dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Challenge 5: changing username working

Browse Source
This commit is contained in:
Nanne Baars
2017-04-30 19:58:47 +02:00
parent 262fbbcf52
commit 9964fac0f1
3 changed files with 67 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

76
webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/Votings.java → webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/Votes.java
View File

@ -3,12 +3,14 @@ package org.owasp.webgoat.plugin.challenge5;
import com.fasterxml.jackson.annotation.JsonView; import com.fasterxml.jackson.annotation.JsonView;
import com.google.common.collect.Lists; import com.google.common.collect.Lists;
import com.google.common.collect.Maps; import com.google.common.collect.Maps;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwt;
import io.jsonwebtoken.Jwts; import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm; import io.jsonwebtoken.SignatureAlgorithm;
import lombok.AllArgsConstructor; import lombok.AllArgsConstructor;
import lombok.Getter; import lombok.Getter;
import org.apache.commons.lang3.StringUtils;
import org.springframework.http.HttpStatus; import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.http.converter.json.MappingJacksonValue; import org.springframework.http.converter.json.MappingJacksonValue;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
@ -19,6 +21,7 @@ import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeUnit;
import static org.owasp.webgoat.plugin.Flag.FLAGS;
import static org.owasp.webgoat.plugin.SolutionConstants.JWT_PASSWORD; import static org.owasp.webgoat.plugin.SolutionConstants.JWT_PASSWORD;
/** /**
@ -27,7 +30,9 @@ import static org.owasp.webgoat.plugin.SolutionConstants.JWT_PASSWORD;
*/ */
@RestController @RestController
@RequestMapping("/votings") @RequestMapping("/votings")
public class Votings { public class Votes {
private static String validUsers = "TomJerrySylvester";
@AllArgsConstructor @AllArgsConstructor
@Getter @Getter
@ -43,45 +48,64 @@ public class Votings {
@JsonView(Views.UserView.class) @JsonView(Views.UserView.class)
private int numberOfVotes; private int numberOfVotes;
@JsonView(Views.AdminView.class) @JsonView(Views.AdminView.class)
private String flag; private String flag = FLAGS.get(5);
@JsonView(Views.UserView.class)
private boolean votingAllowed;
} }
private int totalVotes = 38929; private int totalVotes = 38929;
private List votings = Lists.newArrayList( private List votes = Lists.newArrayList(
new Voting("Admin lost password", new Voting("Admin lost password",
"In this challenge you will need to help the admin and find the password in order to login", "In this challenge you will need to help the admin and find the password in order to login",
"challenge1-small.png", "challenge1.png", 14242, null), "challenge1-small.png", "challenge1.png", 14242, FLAGS.get(5), true),
new Voting("Vote for your favourite", new Voting("Vote for your favourite",
"In this challenge ...", "In this challenge ...",
"challenge5-small.png", "challenge5.png", 12345, null), "challenge5-small.png", "challenge5.png", 12345, FLAGS.get(5), true),
new Voting("Get is for free", new Voting("Get is for free",
"The objective for this challenge is to buy a Samsung phone for free.", "The objective for this challenge is to buy a Samsung phone for free.",
"challenge2-small.png", "challenge2.png", 12342, null) "challenge2-small.png", "challenge2.png", 12342, FLAGS.get(5), true)
); );
@GetMapping("/login") @GetMapping("/login")
@ResponseBody
@ResponseStatus(code = HttpStatus.OK)
public void login(@RequestParam("user") String user, HttpServletResponse response) { public void login(@RequestParam("user") String user, HttpServletResponse response) {
Map<String, Object> claims = Maps.newHashMap(); if (validUsers.contains(user)) {
claims.put("admin", "false"); Map<String, Object> claims = Maps.newHashMap();
claims.put("user", user); claims.put("admin", "false");
String token = Jwts.builder() claims.put("user", user);
.setIssuedAt(new Date(System.currentTimeMillis() + TimeUnit.DAYS.toDays(10))) String token = Jwts.builder()
.setClaims(claims) .setIssuedAt(new Date(System.currentTimeMillis() + TimeUnit.DAYS.toDays(10)))
.signWith(SignatureAlgorithm.HS512, JWT_PASSWORD) .setClaims(claims)
.compact(); .signWith(SignatureAlgorithm.HS512, JWT_PASSWORD)
Cookie cookie = new Cookie("access_token", token); .compact();
response.addCookie(cookie); Cookie cookie = new Cookie("access_token", token);
response.addCookie(cookie);
response.setStatus(HttpStatus.OK.value());
} else {
Cookie cookie = new Cookie("access_token", "");
response.addCookie(cookie);
response.setStatus(HttpStatus.UNAUTHORIZED.value());
}
} }
@GetMapping @GetMapping
public MappingJacksonValue getVotings(@CookieValue(value = "access_token", required = false) String accessToken) { public MappingJacksonValue getVotes(@CookieValue(value = "access_token", required = false) String accessToken) {
MappingJacksonValue value = new MappingJacksonValue(votings); MappingJacksonValue value = new MappingJacksonValue(votes);
if (accessToken == null) { if (StringUtils.isEmpty(accessToken)) {
value.setSerializationView(Views.GuestView.class); value.setSerializationView(Views.GuestView.class);
} else { } else {
value.setSerializationView(Views.UserView.class); try {
Jwt jwt = Jwts.parser().parse(accessToken);
Claims claims = (Claims) jwt.getBody();
String user = (String) claims.get("user");
boolean isAdmin = Boolean.valueOf((String) claims.get("admin"));
if ("Guest".equals(user)) {
value.setSerializationView(Views.GuestView.class);
} else {
value.setSerializationView(isAdmin ? Views.AdminView.class : Views.UserView.class);
}
} catch (IllegalArgumentException e) {
value.setSerializationView(Views.GuestView.class);
}
} }
return value; return value;
} }
@ -93,10 +117,4 @@ public class Votings {
totalVotes = totalVotes + 1; totalVotes = totalVotes + 1;
//return //return
} }
@GetMapping("/flags")
@ResponseBody
public ResponseEntity<?> getFlagInformation(@CookieValue("access_token") String accessToken, HttpServletResponse response) {
return ResponseEntity.ok().build();
}
} }

