Password reset link test condition more strict and move all WebWolf links to /WebWolf (#1645)

* better check on host and port for password reset and make context roots more flexible * spotless applied * removed hardcoded /WebGoat from js * removed hardcoded /WebGoat from js * fix spotless * fix scoreboard * upgrade WebWolf bootstrap version and icons and templates - part 1 * fixed more bootstrap 5 style issues and context path issues * organized WebSecurityConfig based on latest conventions and added basic support for oauth (more work needed) * spotless applied * added mock bean * requires updates to properties - commented for now * requires updates to properties - commented for now * oauth secrets through env values * user creation after oauth login * integration test against non default context paths * adjusted StartupMessage * add global model element username * conditionally show login oauth links * fixed WebWolf login --------- Co-authored-by: René Zubcevic <rene@Mac-mini-van-Rene.local>
2023-11-14 10:01:59 +01:00
parent 5a4974f3c2
commit d1e44bbc98
114 changed files with 2763 additions and 546 deletions
--- a/src/main/resources/lessons/csrf/html/CSRF.html
+++ b/src/main/resources/lessons/csrf/html/CSRF.html
@ -17,7 +17,7 @@
          method="POST" name="form1"
          target="_blank"
          successCallback=""
-          action="/WebGoat/csrf/basic-get-flag">
+          action="csrf/basic-get-flag">
        <input name="csrf" type="hidden" value="false"/>
        <input type="submit" name="submit"/>

@ -35,7 +35,7 @@
        <form class="attack-form" accept-charset="UNKNOWN" id="confirm-flag-1"
              method="POST" name="form2"
              successCallback=""
-              action="/WebGoat/csrf/confirm-flag-1">
+              action="csrf/confirm-flag-1">

            Confirm Flag Value:
            <input type="text" length="6" name="confirmFlagVal" value=""/>
@ -93,7 +93,7 @@
                            <form class="attack-form" accept-charset="UNKNOWN" id="csrf-review"
                                  method="POST" name="review-form"
                                  successCallback=""
-                                  action="/WebGoat/csrf/review">
+                                  action="csrf/review">
                                <input class="form-control" id="reviewText" name="reviewText" placeholder="Add a Review"
                                       type="text"/>
                                <input class="form-control" id="reviewStars" name="stars" type="text"/>
@ -146,7 +146,7 @@
                            <form class="attack-form" accept-charset="UNKNOWN" id="csrf-feedback"
                                  method="POST"
                                  prepareData="feedback"
-                                  action="/WebGoat/csrf/feedback/message"
+                                  action="csrf/feedback/message"
                                  contentType="application/json">
                                <div class="row">
                                    <div class="col-md-6">
@ -212,7 +212,7 @@
        </div>
        <form class="attack-form" accept-charset="UNKNOWN" id="confirm-flag-feedback"
              method="POST" name="form2"
-              action="/WebGoat/csrf/feedback">
+              action="csrf/feedback">

            Confirm Flag Value:
            <input type="text" length="6" name="confirmFlagVal" value=""/>
@ -236,7 +236,7 @@
        </div>
        <form class="attack-form" accept-charset="UNKNOWN" id="confirm-flag-login"
              method="POST" name="form2"
-              action="/WebGoat/csrf/login">
+              action="csrf/login">

            Press the button below when your are logged in as the other user<br/>