Challenge 5: changing username working
This commit is contained in:
Nanne Baars
@ -3,12 +3,14 @@ package org.owasp.webgoat.plugin.challenge5;
|
||||
import com.fasterxml.jackson.annotation.JsonView;
|
||||
import com.google.common.collect.Lists;
|
||||
import com.google.common.collect.Maps;
|
||||
import io.jsonwebtoken.Claims;
|
||||
import io.jsonwebtoken.Jwt;
|
||||
import io.jsonwebtoken.Jwts;
|
||||
import io.jsonwebtoken.SignatureAlgorithm;
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Getter;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.http.converter.json.MappingJacksonValue;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
|
||||
@ -19,6 +21,7 @@ import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
||||
import static org.owasp.webgoat.plugin.Flag.FLAGS;
|
||||
import static org.owasp.webgoat.plugin.SolutionConstants.JWT_PASSWORD;
|
||||
|
||||
/**
|
||||
@ -27,7 +30,9 @@ import static org.owasp.webgoat.plugin.SolutionConstants.JWT_PASSWORD;
|
||||
*/
|
||||
@RestController
|
||||
@RequestMapping("/votings")
|
||||
public class Votings {
|
||||
public class Votes {
|
||||
|
||||
private static String validUsers = "TomJerrySylvester";
|
||||
|
||||
@AllArgsConstructor
|
||||
@Getter
|
||||
@ -43,26 +48,27 @@ public class Votings {
|
||||
@JsonView(Views.UserView.class)
|
||||
private int numberOfVotes;
|
||||
@JsonView(Views.AdminView.class)
|
||||
private String flag;
|
||||
private String flag = FLAGS.get(5);
|
||||
@JsonView(Views.UserView.class)
|
||||
private boolean votingAllowed;
|
||||
}
|
||||
|
||||
private int totalVotes = 38929;
|
||||
private List votings = Lists.newArrayList(
|
||||
private List votes = Lists.newArrayList(
|
||||
new Voting("Admin lost password",
|
||||
"In this challenge you will need to help the admin and find the password in order to login",
|
||||
"challenge1-small.png", "challenge1.png", 14242, null),
|
||||
"challenge1-small.png", "challenge1.png", 14242, FLAGS.get(5), true),
|
||||
new Voting("Vote for your favourite",
|
||||
"In this challenge ...",
|
||||
"challenge5-small.png", "challenge5.png", 12345, null),
|
||||
"challenge5-small.png", "challenge5.png", 12345, FLAGS.get(5), true),
|
||||
new Voting("Get is for free",
|
||||
"The objective for this challenge is to buy a Samsung phone for free.",
|
||||
"challenge2-small.png", "challenge2.png", 12342, null)
|
||||
"challenge2-small.png", "challenge2.png", 12342, FLAGS.get(5), true)
|
||||
);
|
||||
|
||||
@GetMapping("/login")
|
||||
@ResponseBody
|
||||
@ResponseStatus(code = HttpStatus.OK)
|
||||
public void login(@RequestParam("user") String user, HttpServletResponse response) {
|
||||
if (validUsers.contains(user)) {
|
||||
Map<String, Object> claims = Maps.newHashMap();
|
||||
claims.put("admin", "false");
|
||||
claims.put("user", user);
|
||||
@ -73,15 +79,33 @@ public class Votings {
|
||||
.compact();
|
||||
Cookie cookie = new Cookie("access_token", token);
|
||||
response.addCookie(cookie);
|
||||
response.setStatus(HttpStatus.OK.value());
|
||||
} else {
|
||||
Cookie cookie = new Cookie("access_token", "");
|
||||
response.addCookie(cookie);
|
||||
response.setStatus(HttpStatus.UNAUTHORIZED.value());
|
||||
}
|
||||
}
|
||||
|
||||
@GetMapping
|
||||
public MappingJacksonValue getVotings(@CookieValue(value = "access_token", required = false) String accessToken) {
|
||||
MappingJacksonValue value = new MappingJacksonValue(votings);
|
||||
if (accessToken == null) {
|
||||
public MappingJacksonValue getVotes(@CookieValue(value = "access_token", required = false) String accessToken) {
|
||||
MappingJacksonValue value = new MappingJacksonValue(votes);
|
||||
if (StringUtils.isEmpty(accessToken)) {
