
+            .response()
+            .getBody()
+            .asString();
+    assertTrue(responseBody.contains(uniqueCode));
+    params.clear();
+    params.put("uniqueCode", uniqueCode);
+    checkAssignment(url("WebWolf/landing"), params, true);
+
+    checkResults("WebWolfIntroduction");
+  }
+}