Removed Mongodb, so we do not have issues with downloading the embedded Mongodb. Moved back to JPA and use HSQLDB for storing user information.
This commit is contained in:
		| @ -36,16 +36,6 @@ | ||||
|  | ||||
|     </profiles> | ||||
|  | ||||
|     <dependencyManagement> | ||||
|         <dependencies> | ||||
|             <dependency> | ||||
|                 <groupId>de.flapdoodle.embed</groupId> | ||||
|                 <artifactId>de.flapdoodle.embed.mongo</artifactId> | ||||
|                 <version>2.0.0</version> | ||||
|             </dependency> | ||||
|         </dependencies> | ||||
|     </dependencyManagement> | ||||
|  | ||||
|     <build> | ||||
|         <resources> | ||||
|             <resource> | ||||
| @ -127,7 +117,7 @@ | ||||
|         </dependency> | ||||
|         <dependency> | ||||
|             <groupId>org.springframework.boot</groupId> | ||||
|             <artifactId>spring-boot-starter-data-mongodb</artifactId> | ||||
|             <artifactId>spring-boot-starter-data-jpa</artifactId> | ||||
|         </dependency> | ||||
|         <dependency> | ||||
|             <groupId>org.apache.commons</groupId> | ||||
| @ -202,12 +192,6 @@ | ||||
|             <version>${junit.version}</version> | ||||
|             <type>jar</type> | ||||
|         </dependency> | ||||
|         <dependency> | ||||
|             <groupId>com.github.fakemongo</groupId> | ||||
|             <artifactId>fongo</artifactId> | ||||
|             <version>2.1.0</version> | ||||
|             <scope>test</scope> | ||||
|         </dependency> | ||||
|         <!-- ************* END: Dependencies for Unit and Integration Testing ************** --> | ||||
|         <!-- ************* END: <dependencies> ************** --> | ||||
|     </dependencies> | ||||
|  | ||||
| @ -23,11 +23,5 @@ public class CleanupLocalProgressFiles { | ||||
|  | ||||
|     @PostConstruct | ||||
|     public void clean() { | ||||
|         File dir = new File(webgoatHome); | ||||
|         //do it safe, check whether the subdir mongodb is available as subdirectory | ||||
|         File[] mongoDir = dir.listFiles(f -> f.isDirectory() && f.getName().contains("mongodb")); | ||||
|         if (mongoDir != null && mongoDir.length == 1) { | ||||
|             FileSystemUtils.deleteRecursively(dir); | ||||
|         } | ||||
|     } | ||||
| } | ||||
|  | ||||
| @ -2,6 +2,10 @@ package org.owasp.webgoat.lessons; | ||||
|  | ||||
| import lombok.*; | ||||
|  | ||||
| import javax.persistence.Entity; | ||||
| import javax.persistence.Id; | ||||
| import javax.persistence.OneToMany; | ||||
| import javax.persistence.Transient; | ||||
| import java.util.List; | ||||
|  | ||||
| /** | ||||
| @ -38,11 +42,14 @@ import java.util.List; | ||||
| @NoArgsConstructor | ||||
| @Getter | ||||
| @EqualsAndHashCode | ||||
| @Entity | ||||
| public class Assignment { | ||||
|     @NonNull | ||||
|     @Id | ||||
|     private String name; | ||||
|     @NonNull | ||||
|     private String path; | ||||
|     @Transient | ||||
|     private List<String> hints; | ||||
|  | ||||
| } | ||||
|  | ||||
| @ -7,6 +7,7 @@ import lombok.Getter; | ||||
| import org.owasp.webgoat.lessons.AbstractLesson; | ||||
| import org.owasp.webgoat.lessons.Assignment; | ||||
|  | ||||
| import javax.persistence.*; | ||||
| import java.util.List; | ||||
| import java.util.Map; | ||||
| import java.util.Optional; | ||||
| @ -44,16 +45,20 @@ import java.util.stream.Collectors; | ||||
|  * @version $Id: $Id | ||||
|  * @since October 29, 2003 | ||||
|  */ | ||||
| @Entity | ||||
| public class LessonTracker { | ||||
|     @Getter | ||||
|     @Id | ||||
|     private String lessonName; | ||||
|     @OneToMany(cascade = CascadeType.ALL, fetch = FetchType.EAGER) | ||||
|     private final Set<Assignment> solvedAssignments = Sets.newHashSet(); | ||||
