From d496c929b3118875e35f822f46227901b0d10679 Mon Sep 17 00:00:00 2001 From: Nanne Baars Date: Tue, 23 Nov 2021 09:54:51 +0100 Subject: [PATCH] Use variables to check WebWolf host and port WebWolf can start on a different port, the assignment should take this into account and not check for a hardcoded value. Resolves: #1055 --- .../ResetLinkAssignmentForgotPassword.java | 27 ++++++++++--------- 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/ResetLinkAssignmentForgotPassword.java b/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/ResetLinkAssignmentForgotPassword.java index eaae33bdb..54b95b21e 100644 --- a/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/ResetLinkAssignmentForgotPassword.java +++ b/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/ResetLinkAssignmentForgotPassword.java @@ -37,8 +37,6 @@ import org.springframework.web.client.RestTemplate; import javax.servlet.http.HttpServletRequest; import java.util.UUID; -import static org.springframework.util.StringUtils.hasText; - /** * Part of the password reset assignment. Used to send the e-mail. * @@ -49,11 +47,17 @@ import static org.springframework.util.StringUtils.hasText; public class ResetLinkAssignmentForgotPassword extends AssignmentEndpoint { private final RestTemplate restTemplate; + private String webWolfHost; + private String webWolfPort; private final String webWolfMailURL; public ResetLinkAssignmentForgotPassword(RestTemplate restTemplate, + @Value("${webwolf.host}") String webWolfHost, + @Value("${webwolf.port}") String webWolfPort, @Value("${webwolf.mail.url}") String webWolfMailURL) { this.restTemplate = restTemplate; + this.webWolfHost = webWolfHost; + this.webWolfPort = webWolfPort; this.webWolfMailURL = webWolfMailURL; } @@ -63,18 +67,17 @@ public class ResetLinkAssignmentForgotPassword extends AssignmentEndpoint { String resetLink = UUID.randomUUID().toString(); ResetLinkAssignment.resetLinks.add(resetLink); String host = request.getHeader("host"); - if (hasText(email)) { - if (email.equals(ResetLinkAssignment.TOM_EMAIL) && (host.contains("9090")||host.contains("webwolf"))) { //User indeed changed the host header. - ResetLinkAssignment.userToTomResetLink.put(getWebSession().getUserName(), resetLink); - fakeClickingLinkEmail(host, resetLink); - } else { - try { - sendMailToUser(email, host, resetLink); - } catch (Exception e) { - return failed(this).output("E-mail can't be send. please try again.").build(); - } + if (ResetLinkAssignment.TOM_EMAIL.equals(email) && (host.contains(webWolfPort) || host.contains(webWolfHost))) { //User indeed changed the host header. + ResetLinkAssignment.userToTomResetLink.put(getWebSession().getUserName(), resetLink); + fakeClickingLinkEmail(host, resetLink); + } else { + try { + sendMailToUser(email, host, resetLink); + } catch (Exception e) { + return failed(this).output("E-mail can't be send. please try again.").build(); } } + return success(this).feedback("email.send").feedbackArgs(email).build(); }