Password reset link test condition more strict and move all WebWolf links to /WebWolf (#1645)
* better check on host and port for password reset and make context roots more flexible * spotless applied * removed hardcoded /WebGoat from js * removed hardcoded /WebGoat from js * fix spotless * fix scoreboard * upgrade WebWolf bootstrap version and icons and templates - part 1 * fixed more bootstrap 5 style issues and context path issues * organized WebSecurityConfig based on latest conventions and added basic support for oauth (more work needed) * spotless applied * added mock bean * requires updates to properties - commented for now * requires updates to properties - commented for now * oauth secrets through env values * user creation after oauth login * integration test against non default context paths * adjusted StartupMessage * add global model element username * conditionally show login oauth links * fixed WebWolf login --------- Co-authored-by: René Zubcevic <rene@Mac-mini-van-Rene.local>
This commit is contained in:
René Zubcevic
GitHub
@ -34,6 +34,9 @@ package org.owasp.webgoat.container;
|
||||
import java.io.File;
|
||||
import org.owasp.webgoat.container.session.UserSessionData;
|
||||
import org.owasp.webgoat.container.session.WebSession;
|
||||
import org.owasp.webgoat.container.users.UserRepository;
|
||||
import org.owasp.webgoat.container.users.WebGoatUser;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
@ -42,6 +45,8 @@ import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.context.annotation.PropertySource;
|
||||
import org.springframework.context.annotation.Scope;
|
||||
import org.springframework.context.annotation.ScopedProxyMode;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
|
||||
import org.springframework.web.client.RestTemplate;
|
||||
|
||||
@Configuration
|
||||
@ -50,6 +55,8 @@ import org.springframework.web.client.RestTemplate;
|
||||
@EnableAutoConfiguration
|
||||
public class WebGoat {
|
||||
|
||||
@Autowired private UserRepository userRepository;
|
||||
|
||||
@Bean(name = "pluginTargetDirectory")
|
||||
public File pluginTargetDirectory(@Value("${webgoat.user.directory}") final String webgoatHome) {
|
||||
return new File(webgoatHome);
|
||||
@ -58,7 +65,14 @@ public class WebGoat {
|
||||
@Bean
|
||||
@Scope(value = "session", proxyMode = ScopedProxyMode.TARGET_CLASS)
|
||||
public WebSession webSession() {
|
||||
return new WebSession();
|
||||
WebGoatUser webGoatUser = null;
|
||||
Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
|
||||
if (principal instanceof WebGoatUser) {
|
||||
webGoatUser = (WebGoatUser) principal;
|
||||
} else if (principal instanceof DefaultOAuth2User) {
|
||||
webGoatUser = userRepository.findByUsername(((DefaultOAuth2User) principal).getName());
|
||||
}
|
||||
return new WebSession(webGoatUser);
|
||||
}
|
||||
|
||||
@Bean
|
||||
|
||||
Reference in New Issue
Block a user