|
||||
value.setSerializationView(Views.GuestView.class);
|
||||
} else {
|
||||
value.setSerializationView(Views.UserView.class);
|
||||
try {
|
||||
Jwt jwt = Jwts.parser().parse(accessToken);
|
||||
Claims claims = (Claims) jwt.getBody();
|
||||
String user = (String) claims.get("user");
|
||||
boolean isAdmin = Boolean.valueOf((String) claims.get("admin"));
|
||||
if ("Guest".equals(user)) {
|
||||
value.setSerializationView(Views.GuestView.class);
|
||||
} else {
|
||||
value.setSerializationView(isAdmin ? Views.AdminView.class : Views.UserView.class);
|
||||
}
|
||||
} catch (IllegalArgumentException e) {
|
||||
value.setSerializationView(Views.GuestView.class);
|
||||
}
|
||||
}
|
||||
return value;
|
||||
}
|
||||
@ -93,10 +117,4 @@ public class Votings {
|
||||
totalVotes = totalVotes + 1;
|
||||
//return
|
||||
}
|
||||
|
||||
@GetMapping("/flags")
|
||||
@ResponseBody
|
||||
public ResponseEntity<?> getFlagInformation(@CookieValue("access_token") String accessToken, HttpServletResponse response) {
|
||||
return ResponseEntity.ok().build();
|
||||
}
|
||||
}
|
||||
@ -15,27 +15,30 @@
|
||||
<div class="row">
|
||||
|
||||
<div class="well">
|
||||
<div class="user-nav pull-right" id="user-and-info-nav" style="margin-right: 75px;">
|
||||
<div class="dropdown" style="display:inline">
|
||||
<button type="button" data-toggle="dropdown" class="btn btn-default dropdown-toggle"
|
||||
id="user-menu">
|
||||
<div class="pull-right">
|
||||
<div class="dropdown">
|
||||
<button type="button" data-toggle="dropdown" class="btn btn-default dropdown-toggle">
|
||||
<i class="fa fa-user"></i> <span class="caret"></span>
|
||||
</button>
|
||||
<ul class="dropdown-menu dropdown-menu-left">
|
||||
<li role="presentation"><a role="menuitem" tabindex="-1" th:text="Unknown">current</a></li>
|
||||
<li role="presentation" class="divider"></li>
|
||||
<li role="presentation"><a role="menuitem" tabindex="-1" th:onclick="'javascript:login(\'' + ${#authentication.name} + '\');'"
|
||||
th:text="${#authentication.name}">current</a></li>
|
||||
<li role="presentation"><a role="menuitem" tabindex="-1" onclick="javascript:login('Tom')"
|
||||
<li role="presentation"><a role="menuitem" tabindex="-1"
|
||||
onclick="javascript:login('Guest')"
|
||||
th:text="Guest">current</a></li>
|
||||
<li role="presentation"><a role="menuitem" tabindex="-1"
|
||||
onclick="javascript:login('Tom')"
|
||||
th:text="Tom">current</a></li>
|
||||
<li role="presentation"><a role="menuitem" tabindex="-1" onclick="javascript:login('Jerry')"
|
||||
<li role="presentation"><a role="menuitem" tabindex="-1"
|
||||
onclick="javascript:login('Jerry')"
|
||||
th:text="Jerry">current</a></li>
|
||||
<li role="presentation"><a role="menuitem" tabindex="-1" onclick="javascript:login('Sylvester')"
|
||||
<li role="presentation"><a role="menuitem" tabindex="-1"
|
||||
onclick="javascript:login('Sylvester')"
|
||||
th:text="Sylvester">current</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
<div>
|
||||
<p class="text-right">Welcome back, <b><span id="name"></span></b></p>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
||||
<div>
|
||||
<h3>Vote for your favorite</h3>
|
||||
|
||||
@ -1,16 +1,18 @@
|
||||
$(document).ready(function () {
|
||||
getVotings()
|
||||
getVotings();
|
||||
login('Guest');
|
||||
})
|
||||
|
||||
function login(user) {
|
||||
$("#name").text(user);
|
||||
$.get("votings/login?user=" + user, function (result, status) {
|
||||
|
||||
})
|
||||
});
|
||||
}
|
||||
|
||||
|
||||
function getVotings() {
|
||||
$.get("votings/", function (result, status) {
|
||||
|
||||
})
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user