dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

all tests complete for Password Reset (#785)

Browse Source
This commit is contained in:
René Zubcevic 2020-04-17 15:54:24 +02:00 committed by GitHub
parent 25e66ae412
commit 9509993a8f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 53 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
webgoat-integration-tests/src/test/java/org/owasp/webgoat/PasswordResetLessonTest.java
View File

@ -1,17 +1,58 @@
package org.owasp.webgoat; package org.owasp.webgoat;
import io.restassured.RestAssured; import io.restassured.RestAssured;
import org.assertj.core.api.Assertions; import lombok.SneakyThrows;
import org.junit.jupiter.api.Test;
import org.apache.commons.lang3.StringUtils;
import org.assertj.core.api.Assertions;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.DynamicTest;
import org.junit.jupiter.api.TestFactory;
import static org.junit.jupiter.api.DynamicTest.dynamicTest;
import java.util.Arrays;
import java.util.Map; import java.util.Map;
public class PasswordResetLessonTest extends IntegrationTest { public class PasswordResetLessonTest extends IntegrationTest {
@Test @BeforeEach
@SneakyThrows
public void init() {
startLesson("/PasswordReset");
}
@TestFactory
Iterable<DynamicTest> testPathTraversal() {
return Arrays.asList(
dynamicTest("assignment 6 - check email link",()-> sendEmailShouldBeAvailabeInWebWolf()),
dynamicTest("assignment 6 - solve assignment",()-> solveAssignment()),
dynamicTest("assignment 2 - simple reset",()-> assignment2()),
dynamicTest("assignment 4 - guess questions",()-> assignment4()),
dynamicTest("assignment 5 - simple questions",()-> assignment5())
);
}
public void assignment2() {
checkAssignment(url("PasswordReset/simple-mail/reset"), Map.of("emailReset", getWebgoatUser()+"@webgoat.org"), false);
checkAssignment(url("PasswordReset/simple-mail"), Map.of("email", getWebgoatUser()+"@webgoat.org", "password", StringUtils.reverse(getWebgoatUser())), true);
}
public void assignment4() {
checkAssignment(url("PasswordReset/questions"), Map.of("username", "tom", "securityQuestion", "purple"), true);
}
public void assignment5() {
checkAssignment(url("PasswordReset/SecurityQuestions"), Map.of("question", "What is your favorite animal?"), false);
checkAssignment(url("PasswordReset/SecurityQuestions"), Map.of("question", "What is your favorite color?"), true);
}
public void solveAssignment() { public void solveAssignment() {
//WebGoat //WebGoat
startLesson("PasswordReset");
clickForgotEmailLink("tom@webgoat-cloud.org"); clickForgotEmailLink("tom@webgoat-cloud.org");
//WebWolf //WebWolf
@ -22,9 +63,8 @@ public class PasswordResetLessonTest extends IntegrationTest {
checkAssignment(url("PasswordReset/reset/login"), Map.of("email", "tom@webgoat-cloud.org", "password", "123456"), true); checkAssignment(url("PasswordReset/reset/login"), Map.of("email", "tom@webgoat-cloud.org", "password", "123456"), true);
} }
@Test
public void sendEmailShouldBeAvailabeInWebWolf() { public void sendEmailShouldBeAvailabeInWebWolf() {
startLesson("PasswordReset");
clickForgotEmailLink(getWebgoatUser() + "@webgoat.org"); clickForgotEmailLink(getWebgoatUser() + "@webgoat.org");
var responseBody = RestAssured.given() var responseBody = RestAssured.given()
@ -38,6 +78,12 @@ public class PasswordResetLessonTest extends IntegrationTest {
Assertions.assertThat(responseBody).contains("Hi, you requested a password reset link"); Assertions.assertThat(responseBody).contains("Hi, you requested a password reset link");
} }
@AfterEach
public void shutdown() {
//this will run only once after the list of dynamic tests has run, this is to test if the lesson is marked complete
checkResults("/PasswordReset");
}
private void changePassword(String link) { private void changePassword(String link) {
RestAssured.given() RestAssured.given()
.when() .when()