Creating endpoint for the scoreboard
This commit is contained in:
Nanne Baars
parent
39f1597f82
commit
eb7a6bd2be
@ -121,6 +121,14 @@
|
|||||||
<artifactId>liquibase-core</artifactId>
|
<artifactId>liquibase-core</artifactId>
|
||||||
<version>3.4.1</version>
|
<version>3.4.1</version>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.springframework.boot</groupId>
|
||||||
|
<artifactId>spring-boot-starter-data-mongodb</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>de.flapdoodle.embed</groupId>
|
||||||
|
<artifactId>de.flapdoodle.embed.mongo</artifactId>
|
||||||
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.apache.commons</groupId>
|
<groupId>org.apache.commons</groupId>
|
||||||
<artifactId>commons-lang3</artifactId>
|
<artifactId>commons-lang3</artifactId>
|
||||||
|
|||||||
@ -31,12 +31,14 @@
|
|||||||
package org.owasp.webgoat;
|
package org.owasp.webgoat;
|
||||||
|
|
||||||
import com.fasterxml.jackson.annotation.JsonInclude;
|
import com.fasterxml.jackson.annotation.JsonInclude;
|
||||||
import lombok.SneakyThrows;
|
|
||||||
import lombok.extern.slf4j.Slf4j;
|
import lombok.extern.slf4j.Slf4j;
|
||||||
import org.apache.catalina.Context;
|
import org.apache.catalina.Context;
|
||||||
import org.owasp.webgoat.plugins.PluginEndpointPublisher;
|
import org.owasp.webgoat.plugins.PluginEndpointPublisher;
|
||||||
import org.owasp.webgoat.plugins.PluginsLoader;
|
import org.owasp.webgoat.plugins.PluginsLoader;
|
||||||
import org.owasp.webgoat.session.*;
|
import org.owasp.webgoat.session.Course;
|
||||||
|
import org.owasp.webgoat.session.UserSessionData;
|
||||||
|
import org.owasp.webgoat.session.WebSession;
|
||||||
|
import org.owasp.webgoat.session.WebgoatContext;
|
||||||
import org.springframework.beans.factory.annotation.Value;
|
import org.springframework.beans.factory.annotation.Value;
|
||||||
import org.springframework.boot.SpringApplication;
|
import org.springframework.boot.SpringApplication;
|
||||||
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||||
@ -104,15 +106,6 @@ public class WebGoat extends SpringBootServletInitializer {
|
|||||||
return new PluginsLoader(pluginEndpointPublisher).loadPlugins();
|
return new PluginsLoader(pluginEndpointPublisher).loadPlugins();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
|
||||||
@Scope(value = "session", proxyMode = ScopedProxyMode.TARGET_CLASS)
|
|
||||||
@SneakyThrows
|
|
||||||
public UserTracker userTracker(@Value("${webgoat.user.directory}") final String webgoatHome, WebSession webSession) {
|
|
||||||
UserTracker userTracker = new UserTracker(webgoatHome, webSession.getUserName());
|
|
||||||
userTracker.load();
|
|
||||||
return userTracker;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
public EmbeddedServletContainerFactory servletContainer() {
|
public EmbeddedServletContainerFactory servletContainer() {
|
||||||
TomcatEmbeddedServletContainerFactory factory = new TomcatEmbeddedServletContainerFactory();
|
TomcatEmbeddedServletContainerFactory factory = new TomcatEmbeddedServletContainerFactory();
|
||||||
|
|||||||
@ -27,7 +27,8 @@ package org.owasp.webgoat.assignments;
|
|||||||
import lombok.Getter;
|
import lombok.Getter;
|
||||||
import org.owasp.webgoat.i18n.PluginMessages;
|
import org.owasp.webgoat.i18n.PluginMessages;
|
||||||
import org.owasp.webgoat.session.UserSessionData;
|
import org.owasp.webgoat.session.UserSessionData;
|
||||||
import org.owasp.webgoat.session.UserTracker;
|
import org.owasp.webgoat.users.UserTracker;
|
||||||
|
import org.owasp.webgoat.users.UserTrackerRepository;
|
||||||
import org.owasp.webgoat.session.WebSession;
|
import org.owasp.webgoat.session.WebSession;
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
|
|
||||||
@ -43,7 +44,7 @@ import org.springframework.beans.factory.annotation.Autowired;
|
|||||||
public abstract class AssignmentEndpoint extends Endpoint {
|
public abstract class AssignmentEndpoint extends Endpoint {
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
private UserTracker userTracker;
|
private UserTrackerRepository userTrackerRepository;
|
||||||
@Autowired
|
@Autowired
|
||||||
private WebSession webSession;
|
private WebSession webSession;
|
||||||
@Autowired
|
@Autowired
|
||||||
@ -54,11 +55,16 @@ public abstract class AssignmentEndpoint extends Endpoint {
|
|||||||
|
|
||||||
//// TODO: 11/13/2016 events better fit?
|
//// TODO: 11/13/2016 events better fit?
|
||||||
protected AttackResult trackProgress(AttackResult attackResult) {
|
protected AttackResult trackProgress(AttackResult attackResult) {
|
||||||
|
UserTracker userTracker = userTrackerRepository.findOne(webSession.getUserName());
|
||||||
|
if (userTracker == null) {
|
||||||
|
userTracker = new UserTracker(webSession.getUserName());
|
||||||
|
}
|
||||||
if (attackResult.assignmentSolved()) {
|
if (attackResult.assignmentSolved()) {
|
||||||
userTracker.assignmentSolved(webSession.getCurrentLesson(), this.getClass().getSimpleName());
|
userTracker.assignmentSolved(webSession.getCurrentLesson(), this.getClass().getSimpleName());
|
||||||
} else {
|
} else {
|
||||||
userTracker.assignmentFailed(webSession.getCurrentLesson());
|
userTracker.assignmentFailed(webSession.getCurrentLesson());
|
||||||
}
|
}
|
||||||
|
userTrackerRepository.save(userTracker);
|
||||||
return attackResult;
|
return attackResult;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -1,11 +1,7 @@
|
|||||||
package org.owasp.webgoat.lessons;
|
package org.owasp.webgoat.lessons;
|
||||||
|
|
||||||
import lombok.AllArgsConstructor;
|
import lombok.*;
|
||||||
import lombok.Getter;
|
|
||||||
import lombok.NonNull;
|
|
||||||
import lombok.RequiredArgsConstructor;
|
|
||||||
|
|
||||||
import java.io.Serializable;
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -39,14 +35,13 @@ import java.util.List;
|
|||||||
*/
|
*/
|
||||||
@AllArgsConstructor
|
@AllArgsConstructor
|
||||||
@RequiredArgsConstructor
|
@RequiredArgsConstructor
|
||||||
|
@NoArgsConstructor
|
||||||
@Getter
|
@Getter
|
||||||
public class Assignment implements Serializable {
|
public class Assignment {
|
||||||
|
|
||||||
private static final long serialVersionUID = 5410058267505412928L;
|
|
||||||
@NonNull
|
@NonNull
|
||||||
private final String name;
|
private String name;
|
||||||
@NonNull
|
@NonNull
|
||||||
private final String path;
|
private String path;
|
||||||
private List<String> hints;
|
private List<String> hints;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -34,8 +34,10 @@ import org.owasp.webgoat.lessons.Category;
|
|||||||
import org.owasp.webgoat.lessons.LessonMenuItem;
|
import org.owasp.webgoat.lessons.LessonMenuItem;
|
||||||
import org.owasp.webgoat.lessons.LessonMenuItemType;
|
import org.owasp.webgoat.lessons.LessonMenuItemType;
|
||||||
import org.owasp.webgoat.session.Course;
|
import org.owasp.webgoat.session.Course;
|
||||||
import org.owasp.webgoat.session.LessonTracker;
|
import org.owasp.webgoat.session.WebSession;
|
||||||
import org.owasp.webgoat.session.UserTracker;
|
import org.owasp.webgoat.users.LessonTracker;
|
||||||
|
import org.owasp.webgoat.users.UserTracker;
|
||||||
|
import org.owasp.webgoat.users.UserTrackerRepository;
|
||||||
import org.springframework.stereotype.Controller;
|
import org.springframework.stereotype.Controller;
|
||||||
import org.springframework.web.bind.annotation.RequestMapping;
|
import org.springframework.web.bind.annotation.RequestMapping;
|
||||||
import org.springframework.web.bind.annotation.ResponseBody;
|
import org.springframework.web.bind.annotation.ResponseBody;
|
||||||
@ -57,7 +59,8 @@ public class LessonMenuService {
|
|||||||
|
|
||||||
public static final String URL_LESSONMENU_MVC = "/service/lessonmenu.mvc";
|
public static final String URL_LESSONMENU_MVC = "/service/lessonmenu.mvc";
|
||||||
private final Course course;
|
private final Course course;
|
||||||
private UserTracker userTracker;
|
private final WebSession webSession;
|
||||||
|
private UserTrackerRepository userTrackerRepository;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns the lesson menu which is used to build the left nav
|
* Returns the lesson menu which is used to build the left nav
|
||||||
@ -68,8 +71,9 @@ public class LessonMenuService {
|
|||||||
public
|
public
|
||||||
@ResponseBody
|
@ResponseBody
|
||||||
List<LessonMenuItem> showLeftNav() {
|
List<LessonMenuItem> showLeftNav() {
|
||||||
List<LessonMenuItem> menu = new ArrayList<LessonMenuItem>();
|
List<LessonMenuItem> menu = new ArrayList<>();
|
||||||
List<Category> categories = course.getCategories();
|
List<Category> categories = course.getCategories();
|
||||||
|
UserTracker userTracker = userTrackerRepository.findOne(webSession.getUserName());
|
||||||
|
|
||||||
