From e5ed24fcf72c6fd487f2570b7e7267236f638df3 Mon Sep 17 00:00:00 2001 From: Nanne Baars Date: Tue, 29 Nov 2016 21:27:11 +0100 Subject: [PATCH] Added testcase for LabelService --- pom.xml | 2 +- webgoat-container/pom.xml | 6 ++ .../main/java/org/owasp/webgoat/WebGoat.java | 6 ++ .../plugins/PluginEndpointPublisher.java | 2 - .../webgoat/service/LabelDebugService.java | 15 ++-- .../owasp/webgoat/service/LabelService.java | 50 ++++++------ .../webgoat/service/LabelServiceTest.java | 78 +++++++++++++++++++ 7 files changed, 120 insertions(+), 39 deletions(-) create mode 100644 webgoat-container/src/test/java/org/owasp/webgoat/service/LabelServiceTest.java diff --git a/pom.xml b/pom.xml index 5c6a073bd..539820c44 100644 --- a/pom.xml +++ b/pom.xml @@ -20,7 +20,7 @@ org.springframework.boot spring-boot-starter-parent - 1.4.1.RELEASE + 1.4.2.RELEASE diff --git a/webgoat-container/pom.xml b/webgoat-container/pom.xml index 852103c6e..8fcbf0120 100644 --- a/webgoat-container/pom.xml +++ b/webgoat-container/pom.xml @@ -283,6 +283,12 @@ spring-boot-starter-test test + + org.springframework.security + spring-security-test + 4.1.3.RELEASE + test + junit junit diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/WebGoat.java b/webgoat-container/src/main/java/org/owasp/webgoat/WebGoat.java index 0e0934b14..b537389d9 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/WebGoat.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/WebGoat.java @@ -46,6 +46,7 @@ import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.builder.SpringApplicationBuilder; import org.springframework.boot.web.support.SpringBootServletInitializer; +import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Scope; import org.springframework.context.annotation.ScopedProxyMode; @@ -86,6 +87,11 @@ public class WebGoat extends SpringBootServletInitializer { return new WebSession(webgoatContext); } + @Bean + public PluginEndpointPublisher pluginEndpointPublisher(ApplicationContext applicationContext) { + return new PluginEndpointPublisher(applicationContext); + } + @Bean public Course course(PluginsExtractor extractor, PluginEndpointPublisher pluginEndpointPublisher) { return new PluginsLoader(extractor, pluginEndpointPublisher).loadPlugins(); diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginEndpointPublisher.java b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginEndpointPublisher.java index 9c8654669..91f95ff2e 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginEndpointPublisher.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginEndpointPublisher.java @@ -8,7 +8,6 @@ import org.springframework.beans.factory.support.RootBeanDefinition; import org.springframework.boot.actuate.endpoint.mvc.MvcEndpoint; import org.springframework.context.ApplicationContext; import org.springframework.context.support.AbstractApplicationContext; -import org.springframework.stereotype.Component; /** * ************************************************************************************************ @@ -39,7 +38,6 @@ import org.springframework.stereotype.Component; * @version $Id: $Id * @since October 16, 2016 */ -@Component @Slf4j public class PluginEndpointPublisher { diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/service/LabelDebugService.java b/webgoat-container/src/main/java/org/owasp/webgoat/service/LabelDebugService.java index f9cafd327..b32832a88 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/service/LabelDebugService.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/service/LabelDebugService.java @@ -29,10 +29,9 @@ */ package org.owasp.webgoat.service; +import lombok.AllArgsConstructor; +import lombok.extern.slf4j.Slf4j; import org.owasp.webgoat.session.LabelDebugger; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; @@ -51,18 +50,16 @@ import java.util.Map; * @version $Id: $Id */ @Controller +@Slf4j +@AllArgsConstructor public class LabelDebugService { private static final String URL_DEBUG_LABELS_MVC = "/service/debug/labels.mvc"; private static final String KEY_ENABLED = "enabled"; private static final String KEY_SUCCESS = "success"; - private static final Logger logger = LoggerFactory.getLogger(LabelDebugService.class); - - @Autowired private LabelDebugger labelDebugger; - /** * Checks if debugging of labels is enabled or disabled * @@ -71,7 +68,7 @@ public class LabelDebugService { @RequestMapping(path = URL_DEBUG_LABELS_MVC, produces = MediaType.APPLICATION_JSON_VALUE) public @ResponseBody ResponseEntity> checkDebuggingStatus() { - logger.debug("Checking label debugging, it is " + labelDebugger.isEnabled()); // FIXME parameterize + log.debug("Checking label debugging, it is {}", labelDebugger.isEnabled()); Map result = createResponse(labelDebugger.isEnabled()); return new ResponseEntity<>(result, HttpStatus.OK); } @@ -85,7 +82,7 @@ public class LabelDebugService { @RequestMapping(value = URL_DEBUG_LABELS_MVC, produces = MediaType.APPLICATION_JSON_VALUE, params = KEY_ENABLED) public @ResponseBody ResponseEntity> setDebuggingStatus(@RequestParam("enabled") Boolean enabled) throws Exception { - logger.debug("Setting label debugging to " + labelDebugger.isEnabled()); // FIXME parameterize + log.debug("Setting label debugging to {} ", labelDebugger.isEnabled()); Map result = createResponse(enabled); labelDebugger.setEnabled(enabled); return new ResponseEntity<>(result, HttpStatus.OK); diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/service/LabelService.java b/webgoat-container/src/main/java/org/owasp/webgoat/service/LabelService.java index 54224fabe..72d779036 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/service/LabelService.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/service/LabelService.java @@ -1,46 +1,44 @@ /** * ************************************************************************************************* - * - * + *

