Creating endpoint for the scoreboard

2017-05-02 02:29:47 +02:00
parent 39f1597f82
commit eb7a6bd2be
29 changed files with 284 additions and 568 deletions
--- a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/Flag.java
+++ b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/Flag.java
@ -3,8 +3,10 @@ package org.owasp.webgoat.plugin;
 import com.google.common.collect.Maps;
 import lombok.AllArgsConstructor;
 import lombok.Getter;
+import lombok.extern.slf4j.Slf4j;
 import org.owasp.webgoat.assignments.Endpoint;
-import org.owasp.webgoat.session.UserTracker;
+import org.owasp.webgoat.users.UserTracker;
+import org.owasp.webgoat.users.UserTrackerRepository;
 import org.owasp.webgoat.session.WebSession;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
@ -23,11 +25,12 @@ import java.util.stream.IntStream;
 * @author nbaars
 * @since 3/23/17.
 */
+@Slf4j
 public class Flag extends Endpoint {

    public static final Map<Integer, String> FLAGS = Maps.newHashMap();
    @Autowired
-    private UserTracker userTracker;
+    private UserTrackerRepository userTrackerRepository;
    @Autowired
    private WebSession webSession;

@ -39,7 +42,8 @@ public class Flag extends Endpoint {

    @PostConstruct
    public void initFlags() {
-        IntStream.range(1, 5).forEach(i -> FLAGS.put(i, UUID.randomUUID().toString()));
+        IntStream.range(1, 6).forEach(i -> FLAGS.put(i, UUID.randomUUID().toString()));
+        FLAGS.entrySet().stream().forEach(e ->  log.debug("Flag {} {}", e.getKey(), e.getValue()));
    }

    @Override
@ -50,6 +54,10 @@ public class Flag extends Endpoint {
    @RequestMapping(method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE)
    @ResponseStatus(HttpStatus.OK)
    public void postFlag(@RequestParam String flag) {
+        UserTracker userTracker = userTrackerRepository.findOne(webSession.getUserName());
+        if (userTracker == null) {
+            userTracker = new UserTracker(webSession.getUserName());
+        }
        String currentChallenge = webSession.getCurrentLesson().getName();
        int challengeNumber = Integer.valueOf(currentChallenge.substring(currentChallenge.length() - 1, currentChallenge.length()));
        String expectedFlag = FLAGS.get(challengeNumber);
@ -58,6 +66,7 @@ public class Flag extends Endpoint {
        } else {
            userTracker.assignmentFailed(webSession.getCurrentLesson());
        }
+        userTrackerRepository.save(userTracker);
    }

 }