|     @OneToMany(cascade = CascadeType.ALL, fetch = FetchType.EAGER) | ||||
|     private final List<Assignment> allAssignments = Lists.newArrayList(); | ||||
|     @Getter | ||||
|     private int numberOfAttempts = 0; | ||||
|  | ||||
|     protected LessonTracker() { | ||||
|         //Mongo | ||||
|     private LessonTracker() { | ||||
|         //JPA | ||||
|     } | ||||
|  | ||||
|     public LessonTracker(AbstractLesson lesson) { | ||||
|  | ||||
| @ -1,6 +1,6 @@ | ||||
| package org.owasp.webgoat.users; | ||||
|  | ||||
| import org.springframework.data.mongodb.repository.MongoRepository; | ||||
| import org.springframework.data.jpa.repository.JpaRepository; | ||||
|  | ||||
| import java.util.List; | ||||
|  | ||||
| @ -8,7 +8,7 @@ import java.util.List; | ||||
|  * @author nbaars | ||||
|  * @since 3/19/17. | ||||
|  */ | ||||
| public interface UserRepository extends MongoRepository<WebGoatUser, String> { | ||||
| public interface UserRepository extends JpaRepository<WebGoatUser, String> { | ||||
|  | ||||
|     WebGoatUser findByUsername(String username); | ||||
|  | ||||
|  | ||||
| @ -5,8 +5,8 @@ import com.google.common.collect.Lists; | ||||
| import lombok.extern.slf4j.Slf4j; | ||||
| import org.owasp.webgoat.lessons.AbstractLesson; | ||||
| import org.owasp.webgoat.lessons.Assignment; | ||||
| import org.springframework.data.annotation.Id; | ||||
|  | ||||
| import javax.persistence.*; | ||||
| import java.util.List; | ||||
| import java.util.Map; | ||||
| import java.util.Optional; | ||||
| @ -44,12 +44,16 @@ import java.util.stream.Collectors; | ||||
|  * @since October 29, 2003 | ||||
|  */ | ||||
| @Slf4j | ||||
| @Entity | ||||
| public class UserTracker { | ||||
|  | ||||
|     @Id | ||||
|     private final String user; | ||||
|     private String user; | ||||
|     @OneToMany(cascade = CascadeType.ALL, fetch = FetchType.EAGER) | ||||
|     private List<LessonTracker> lessonTrackers = Lists.newArrayList(); | ||||
|  | ||||
|     private UserTracker() {} | ||||
|  | ||||
|     public UserTracker(final String user) { | ||||
|         this.user = user; | ||||
|     } | ||||
|  | ||||
| @ -1,12 +1,12 @@ | ||||
| package org.owasp.webgoat.users; | ||||
|  | ||||
| import org.springframework.data.mongodb.repository.MongoRepository; | ||||
| import org.springframework.data.jpa.repository.JpaRepository; | ||||
|  | ||||
| /** | ||||
|  * @author nbaars | ||||
|  * @since 4/30/17. | ||||
|  */ | ||||
| public interface UserTrackerRepository extends MongoRepository<UserTracker, String> { | ||||
| public interface UserTrackerRepository extends JpaRepository<UserTracker, String> { | ||||
|  | ||||
|  | ||||
| } | ||||
|  | ||||
| @ -1,13 +1,14 @@ | ||||
| package org.owasp.webgoat.users; | ||||
|  | ||||
| import lombok.Getter; | ||||
| import org.springframework.data.annotation.Id; | ||||
| import org.springframework.data.annotation.Transient; | ||||
| import org.springframework.security.core.GrantedAuthority; | ||||
| import org.springframework.security.core.authority.SimpleGrantedAuthority; | ||||
| import org.springframework.security.core.userdetails.User; | ||||
| import org.springframework.security.core.userdetails.UserDetails; | ||||
|  | ||||
| import javax.persistence.Entity; | ||||
| import javax.persistence.Id; | ||||
| import javax.persistence.Transient; | ||||
| import java.util.Collection; | ||||
| import java.util.Collections; | ||||
|  | ||||
| @ -16,6 +17,7 @@ import java.util.Collections; | ||||
|  * @since 3/19/17. | ||||
|  */ | ||||
| @Getter | ||||
| @Entity | ||||
| public class WebGoatUser implements UserDetails { | ||||
|  | ||||
|     public static final String ROLE_USER = "WEBGOAT_USER"; | ||||
|  | ||||
| @ -4,6 +4,9 @@ server.session.timeout=600 | ||||
| server.contextPath=/WebGoat | ||||
| server.port=8080 | ||||