for (Category category : categories) {
|
for (Category category : categories) {
|
||||||
LessonMenuItem categoryItem = new LessonMenuItem();
|
LessonMenuItem categoryItem = new LessonMenuItem();
|
||||||
|
|||||||
@ -7,9 +7,10 @@ import lombok.Getter;
|
|||||||
import org.owasp.webgoat.lessons.AbstractLesson;
|
import org.owasp.webgoat.lessons.AbstractLesson;
|
||||||
import org.owasp.webgoat.lessons.Assignment;
|
import org.owasp.webgoat.lessons.Assignment;
|
||||||
import org.owasp.webgoat.lessons.LessonInfoModel;
|
import org.owasp.webgoat.lessons.LessonInfoModel;
|
||||||
import org.owasp.webgoat.session.LessonTracker;
|
|
||||||
import org.owasp.webgoat.session.UserTracker;
|
|
||||||
import org.owasp.webgoat.session.WebSession;
|
import org.owasp.webgoat.session.WebSession;
|
||||||
|
import org.owasp.webgoat.users.LessonTracker;
|
||||||
|
import org.owasp.webgoat.users.UserTracker;
|
||||||
|
import org.owasp.webgoat.users.UserTrackerRepository;
|
||||||
import org.springframework.stereotype.Controller;
|
import org.springframework.stereotype.Controller;
|
||||||
import org.springframework.web.bind.annotation.RequestMapping;
|
import org.springframework.web.bind.annotation.RequestMapping;
|
||||||
import org.springframework.web.bind.annotation.ResponseBody;
|
import org.springframework.web.bind.annotation.ResponseBody;
|
||||||
@ -28,7 +29,7 @@ import java.util.Map;
|
|||||||
@AllArgsConstructor
|
@AllArgsConstructor
|
||||||
public class LessonProgressService {
|
public class LessonProgressService {
|
||||||
|
|
||||||
private UserTracker userTracker;
|
private UserTrackerRepository userTrackerRepository;
|
||||||
private WebSession webSession;
|
private WebSession webSession;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -39,6 +40,7 @@ public class LessonProgressService {
|
|||||||
@RequestMapping(value = "/service/lessonprogress.mvc", produces = "application/json")
|
@RequestMapping(value = "/service/lessonprogress.mvc", produces = "application/json")
|
||||||
@ResponseBody
|
@ResponseBody
|
||||||
public Map getLessonInfo() {
|
public Map getLessonInfo() {
|
||||||
|
UserTracker userTracker = userTrackerRepository.findOne(webSession.getUserName());
|
||||||
LessonTracker lessonTracker = userTracker.getLessonTracker(webSession.getCurrentLesson());
|
LessonTracker lessonTracker = userTracker.getLessonTracker(webSession.getCurrentLesson());
|
||||||
Map json = Maps.newHashMap();
|
Map json = Maps.newHashMap();
|
||||||
String successMessage = "";
|
String successMessage = "";
|
||||||
@ -61,6 +63,7 @@ public class LessonProgressService {
|
|||||||
@RequestMapping(value = "/service/lessonoverview.mvc", produces = "application/json")
|
@RequestMapping(value = "/service/lessonoverview.mvc", produces = "application/json")
|
||||||
@ResponseBody
|
@ResponseBody
|
||||||
public List<LessonOverview> lessonOverview() {
|
public List<LessonOverview> lessonOverview() {
|
||||||
|
UserTracker userTracker = userTrackerRepository.findOne(webSession.getUserName());
|
||||||
AbstractLesson currentLesson = webSession.getCurrentLesson();
|
AbstractLesson currentLesson = webSession.getCurrentLesson();
|
||||||
List<LessonOverview> result = Lists.newArrayList();
|
List<LessonOverview> result = Lists.newArrayList();
|
||||||
if ( currentLesson != null ) {
|
if ( currentLesson != null ) {
|
||||||
|
|||||||
@ -29,25 +29,20 @@
|
|||||||
package org.owasp.webgoat.service;
|
package org.owasp.webgoat.service;
|
||||||
|
|
||||||
import com.google.common.collect.Lists;
|
import com.google.common.collect.Lists;
|
||||||
import com.google.common.collect.Maps;
|
import lombok.AllArgsConstructor;
|
||||||
import lombok.Getter;
|
import lombok.Getter;
|
||||||
import lombok.Setter;
|
import lombok.Setter;
|
||||||
import lombok.Singular;
|
|
||||||
import org.apache.catalina.User;
|
|
||||||
import org.owasp.webgoat.lessons.AbstractLesson;
|
import org.owasp.webgoat.lessons.AbstractLesson;
|
||||||
import org.owasp.webgoat.session.Course;
|
import org.owasp.webgoat.session.Course;
|
||||||
import org.owasp.webgoat.session.LessonTracker;
|
|
||||||
import org.owasp.webgoat.session.UserTracker;
|
|
||||||
import org.owasp.webgoat.session.WebSession;
|
import org.owasp.webgoat.session.WebSession;
|
||||||
|
import org.owasp.webgoat.users.LessonTracker;
|
||||||
|
import org.owasp.webgoat.users.UserTracker;
|
||||||
|
import org.owasp.webgoat.users.UserTrackerRepository;
|
||||||
import org.springframework.stereotype.Controller;
|
import org.springframework.stereotype.Controller;
|
||||||
import org.springframework.web.bind.annotation.GetMapping;
|
import org.springframework.web.bind.annotation.GetMapping;
|
||||||
import org.springframework.web.bind.annotation.RequestMapping;
|
|
||||||
import org.springframework.web.bind.annotation.ResponseBody;
|
import org.springframework.web.bind.annotation.ResponseBody;
|
||||||
import org.springframework.web.bind.annotation.RestController;
|
|
||||||
|
|
||||||
import java.util.HashMap;
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* <p>ReportCardService</p>
|
* <p>ReportCardService</p>
|
||||||
@ -56,22 +51,20 @@ import java.util.Map;
|
|||||||
* @version $Id: $Id
|
* @version $Id: $Id
|
||||||
*/
|
*/
|
||||||
@Controller
|
@Controller
|
||||||
|
@AllArgsConstructor
|
||||||
public class ReportCardService {
|
public class ReportCardService {
|
||||||
|
|
||||||
private final UserTracker userTracker;
|
private final WebSession webSession;
|
||||||
|
private final UserTrackerRepository userTrackerRepository;
|
||||||
private final Course course;
|
private final Course course;
|
||||||
|
|
||||||
public ReportCardService(UserTracker userTracker, Course course) {
|
|
||||||
this.userTracker = userTracker;
|
|
||||||
this.course = course;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Endpoint which generates the report card for the current use to show the stats on the solved lessons
|
* Endpoint which generates the report card for the current use to show the stats on the solved lessons
|
||||||
*/
|
*/
|
||||||
@GetMapping(path = "/service/reportcard.mvc", produces = "application/json")
|
@GetMapping(path = "/service/reportcard.mvc", produces = "application/json")
|
||||||
@ResponseBody
|
@ResponseBody
|
||||||
public ReportCard reportCard() {
|
public ReportCard reportCard() {
|
||||||
|
UserTracker userTracker = userTrackerRepository.findOne(webSession.getUserName());
|
||||||
List<AbstractLesson> lessons = course.getLessons();
|
List<AbstractLesson> lessons = course.getLessons();
|
||||||
ReportCard reportCard = new ReportCard();
|
ReportCard reportCard = new ReportCard();
|
||||||
reportCard.setTotalNumberOfLessons(course.getTotalOfLessons());
|
reportCard.setTotalNumberOfLessons(course.getTotalOfLessons());
|
||||||
|
|||||||
@ -26,8 +26,9 @@ package org.owasp.webgoat.service;
|
|||||||
import lombok.AllArgsConstructor;
|
import lombok.AllArgsConstructor;
|
||||||
import lombok.extern.slf4j.Slf4j;
|
import lombok.extern.slf4j.Slf4j;
|
||||||
import org.owasp.webgoat.lessons.AbstractLesson;
|
import org.owasp.webgoat.lessons.AbstractLesson;
|
||||||
import org.owasp.webgoat.session.UserTracker;
|
|
||||||
import org.owasp.webgoat.session.WebSession;
|
import org.owasp.webgoat.session.WebSession;
|
||||||
|
import org.owasp.webgoat.users.UserTracker;
|
||||||
|
import org.owasp.webgoat.users.UserTrackerRepository;
|
||||||
import org.springframework.http.HttpStatus;
|
import org.springframework.http.HttpStatus;
|
||||||
import org.springframework.stereotype.Controller;
|
import org.springframework.stereotype.Controller;
|
||||||
import org.springframework.web.bind.annotation.RequestMapping;
|
import org.springframework.web.bind.annotation.RequestMapping;
|
||||||
@ -45,7 +46,7 @@ import org.springframework.web.bind.annotation.ResponseStatus;
|
|||||||
public class RestartLessonService {
|
public class RestartLessonService {
|
||||||
|
|
||||||
private final WebSession webSession;
|
private final WebSession webSession;
|
||||||
private final UserTracker userTracker;
|
private UserTrackerRepository userTrackerRepository;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns current lesson
|
* Returns current lesson
|
||||||
@ -58,6 +59,7 @@ public class RestartLessonService {
|
|||||||
AbstractLesson al = webSession.getCurrentLesson();
|
AbstractLesson al = webSession.getCurrentLesson();
|
||||||
log.debug("Restarting lesson: " + al);
|
log.debug("Restarting lesson: " + al);
|
||||||
|
|
||||||
|
UserTracker userTracker = userTrackerRepository.findOne(webSession.getUserName());
|
||||||
userTracker.reset(al);
|
userTracker.reset(al);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,181 +0,0 @@
|
|||||||
package org.owasp.webgoat.session;
|
|
||||||
|
|
||||||
