From b4cc27c761c83e0620b08d096466b9505949b478 Mon Sep 17 00:00:00 2001
From: Nanne Baars <nbaars@xebia.com>
Date: Sun, 27 Mar 2016 17:46:06 +0200
Subject: [PATCH] Lesson completed message is now within js which makes it
 possible to show the Congratulation message after the CSRF link has been
 clicked. Same as marking the lesson complete green checkbox

---
 .../owasp/webgoat/lessons/LessonAdapter.java  |  2 +-
 .../webgoat/lessons/RandomLessonAdapter.java  |  7 ++-
 .../owasp/webgoat/service/DummyService.java   | 57 -------------------
 .../service/LessonCompletedService.java       | 54 ++++++++++++++++++
 .../main/webapp/WEB-INF/pages/main_new.jsp    |  1 +
 .../js/goatApp/controller/LessonController.js | 12 +++-
 6 files changed, 70 insertions(+), 63 deletions(-)
 delete mode 100644 webgoat-container/src/main/java/org/owasp/webgoat/service/DummyService.java
 create mode 100644 webgoat-container/src/main/java/org/owasp/webgoat/service/LessonCompletedService.java

diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonAdapter.java b/webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonAdapter.java
index 2f3bf9d11..cf64c520b 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonAdapter.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonAdapter.java
@@ -250,7 +250,7 @@ public abstract class LessonAdapter extends AbstractLesson {
     protected Element makeSuccess(WebSession s) {
         getLessonTracker(s).setCompleted(true);
 
-        s.setMessage(getLabelManager().get("LessonCompleted"));
+        //s.setMessage(getLabelManager().get("LessonCompleted"));
 
         return (null);
     }
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/RandomLessonAdapter.java b/webgoat-container/src/main/java/org/owasp/webgoat/lessons/RandomLessonAdapter.java
index 97f222fb2..e4a815f1c 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/RandomLessonAdapter.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/lessons/RandomLessonAdapter.java
@@ -1,14 +1,15 @@
 
 package org.owasp.webgoat.lessons;
 
-import java.sql.Connection;
-import java.sql.SQLException;
 import org.owasp.webgoat.session.CreateDB;
 import org.owasp.webgoat.session.DatabaseUtilities;
 import org.owasp.webgoat.session.LessonTracker;
 import org.owasp.webgoat.session.RandomLessonTracker;
 import org.owasp.webgoat.session.WebSession;
 
