missing function level ac working again ... after VM implosion

2017-08-08 17:15:20 -06:00
parent 8df1d53471
commit b41751a55c
11 changed files with 269 additions and 75 deletions
--- a/webgoat-container/src/main/java/org/owasp/webgoat/controller/ListUsers.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/controller/ListUsers.java
@ -1,43 +0,0 @@
-package org.owasp.webgoat.controller;
-
-import com.sun.corba.se.spi.activation.EndPointInfo;
-import org.owasp.webgoat.assignments.*;
-import org.owasp.webgoat.session.UserSessionData;
-import org.owasp.webgoat.users.UserService;
-import org.owasp.webgoat.users.WebGoatUser;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.*;
-import org.springframework.web.servlet.ModelAndView;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-import java.io.IOException;
-import java.util.HashMap;
-import java.util.List;
-
-/**
- * Created by jason on 1/5/17.
- */
-
-@Controller
-public class ListUsers {
-
-    @Autowired
-    private UserService userService;
-
-    @RequestMapping(path = {"list_users", "/"}, method = {RequestMethod.GET,RequestMethod.POST})
-    public ModelAndView listUsers(HttpServletRequest request) {
-
-        ModelAndView model = new ModelAndView();
-        model.setViewName("list_users");
-        List<WebGoatUser> allUsers = userService.getAllUsers();
-        model.addObject("numUsers",allUsers.size());
-        model.addObject("allUsers",allUsers);
-
-        return model;
-    }
-
-}
--- a/webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java
@ -43,6 +43,7 @@ public class WebGoatUser implements UserDetails {
        this.role = role;
    }

+
    public void createUser() {
        this.user = new User(username, password, getAuthorities());
    }
@ -51,6 +52,18 @@ public class WebGoatUser implements UserDetails {
        return Collections.singleton(new SimpleGrantedAuthority(getRole()));
    }

+    public String getRole() {
+        return this.role;
+    }
+
+    public String getUsername() {
+        return this.username;
+    }
+
+    public String getPassword() {
+        return this.password;
+    }
+
    @Override
    public boolean isAccountNonExpired() {
        return this.user.isAccountNonExpired();
@ -70,6 +83,8 @@ public class WebGoatUser implements UserDetails {
    public boolean isEnabled() {
        return this.user.isEnabled();
    }
+
+
 }


--- a/webgoat-container/src/main/resources/templates/list_users.html
+++ b/webgoat-container/src/main/resources/templates/list_users.html
@ -123,8 +123,15 @@
    <section class="main-content-wrapper">
        <section id="main-content"> <!--ng-controller="goatLesson"-->
            <div id="lesson-page" class="pages">
-                TEST ... <span th:text="${numUsers}"> Users in WebGoat</span>
-                <div sec:authorize="hasAuthority('WEBGOAT_ADMIN')">Admin sees this ...
+                <span th:text="${numUsers}"> Users in WebGoat</span>
+                <!-- iterate over users below -->su
+                <div sec:authorize="hasAuthority('WEBGOAT_ADMIN')">
+                    <h3>WebGoat Users</h3>
+                    <div th:each="user : ${allUsers}">
+                        <span th:text="${user.username}" />
+                        <ul>Hash: <span th:text="${user.userHash}" /></ul>
+                        <ul>Admin: <span th:text="${user.admin}" /></ul>
+                    </div>
                </div>

                <div id="lesson-helps-wrapper" class="panel">