|  | ||||
| spring.datasource.url=jdbc:hsqldb:file:${webgoat.server.directory}/data/webgoat | ||||
| spring.jpa.hibernate.ddl-auto=update | ||||
|  | ||||
|  | ||||
| logging.level.org.springframework=WARN | ||||
| logging.level.org.springframework.boot.devtools=WARN | ||||
| @ -28,7 +31,6 @@ webgoat.feedback.address.html=<A HREF=mailto:webgoat@owasp.org>webgoat@owasp.org | ||||
| webgoat.database.driver=org.hsqldb.jdbcDriver | ||||
| webgoat.database.connection.string=jdbc:hsqldb:mem:{USER} | ||||
| webgoat.default.language=en | ||||
| webgoat.embedded.mongo=${WG_INTERNAL_MONGO:true} | ||||
|  | ||||
| webwolf.host=${WEBWOLF_HOST:localhost} | ||||
| webwolf.port=${WEBWOLF_PORT:8081} | ||||
| @ -39,10 +41,5 @@ webwolf.url.mail=http://${webwolf.host}:${webwolf.port}/mail | ||||
| spring.jackson.serialization.indent_output=true | ||||
| spring.jackson.serialization.write-dates-as-timestamps=false | ||||
|  | ||||
| spring.data.mongodb.host=${WG_MONGO_HOST:localhost} | ||||
| spring.data.mongodb.port=${WG_MONGO_PORT:27017} | ||||
| spring.data.mongodb.database=webgoat | ||||
| spring.mongodb.embedded.storage.databaseDir=${webgoat.user.directory}/mongodb/ | ||||
|  | ||||
| #For static file refresh ... and faster dev :D | ||||
| spring.devtools.restart.additional-paths=webgoat-container/src/main/resources/static/js,webgoat-container/src/main/resources/static/css | ||||
|  | ||||
| @ -1,23 +0,0 @@ | ||||
| package org.owasp.webgoat.plugins; | ||||
|  | ||||
| import com.github.fakemongo.Fongo; | ||||
| import com.mongodb.MongoClient; | ||||
| import org.springframework.context.annotation.Configuration; | ||||
| import org.springframework.data.mongodb.config.AbstractMongoConfiguration; | ||||
|  | ||||
| /** | ||||
|  * Using Fongo for embedded in memory MongoDB testing | ||||
|  */ | ||||
| @Configuration | ||||
| public class TestConfig extends AbstractMongoConfiguration { | ||||
|  | ||||
|     @Override | ||||
|     protected String getDatabaseName() { | ||||
|         return "test"; | ||||
|     } | ||||
|  | ||||
|     @Override | ||||
|     public MongoClient mongo() throws Exception { | ||||
|         return new Fongo(getDatabaseName()).getMongo(); | ||||
|     } | ||||
| } | ||||
| @ -0,0 +1,29 @@ | ||||
| package org.owasp.webgoat.users; | ||||
|  | ||||
| import org.assertj.core.api.Assertions; | ||||
| import org.junit.Test; | ||||
| import org.junit.runner.RunWith; | ||||
| import org.springframework.beans.factory.annotation.Autowired; | ||||
| import org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest; | ||||
| import org.springframework.test.context.junit4.SpringRunner; | ||||
|  | ||||
| @DataJpaTest | ||||
| @RunWith(SpringRunner.class) | ||||
| public class UserRepositoryTest { | ||||
|  | ||||
|     @Autowired | ||||
|     private UserRepository userRepository; | ||||
|  | ||||
|     @Test | ||||
|     public void userShouldBeSaved() { | ||||
|         WebGoatUser user = new WebGoatUser("test", "password"); | ||||
|         userRepository.saveAndFlush(user); | ||||
|  | ||||
|         user = userRepository.findByUsername("test"); | ||||
|  | ||||
|         Assertions.assertThat(user.getUsername()).isEqualTo("test"); | ||||
|         Assertions.assertThat(user.getPassword()).isEqualTo("password"); | ||||
|     } | ||||
|  | ||||
|  | ||||
| } | ||||
| @ -0,0 +1,101 @@ | ||||
| package org.owasp.webgoat.users; | ||||
|  | ||||
| import org.assertj.core.api.Assertions; | ||||
| import org.assertj.core.util.Lists; | ||||
| import org.junit.Test; | ||||
| import org.junit.runner.RunWith; | ||||
| import org.owasp.webgoat.lessons.Assignment; | ||||
| import org.owasp.webgoat.lessons.Category; | ||||
| import org.owasp.webgoat.lessons.NewLesson; | ||||
| import org.springframework.beans.factory.annotation.Autowired; | ||||
