Added testcases

webgoat-lessons/challenge/src/test/java/org/owasp/webgoat/plugin/challenge1/Assignment1Test.java

@@ -0,0 +1,72 @@
+package org.owasp.webgoat.plugin.challenge1;
+
+import org.hamcrest.CoreMatchers;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.runners.MockitoJUnitRunner;
+import org.owasp.webgoat.assignments.AssignmentEndpointTest;
+import org.owasp.webgoat.plugin.Flag;
+import org.owasp.webgoat.plugin.SolutionConstants;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
+
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
+import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup;
+
+/**
+ * @author nbaars
+ * @since 5/2/17.
+ */
+@RunWith(MockitoJUnitRunner.class)
+public class Assignment1Test extends AssignmentEndpointTest {
+
+    private MockMvc mockMvc;
+
+    @Before
+    public void setup() {
+        Assignment1 assignment1 = new Assignment1();
+        init(assignment1);
+        new Flag().initFlags();
+        this.mockMvc = standaloneSetup(assignment1).build();
+    }
+
+    @Test
+    public void success() throws Exception {
+        mockMvc.perform(MockMvcRequestBuilders.post("/challenge/1")
+                .header("X-Forwarded-For", "127.0.1.1")
+                .param("username", "admin")
+                .param("password", SolutionConstants.PASSWORD))
+                .andExpect(jsonPath("$.feedback", CoreMatchers.containsString("flag: " + Flag.FLAGS.get(1))))
+                .andExpect(jsonPath("$.lessonCompleted", CoreMatchers.is(true)));
+    }
+
+    @Test
+    public void wrongPassword() throws Exception {
+        mockMvc.perform(MockMvcRequestBuilders.post("/challenge/1")
+                .param("username", "admin")
+                .param("password", "wrong"))
+                .andExpect(jsonPath("$.feedback", CoreMatchers.is(messages.getMessage("assignment.not.solved"))))
+                .andExpect(jsonPath("$.lessonCompleted", CoreMatchers.is(false)));
+    }
+
+    @Test
+    public void correctPasswordXForwardHeaderMissing() throws Exception {
+        mockMvc.perform(MockMvcRequestBuilders.post("/challenge/1")
+                .param("username", "admin")
+                .param("password", SolutionConstants.PASSWORD))
+                .andExpect(jsonPath("$.feedback", CoreMatchers.is(messages.getMessage("ip.address.unknown"))))
+                .andExpect(jsonPath("$.lessonCompleted", CoreMatchers.is(false)));
+    }
+
+    @Test
+    public void correctPasswordXForwardHeaderWrong() throws Exception {
+        mockMvc.perform(MockMvcRequestBuilders.post("/challenge/1")
+                .header("X-Forwarded-For", "127.0.1.2")
+                .param("username", "admin")
+                .param("password", SolutionConstants.PASSWORD))
+                .andExpect(jsonPath("$.feedback", CoreMatchers.is(messages.getMessage("ip.address.unknown"))))
+                .andExpect(jsonPath("$.lessonCompleted", CoreMatchers.is(false)));
+    }
+
+}

webgoat-lessons/challenge/src/test/java/org/owasp/webgoat/plugin/challenge2/Assignment2Test.java

@@ -0,0 +1,49 @@
+package org.owasp.webgoat.plugin.challenge2;
+
+import org.hamcrest.CoreMatchers;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.runners.MockitoJUnitRunner;
+import org.owasp.webgoat.assignments.AssignmentEndpointTest;
+import org.owasp.webgoat.plugin.Flag;
+import org.owasp.webgoat.plugin.SolutionConstants;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
+
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
+import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup;
+
+/**
+ * @author nbaars
+ * @since 5/2/17.
+ */
+@RunWith(MockitoJUnitRunner.class)
+public class Assignment2Test extends AssignmentEndpointTest {
+
+    private MockMvc mockMvc;
+
+    @Before
+    public void setup() {
+        Assignment2 assignment2 = new Assignment2();
+        init(assignment2);
+        new Flag().initFlags();
+        this.mockMvc = standaloneSetup(assignment2).build();
+    }
+
+    @Test
+    public void success() throws Exception {
+        mockMvc.perform(MockMvcRequestBuilders.post("/challenge/2")
+                .param("checkoutCode", SolutionConstants.SUPER_COUPON_CODE))
+                .andExpect(jsonPath("$.feedback", CoreMatchers.containsString("flag: " + Flag.FLAGS.get(2))))
+                .andExpect(jsonPath("$.lessonCompleted", CoreMatchers.is(true)));
+    }
+
+    @Test
+    public void wrongCouponCode() throws Exception {
+        mockMvc.perform(MockMvcRequestBuilders.post("/challenge/2")
+                .param("checkoutCode", "test"))
+                .andExpect(jsonPath("$.feedback", CoreMatchers.is(messages.getMessage("assignment.not.solved"))))
+                .andExpect(jsonPath("$.lessonCompleted", CoreMatchers.is(false)));
+    }
+}

webgoat-lessons/challenge/src/test/java/org/owasp/webgoat/plugin/challenge2/ShopEndpointTest.java

@@ -0,0 +1,63 @@
+package org.owasp.webgoat.plugin.challenge2;
+
+import org.hamcrest.CoreMatchers;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.runners.MockitoJUnitRunner;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
+import org.springframework.test.web.servlet.result.MockMvcResultHandlers;
+
+import static org.hamcrest.Matchers.is;
+import static org.owasp.webgoat.plugin.SolutionConstants.SUPER_COUPON_CODE;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
+import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup;
+
+/**
+ * @author nbaars
+ * @since 5/2/17.
+ */
+@RunWith(MockitoJUnitRunner.class)
+public class ShopEndpointTest {
+
+    private MockMvc mockMvc;
+
+    @Before
+    public void setup() {
+        ShopEndpoint shopEndpoint = new ShopEndpoint();
+        this.mockMvc = standaloneSetup(shopEndpoint).build();
+    }
+
+    @Test
+    public void getSuperCoupon() throws Exception {
+        mockMvc.perform(MockMvcRequestBuilders.get("/challenge-store/coupons/" + SUPER_COUPON_CODE))
+                .andDo(MockMvcResultHandlers.print())
+                .andExpect(jsonPath("$.code", CoreMatchers.is(SUPER_COUPON_CODE)))
+                .andExpect(jsonPath("$.discount", CoreMatchers.is(100)));
+    }
+
+    @Test
+    public void getCoupon() throws Exception {
+        mockMvc.perform(MockMvcRequestBuilders.get("/challenge-store/coupons/webgoat"))
+                .andDo(MockMvcResultHandlers.print())
+                .andExpect(jsonPath("$.code", CoreMatchers.is("webgoat")))
+                .andExpect(jsonPath("$.discount", CoreMatchers.is(25)));
+    }
+
+    @Test
+    public void askForUnknownCouponCode() throws Exception {
+        mockMvc.perform(MockMvcRequestBuilders.get("/challenge-store/coupons/does-not-exists"))
+                .andDo(MockMvcResultHandlers.print())
+                .andExpect(jsonPath("$.code", CoreMatchers.is("no")))
+                .andExpect(jsonPath("$.discount", CoreMatchers.is(0)));
+    }
+
+    @Test
+    public void fetchAllTheCouponsShouldContainGetItForFree() throws Exception {
+        mockMvc.perform(MockMvcRequestBuilders.get("/challenge-store/coupons/"))
+                .andDo(MockMvcResultHandlers.print())
+                .andExpect(jsonPath("$.codes[3].code", is("get_it_for_free")));
+    }
+
+}