Password reset link test condition more strict and move all WebWolf links to /WebWolf (#1645)

* better check on host and port for password reset and make context roots more flexible * spotless applied * removed hardcoded /WebGoat from js * removed hardcoded /WebGoat from js * fix spotless * fix scoreboard * upgrade WebWolf bootstrap version and icons and templates - part 1 * fixed more bootstrap 5 style issues and context path issues * organized WebSecurityConfig based on latest conventions and added basic support for oauth (more work needed) * spotless applied * added mock bean * requires updates to properties - commented for now * requires updates to properties - commented for now * oauth secrets through env values * user creation after oauth login * integration test against non default context paths * adjusted StartupMessage * add global model element username * conditionally show login oauth links * fixed WebWolf login --------- Co-authored-by: René Zubcevic <rene@Mac-mini-van-Rene.local>
2023-11-14 10:01:59 +01:00
parent 5a4974f3c2
commit d1e44bbc98
114 changed files with 2763 additions and 546 deletions
--- a/src/main/resources/lessons/xss/html/CrossSiteScripting.html
+++ b/src/main/resources/lessons/xss/html/CrossSiteScripting.html
@ -12,7 +12,7 @@
 		<div id="lessonContent">
 			<form class="attack-form" accept-charset="UNKNOWN"
 				  method="POST" name="form"
-				  action="/WebGoat/CrossSiteScripting/attack1">
+				  action="CrossSiteScripting/attack1">
 				<table>
 					<tr>
 						<td><input type="checkbox" name="checkboxAttack1"> The cookies are the same on each tab </td>
@ -46,7 +46,7 @@
 		<div id="lessonContent">
 			<form class="attack-form" accept-charset="UNKNOWN"
 				  method="GET" name="xss-5a"
-				  action="/WebGoat/CrossSiteScripting/attack5a">
+				  action="CrossSiteScripting/attack5a">
 				<center>
 					<h4>Shopping Cart</h4>
 				</center>
@ -133,7 +133,7 @@
 		<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
 		<form class="attack-form" accept-charset="UNKNOWN"
 			  method="POST" name="DOMTestRoute"
-			  action="/WebGoat/CrossSiteScripting/attack6a">
+			  action="CrossSiteScripting/attack6a">
 			<input name="DOMTestRoute" value="" type="TEXT" />
 			<input name="SubmitTestRoute" value="Submit" type="SUBMIT"/>
 		</form>
@ -148,7 +148,7 @@
 		<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
 		<form class="attack-form" accept-charset="UNKNOWN"
 			  method="POST" name="DOMFollowUp"
-			  action="/WebGoat/CrossSiteScripting/dom-follow-up">
+			  action="CrossSiteScripting/dom-follow-up">
 			<input name="successMessage" value="" type="TEXT" />
 			<input name="submitMessage" value="Submit" type="SUBMIT"/>
 		</form>
@ -168,7 +168,7 @@
 		<div class="container-fluid">
 			<form id="quiz-form" class="attack-form" accept-charset="UNKNOWN"
 				  method="POST" name="form"
-				  action="/WebGoat/CrossSiteScripting/quiz" role="form">
+				  action="CrossSiteScripting/quiz" role="form">
 				<div id="q_container"></div>
 				<br />
 				<input name="Quiz_solutions" value="Submit answers" type="SUBMIT"/>