Challenge 5: changing username working
This commit is contained in:
		| @ -3,12 +3,14 @@ package org.owasp.webgoat.plugin.challenge5; | ||||
| import com.fasterxml.jackson.annotation.JsonView; | ||||
| import com.google.common.collect.Lists; | ||||
| import com.google.common.collect.Maps; | ||||
| import io.jsonwebtoken.Claims; | ||||
| import io.jsonwebtoken.Jwt; | ||||
| import io.jsonwebtoken.Jwts; | ||||
| import io.jsonwebtoken.SignatureAlgorithm; | ||||
| import lombok.AllArgsConstructor; | ||||
| import lombok.Getter; | ||||
| import org.apache.commons.lang3.StringUtils; | ||||
| import org.springframework.http.HttpStatus; | ||||
| import org.springframework.http.ResponseEntity; | ||||
| import org.springframework.http.converter.json.MappingJacksonValue; | ||||
| import org.springframework.web.bind.annotation.*; | ||||
| 
 | ||||
| @ -19,6 +21,7 @@ import java.util.List; | ||||
| import java.util.Map; | ||||
| import java.util.concurrent.TimeUnit; | ||||
| 
 | ||||
| import static org.owasp.webgoat.plugin.Flag.FLAGS; | ||||
| import static org.owasp.webgoat.plugin.SolutionConstants.JWT_PASSWORD; | ||||
| 
 | ||||
| /** | ||||
| @ -27,7 +30,9 @@ import static org.owasp.webgoat.plugin.SolutionConstants.JWT_PASSWORD; | ||||
|  */ | ||||
| @RestController | ||||
| @RequestMapping("/votings") | ||||
| public class Votings { | ||||
| public class Votes { | ||||
| 
 | ||||
|     private static String validUsers = "TomJerrySylvester"; | ||||
| 
 | ||||
|     @AllArgsConstructor | ||||
|     @Getter | ||||
| @ -43,45 +48,64 @@ public class Votings { | ||||
|         @JsonView(Views.UserView.class) | ||||
|         private int numberOfVotes; | ||||
|         @JsonView(Views.AdminView.class) | ||||
|         private String flag; | ||||
|         private String flag = FLAGS.get(5); | ||||
|         @JsonView(Views.UserView.class) | ||||
|         private boolean votingAllowed; | ||||
|     } | ||||
| 
 | ||||
|     private int totalVotes = 38929; | ||||
|     private List votings = Lists.newArrayList( | ||||
|     private List votes = Lists.newArrayList( | ||||
|             new Voting("Admin lost password", | ||||
|                     "In this challenge you will need to help the admin and find the password in order to login", | ||||
|                     "challenge1-small.png", "challenge1.png", 14242, null), | ||||
|                     "challenge1-small.png", "challenge1.png", 14242, FLAGS.get(5), true), | ||||
|             new Voting("Vote for your favourite", | ||||
|                     "In this challenge ...", | ||||
|                     "challenge5-small.png", "challenge5.png", 12345, null), | ||||
|                     "challenge5-small.png", "challenge5.png", 12345, FLAGS.get(5), true), | ||||
|             new Voting("Get is for free", | ||||
|                     "The objective for this challenge is to buy a Samsung phone for free.", | ||||
|                     "challenge2-small.png", "challenge2.png", 12342, null) | ||||
|                     "challenge2-small.png", "challenge2.png", 12342, FLAGS.get(5), true) | ||||
|     ); | ||||
| 
 | ||||
|     @GetMapping("/login") | ||||
|     @ResponseBody | ||||
|     @ResponseStatus(code = HttpStatus.OK) | ||||
|     public void login(@RequestParam("user") String user, HttpServletResponse response) { | ||||
|         Map<String, Object> claims = Maps.newHashMap(); | ||||
|         claims.put("admin", "false"); | ||||
|         claims.put("user", user); | ||||
|         String token = Jwts.builder() | ||||
|                 .setIssuedAt(new Date(System.currentTimeMillis() + TimeUnit.DAYS.toDays(10))) | ||||
|                 .setClaims(claims) | ||||
|                 .signWith(SignatureAlgorithm.HS512, JWT_PASSWORD) | ||||
|                 .compact(); | ||||
|         Cookie cookie = new Cookie("access_token", token); | ||||
|         response.addCookie(cookie); | ||||
|         if (validUsers.contains(user)) { | ||||
|             Map<String, Object> claims = Maps.newHashMap(); | ||||
|             claims.put("admin", "false"); | ||||
|             claims.put("user", user); | ||||
|             String token = Jwts.builder() | ||||
|                     .setIssuedAt(new Date(System.currentTimeMillis() + TimeUnit.DAYS.toDays(10))) | ||||
|                     .setClaims(claims) | ||||
|                     .signWith(SignatureAlgorithm.HS512, JWT_PASSWORD) | ||||
|                     .compact(); | ||||
|             Cookie cookie = new Cookie("access_token", token); | ||||
|             response.addCookie(cookie); | ||||
|             response.setStatus(HttpStatus.OK.value()); | ||||
|         } else { | ||||
|             Cookie cookie = new Cookie("access_token", ""); | ||||
|             response.addCookie(cookie); | ||||
|             response.setStatus(HttpStatus.UNAUTHORIZED.value()); | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     @GetMapping | ||||
|     public MappingJacksonValue getVotings(@CookieValue(value = "access_token", required = false) String accessToken) { | ||||
|         MappingJacksonValue value = new MappingJacksonValue(votings); | ||||
|         if (accessToken == null) { | ||||
|     public MappingJacksonValue getVotes(@CookieValue(value = "access_token", required = false) String accessToken) { | ||||
|         MappingJacksonValue value = new MappingJacksonValue(votes); | ||||
|         if (StringUtils.isEmpty(accessToken)) { | ||||
|             value.setSerializationView(Views.GuestView.class); | ||||