import java.io.File;
|
|
||||||
import java.sql.Connection;
|
|
||||||
import java.sql.DriverManager;
|
|
||||||
import java.sql.PreparedStatement;
|
|
||||||
import java.sql.ResultSet;
|
|
||||||
import java.sql.SQLException;
|
|
||||||
import java.sql.Statement;
|
|
||||||
|
|
||||||
class UserDatabase {
|
|
||||||
private Connection userDB;
|
|
||||||
private final String USER_DB_URI = "jdbc:h2:" + System.getProperty("user.dir") + File.separator + "UserDatabase";
|
|
||||||
|
|
||||||
private final String CREATE_USERS_TABLE = "CREATE TABLE IF NOT EXISTS users (id INTEGER PRIMARY KEY AUTO_INCREMENT, username VARCHAR(255) NOT NULL UNIQUE);";
|
|
||||||
private final String CREATE_ROLES_TABLE = "CREATE TABLE IF NOT EXISTS roles (id INTEGER PRIMARY KEY AUTO_INCREMENT, rolename VARCHAR(255) NOT NULL UNIQUE);";
|
|
||||||
private final String CREATE_USER_ROLES_TABLE = "CREATE TABLE IF NOT EXISTS user_roles (id INTEGER PRIMARY KEY AUTO_INCREMENT, user_id INTEGER NOT NULL, role_id INTEGER NOT NULL, FOREIGN KEY (user_id) REFERENCES users(id), FOREIGN KEY (role_id) REFERENCES roles(id));";
|
|
||||||
private final String ADD_DEFAULT_USERS = "INSERT INTO users (username) VALUES ('webgoat'),('basic'),('guest');";
|
|
||||||
private final String ADD_DEFAULT_ROLES = "INSERT INTO roles (rolename) VALUES ('webgoat_basic'),('webgoat_admin'),('webgoat_user');";
|
|
||||||
private final String ADD_ROLE_TO_USER = "INSERT INTO user_roles (user_id, role_id) SELECT users.id, roles.id FROM users, roles WHERE users.username = ? AND roles.rolename = ?;";
|
|
||||||
|
|
||||||
private final String QUERY_ALL_USERS = "SELECT username FROM users;";
|
|
||||||
private final String QUERY_ALL_ROLES_FOR_USERNAME = "SELECT rolename FROM roles, user_roles, users WHERE roles.id = user_roles.role_id AND user_roles.user_id = users.id AND users.username = ?;";
|
|
||||||
private final String QUERY_TABLE_COUNT = "SELECT count(id) AS count FROM table;";
|
|
||||||
|
|
||||||
/**
|
|
||||||
* <p>Constructor for UserDatabase.</p>
|
|
||||||
*/
|
|
||||||
public UserDatabase() {
|
|
||||||
createDefaultTables();
|
|
||||||
if (getTableCount("users") <= 0) {
|
|
||||||
createDefaultUsers();
|
|
||||||
}
|
|
||||||
if (getTableCount("roles") <= 0) {
|
|
||||||
createDefaultRoles();
|
|
||||||
}
|
|
||||||
if (getTableCount("user_roles") <= 0) {
|
|
||||||
addDefaultRolesToDefaultUsers();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* <p>open.</p>
|
|
||||||
*
|
|
||||||
* @return a boolean.
|
|
||||||
*/
|
|
||||||
public boolean open() {
|
|
||||||
try {
|
|
||||||
if (userDB == null || userDB.isClosed()) {
|
|
||||||
Class.forName("org.h2.Driver");
|
|
||||||
userDB = DriverManager.getConnection(USER_DB_URI, "webgoat_admin", "");
|
|
||||||
}
|
|
||||||
} catch (SQLException e) {
|
|
||||||
e.printStackTrace();
|
|
||||||
return false;
|
|
||||||
} catch (ClassNotFoundException e) {
|
|
||||||
e.printStackTrace();
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* <p>close.</p>
|
|
||||||
*
|
|
||||||
* @return a boolean.
|
|
||||||
*/
|
|
||||||
public boolean close() {
|
|
||||||
try {
|
|
||||||
if (userDB != null && !userDB.isClosed())
|
|
||||||
userDB.close();
|
|
||||||
} catch (SQLException e) {
|
|
||||||
e.printStackTrace();
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* <p>getTableCount.</p>
|
|
||||||
*
|
|
||||||
* @param tableName a {@link java.lang.String} object.
|
|
||||||
* @return a int.
|
|
||||||
*/
|
|
||||||
public int getTableCount(String tableName) {
|
|
||||||
int count = 0;
|
|
||||||
try {
|
|
||||||
open();
|
|
||||||
Statement statement = userDB.createStatement();
|
|
||||||
ResultSet countResult = statement.executeQuery(QUERY_TABLE_COUNT.replace("table", tableName));
|
|
||||||
if (countResult.next()) {
|
|
||||||
count = countResult.getInt("count");
|
|
||||||
}
|
|
||||||
countResult.close();
|
|
||||||
statement.close();
|
|
||||||
close();
|
|
||||||
} catch (SQLException e) {
|
|
||||||
e.printStackTrace();
|
|
||||||
count = -1;
|
|
||||||
}
|
|
||||||
return count;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* <p>addRoleToUser.</p>
|
|
||||||
*
|
|
||||||
* @param username a {@link java.lang.String} object.
|
|
||||||
* @param rolename a {@link java.lang.String} object.
|
|
||||||
* @return a boolean.
|
|
||||||
*/
|
|
||||||
public boolean addRoleToUser(String username, String rolename) {
|
|
||||||
try {
|
|
||||||
open();
|
|
||||||
PreparedStatement statement = userDB.prepareStatement(ADD_ROLE_TO_USER);
|
|
||||||
statement.setString(1, username);
|
|
||||||
statement.setString(2, rolename);
|
|
||||||
statement.execute();
|
|
||||||
statement.close();
|
|
||||||
close();
|
|
||||||
} catch (SQLException e) {
|
|
||||||
e.printStackTrace();
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Methods to initialise the default state of the database.
|
|
||||||
*/
|
|
||||||
|
|
||||||
private boolean createDefaultTables() {
|
|
||||||
try {
|
|
||||||
open();
|
|
||||||
Statement statement = userDB.createStatement();
|
|
||||||
statement.execute(CREATE_USERS_TABLE);
|
|
||||||
statement.execute(CREATE_ROLES_TABLE);
|
|
||||||
statement.execute(CREATE_USER_ROLES_TABLE);
|
|
||||||
statement.close();
|
|
||||||
close();
|
|
||||||
} catch (SQLException e) {
|
|
||||||
e.printStackTrace();
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
private boolean createDefaultUsers() {
|
|
||||||
try {
|
|
||||||
open();
|
|
||||||
Statement statement = userDB.createStatement();
|
|
||||||
statement.execute(ADD_DEFAULT_USERS);
|
|
||||||
statement.close();
|
|
||||||
close();
|
|
||||||
} catch (SQLException e) {
|
|
||||||
e.printStackTrace();
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
private boolean createDefaultRoles() {
|
|
||||||
try {
|
|
||||||
open();
|
|
||||||
Statement statement = userDB.createStatement();
|
|
||||||
statement.execute(ADD_DEFAULT_ROLES);
|
|
||||||
statement.close();
|
|
||||||
close();
|
|
||||||
} catch (SQLException e) {
|
|
||||||
e.printStackTrace();
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
private void addDefaultRolesToDefaultUsers() {
|
|
||||||
addRoleToUser("webgoat", "webgoat_admin");
|
|
||||||
addRoleToUser("basic", "webgoat_user");
|
|
||||||
addRoleToUser("basic", "webgoat_basic");
|
|
||||||
addRoleToUser("guest", "webgoat_user");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@ -1,154 +0,0 @@
|
|||||||
|
|
||||||
package org.owasp.webgoat.session;
|
|
||||||
|
|
||||||
import com.google.common.collect.Maps;
|
|
||||||
import com.google.common.io.ByteStreams;
|
|
||||||
import lombok.SneakyThrows;
|
|
||||||
import lombok.extern.slf4j.Slf4j;
|
|
||||||
import org.owasp.webgoat.lessons.AbstractLesson;
|
|
||||||
import org.owasp.webgoat.lessons.Assignment;
|
|
||||||
import org.springframework.core.serializer.DefaultDeserializer;
|
|
||||||
|
|
||||||
import java.io.*;
|
|
||||||
import java.util.Map;
|
|
||||||
import java.util.stream.Collectors;
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
|
||||||
* ************************************************************************************************
|
|
||||||
* <p>
|
|
||||||
* <p>
|
|
||||||
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
|
|
||||||
* please see http://www.owasp.org/
|
|
||||||
* <p>
|
|
||||||
* Copyright (c) 2002 - 20014 Bruce Mayhew
|
|
||||||
* <p>
|
|
||||||
* This program is free software; you can redistribute it and/or modify it under the terms of the
|
|
||||||
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
|
|
||||||
* License, or (at your option) any later version.
|
|
||||||
* <p>
|
|
||||||
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
|
|
||||||
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
||||||
* General Public License for more details.
|
|
||||||
* <p>
|
|
||||||
* You should have received a copy of the GNU General Public License along with this program; if
|
|
||||||
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
|
|
||||||
* 02111-1307, USA.
|
|
||||||
* <p>
|
|
||||||
* Getting Source ==============
|
|
||||||
* <p>
|
|
||||||
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
|
|
||||||
* projects.
|
|
||||||
*
|
|
||||||
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
|
|
||||||
* @version $Id: $Id
|
|
||||||
* @since October 29, 2003
|
|
||||||
*/
|
|
||||||
@Slf4j
|
|
||||||
public class UserTracker {
|
|
||||||
|
|
||||||
private final String webgoatHome;
|
|
||||||
private final String user;
|
|
||||||
|
|
||||||
public UserTracker(final String webgoatHome, final String user) {
|
|
||||||
this.webgoatHome = webgoatHome;
|
|
||||||
this.user = user;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Returns the lesson tracker for a specific lesson if available.
