Password reset link test condition more strict and move all WebWolf links to /WebWolf (#1645)

* better check on host and port for password reset and make context roots more flexible * spotless applied * removed hardcoded /WebGoat from js * removed hardcoded /WebGoat from js * fix spotless * fix scoreboard * upgrade WebWolf bootstrap version and icons and templates - part 1 * fixed more bootstrap 5 style issues and context path issues * organized WebSecurityConfig based on latest conventions and added basic support for oauth (more work needed) * spotless applied * added mock bean * requires updates to properties - commented for now * requires updates to properties - commented for now * oauth secrets through env values * user creation after oauth login * integration test against non default context paths * adjusted StartupMessage * add global model element username * conditionally show login oauth links * fixed WebWolf login --------- Co-authored-by: René Zubcevic <rene@Mac-mini-van-Rene.local>
2023-11-14 10:01:59 +01:00
parent 5a4974f3c2
commit d1e44bbc98
114 changed files with 2763 additions and 546 deletions
--- a/src/it/java/org/owasp/webgoat/JWTLessonIntegrationTest.java
+++ b/src/it/java/org/owasp/webgoat/JWTLessonIntegrationTest.java
@ -88,7 +88,7 @@ public class JWTLessonIntegrationTest extends IntegrationTest {
            .relaxedHTTPSValidation()
            .cookie("JSESSIONID", getWebGoatCookie())
            .formParam("jwt-encode-user", "user")
-            .post(url("/WebGoat/JWT/decode"))
+            .post(url("JWT/decode"))
            .then()
            .statusCode(200)
            .extract()
@ -103,7 +103,7 @@ public class JWTLessonIntegrationTest extends IntegrationTest {
            .when()
            .relaxedHTTPSValidation()
            .cookie("JSESSIONID", getWebGoatCookie())
-            .get(url("/WebGoat/JWT/secret/gettoken"))
+            .get(url("JWT/secret/gettoken"))
            .then()
            .extract()
            .response()
@ -117,7 +117,7 @@ public class JWTLessonIntegrationTest extends IntegrationTest {
            .relaxedHTTPSValidation()
            .cookie("JSESSIONID", getWebGoatCookie())
            .formParam("token", generateToken(secret))
-            .post(url("/WebGoat/JWT/secret"))
+            .post(url("JWT/secret"))
            .then()
            .statusCode(200)
            .extract()
@ -131,7 +131,7 @@ public class JWTLessonIntegrationTest extends IntegrationTest {
            .when()
            .relaxedHTTPSValidation()
            .cookie("JSESSIONID", getWebGoatCookie())
-            .get(url("/WebGoat/JWT/votings/login?user=Tom"))
+            .get(url("JWT/votings/login?user=Tom"))
            .then()
            .extract()
            .cookie("access_token");
@ -164,7 +164,7 @@ public class JWTLessonIntegrationTest extends IntegrationTest {
            .relaxedHTTPSValidation()
            .cookie("JSESSIONID", getWebGoatCookie())
            .cookie("access_token", replacedToken)
-            .post(url("/WebGoat/JWT/votings"))
+            .post(url("JWT/votings"))
            .then()
            .statusCode(200)
            .extract()
@ -205,7 +205,7 @@ public class JWTLessonIntegrationTest extends IntegrationTest {
            .relaxedHTTPSValidation()
            .cookie("JSESSIONID", getWebGoatCookie())
            .header("Authorization", "Bearer " + replacedToken)
-            .post(url("/WebGoat/JWT/refresh/checkout"))
+            .post(url("JWT/refresh/checkout"))
            .then()
            .statusCode(200)
            .extract()
@ -238,7 +238,7 @@ public class JWTLessonIntegrationTest extends IntegrationTest {
            .when()
            .relaxedHTTPSValidation()
            .cookie("JSESSIONID", getWebGoatCookie())
-            .post(url("/WebGoat/JWT/kid/delete?token=" + token))
+            .post(url("JWT/kid/delete?token=" + token))
            .then()
            .statusCode(200)
            .extract()
@ -256,7 +256,7 @@ public class JWTLessonIntegrationTest extends IntegrationTest {
        .relaxedHTTPSValidation()
        .cookie("WEBWOLFSESSION", getWebWolfCookie())
        .multiPart("file", "jwks.json", jwks.toJson().getBytes())
-        .post(webWolfUrl("/fileupload"))
+        .post(webWolfUrl("fileupload"))
        .then()
        .extract()
        .response()
@ -285,7 +285,7 @@ public class JWTLessonIntegrationTest extends IntegrationTest {
            .when()
            .relaxedHTTPSValidation()
            .cookie("JSESSIONID", getWebGoatCookie())
-            .post(url("/WebGoat/JWT/jku/delete?token=" + token))
+            .post(url("JWT/jku/delete?token=" + token))
            .then()
            .statusCode(200)
            .extract()
@ -298,6 +298,6 @@ public class JWTLessonIntegrationTest extends IntegrationTest {
    params.put("question_0_solution", "Solution 1");
    params.put("question_1_solution", "Solution 2");

-    checkAssignment(url("/WebGoat/JWT/quiz"), params, true);
+    checkAssignment(url("JWT/quiz"), params, true);
  }
 }