|         } else { | ||||
|             value.setSerializationView(Views.UserView.class); | ||||
|             try { | ||||
|                 Jwt jwt = Jwts.parser().parse(accessToken); | ||||
|                 Claims claims = (Claims) jwt.getBody(); | ||||
|                 String user = (String) claims.get("user"); | ||||
|                 boolean isAdmin = Boolean.valueOf((String) claims.get("admin")); | ||||
|                 if ("Guest".equals(user)) { | ||||
|                     value.setSerializationView(Views.GuestView.class); | ||||
|                 } else { | ||||
|                     value.setSerializationView(isAdmin ? Views.AdminView.class : Views.UserView.class); | ||||
|                 } | ||||
|             } catch (IllegalArgumentException e) { | ||||
|                 value.setSerializationView(Views.GuestView.class); | ||||
|             } | ||||
|         } | ||||
|         return value; | ||||
|     } | ||||
| @ -93,10 +117,4 @@ public class Votings { | ||||
|         totalVotes = totalVotes + 1; | ||||
|         //return | ||||
|     } | ||||
| 
 | ||||
|     @GetMapping("/flags") | ||||
|     @ResponseBody | ||||
|     public ResponseEntity<?> getFlagInformation(@CookieValue("access_token") String accessToken, HttpServletResponse response) { | ||||
|         return ResponseEntity.ok().build(); | ||||
|     } | ||||
| } | ||||
| @ -15,28 +15,31 @@ | ||||
|             <div class="row"> | ||||
|  | ||||
|                 <div class="well"> | ||||
|                     <div class="user-nav pull-right" id="user-and-info-nav" style="margin-right: 75px;"> | ||||
|                         <div class="dropdown" style="display:inline"> | ||||
|                             <button type="button" data-toggle="dropdown" class="btn btn-default dropdown-toggle" | ||||
|                                     id="user-menu"> | ||||
|                     <div class="pull-right"> | ||||
|                         <div class="dropdown"> | ||||
|                             <button type="button" data-toggle="dropdown" class="btn btn-default dropdown-toggle"> | ||||
|                                 <i class="fa fa-user"></i> <span class="caret"></span> | ||||
|                             </button> | ||||
|                             <ul class="dropdown-menu dropdown-menu-left"> | ||||
|                                 <li role="presentation"><a role="menuitem" tabindex="-1" th:text="Unknown">current</a></li> | ||||
|                                 <li role="presentation" class="divider"></li> | ||||
|                                 <li role="presentation"><a role="menuitem" tabindex="-1" th:onclick="'javascript:login(\'' + ${#authentication.name} + '\');'" | ||||
|                                                            th:text="${#authentication.name}">current</a></li> | ||||
|                                 <li role="presentation"><a role="menuitem" tabindex="-1" onclick="javascript:login('Tom')" | ||||
|                                 <li role="presentation"><a role="menuitem" tabindex="-1" | ||||
|                                                            onclick="javascript:login('Guest')" | ||||
|                                                            th:text="Guest">current</a></li> | ||||
|                                 <li role="presentation"><a role="menuitem" tabindex="-1" | ||||
|                                                            onclick="javascript:login('Tom')" | ||||
|                                                            th:text="Tom">current</a></li> | ||||
|                                 <li role="presentation"><a role="menuitem" tabindex="-1" onclick="javascript:login('Jerry')" | ||||
|                                 <li role="presentation"><a role="menuitem" tabindex="-1" | ||||
|                                                            onclick="javascript:login('Jerry')" | ||||
|                                                            th:text="Jerry">current</a></li> | ||||
|                                 <li role="presentation"><a role="menuitem" tabindex="-1" onclick="javascript:login('Sylvester')" | ||||
|                                 <li role="presentation"><a role="menuitem" tabindex="-1" | ||||
|                                                            onclick="javascript:login('Sylvester')" | ||||
|                                                            th:text="Sylvester">current</a></li> | ||||
|                             </ul> | ||||
|                         </div> | ||||
|                         <div> | ||||
|                             <p class="text-right">Welcome back, <b><span id="name"></span></b></p> | ||||
|                         </div> | ||||
|                     </div> | ||||
|  | ||||
|  | ||||
|                     <div> | ||||
|                         <h3>Vote for your favorite</h3> | ||||
|                     </div> | ||||
|  | ||||
| @ -1,16 +1,18 @@ | ||||
| $(document).ready(function () { | ||||
|     getVotings() | ||||
|     getVotings(); | ||||
|     login('Guest'); | ||||
| }) | ||||
|  | ||||
| function login(user) { | ||||
|     $("#name").text(user); | ||||
|     $.get("votings/login?user=" + user, function (result, status) { | ||||
|  | ||||
|     }) | ||||
|     }); | ||||
| } | ||||
|  | ||||
|  | ||||
| function getVotings() { | ||||
|     $.get("votings/", function (result, status) { | ||||
|  | ||||
|     }) | ||||
| } | ||||
|  | ||||
|  | ||||
		Reference in New Issue
	
	Block a user