|
|
||||||
*
|
|
||||||
* @param lesson the lesson
|
|
||||||
* @return the optional lesson tracker
|
|
||||||
*/
|
|
||||||
public LessonTracker getLessonTracker(AbstractLesson lesson) {
|
|
||||||
return getLessonTracker(load(), lesson);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Returns the lesson tracker for a specific lesson if available.
|
|
||||||
*
|
|
||||||
* @param lesson the lesson
|
|
||||||
* @return the optional lesson tracker
|
|
||||||
*/
|
|
||||||
public LessonTracker getLessonTracker(Map<String, LessonTracker> storage, AbstractLesson lesson) {
|
|
||||||
LessonTracker lessonTracker = storage.get(lesson.getTitle());
|
|
||||||
if (lessonTracker == null) {
|
|
||||||
lessonTracker = new LessonTracker(lesson);
|
|
||||||
storage.put(lesson.getTitle(), lessonTracker);
|
|
||||||
save(storage);
|
|
||||||
}
|
|
||||||
return lessonTracker;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void assignmentSolved(AbstractLesson lesson, String assignmentName) {
|
|
||||||
Map<String, LessonTracker> storage = load();
|
|
||||||
LessonTracker lessonTracker = storage.get(lesson.getTitle());
|
|
||||||
lessonTracker.incrementAttempts();
|
|
||||||
lessonTracker.assignmentSolved(assignmentName);
|
|
||||||
save(storage);
|
|
||||||
}
|
|
||||||
|
|
||||||
public void assignmentFailed(AbstractLesson lesson) {
|
|
||||||
Map<String, LessonTracker> storage = load();
|
|
||||||
LessonTracker lessonTracker = storage.get(lesson.getTitle());
|
|
||||||
lessonTracker.incrementAttempts();
|
|
||||||
save(storage);
|
|
||||||
}
|
|
||||||
|
|
||||||
public Map<String, LessonTracker> load() {
|
|
||||||
File file = new File(webgoatHome, user + ".progress");
|
|
||||||
Map<String, LessonTracker> storage = Maps.newHashMap();
|
|
||||||
if (file.exists() && file.isFile()) {
|
|
||||||
try {
|
|
||||||
DefaultDeserializer deserializer = new DefaultDeserializer(Thread.currentThread().getContextClassLoader());
|
|
||||||
try (FileInputStream fis = new FileInputStream(file)) {
|
|
||||||
byte[] b = ByteStreams.toByteArray(fis);
|
|
||||||
storage = (Map<String, LessonTracker>) deserializer.deserialize(new ByteArrayInputStream(b));
|
|
||||||
}
|
|
||||||
} catch (Exception e) {
|
|
||||||
log.error("Unable to read the progress file, creating a new one...");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return storage;
|
|
||||||
}
|
|
||||||
|
|
||||||
@SneakyThrows
|
|
||||||
private void save(Map<String, LessonTracker> storage) {
|
|
||||||
File file = new File(webgoatHome, user + ".progress");
|
|
||||||
|
|
||||||
try (ObjectOutputStream objectOutputStream = new ObjectOutputStream(new FileOutputStream(file))) {
|
|
||||||
objectOutputStream.writeObject(storage);
|
|
||||||
objectOutputStream.flush();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
public void reset(AbstractLesson al) {
|
|
||||||
Map<String, LessonTracker> storage = load();
|
|
||||||
LessonTracker lessonTracker = getLessonTracker(storage, al);
|
|
||||||
lessonTracker.reset();
|
|
||||||
save(storage);
|
|
||||||
}
|
|
||||||
|
|
||||||
public int numberOfLessonsSolved() {
|
|
||||||
int numberOfLessonsSolved = 0;
|
|
||||||
Map<String, LessonTracker> storage = load();
|
|
||||||
for (LessonTracker lessonTracker : storage.values()) {
|
|
||||||
if (lessonTracker.isLessonSolved()) {
|
|
||||||
numberOfLessonsSolved = numberOfLessonsSolved + 1;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return numberOfLessonsSolved;
|
|
||||||
}
|
|
||||||
|
|
||||||
public int numberOfAssignmentsSolved() {
|
|
||||||
int numberOfAssignmentsSolved = 0;
|
|
||||||
Map<String, LessonTracker> storage = load();
|
|
||||||
for (LessonTracker lessonTracker : storage.values()) {
|
|
||||||
Map<Assignment, Boolean> lessonOverview = lessonTracker.getLessonOverview();
|
|
||||||
numberOfAssignmentsSolved = lessonOverview.values().stream().filter(b -> b).collect(Collectors.counting()).intValue();
|
|
||||||
}
|
|
||||||
return numberOfAssignmentsSolved;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@ -2,6 +2,7 @@ package org.owasp.webgoat.session;
|
|||||||
|
|
||||||
import lombok.extern.slf4j.Slf4j;
|
import lombok.extern.slf4j.Slf4j;
|
||||||
import org.owasp.webgoat.lessons.AbstractLesson;
|
import org.owasp.webgoat.lessons.AbstractLesson;
|
||||||
|
import org.owasp.webgoat.users.WebGoatUser;
|
||||||
import org.springframework.security.core.context.SecurityContextHolder;
|
import org.springframework.security.core.context.SecurityContextHolder;
|
||||||
|
|
||||||
import java.sql.Connection;
|
import java.sql.Connection;
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
package org.owasp.webgoat.session;
|
package org.owasp.webgoat.users;
|
||||||
|
|
||||||
import com.google.common.collect.Lists;
|
import com.google.common.collect.Lists;
|
||||||
import com.google.common.collect.Sets;
|
import com.google.common.collect.Sets;
|
||||||
@ -7,7 +7,6 @@ import lombok.Getter;
|
|||||||
import org.owasp.webgoat.lessons.AbstractLesson;
|
import org.owasp.webgoat.lessons.AbstractLesson;
|
||||||
import org.owasp.webgoat.lessons.Assignment;
|
import org.owasp.webgoat.lessons.Assignment;
|
||||||
|
|
||||||
import java.io.Serializable;
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.Optional;
|
import java.util.Optional;
|
||||||
@ -45,14 +44,20 @@ import java.util.stream.Collectors;
|
|||||||
* @version $Id: $Id
|
* @version $Id: $Id
|
||||||
* @since October 29, 2003
|
* @since October 29, 2003
|
||||||
*/
|
*/
|
||||||
public class LessonTracker implements Serializable {
|
public class LessonTracker {
|
||||||
private static final long serialVersionUID = 5410058267505412928L;
|
@Getter
|
||||||
|
private String lessonName;
|
||||||
private final Set<Assignment> solvedAssignments = Sets.newHashSet();
|
private final Set<Assignment> solvedAssignments = Sets.newHashSet();
|
||||||
private final List<Assignment> allAssignments = Lists.newArrayList();
|
private final List<Assignment> allAssignments = Lists.newArrayList();
|
||||||
@Getter
|
@Getter
|
||||||
private int numberOfAttempts = 0;
|
private int numberOfAttempts = 0;
|
||||||
|
|
||||||
|
protected LessonTracker() {
|
||||||
|
//Mongo
|
||||||
|
}
|
||||||
|
|
||||||
public LessonTracker(AbstractLesson lesson) {
|
public LessonTracker(AbstractLesson lesson) {
|
||||||
|
lessonName = lesson.getId();
|
||||||
allAssignments.addAll(lesson.getAssignments());
|
allAssignments.addAll(lesson.getAssignments());
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2,7 +2,6 @@ package org.owasp.webgoat.users;
|
|||||||
|
|
||||||
import lombok.AllArgsConstructor;
|
import lombok.AllArgsConstructor;
|
||||||
import lombok.extern.slf4j.Slf4j;
|
import lombok.extern.slf4j.Slf4j;
|
||||||
import org.owasp.webgoat.session.WebGoatUser;
|
|
||||||
import org.springframework.security.authentication.AuthenticationManager;
|
import org.springframework.security.authentication.AuthenticationManager;
|
||||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||||
import org.springframework.security.core.context.SecurityContextHolder;
|
import org.springframework.security.core.context.SecurityContextHolder;
|
||||||
|
|||||||
@ -1,22 +1,13 @@
|
|||||||
package org.owasp.webgoat.users;
|
package org.owasp.webgoat.users;
|
||||||
|
|
||||||
import com.google.common.collect.Maps;
|
import com.google.common.collect.Lists;
|
||||||
import com.google.common.io.ByteStreams;
|
|
||||||
import lombok.AllArgsConstructor;
|
import lombok.AllArgsConstructor;
|
||||||
import lombok.Getter;
|
import lombok.Getter;
|
||||||
import lombok.SneakyThrows;
|
|
||||||
import org.owasp.webgoat.lessons.Assignment;
|
|
||||||
import org.owasp.webgoat.session.LessonTracker;
|
|
||||||
import org.springframework.beans.factory.annotation.Value;
|
|
||||||
import org.springframework.core.serializer.DefaultDeserializer;
|
|
||||||
import org.springframework.web.bind.annotation.GetMapping;
|
import org.springframework.web.bind.annotation.GetMapping;
|
||||||
import org.springframework.web.bind.annotation.RestController;
|
import org.springframework.web.bind.annotation.RestController;
|
||||||
|
|
||||||
import java.io.ByteArrayInputStream;
|
|
||||||
import java.io.File;
|
|
||||||
import java.io.FileInputStream;
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.stream.Collectors;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Temp endpoint just for the CTF.
|
* Temp endpoint just for the CTF.
|
||||||
@ -25,13 +16,11 @@ import java.util.Map;
|
|||||||
* @since 3/23/17.
|
* @since 3/23/17.
