From d08a56d351ddc221e5916c976e44840a03ef32b7 Mon Sep 17 00:00:00 2001
From: Nanne Baars <nanne.baars@owasp.org>
Date: Sat, 26 Oct 2024 12:06:30 +0200
Subject: [PATCH] chore: add test for solving same lesson as different user.
 (#1930)

We removed the constraint but did not add an extra testcase to cover this bug.

Closes: #1890
---
 .../owasp/webgoat/GeneralLessonIntegrationTest.java    | 10 ++++++++++
 src/it/java/org/owasp/webgoat/IntegrationTest.java     |  4 ++++
 2 files changed, 14 insertions(+)

diff --git a/src/it/java/org/owasp/webgoat/GeneralLessonIntegrationTest.java b/src/it/java/org/owasp/webgoat/GeneralLessonIntegrationTest.java
index 7fe44dc5d..db8557dad 100644
--- a/src/it/java/org/owasp/webgoat/GeneralLessonIntegrationTest.java
+++ b/src/it/java/org/owasp/webgoat/GeneralLessonIntegrationTest.java
@@ -34,6 +34,16 @@ public class GeneralLessonIntegrationTest extends IntegrationTest {
     checkResults("HttpBasics");
   }
 
+  @Test
+  public void solveAsOtherUserHttpBasics() {
+    login("steven");
+    startLesson("HttpBasics");
+    Map<String, Object> params = new HashMap<>();
+    params.clear();
+    params.put("person", "goatuser");
+    checkAssignment(url("HttpBasics/attack1"), params, true);
+  }
+
   @Test
   public void httpProxies() {
     startLesson("HttpProxies");
diff --git a/src/it/java/org/owasp/webgoat/IntegrationTest.java b/src/it/java/org/owasp/webgoat/IntegrationTest.java
index e59ad6c9c..e115dc8bc 100644
--- a/src/it/java/org/owasp/webgoat/IntegrationTest.java
+++ b/src/it/java/org/owasp/webgoat/IntegrationTest.java
@@ -86,6 +86,10 @@ public abstract class IntegrationTest {
 
   @BeforeEach
   public void login() {
+    login("webgoat");
+  }
+
+  protected void login(String user) {
     String location =
         given()
             .when()