Lesson completed message is now within js which makes it possible to show the Congratulation message after the CSRF link has been clicked.

Same as marking the lesson complete green checkbox
2016-03-27 17:46:06 +02:00 · 2016-03-27 17:46:06 +02:00 · b4cc27c761
commit b4cc27c761
parent 35bd866873
6 changed files with 70 additions and 63 deletions
--- a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonAdapter.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonAdapter.java
@ -250,7 +250,7 @@ public abstract class LessonAdapter extends AbstractLesson {
    protected Element makeSuccess(WebSession s) {
        getLessonTracker(s).setCompleted(true);

-        s.setMessage(getLabelManager().get("LessonCompleted"));
+        //s.setMessage(getLabelManager().get("LessonCompleted"));

        return (null);
    }
--- a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/RandomLessonAdapter.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/lessons/RandomLessonAdapter.java
@ -1,14 +1,15 @@

 package org.owasp.webgoat.lessons;

-import java.sql.Connection;
-import java.sql.SQLException;
 import org.owasp.webgoat.session.CreateDB;
 import org.owasp.webgoat.session.DatabaseUtilities;
 import org.owasp.webgoat.session.LessonTracker;
 import org.owasp.webgoat.session.RandomLessonTracker;
 import org.owasp.webgoat.session.WebSession;

+import java.sql.Connection;
+import java.sql.SQLException;
+

 /**
 * <p>Abstract RandomLessonAdapter class.</p>
@ -75,7 +76,7 @@ public abstract class RandomLessonAdapter extends LessonAdapter
        lt.setStageComplete(stage, true);
        if (lt.getCompleted())
        {
-            s.setMessage("Congratulations, you have completed this lab");
+            //s.setMessage("Congratulations, you have completed this lab");
        }
        else
        {
--- a/webgoat-container/src/main/java/org/owasp/webgoat/service/DummyService.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/service/DummyService.java
@ -1,57 +0,0 @@
-/***************************************************************************************************
- * 
- * 
- * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
- * please see http://www.owasp.org/
- * 
- * Copyright (c) 2002 - 20014 Bruce Mayhew
- * 
- * This program is free software; you can redistribute it and/or modify it under the terms of the
- * GNU General Public License as published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- * 
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
- * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- * 
- * You should have received a copy of the GNU General Public License along with this program; if
- * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
- * 
- * Getting Source ==============
- * 
- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
- * projects.
- * 
- */
-package org.owasp.webgoat.service;
-
-import java.util.ArrayList;
-import java.util.List;
-import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.ResponseBody;
-
-/**
- * <p>DummyService class.</p>
- *
- * @author rlawson
- * @version $Id: $Id
- */
-@Controller
-public class DummyService extends BaseService{
-
-    /**
-     * <p>firstNames.</p>
-     *
-     * @return a {@link java.util.List} object.
-     */
-    @RequestMapping(value = "/first.mvc", produces = "application/json")
-    public @ResponseBody
-    List<String> firstNames() {
-        List<String> test = new ArrayList<String>();
-        test.add("one");
-        test.add("two)");
-        return test;
-    }
-}
--- a/webgoat-container/src/main/java/org/owasp/webgoat/service/LessonCompletedService.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/service/LessonCompletedService.java
@ -0,0 +1,54 @@
+package org.owasp.webgoat.service;
+
+import com.google.common.collect.Maps;
+import org.owasp.webgoat.lessons.AbstractLesson;
+import org.owasp.webgoat.lessons.RandomLessonAdapter;
+import org.owasp.webgoat.lessons.model.LessonInfoModel;
+import org.owasp.webgoat.session.WebSession;
+import org.owasp.webgoat.util.LabelManager;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.ResponseBody;
+
+import javax.servlet.http.HttpSession;
+import java.util.Map;
+
+@Controller
+/**
+ * <p>LessonCompletedService class.</p>
+ *
+ * @author webgoat
+ */
+public class LessonCompletedService extends BaseService {
+
+    private static final Logger logger = LoggerFactory.getLogger(LessonMenuService.class);
+    private LabelManager labelManager;
+
+    @Autowired
+    public LessonCompletedService(final LabelManager labelManager) {
+        this.labelManager = labelManager;
+    }
+
+    /**
+     * <p>getLessonCompletedService.</p>
+     *
+     * @param session a {@link HttpSession} object.
+     * @return a {@link LessonInfoModel} object.
+     */
+    @RequestMapping(value = "/lessoncompleted.mvc", produces = "application/json")
+    @ResponseBody
+    public Map getLessonInfo(HttpSession session) {
+        WebSession webSession = getWebSession(session);
+        AbstractLesson lesson = webSession.getCurrentLesson();
+        boolean lessonCompleted = lesson.isCompleted(webSession);
+        String successMessage = lesson instanceof RandomLessonAdapter ? "Congratulations, you have completed this lab" : labelManager
+                .get("LessonCompleted");
+        Map json = Maps.newHashMap();
+        json.put("lessonCompleted", lessonCompleted);
+        json.put("successMessage", successMessage);
+        return json;
+    }
+}
--- a/webgoat-container/src/main/webapp/WEB-INF/pages/main_new.jsp
+++ b/webgoat-container/src/main/webapp/WEB-INF/pages/main_new.jsp
@ -121,6 +121,7 @@
                                </div>
                            </div>
                            <div class="col-md-12" align="left">
+                                <div id="completedMessage" class="info"></div>
                                <div id="lesson-content-wrapper" class="panel">

                                </div>
--- a/webgoat-container/src/main/webapp/js/goatApp/controller/LessonController.js
+++ b/webgoat-container/src/main/webapp/js/goatApp/controller/LessonController.js
@ -15,7 +15,9 @@ define(['jquery',
    'goatApp/view/UserAndInfoView',
    'goatApp/view/MenuButtonView',
    'goatApp/model/LessonInfoModel',
-    'goatApp/view/TitleView'
+    'goatApp/view/TitleView',
+    'goatApp/model/LessonCompletedModel',
+    'goatApp/view/LessonCompletedView'
    ], 
    function($,
        _,
@ -34,13 +36,18 @@ define(['jquery',
        UserAndInfoView,
        MenuButtonView,
        LessonInfoModel,
-        TitleView
+        TitleView,
+        LessonCompletedModel,
+        LessonCompletedView
+
    ) {
        'use strict'
        
        
        var Controller = function(options) {
            this.lessonContent = new LessonContentModel();
+            this.lessonCompletedModel = new LessonCompletedModel();
+            this.lessonCompletedView = new LessonCompletedView(this.lessonCompletedModel);
            this.lessonView = options.lessonView;

            _.extend(Controller.prototype,Backbone.Events);
@ -127,6 +134,7 @@ define(['jquery',
                    $('.lesson-help').hide();
                }
                this.trigger('menu:reload');
+                this.lessonCompletedModel.completed();
            };

            this.addCurHelpState = function (curHelp) {