|
||||||
*/
|
*/
|
||||||
@RestController
|
@RestController
|
||||||
|
@AllArgsConstructor
|
||||||
public class Scoreboard {
|
public class Scoreboard {
|
||||||
|
|
||||||
@AllArgsConstructor
|
private final UserTrackerRepository userTrackerRepository;
|
||||||
@Getter
|
private final UserRepository userRepository;
|
||||||
private class Challenge {
|
|
||||||
private List<Ranking> rankings;
|
|
||||||
}
|
|
||||||
|
|
||||||
@AllArgsConstructor
|
@AllArgsConstructor
|
||||||
@Getter
|
@Getter
|
||||||
@ -40,40 +29,23 @@ public class Scoreboard {
|
|||||||
private int flagsCaptured;
|
private int flagsCaptured;
|
||||||
}
|
}
|
||||||
|
|
||||||
private final String webgoatDirectory;
|
|
||||||
|
|
||||||
public Scoreboard(@Value("${webgoat.server.directory}") final String webgoatDirectory) {
|
|
||||||
this.webgoatDirectory = webgoatDirectory;
|
|
||||||
}
|
|
||||||
|
|
||||||
@GetMapping("/scoreboard")
|
@GetMapping("/scoreboard")
|
||||||
public Challenge getRankings() {
|
public List<Ranking> getRankings() {
|
||||||
File homeDir = new File(webgoatDirectory);
|
List<WebGoatUser> allUsers = userRepository.findAll();
|
||||||
File[] files = homeDir.listFiles(f -> f.getName().endsWith(".progress"));
|
List<Ranking> rankings = Lists.newArrayList();
|
||||||
for (File progressFile : files) {
|
for (WebGoatUser user : allUsers) {
|
||||||
String username = progressFile.getName().replace(".progress", "");
|
UserTracker userTracker = userTrackerRepository.findOne(user.getUsername());
|
||||||
Map<String, LessonTracker> storage = load(progressFile);
|
int challengesSolved = challengesSolved(userTracker);
|
||||||
LessonTracker lessonTracker = storage.get("WebGoat Challenge");
|
rankings.add(new Ranking(user.getUsername(), challengesSolved));
|
||||||
Map<Assignment, Boolean> lessonOverview = lessonTracker.getLessonOverview();
|
|
||||||
for (int i = 0; i <= 5; i++) {
|
|
||||||
//lessonOverview.e
|
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
return rankings;
|
||||||
return null;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@SneakyThrows
|
private int challengesSolved(UserTracker userTracker) {
|
||||||
private Map<String, LessonTracker> load(File progressFile) {
|
List<String> challenges = Lists.newArrayList("Challenge1", "Challenge2", "Challenge3", "Challenge4", "Challenge5");
|
||||||
Map<String, LessonTracker> storage = Maps.newHashMap();
|
List<LessonTracker> challengeTrackers = challenges.stream()
|
||||||
if (progressFile.exists() && progressFile.isFile()) {
|
.map(c -> userTracker.getLessonTracker(c))
|
||||||
DefaultDeserializer deserializer = new DefaultDeserializer(Thread.currentThread().getContextClassLoader());
|
.filter(l -> l.isPresent()).map(l -> l.get()).collect(Collectors.toList());
|
||||||
try (FileInputStream fis = new FileInputStream(progressFile)) {
|
return challengeTrackers.size();
|
||||||
byte[] b = ByteStreams.toByteArray(fis);
|
|
||||||
storage = (Map<String, LessonTracker>) deserializer.deserialize(new ByteArrayInputStream(b));
|
|
||||||
}
|
}
|
||||||
}
|
|
||||||
return storage;
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,13 +1,12 @@
|
|||||||
package org.owasp.webgoat.users;
|
package org.owasp.webgoat.users;
|
||||||
|
|
||||||
import org.owasp.webgoat.session.WebGoatUser;
|
import org.springframework.data.mongodb.repository.MongoRepository;
|
||||||
import org.springframework.data.repository.CrudRepository;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author nbaars
|
* @author nbaars
|
||||||
* @since 3/19/17.
|
* @since 3/19/17.
|
||||||
*/
|
*/
|
||||||
public interface UserRepository extends CrudRepository<WebGoatUser, Long> {
|
public interface UserRepository extends MongoRepository<WebGoatUser, String> {
|
||||||
|
|
||||||
WebGoatUser findByUsername(String username);
|
WebGoatUser findByUsername(String username);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,7 +1,6 @@
|
|||||||
package org.owasp.webgoat.users;
|
package org.owasp.webgoat.users;
|
||||||
|
|
||||||
import lombok.AllArgsConstructor;
|
import lombok.AllArgsConstructor;
|
||||||
import org.owasp.webgoat.session.WebGoatUser;
|
|
||||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||||
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
||||||
import org.springframework.stereotype.Service;
|
import org.springframework.stereotype.Service;
|
||||||
@ -15,6 +14,7 @@ import org.springframework.stereotype.Service;
|
|||||||
public class UserService implements UserDetailsService {
|
public class UserService implements UserDetailsService {
|
||||||
|
|
||||||
private final UserRepository userRepository;
|
private final UserRepository userRepository;
|
||||||
|
private final UserTrackerRepository userTrackerRepository;
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public WebGoatUser loadUserByUsername(String username) throws UsernameNotFoundException {
|
public WebGoatUser loadUserByUsername(String username) throws UsernameNotFoundException {
|
||||||
@ -29,5 +29,6 @@ public class UserService implements UserDetailsService {
|
|||||||
|
|
||||||
public void addUser(String username, String password) {
|
public void addUser(String username, String password) {
|
||||||
userRepository.save(new WebGoatUser(username, password));
|
userRepository.save(new WebGoatUser(username, password));
|
||||||
|
userTrackerRepository.save(new UserTracker(username));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -0,0 +1,119 @@
|
|||||||
|
|
||||||
|
package org.owasp.webgoat.users;
|
||||||
|
|
||||||
|
import com.google.common.collect.Lists;
|
||||||
|
import lombok.extern.slf4j.Slf4j;
|
||||||
|
import org.owasp.webgoat.lessons.AbstractLesson;
|
||||||
|
import org.owasp.webgoat.lessons.Assignment;
|
||||||
|
import org.springframework.data.annotation.Id;
|
||||||
|
|
||||||
|
import java.util.List;
|
||||||
|
import java.util.Map;
|
||||||
|
import java.util.Optional;
|
||||||
|
import java.util.stream.Collectors;
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* ************************************************************************************************
|
||||||
|
* <p>
|
||||||
|
* <p>
|
||||||
|
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
|
||||||
|
* please see http://www.owasp.org/
|
||||||
|
* <p>
|
||||||
|
* Copyright (c) 2002 - 20014 Bruce Mayhew
|
||||||
|
* <p>
|
||||||
|
* This program is free software; you can redistribute it and/or modify it under the terms of the
|
||||||
|
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
|
||||||
|
* License, or (at your option) any later version.
|
||||||
|
* <p>
|
||||||
|
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
|
||||||
|
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
* General Public License for more details.
|
||||||
|
* <p>
|
||||||
|
* You should have received a copy of the GNU General Public License along with this program; if
|
||||||
|
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
|
||||||
|
* 02111-1307, USA.
|
||||||
|
* <p>
|
||||||
|
* Getting Source ==============
|
||||||
|
* <p>
|
||||||
|
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
|
||||||
|
* projects.
|
||||||
|
*
|
||||||
|
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
|
||||||
|
* @version $Id: $Id
|
||||||
|
* @since October 29, 2003
|
||||||
|
*/
|
||||||
|
@Slf4j
|
||||||
|
public class UserTracker {
|
||||||
|
|
||||||
|
@Id
|
||||||
|
private final String user;
|
||||||
|
private List<LessonTracker> lessonTrackers = Lists.newArrayList();
|
||||||
|
|
||||||
|
public UserTracker(final String user) {
|
||||||
|
this.user = user;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns an existing lesson tracker or create a new one based on the lesson
|
||||||
|
*
|
||||||
|
* @param lesson the lesson
|
||||||
|
* @return a lesson tracker created if not already present
|
||||||
|
*/
|
||||||
|
public LessonTracker getLessonTracker(AbstractLesson lesson) {
|
||||||
|
Optional<LessonTracker> lessonTracker = lessonTrackers
|
||||||
|
.stream().filter(l -> l.getLessonName().equals(lesson.getId())).findFirst();
|
||||||
|
if (!lessonTracker.isPresent()) {
|
||||||
|
LessonTracker newLessonTracker = new LessonTracker(lesson);
|
||||||
|
lessonTrackers.add(newLessonTracker);
|
||||||
|
return newLessonTracker;
|
||||||
|
} else {
|
||||||
|
return lessonTracker.get();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Query method for finding a specific lesson tracker based on id
|
||||||
|
*
|
||||||
|
* @param id the id of the lesson
|
||||||
|
* @return optional due to the fact we can only create a lesson tracker based on a lesson
|
||||||
|
*/
|
||||||
|
public Optional<LessonTracker> getLessonTracker(String id) {
|
||||||
|
return lessonTrackers.stream().filter(l -> l.getLessonName().equals(id)).findFirst();
|
||||||
|
}
|
||||||
|
|
||||||
|
public void assignmentSolved(AbstractLesson lesson, String assignmentName) {
|
||||||
|
LessonTracker lessonTracker = getLessonTracker(lesson);
|
||||||
|
lessonTracker.incrementAttempts();
|
||||||
|
lessonTracker.assignmentSolved(assignmentName);
|
||||||
|
}
|
||||||
|
|
||||||
|
public void assignmentFailed(AbstractLesson lesson) {
|
||||||
|
LessonTracker lessonTracker = getLessonTracker(lesson);
|
||||||
|
lessonTracker.incrementAttempts();
|
||||||
|
}
|
||||||
|
|
||||||
|
public void reset(AbstractLesson al) {
|
||||||
|
LessonTracker lessonTracker = getLessonTracker(al);
|
||||||
|
lessonTracker.reset();
|
||||||
|
}
|
||||||
|
|
||||||
|
public int numberOfLessonsSolved() {
|
||||||
|
int numberOfLessonsSolved = 0;
|
||||||
|
for (LessonTracker lessonTracker : lessonTrackers) {
|
||||||
|
if (lessonTracker.isLessonSolved()) {
|
||||||
|
numberOfLessonsSolved = numberOfLessonsSolved + 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return numberOfLessonsSolved;
|
||||||
|
}
|
||||||
|
|
||||||
|
public int numberOfAssignmentsSolved() {
|
||||||
|
int numberOfAssignmentsSolved = 0;
|
||||||
|
for (LessonTracker lessonTracker : lessonTrackers) {
|
||||||
|
Map<Assignment, Boolean> lessonOverview = lessonTracker.getLessonOverview();
|
||||||
|
numberOfAssignmentsSolved = lessonOverview.values().stream().filter(b -> b).collect(Collectors.counting()).intValue();
|
||||||
|
}
|
||||||
|
return numberOfAssignmentsSolved;
|
||||||
|
}
|
||||||
|
}
|
||||||
@ -0,0 +1,12 @@
|
|||||||
|
package org.owasp.webgoat.users;
|
||||||
|
|
||||||
|
import org.springframework.data.mongodb.repository.MongoRepository;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author nbaars
|
||||||
|
* @since 4/30/17.