| import org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest; | ||||
| import org.springframework.test.context.junit4.SpringRunner; | ||||
|  | ||||
| import java.util.List; | ||||
|  | ||||
| @DataJpaTest | ||||
| @RunWith(SpringRunner.class) | ||||
| public class UserTrackerRepositoryTest { | ||||
|  | ||||
|     private class TestLesson extends NewLesson { | ||||
|  | ||||
|         @Override | ||||
|         public Category getDefaultCategory() { | ||||
|             return Category.AJAX_SECURITY; | ||||
|         } | ||||
|  | ||||
|         @Override | ||||
|         public List<String> getHints() { | ||||
|             return Lists.newArrayList(); | ||||
|         } | ||||
|  | ||||
|         @Override | ||||
|         public Integer getDefaultRanking() { | ||||
|             return 12; | ||||
|         } | ||||
|  | ||||
|         @Override | ||||
|         public String getTitle() { | ||||
|             return "test"; | ||||
|         } | ||||
|  | ||||
|         @Override | ||||
|         public String getId() { | ||||
|             return "test"; | ||||
|         } | ||||
|  | ||||
|         @Override | ||||
|         public List<Assignment> getAssignments() { | ||||
|             Assignment assignment = new Assignment("test", "test", Lists.newArrayList()); | ||||
|             return Lists.newArrayList(assignment); | ||||
|         } | ||||
|     } | ||||
|  | ||||
|     @Autowired | ||||
|     private UserTrackerRepository userTrackerRepository; | ||||
|  | ||||
|  | ||||
|     @Test | ||||
|     public void saveUserTracker() { | ||||
|         UserTracker userTracker = new UserTracker("test"); | ||||
|         LessonTracker lessonTracker = userTracker.getLessonTracker(new TestLesson()); | ||||
|  | ||||
|         userTrackerRepository.save(userTracker); | ||||
|  | ||||
|         userTracker = userTrackerRepository.findOne("test"); | ||||
|         Assertions.assertThat(userTracker.getLessonTracker("test")).isNotNull(); | ||||
|     } | ||||
|  | ||||
|     @Test | ||||
|     public void solvedAssignmentsShouldBeSaved() { | ||||
|         UserTracker userTracker = new UserTracker("test"); | ||||
|         TestLesson lesson = new TestLesson(); | ||||
|         userTracker.getLessonTracker(lesson); | ||||
|         userTracker.assignmentFailed(lesson); | ||||
|         userTracker.assignmentFailed(lesson); | ||||
|         userTracker.assignmentSolved(lesson, "test"); | ||||
|  | ||||
|         userTrackerRepository.saveAndFlush(userTracker); | ||||
|  | ||||
|         userTracker = userTrackerRepository.findOne("test"); | ||||
|         Assertions.assertThat(userTracker.numberOfAssignmentsSolved()).isEqualTo(1); | ||||
|     } | ||||
|  | ||||
|     @Test | ||||
|     public void saveAndLoadShouldHaveCorrectNumberOfAttemtps() { | ||||
|         UserTracker userTracker = new UserTracker("test"); | ||||
|         TestLesson lesson = new TestLesson(); | ||||
|         userTracker.getLessonTracker(lesson); | ||||
|         userTracker.assignmentFailed(lesson); | ||||
|         userTracker.assignmentFailed(lesson); | ||||
|         userTrackerRepository.saveAndFlush(userTracker); | ||||
|  | ||||
|         userTracker = userTrackerRepository.findOne("test"); | ||||
|         userTracker.assignmentFailed(lesson); | ||||
|         userTracker.assignmentFailed(lesson); | ||||
|         userTrackerRepository.saveAndFlush(userTracker); | ||||
|  | ||||
|         Assertions.assertThat(userTracker.getLessonTracker(lesson).getNumberOfAttempts()).isEqualTo(4); | ||||
|     } | ||||
|  | ||||
| } | ||||
| @ -1 +1,4 @@ | ||||
| webgoat.user.directory=${java.io.tmpdir} | ||||
| webgoat.user.directory=${java.io.tmpdir} | ||||
|  | ||||
| spring.datasource.url=jdbc:hsqldb:mem:test | ||||
| spring.jpa.hibernate.ddl-auto=create-drop | ||||
		Reference in New Issue
	
	Block a user