+ *

* This file is part of WebGoat, an Open Web Application Security Project * utility. For details, please see http://www.owasp.org/ - * + *

* Copyright (c) 2002 - 20014 Bruce Mayhew - * + *

* This program is free software; you can redistribute it and/or modify it under * the terms of the GNU General Public License as published by the Free Software * Foundation; either version 2 of the License, or (at your option) any later * version. - * + *

* This program is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more * details. - * + *

* You should have received a copy of the GNU General Public License along with * this program; if not, write to the Free Software Foundation, Inc., 59 Temple * Place - Suite 330, Boston, MA 02111-1307, USA. - * + *

* Getting Source ============== - * + *

* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository * for free software projects. - * */ package org.owasp.webgoat.service; +import lombok.AllArgsConstructor; +import lombok.extern.slf4j.Slf4j; import org.owasp.webgoat.i18n.LabelProvider; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; -import org.springframework.stereotype.Controller; import org.springframework.util.StringUtils; -import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.RestController; import javax.servlet.http.HttpServletRequest; import java.util.Locale; @@ -53,15 +51,13 @@ import java.util.Map; * @author zupzup */ -@Controller +@RestController +@Slf4j +@AllArgsConstructor public class LabelService { - private static final String URL_LABELS_MVC = "/service/labels.mvc"; - - private static final Logger logger = LoggerFactory.getLogger(LabelService.class); - - @Autowired - private LabelProvider labelProvider; + public static final String URL_LABELS_MVC = "/service/labels.mvc"; + private final LabelProvider labelProvider; /** * Fetches labels for given language @@ -72,19 +68,19 @@ public class LabelService { * @return a map of labels * @throws Exception */ - @RequestMapping(path = URL_LABELS_MVC, produces = MediaType.APPLICATION_JSON_VALUE) - public @ResponseBody - ResponseEntity> fetchLabels(@RequestParam(value = "lang", required = false) String lang, HttpServletRequest request) throws Exception { + @GetMapping(path = URL_LABELS_MVC, produces = MediaType.APPLICATION_JSON_VALUE) + @ResponseBody + public ResponseEntity> fetchLabels(@RequestParam(value = "lang", required = false) String lang, HttpServletRequest request) { Locale locale; if (StringUtils.isEmpty(lang)) { - logger.debug("No language provided, determining from request headers"); + log.debug("No language provided, determining from request headers"); locale = request.getLocale(); if (locale != null) { - logger.debug("Locale set to {}", locale); + log.debug("Locale set to {}", locale); } } else { locale = Locale.forLanguageTag(lang); - logger.debug("Language provided: {} leads to Locale: {}", lang, locale); + log.debug("Language provided: {} leads to Locale: {}", lang, locale); } return new ResponseEntity<>(labelProvider.getLabels(locale), HttpStatus.OK); } diff --git a/webgoat-container/src/test/java/org/owasp/webgoat/service/LabelServiceTest.java b/webgoat-container/src/test/java/org/owasp/webgoat/service/LabelServiceTest.java new file mode 100644 index 000000000..fce5ae93e --- /dev/null +++ b/webgoat-container/src/test/java/org/owasp/webgoat/service/LabelServiceTest.java @@ -0,0 +1,78 @@ +package org.owasp.webgoat.service; + +import org.assertj.core.util.Maps; +import org.hamcrest.CoreMatchers; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.owasp.webgoat.i18n.LabelProvider; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest; +import org.springframework.boot.test.mock.mockito.MockBean; +import org.springframework.security.test.context.support.WithMockUser; +import org.springframework.test.context.junit4.SpringRunner; +import org.springframework.test.web.servlet.MockMvc; +import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; + +import java.util.Locale; + +import static org.mockito.Mockito.when; +import static org.owasp.webgoat.service.LabelService.URL_LABELS_MVC; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; + +/** + * ************************************************************************************************ + * This file is part of WebGoat, an Open Web Application Security Project utility. For details, + * please see http://www.owasp.org/ + *

+ * Copyright (c) 2002 - 20014 Bruce Mayhew + *

+ * This program is free software; you can redistribute it and/or modify it under the terms of the + * GNU General Public License as published by the Free Software Foundation; either version 2 of the + * License, or (at your option) any later version. + *

+ * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without + * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + *

+ * You should have received a copy of the GNU General Public License along with this program; if + * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA + * 02111-1307, USA. + *

+ * Getting Source ============== + *

+ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software + * projects. + *

+ * + * @author nbaars + * @version $Id: $Id + * @since November 29, 2016 + */ +@WebMvcTest(value = {LabelService.class, LabelProvider.class}) +@RunWith(SpringRunner.class) +public class LabelServiceTest { + + @Autowired + public MockMvc mockMvc; + @MockBean + private LabelProvider labelProvider; + + @Test + @WithMockUser(username = "guest", password = "guest") + public void withoutLocale() throws Exception { + when(labelProvider.getLabels(Locale.ENGLISH)).thenReturn(Maps.newHashMap("key", "value")); + mockMvc.perform(MockMvcRequestBuilders.get(URL_LABELS_MVC)) + .andExpect(status().isOk()) + .andExpect(jsonPath("key", CoreMatchers.is("value"))); + } + + @Test + @WithMockUser(username = "guest", password = "guest") + public void withLocale() throws Exception { + when(labelProvider.getLabels(Locale.GERMAN)).thenReturn(Maps.newHashMap("key", "value")); + mockMvc.perform(MockMvcRequestBuilders.get(URL_LABELS_MVC).param("lang", "de")) + .andExpect(status().isOk()) + .andExpect(jsonPath("key", CoreMatchers.is("value"))); + } +} \ No newline at end of file