|
||||||
|
*/
|
||||||
|
public interface UserTrackerRepository extends MongoRepository<UserTracker, String> {
|
||||||
|
|
||||||
|
|
||||||
|
}
|
||||||
@ -1,14 +1,13 @@
|
|||||||
package org.owasp.webgoat.session;
|
package org.owasp.webgoat.users;
|
||||||
|
|
||||||
import lombok.Getter;
|
import lombok.Getter;
|
||||||
|
import org.springframework.data.annotation.Id;
|
||||||
|
import org.springframework.data.annotation.Transient;
|
||||||
import org.springframework.security.core.GrantedAuthority;
|
import org.springframework.security.core.GrantedAuthority;
|
||||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||||
import org.springframework.security.core.userdetails.User;
|
import org.springframework.security.core.userdetails.User;
|
||||||
import org.springframework.security.core.userdetails.UserDetails;
|
import org.springframework.security.core.userdetails.UserDetails;
|
||||||
|
|
||||||
import javax.persistence.Entity;
|
|
||||||
import javax.persistence.Id;
|
|
||||||
import javax.persistence.Transient;
|
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
|
|
||||||
@ -17,7 +16,6 @@ import java.util.Collections;
|
|||||||
* @since 3/19/17.
|
* @since 3/19/17.
|
||||||
*/
|
*/
|
||||||
@Getter
|
@Getter
|
||||||
@Entity
|
|
||||||
public class WebGoatUser implements UserDetails {
|
public class WebGoatUser implements UserDetails {
|
||||||
|
|
||||||
public static final String ROLE_USER = "WEBGOAT_USER";
|
public static final String ROLE_USER = "WEBGOAT_USER";
|
||||||
@ -29,6 +29,9 @@ webgoat.database.driver=org.hsqldb.jdbcDriver
|
|||||||
webgoat.database.connection.string=jdbc:hsqldb:mem:{USER}
|
webgoat.database.connection.string=jdbc:hsqldb:mem:{USER}
|
||||||
webgoat.default.language=en
|
webgoat.default.language=en
|
||||||
|
|
||||||
|
spring.data.mongodb.database=webgoat
|
||||||
|
spring.mongodb.embedded.storage.databaseDir=${webgoat.user.directory}/mongodb/
|
||||||
|
|
||||||
|
|
||||||
liquibase.change-log=classpath:db/changelog/db.changelog-master.xml
|
liquibase.change-log=classpath:db/changelog/db.changelog-master.xml
|
||||||
spring.datasource.url=jdbc:hsqldb:file:${user.home}/.webgoat/WebGoatDatabase;hsqldb.write_delay=false
|
spring.datasource.url=jdbc:hsqldb:file:${user.home}/.webgoat/WebGoatDatabase;hsqldb.write_delay=false
|
||||||
|
|||||||
@ -30,18 +30,24 @@ import org.owasp.webgoat.i18n.Language;
|
|||||||
import org.owasp.webgoat.i18n.Messages;
|
import org.owasp.webgoat.i18n.Messages;
|
||||||
import org.owasp.webgoat.i18n.PluginMessages;
|
import org.owasp.webgoat.i18n.PluginMessages;
|
||||||
import org.owasp.webgoat.session.UserSessionData;
|
import org.owasp.webgoat.session.UserSessionData;
|
||||||
import org.owasp.webgoat.session.UserTracker;
|
import org.owasp.webgoat.users.UserTracker;
|
||||||
import org.owasp.webgoat.session.WebSession;
|
import org.owasp.webgoat.session.WebSession;
|
||||||
|
import org.owasp.webgoat.users.UserTrackerRepository;
|
||||||
import org.springframework.test.util.ReflectionTestUtils;
|
import org.springframework.test.util.ReflectionTestUtils;
|
||||||
import org.springframework.web.servlet.i18n.FixedLocaleResolver;
|
import org.springframework.web.servlet.i18n.FixedLocaleResolver;
|
||||||
|
|
||||||
import java.util.Locale;
|
import java.util.Locale;
|
||||||
|
|
||||||
|
import static org.mockito.Matchers.anyString;
|
||||||
|
import static org.mockito.Mockito.when;
|
||||||
|
|
||||||
public class AssignmentEndpointTest {
|
public class AssignmentEndpointTest {
|
||||||
|
|
||||||
@Mock
|
@Mock
|
||||||
protected UserTracker userTracker;
|
protected UserTracker userTracker;
|
||||||
@Mock
|
@Mock
|
||||||
|
protected UserTrackerRepository userTrackerRepository;
|
||||||
|
@Mock
|
||||||
protected WebSession webSession;
|
protected WebSession webSession;
|
||||||
@Mock
|
@Mock
|
||||||
protected UserSessionData userSessionData;
|
protected UserSessionData userSessionData;
|
||||||
@ -56,7 +62,8 @@ public class AssignmentEndpointTest {
|
|||||||
|
|
||||||
public void init(AssignmentEndpoint a) {
|
public void init(AssignmentEndpoint a) {
|
||||||
messages.setBasenames("classpath:/i18n/messages", "classpath:/i18n/WebGoatLabels");
|
messages.setBasenames("classpath:/i18n/messages", "classpath:/i18n/WebGoatLabels");
|
||||||
ReflectionTestUtils.setField(a, "userTracker", userTracker);
|
when(userTrackerRepository.findOne(anyString())).thenReturn(userTracker);
|
||||||
|
ReflectionTestUtils.setField(a, "userTrackerRepository", userTrackerRepository);
|
||||||
ReflectionTestUtils.setField(a, "userSessionData", userSessionData);
|
ReflectionTestUtils.setField(a, "userSessionData", userSessionData);
|
||||||
ReflectionTestUtils.setField(a, "webSession", webSession);
|
ReflectionTestUtils.setField(a, "webSession", webSession);
|
||||||
ReflectionTestUtils.setField(a, "messages", pluginMessages);
|
ReflectionTestUtils.setField(a, "messages", pluginMessages);
|
||||||
|
|||||||
@ -8,15 +8,19 @@ import org.junit.runner.RunWith;
|
|||||||
import org.mockito.Mock;
|
import org.mockito.Mock;
|
||||||
import org.mockito.Mockito;
|
import org.mockito.Mockito;
|
||||||
import org.mockito.runners.MockitoJUnitRunner;
|
import org.mockito.runners.MockitoJUnitRunner;
|
||||||
|
import org.owasp.webgoat.lessons.AbstractLesson;
|
||||||
import org.owasp.webgoat.lessons.Category;
|
import org.owasp.webgoat.lessons.Category;
|
||||||
import org.owasp.webgoat.lessons.NewLesson;
|
import org.owasp.webgoat.lessons.NewLesson;
|
||||||
import org.owasp.webgoat.session.Course;
|
import org.owasp.webgoat.session.Course;
|
||||||
import org.owasp.webgoat.session.LessonTracker;
|
import org.owasp.webgoat.session.WebSession;
|
||||||
import org.owasp.webgoat.session.UserTracker;
|
import org.owasp.webgoat.users.LessonTracker;
|
||||||
|
import org.owasp.webgoat.users.UserTracker;
|
||||||
|
import org.owasp.webgoat.users.UserTrackerRepository;
|
||||||
import org.springframework.test.web.servlet.MockMvc;
|
import org.springframework.test.web.servlet.MockMvc;
|
||||||
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
|
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
|
||||||
|
|
||||||
import static org.mockito.Matchers.any;
|
import static org.mockito.Matchers.any;
|
||||||
|
import static org.mockito.Matchers.anyString;
|
||||||
import static org.mockito.Mockito.when;
|
import static org.mockito.Mockito.when;
|
||||||
import static org.owasp.webgoat.service.LessonMenuService.URL_LESSONMENU_MVC;
|
import static org.owasp.webgoat.service.LessonMenuService.URL_LESSONMENU_MVC;
|
||||||
import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print;
|
import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print;
|
||||||
@ -35,11 +39,15 @@ public class LessonMenuServiceTest {
|
|||||||
private Course course;
|
private Course course;
|
||||||
@Mock
|
@Mock
|
||||||
private UserTracker userTracker;
|
private UserTracker userTracker;
|
||||||
|
@Mock
|
||||||
|
private UserTrackerRepository userTrackerRepository;
|
||||||
|
@Mock
|
||||||
|
private WebSession webSession;
|
||||||
private MockMvc mockMvc;
|
private MockMvc mockMvc;
|
||||||
|
|
||||||
@Before
|
@Before
|
||||||
public void setup() {
|
public void setup() {
|
||||||
this.mockMvc = standaloneSetup(new LessonMenuService(course, userTracker)).build();
|
this.mockMvc = standaloneSetup(new LessonMenuService(course, webSession, userTrackerRepository)).build();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@ -54,7 +62,8 @@ public class LessonMenuServiceTest {
|
|||||||
when(lessonTracker.isLessonSolved()).thenReturn(false);
|
when(lessonTracker.isLessonSolved()).thenReturn(false);
|
||||||
when(course.getLessons(any())).thenReturn(Lists.newArrayList(l1, l2));
|
when(course.getLessons(any())).thenReturn(Lists.newArrayList(l1, l2));
|
||||||
when(course.getCategories()).thenReturn(Lists.newArrayList(Category.ACCESS_CONTROL));
|
when(course.getCategories()).thenReturn(Lists.newArrayList(Category.ACCESS_CONTROL));
|
||||||
when(userTracker.getLessonTracker(any())).thenReturn(lessonTracker);
|
when(userTracker.getLessonTracker(any(AbstractLesson.class))).thenReturn(lessonTracker);
|
||||||
|
when(userTrackerRepository.findOne(anyString())).thenReturn(userTracker);
|
||||||
|
|
||||||
mockMvc.perform(MockMvcRequestBuilders.get(URL_LESSONMENU_MVC))
|
mockMvc.perform(MockMvcRequestBuilders.get(URL_LESSONMENU_MVC))
|
||||||
.andExpect(status().isOk())
|
.andExpect(status().isOk())
|
||||||
@ -71,7 +80,9 @@ public class LessonMenuServiceTest {
|
|||||||
when(lessonTracker.isLessonSolved()).thenReturn(true);
|
when(lessonTracker.isLessonSolved()).thenReturn(true);
|
||||||
when(course.getLessons(any())).thenReturn(Lists.newArrayList(l1));
|
when(course.getLessons(any())).thenReturn(Lists.newArrayList(l1));
|
||||||
when(course.getCategories()).thenReturn(Lists.newArrayList(Category.ACCESS_CONTROL));
