From ad00119b0d4a56f44a49d3d20eccb77978a363f8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=80ngel=20Oll=C3=A9=20Bl=C3=A1zquez?= <angel@olleb.com>
Date: Tue, 18 Jul 2023 00:12:44 +0200
Subject: [PATCH] Add Assignment7 Tests

---
 .../challenge7/Assignment7Test.java           | 99 +++++++++++++++++++
 .../challenges/challenge7/MD5Test.java        | 48 +++++++++
 2 files changed, 147 insertions(+)
 create mode 100644 src/test/java/org/owasp/webgoat/lessons/challenges/challenge7/Assignment7Test.java
 create mode 100644 src/test/java/org/owasp/webgoat/lessons/challenges/challenge7/MD5Test.java

diff --git a/src/test/java/org/owasp/webgoat/lessons/challenges/challenge7/Assignment7Test.java b/src/test/java/org/owasp/webgoat/lessons/challenges/challenge7/Assignment7Test.java
new file mode 100644
index 000000000..0cd7fa945
--- /dev/null
+++ b/src/test/java/org/owasp/webgoat/lessons/challenges/challenge7/Assignment7Test.java
@@ -0,0 +1,99 @@
+/*
+ * This file is part of WebGoat, an Open Web Application Security Project utility. For details, please see http://www.owasp.org/
+ *
+ * Copyright (c) 2002 - 2021 Bruce Mayhew
+ *
+ * This program is free software; you can redistribute it and/or modify it under the terms of the
+ * GNU General Public License as published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
+ * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along with this program; if
+ * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ *
+ * Getting Source
+ * ==============
+ *
+ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects.
+ */
+
+package org.owasp.webgoat.lessons.challenges.challenge7;
+
+import static org.hamcrest.Matchers.equalTo;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup;
+
+import org.hamcrest.CoreMatchers;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoExtension;
+import org.owasp.webgoat.container.assignments.AssignmentEndpointTest;
+import org.owasp.webgoat.lessons.challenges.Flags;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.HttpStatus;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.ResultActions;
+import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
+import org.springframework.web.client.RestTemplate;
+
+@ExtendWith(MockitoExtension.class)
+public class Assignment7Test extends AssignmentEndpointTest {
+  private MockMvc mockMvc;
+
+  private static final String CHALLENGE_PATH = "/challenge/7";
+  private static final String RESET_PASSWORD_PATH = CHALLENGE_PATH + "/reset-password";
+  private static final String GIT_PATH = CHALLENGE_PATH + "/.git";
+
+  @Mock private RestTemplate restTemplate;
+
+  @Value("${webwolf.mail.url}")
+  String webWolfMailURL;
+
+  @BeforeEach
+  void setup() {
+    Assignment7 assignment7 = new Assignment7(new Flags(), restTemplate, webWolfMailURL);
+    init(assignment7);
+    mockMvc = standaloneSetup(assignment7).build();
+  }
+
+  @Test
+  @DisplayName("Reset password test")
+  void resetPasswordTest() throws Exception {
+    ResultActions result =
+        mockMvc.perform(MockMvcRequestBuilders.get(RESET_PASSWORD_PATH + "/any"));
+    result.andExpect(status().is(equalTo(HttpStatus.I_AM_A_TEAPOT.value())));
+
+    result =
+        mockMvc.perform(
+            MockMvcRequestBuilders.get(
+                RESET_PASSWORD_PATH + "/" + Assignment7.ADMIN_PASSWORD_LINK));
+    result.andExpect(status().is(equalTo(HttpStatus.ACCEPTED.value())));
+  }
+
+  @Test
+  @DisplayName("Send password reset link test")
+  void sendPasswordResetLinkTest() throws Exception {
+    ResultActions result =
+        mockMvc.perform(
+            MockMvcRequestBuilders.post(CHALLENGE_PATH)
+                .param("email", "webgoat@webgoat-cloud.net"));
+    result.andExpect(status().isOk());
+    result.andExpect(jsonPath("$.lessonCompleted", CoreMatchers.is(true)));
+  }
+
+  @Test
+  @DisplayName("git test")
+  void gitTest() throws Exception {
+    ResultActions result = mockMvc.perform(MockMvcRequestBuilders.get(GIT_PATH));
+    result.andExpect(content().contentType("application/zip"));
+  }
+}
diff --git a/src/test/java/org/owasp/webgoat/lessons/challenges/challenge7/MD5Test.java b/src/test/java/org/owasp/webgoat/lessons/challenges/challenge7/MD5Test.java
new file mode 100644
index 000000000..aa99816b5
--- /dev/null
+++ b/src/test/java/org/owasp/webgoat/lessons/challenges/challenge7/MD5Test.java
@@ -0,0 +1,48 @@
+/*
+ * This file is part of WebGoat, an Open Web Application Security Project utility. For details, please see http://www.owasp.org/
+ *
+ * Copyright (c) 2002 - 2021 Bruce Mayhew
+ *
+ * This program is free software; you can redistribute it and/or modify it under the terms of the
+ * GNU General Public License as published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
+ * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along with this program; if
+ * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ *
+ * Getting Source
+ * ==============
+ *
+ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects.
+ */
+
+package org.owasp.webgoat.lessons.challenges.challenge7;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+import java.util.stream.Stream;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.Arguments;
+import org.junit.jupiter.params.provider.MethodSource;
+
+public class MD5Test {
+
+  @ParameterizedTest
+  @DisplayName("MD5 test")
+  @MethodSource("providedForMD5Values")
+  void testMD5(String in, String out) {
+    assertEquals(MD5.getHashString(in.getBytes()), out);
+  }
+
+  private static Stream<Arguments> providedForMD5Values() {
+    return Stream.of(
+        Arguments.of("", "d41d8cd98f00b204e9800998ecf8427e"),
+        Arguments.of("a string", "3a315533c0f34762e0c45e3d4e9d525c"));
+  }
+}