fix: challenge 7 (#1433)

2023-02-22 22:55:48 +01:00
parent 61dac201f0
commit e50986a098
5 changed files with 92 additions and 17 deletions
--- a/src/main/java/org/owasp/webgoat/lessons/challenges/SolutionConstants.java
+++ b/src/main/java/org/owasp/webgoat/lessons/challenges/SolutionConstants.java
@@ -32,6 +32,4 @@ public interface SolutionConstants {

  // TODO should be random generated when starting the server
  String PASSWORD = "!!webgoat_admin_1234!!";
-  String PASSWORD_TOM = "thisisasecretfortomonly";
-  String ADMIN_PASSWORD_LINK = "375afe1104f4a487a73823c50a9292a2";
 }
--- a/src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/Assignment7.java
+++ b/src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/Assignment7.java
@@ -9,7 +9,6 @@ import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
 import org.owasp.webgoat.container.assignments.AttackResult;
 import org.owasp.webgoat.lessons.challenges.Email;
 import org.owasp.webgoat.lessons.challenges.Flags;
-import org.owasp.webgoat.lessons.challenges.SolutionConstants;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.core.io.ClassPathResource;
 import org.springframework.http.HttpStatus;
@@ -32,6 +31,8 @@ import org.springframework.web.client.RestTemplate;
@Slf4j
 public class Assignment7 extends AssignmentEndpoint {

+  public static final String ADMIN_PASSWORD_LINK = "375afe1104f4a487a73823c50a9292a2";
+
  private static final String TEMPLATE =
      "Hi, you requested a password reset link, please use this <a target='_blank'"
          + " href='%s:8080/WebGoat/challenge/7/reset-password/%s'>link</a> to reset your"
@@ -56,15 +57,13 @@ public class Assignment7 extends AssignmentEndpoint {

  @GetMapping("/challenge/7/reset-password/{link}")
  public ResponseEntity<String> resetPassword(@PathVariable(value = "link") String link) {
-    if (link.equals(SolutionConstants.ADMIN_PASSWORD_LINK)) {
+    if (link.equals(ADMIN_PASSWORD_LINK)) {
      return ResponseEntity.accepted()
          .body(
              "<h1>Success!!</h1>"
                  + "<img src='/WebGoat/images/hi-five-cat.jpg'>"
                  + "<br/><br/>Here is your flag: "
-                  + "<b>"
-                  + flags.getFlag(7)
-                  + "</b>");
+                  + flags.getFlag(7));
    }
    return ResponseEntity.status(HttpStatus.I_AM_A_TEAPOT)
        .body("That is not the reset link for admin");
@@ -99,6 +98,6 @@ public class Assignment7 extends AssignmentEndpoint {
  @GetMapping(value = "/challenge/7/.git", produces = MediaType.APPLICATION_OCTET_STREAM_VALUE)
  @ResponseBody
  public ClassPathResource git() {
-    return new ClassPathResource("challenge7/git.zip");
+    return new ClassPathResource("lessons/challenges/challenge7/git.zip");
  }
 }