|
when(course.getCategories()).thenReturn(Lists.newArrayList(Category.ACCESS_CONTROL));
|
||||||
when(userTracker.getLessonTracker(any())).thenReturn(lessonTracker);
|
when(userTracker.getLessonTracker(any(AbstractLesson.class))).thenReturn(lessonTracker);
|
||||||
|
when(userTrackerRepository.findOne(anyString())).thenReturn(userTracker);
|
||||||
|
|
||||||
|
|
||||||
mockMvc.perform(MockMvcRequestBuilders.get(URL_LESSONMENU_MVC))
|
mockMvc.perform(MockMvcRequestBuilders.get(URL_LESSONMENU_MVC))
|
||||||
.andExpect(status().isOk()).andDo(print())
|
.andExpect(status().isOk()).andDo(print())
|
||||||
|
|||||||
@ -8,9 +8,10 @@ import org.mockito.Mock;
|
|||||||
import org.mockito.runners.MockitoJUnitRunner;
|
import org.mockito.runners.MockitoJUnitRunner;
|
||||||
import org.owasp.webgoat.lessons.AbstractLesson;
|
import org.owasp.webgoat.lessons.AbstractLesson;
|
||||||
import org.owasp.webgoat.lessons.Assignment;
|
import org.owasp.webgoat.lessons.Assignment;
|
||||||
import org.owasp.webgoat.session.LessonTracker;
|
|
||||||
import org.owasp.webgoat.session.UserTracker;
|
|
||||||
import org.owasp.webgoat.session.WebSession;
|
import org.owasp.webgoat.session.WebSession;
|
||||||
|
import org.owasp.webgoat.users.LessonTracker;
|
||||||
|
import org.owasp.webgoat.users.UserTracker;
|
||||||
|
import org.owasp.webgoat.users.UserTrackerRepository;
|
||||||
import org.springframework.http.MediaType;
|
import org.springframework.http.MediaType;
|
||||||
import org.springframework.test.web.servlet.MockMvc;
|
import org.springframework.test.web.servlet.MockMvc;
|
||||||
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
|
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
|
||||||
@ -18,6 +19,7 @@ import org.springframework.test.web.servlet.setup.MockMvcBuilders;
|
|||||||
|
|
||||||
import static org.hamcrest.CoreMatchers.is;
|
import static org.hamcrest.CoreMatchers.is;
|
||||||
import static org.mockito.Matchers.any;
|
import static org.mockito.Matchers.any;
|
||||||
|
import static org.mockito.Matchers.anyString;
|
||||||
import static org.mockito.Mockito.when;
|
import static org.mockito.Mockito.when;
|
||||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
|
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
|
||||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
|
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
|
||||||
@ -63,15 +65,18 @@ public class LessonProgressServiceTest {
|
|||||||
@Mock
|
@Mock
|
||||||
private LessonTracker lessonTracker;
|
private LessonTracker lessonTracker;
|
||||||
@Mock
|
@Mock
|
||||||
|
private UserTrackerRepository userTrackerRepository;
|
||||||
|
@Mock
|
||||||
private WebSession websession;
|
private WebSession websession;
|
||||||
|
|
||||||
@Before
|
@Before
|
||||||
public void setup() {
|
public void setup() {
|
||||||
Assignment assignment = new Assignment("test", "test");
|
Assignment assignment = new Assignment("test", "test");
|
||||||
when(userTracker.getLessonTracker(any())).thenReturn(lessonTracker);
|
when(userTrackerRepository.findOne(anyString())).thenReturn(userTracker);
|
||||||
|
when(userTracker.getLessonTracker(any(AbstractLesson.class))).thenReturn(lessonTracker);
|
||||||
when(websession.getCurrentLesson()).thenReturn(lesson);
|
when(websession.getCurrentLesson()).thenReturn(lesson);
|
||||||
when(lessonTracker.getLessonOverview()).thenReturn(Maps.newHashMap(assignment, true));
|
when(lessonTracker.getLessonOverview()).thenReturn(Maps.newHashMap(assignment, true));
|
||||||
this.mockMvc = MockMvcBuilders.standaloneSetup(new LessonProgressService(userTracker, websession)).build();
|
this.mockMvc = MockMvcBuilders.standaloneSetup(new LessonProgressService(userTrackerRepository, websession)).build();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|||||||
@ -8,14 +8,17 @@ import org.mockito.Mock;
|
|||||||
import org.mockito.runners.MockitoJUnitRunner;
|
import org.mockito.runners.MockitoJUnitRunner;
|
||||||
import org.owasp.webgoat.lessons.AbstractLesson;
|
import org.owasp.webgoat.lessons.AbstractLesson;
|
||||||
import org.owasp.webgoat.session.Course;
|
import org.owasp.webgoat.session.Course;
|
||||||
import org.owasp.webgoat.session.LessonTracker;
|
import org.owasp.webgoat.session.WebSession;
|
||||||
import org.owasp.webgoat.session.UserTracker;
|
import org.owasp.webgoat.users.LessonTracker;
|
||||||
|
import org.owasp.webgoat.users.UserTracker;
|
||||||
|
import org.owasp.webgoat.users.UserTrackerRepository;
|
||||||
import org.springframework.security.test.context.support.WithMockUser;
|
import org.springframework.security.test.context.support.WithMockUser;
|
||||||
import org.springframework.test.web.servlet.MockMvc;
|
import org.springframework.test.web.servlet.MockMvc;
|
||||||
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
|
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
|
||||||
|
|
||||||
import static org.hamcrest.CoreMatchers.is;
|
import static org.hamcrest.CoreMatchers.is;
|
||||||
import static org.mockito.Matchers.any;
|
import static org.mockito.Matchers.any;
|
||||||
|
import static org.mockito.Matchers.anyString;
|
||||||
import static org.mockito.Mockito.when;
|
import static org.mockito.Mockito.when;
|
||||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
|
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
|
||||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
|
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
|
||||||
@ -33,10 +36,14 @@ public class ReportCardServiceTest {
|
|||||||
private AbstractLesson lesson;
|
private AbstractLesson lesson;
|
||||||
@Mock
|
@Mock
|
||||||
private LessonTracker lessonTracker;
|
private LessonTracker lessonTracker;
|
||||||
|
@Mock
|
||||||
|
private UserTrackerRepository userTrackerRepository;
|
||||||
|
@Mock
|
||||||
|
private WebSession websession;
|
||||||
|
|
||||||
@Before
|
@Before
|
||||||
public void setup() {
|
public void setup() {
|
||||||
this.mockMvc = standaloneSetup(new ReportCardService(userTracker, course)).build();
|
this.mockMvc = standaloneSetup(new ReportCardService(websession, userTrackerRepository, course)).build();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@ -46,7 +53,8 @@ public class ReportCardServiceTest {
|
|||||||
when(course.getTotalOfLessons()).thenReturn(1);
|
when(course.getTotalOfLessons()).thenReturn(1);
|
||||||
when(course.getTotalOfAssignments()).thenReturn(10);
|
when(course.getTotalOfAssignments()).thenReturn(10);
|
||||||
when(course.getLessons()).thenReturn(Lists.newArrayList(lesson));
|
when(course.getLessons()).thenReturn(Lists.newArrayList(lesson));
|
||||||
when(userTracker.getLessonTracker(any())).thenReturn(lessonTracker);
|
when(userTrackerRepository.findOne(anyString())).thenReturn(userTracker);
|
||||||
|
when(userTracker.getLessonTracker(any(AbstractLesson.class))).thenReturn(lessonTracker);
|
||||||
mockMvc.perform(MockMvcRequestBuilders.get("/service/reportcard.mvc"))
|
mockMvc.perform(MockMvcRequestBuilders.get("/service/reportcard.mvc"))
|
||||||
.andExpect(status().isOk())
|
.andExpect(status().isOk())
|
||||||
.andExpect(jsonPath("$.totalNumberOfLessons", is(1)))
|
.andExpect(jsonPath("$.totalNumberOfLessons", is(1)))
|
||||||
|
|||||||
@ -4,6 +4,7 @@ import com.google.common.collect.Lists;
|
|||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
import org.owasp.webgoat.lessons.AbstractLesson;
|
import org.owasp.webgoat.lessons.AbstractLesson;
|
||||||
import org.owasp.webgoat.lessons.Assignment;
|
import org.owasp.webgoat.lessons.Assignment;
|
||||||
|
import org.owasp.webgoat.users.LessonTracker;
|
||||||
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
|||||||
@ -1,105 +0,0 @@
|
|||||||
package org.owasp.webgoat.session;
|
|
||||||
|
|
||||||
import com.google.common.collect.Lists;
|
|
||||||
import org.junit.Before;
|
|
||||||
import org.junit.Test;
|
|
||||||
import org.owasp.webgoat.lessons.AbstractLesson;
|
|
||||||
import org.owasp.webgoat.lessons.Assignment;
|
|
||||||
|
|
||||||
import java.io.File;
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.util.UUID;
|
|
||||||
|
|
||||||
import static org.assertj.core.api.Assertions.assertThat;
|
|
||||||
import static org.mockito.Mockito.mock;
|
|
||||||
import static org.mockito.Mockito.when;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* ************************************************************************************************
|
|
||||||
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
|
|
||||||
* please see http://www.owasp.org/
|
|
||||||
* <p>
|
|
||||||
* Copyright (c) 2002 - 20014 Bruce Mayhew
|
|
||||||
* <p>
|
|
||||||
* This program is free software; you can redistribute it and/or modify it under the terms of the
|
|
||||||
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
|
|
||||||
* License, or (at your option) any later version.