+import java.sql.Connection;
+import java.sql.SQLException;
+
 
 /**
  * <p>Abstract RandomLessonAdapter class.</p>
@@ -75,7 +76,7 @@ public abstract class RandomLessonAdapter extends LessonAdapter
         lt.setStageComplete(stage, true);
         if (lt.getCompleted())
         {
-            s.setMessage("Congratulations, you have completed this lab");
+            //s.setMessage("Congratulations, you have completed this lab");
         }
         else
         {
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/service/DummyService.java b/webgoat-container/src/main/java/org/owasp/webgoat/service/DummyService.java
deleted file mode 100644
index 61dfaba8a..000000000
--- a/webgoat-container/src/main/java/org/owasp/webgoat/service/DummyService.java
+++ /dev/null
@@ -1,57 +0,0 @@
-/***************************************************************************************************
- * 
- * 
- * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
- * please see http://www.owasp.org/
- * 
- * Copyright (c) 2002 - 20014 Bruce Mayhew
- * 
- * This program is free software; you can redistribute it and/or modify it under the terms of the
- * GNU General Public License as published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- * 
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
- * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- * 
- * You should have received a copy of the GNU General Public License along with this program; if
- * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
- * 
- * Getting Source ==============
- * 
- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
- * projects.
- * 
- */
-package org.owasp.webgoat.service;
-
-import java.util.ArrayList;
-import java.util.List;
-import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.ResponseBody;
-
-/**
- * <p>DummyService class.</p>
- *
- * @author rlawson
- * @version $Id: $Id
- */
-@Controller
-public class DummyService extends BaseService{
-
-    /**
-     * <p>firstNames.</p>
-     *
-     * @return a {@link java.util.List} object.
-     */
-    @RequestMapping(value = "/first.mvc", produces = "application/json")
-    public @ResponseBody
-    List<String> firstNames() {
-        List<String> test = new ArrayList<String>();
-        test.add("one");
-        test.add("two)");
-        return test;
-    }
-}
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/service/LessonCompletedService.java b/webgoat-container/src/main/java/org/owasp/webgoat/service/LessonCompletedService.java
new file mode 100644
index 000000000..668cddd5e
--- /dev/null
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/service/LessonCompletedService.java
@@ -0,0 +1,54 @@
+package org.owasp.webgoat.service;
+
+import com.google.common.collect.Maps;
+import org.owasp.webgoat.lessons.AbstractLesson;
+import org.owasp.webgoat.lessons.RandomLessonAdapter;
+import org.owasp.webgoat.lessons.model.LessonInfoModel;
+import org.owasp.webgoat.session.WebSession;
+import org.owasp.webgoat.util.LabelManager;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.ResponseBody;
+
+import javax.servlet.http.HttpSession;
+import java.util.Map;
+
+@Controller
+/**
+ * <p>LessonCompletedService class.</p>
+ *
+ * @author webgoat
+ */
+public class LessonCompletedService extends BaseService {
+
+    private static final Logger logger = LoggerFactory.getLogger(LessonMenuService.class);
+    private LabelManager labelManager;
+
+    @Autowired
+    public LessonCompletedService(final LabelManager labelManager) {
+        this.labelManager = labelManager;
+    }
+
+    /**
+     * <p>getLessonCompletedService.</p>
+     *
+     * @param session a {@link HttpSession} object.
+     * @return a {@link LessonInfoModel} object.
+     */
+    @RequestMapping(value = "/lessoncompleted.mvc", produces = "application/json")
+    @ResponseBody
+    public Map getLessonInfo(HttpSession session) {
+        WebSession webSession = getWebSession(session);
+        AbstractLesson lesson = webSession.getCurrentLesson();
+        boolean lessonCompleted = lesson.isCompleted(webSession);
+        String successMessage = lesson instanceof RandomLessonAdapter ? "Congratulations, you have completed this lab" : labelManager
+                .get("LessonCompleted");
+        Map json = Maps.newHashMap();
+        json.put("lessonCompleted", lessonCompleted);
+        json.put("successMessage", successMessage);
+        return json;
+    }
+}
diff --git a/webgoat-container/src/main/webapp/WEB-INF/pages/main_new.jsp b/webgoat-container/src/main/webapp/WEB-INF/pages/main_new.jsp
index 990737a3e..8065739c3 100644
--- a/webgoat-container/src/main/webapp/WEB-INF/pages/main_new.jsp
+++ b/webgoat-container/src/main/webapp/WEB-INF/pages/main_new.jsp
@@ -121,6 +121,7 @@
                                 </div>
                             </div>
                             <div class="col-md-12" align="left">
+                                <div id="completedMessage" class="info"></div>
                                 <div id="lesson-content-wrapper" class="panel">
 
                                 </div>
diff --git a/webgoat-container/src/main/webapp/js/goatApp/controller/LessonController.js b/webgoat-container/src/main/webapp/js/goatApp/controller/LessonController.js
index 43964bbe4..2d664d63c 100644
--- a/webgoat-container/src/main/webapp/js/goatApp/controller/LessonController.js
+++ b/webgoat-container/src/main/webapp/js/goatApp/controller/LessonController.js
@@ -15,7 +15,9 @@ define(['jquery',
     'goatApp/view/UserAndInfoView',
     'goatApp/view/MenuButtonView',
     'goatApp/model/LessonInfoModel',
-    'goatApp/view/TitleView'
+    'goatApp/view/TitleView',
+    'goatApp/model/LessonCompletedModel',
+    'goatApp/view/LessonCompletedView'
     ], 
     function($,
         _,
@@ -34,13 +36,18 @@ define(['jquery',
         UserAndInfoView,
         MenuButtonView,
         LessonInfoModel,
-        TitleView
+        TitleView,
+        LessonCompletedModel,
+        LessonCompletedView
+
     ) {
         'use strict'
         
         
         var Controller = function(options) {
             this.lessonContent = new LessonContentModel();
+            this.lessonCompletedModel = new LessonCompletedModel();
+            this.lessonCompletedView = new LessonCompletedView(this.lessonCompletedModel);
             this.lessonView = options.lessonView;
 
             _.extend(Controller.prototype,Backbone.Events);
@@ -127,6 +134,7 @@ define(['jquery',
                     $('.lesson-help').hide();
                 }
                 this.trigger('menu:reload');
+                this.lessonCompletedModel.completed();
             };
 
             this.addCurHelpState = function (curHelp) {