27
webgoat-lessons/challenge/src/main/resources/html/Challenge5.html
View File

@ -15,28 +15,31 @@
<div class="row"> <div class="row">
<div class="well"> <div class="well">
<div class="user-nav pull-right" id="user-and-info-nav" style="margin-right: 75px;"> <div class="pull-right">
<div class="dropdown" style="display:inline"> <div class="dropdown">
<button type="button" data-toggle="dropdown" class="btn btn-default dropdown-toggle" <button type="button" data-toggle="dropdown" class="btn btn-default dropdown-toggle">
id="user-menu">
<i class="fa fa-user"></i> <span class="caret"></span> <i class="fa fa-user"></i> <span class="caret"></span>
</button> </button>
<ul class="dropdown-menu dropdown-menu-left"> <ul class="dropdown-menu dropdown-menu-left">
<li role="presentation"><a role="menuitem" tabindex="-1" th:text="Unknown">current</a></li> <li role="presentation"><a role="menuitem" tabindex="-1"
<li role="presentation" class="divider"></li> onclick="javascript:login('Guest')"
<li role="presentation"><a role="menuitem" tabindex="-1" th:onclick="'javascript:login(\'' + ${#authentication.name} + '\');'" th:text="Guest">current</a></li>
th:text="${#authentication.name}">current</a></li> <li role="presentation"><a role="menuitem" tabindex="-1"
<li role="presentation"><a role="menuitem" tabindex="-1" onclick="javascript:login('Tom')" onclick="javascript:login('Tom')"
th:text="Tom">current</a></li> th:text="Tom">current</a></li>
<li role="presentation"><a role="menuitem" tabindex="-1" onclick="javascript:login('Jerry')" <li role="presentation"><a role="menuitem" tabindex="-1"
onclick="javascript:login('Jerry')"
th:text="Jerry">current</a></li> th:text="Jerry">current</a></li>
<li role="presentation"><a role="menuitem" tabindex="-1" onclick="javascript:login('Sylvester')" <li role="presentation"><a role="menuitem" tabindex="-1"
onclick="javascript:login('Sylvester')"
th:text="Sylvester">current</a></li> th:text="Sylvester">current</a></li>
</ul> </ul>
</div> </div>
<div>
<p class="text-right">Welcome back, <b><span id="name"></span></b></p>
</div>
</div> </div>
<div> <div>
<h3>Vote for your favorite</h3> <h3>Vote for your favorite</h3>
</div> </div>

8
webgoat-lessons/challenge/src/main/resources/js/challenge5.js
View File

@ -1,16 +1,18 @@
$(document).ready(function () { $(document).ready(function () {
getVotings() getVotings();
login('Guest');
}) })
function login(user) { function login(user) {
$("#name").text(user);
$.get("votings/login?user=" + user, function (result, status) { $.get("votings/login?user=" + user, function (result, status) {
}) });
} }
function getVotings() { function getVotings() {
$.get("votings/", function (result, status) { $.get("votings/", function (result, status) {
}) })
} }