|
|
||||||
* <p>
|
|
||||||
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
|
|
||||||
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
||||||
* General Public License for more details.
|
|
||||||
* <p>
|
|
||||||
* You should have received a copy of the GNU General Public License along with this program; if
|
|
||||||
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
|
|
||||||
* 02111-1307, USA.
|
|
||||||
* <p>
|
|
||||||
* Getting Source ==============
|
|
||||||
* <p>
|
|
||||||
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
|
|
||||||
* projects.
|
|
||||||
* <p>
|
|
||||||
*
|
|
||||||
* @author nbaars
|
|
||||||
* @version $Id: $Id
|
|
||||||
* @since November 15, 2016
|
|
||||||
*/
|
|
||||||
public class UserTrackerTest {
|
|
||||||
|
|
||||||
private File home;
|
|
||||||
|
|
||||||
@Before
|
|
||||||
public void init() throws IOException {
|
|
||||||
home = File.createTempFile("test", "test");
|
|
||||||
home.deleteOnExit();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void writeAndRead() {
|
|
||||||
UserTracker userTracker = new UserTracker(home.getParent(), "test");
|
|
||||||
AbstractLesson lesson = mock(AbstractLesson.class);
|
|
||||||
when(lesson.getAssignments()).thenReturn(Lists.newArrayList(new Assignment("assignment", "assignment")));
|
|
||||||
userTracker.getLessonTracker(lesson);
|
|
||||||
userTracker.assignmentSolved(lesson, lesson.getAssignments().get(0).getName());
|
|
||||||
|
|
||||||
userTracker = new UserTracker(home.getParent(), "test");
|
|
||||||
userTracker.load();
|
|
||||||
assertThat(userTracker.getLessonTracker(lesson).isLessonSolved()).isTrue();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void assignmentFailedShouldIncrementAttempts() {
|
|
||||||
UserTracker userTracker = new UserTracker(home.getParent(), UUID.randomUUID().toString());
|
|
||||||
AbstractLesson lesson = mock(AbstractLesson.class);
|
|
||||||
when(lesson.getAssignments()).thenReturn(Lists.newArrayList(new Assignment("assignment", "assignment")));
|
|
||||||
userTracker.getLessonTracker(lesson);
|
|
||||||
userTracker.assignmentFailed(lesson);
|
|
||||||
userTracker.assignmentFailed(lesson);
|
|
||||||
|
|
||||||
assertThat(userTracker.getLessonTracker(lesson).getNumberOfAttempts()).isEqualTo(2);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void resetShouldClearSolvedAssignment() {
|
|
||||||
UserTracker userTracker = new UserTracker(home.getParent(), "test");
|
|
||||||
AbstractLesson lesson = mock(AbstractLesson.class);
|
|
||||||
when(lesson.getAssignments()).thenReturn(Lists.newArrayList(new Assignment("assignment", "assignment")));
|
|
||||||
userTracker.getLessonTracker(lesson);
|
|
||||||
userTracker.assignmentSolved(lesson, "assignment");
|
|
||||||
|
|
||||||
assertThat(userTracker.getLessonTracker(lesson).isLessonSolved()).isTrue();
|
|
||||||
userTracker.reset(lesson);
|
|
||||||
assertThat(userTracker.getLessonTracker(lesson).isLessonSolved()).isFalse();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void totalAssignmentsSolved() {
|
|
||||||
UserTracker userTracker = new UserTracker(home.getParent(), "test");
|
|
||||||
AbstractLesson lesson = mock(AbstractLesson.class);
|
|
||||||
when(lesson.getAssignments()).thenReturn(Lists.newArrayList(new Assignment("assignment", "assignment")));
|
|
||||||
userTracker.getLessonTracker(lesson);
|
|
||||||
userTracker.assignmentSolved(lesson, "assignment");
|
|
||||||
|
|
||||||
assertThat(userTracker.numberOfAssignmentsSolved()).isEqualTo(1);
|
|
||||||
assertThat(userTracker.numberOfLessonsSolved()).isEqualTo(1);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@ -14,11 +14,14 @@ public class UserServiceTest {
|
|||||||
|
|
||||||
@Mock
|
@Mock
|
||||||
private UserRepository userRepository;
|
private UserRepository userRepository;
|
||||||
|
@Mock
|
||||||
|
private UserTrackerRepository userTrackerRepository;
|
||||||
|
|
||||||
|
|
||||||
@Test(expected = UsernameNotFoundException.class)
|
@Test(expected = UsernameNotFoundException.class)
|
||||||
public void shouldThrowExceptionWhenUserIsNotFound() {
|
public void shouldThrowExceptionWhenUserIsNotFound() {
|
||||||
when(userRepository.findByUsername(any())).thenReturn(null);
|
when(userRepository.findByUsername(any())).thenReturn(null);
|
||||||
UserService userService = new UserService(userRepository);
|
UserService userService = new UserService(userRepository, userTrackerRepository);
|
||||||
userService.loadUserByUsername("unknown");
|
userService.loadUserByUsername("unknown");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -4,7 +4,6 @@ import org.junit.Test;
|
|||||||
import org.junit.runner.RunWith;
|
import org.junit.runner.RunWith;
|
||||||
import org.mockito.Mock;
|
import org.mockito.Mock;
|
||||||
import org.mockito.runners.MockitoJUnitRunner;
|
import org.mockito.runners.MockitoJUnitRunner;
|
||||||
import org.owasp.webgoat.session.WebGoatUser;
|
|
||||||
import org.springframework.validation.BeanPropertyBindingResult;
|
import org.springframework.validation.BeanPropertyBindingResult;
|
||||||
import org.springframework.validation.Errors;
|
import org.springframework.validation.Errors;
|
||||||
|
|
||||||
|
|||||||
@ -3,8 +3,10 @@ package org.owasp.webgoat.plugin;
|
|||||||
import com.google.common.collect.Maps;
|
import com.google.common.collect.Maps;
|
||||||
import lombok.AllArgsConstructor;
|
import lombok.AllArgsConstructor;
|
||||||
import lombok.Getter;
|
import lombok.Getter;
|
||||||
|
import lombok.extern.slf4j.Slf4j;
|
||||||
import org.owasp.webgoat.assignments.Endpoint;
|
import org.owasp.webgoat.assignments.Endpoint;
|
||||||
import org.owasp.webgoat.session.UserTracker;
|
import org.owasp.webgoat.users.UserTracker;
|
||||||
|
import org.owasp.webgoat.users.UserTrackerRepository;
|
||||||
import org.owasp.webgoat.session.WebSession;
|
import org.owasp.webgoat.session.WebSession;
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.http.HttpStatus;
|
import org.springframework.http.HttpStatus;
|
||||||
@ -23,11 +25,12 @@ import java.util.stream.IntStream;
|
|||||||
* @author nbaars
|
* @author nbaars
|
||||||
* @since 3/23/17.
|
* @since 3/23/17.
|
||||||
*/
|
*/
|
||||||
|
@Slf4j
|
||||||
public class Flag extends Endpoint {
|
public class Flag extends Endpoint {
|
||||||
|
|
||||||
public static final Map<Integer, String> FLAGS = Maps.newHashMap();
|
public static final Map<Integer, String> FLAGS = Maps.newHashMap();
|
||||||
@Autowired
|
@Autowired
|
||||||
private UserTracker userTracker;
|
private UserTrackerRepository userTrackerRepository;
|
||||||
@Autowired
|
@Autowired
|
||||||
private WebSession webSession;
|
private WebSession webSession;
|
||||||
|
|
||||||
@ -39,7 +42,8 @@ public class Flag extends Endpoint {
|
|||||||
|
|
||||||
@PostConstruct
|
@PostConstruct
|
||||||
public void initFlags() {
|
public void initFlags() {
|
||||||
IntStream.range(1, 5).forEach(i -> FLAGS.put(i, UUID.randomUUID().toString()));
|
IntStream.range(1, 6).forEach(i -> FLAGS.put(i, UUID.randomUUID().toString()));
|
||||||
|
FLAGS.entrySet().stream().forEach(e -> log.debug("Flag {} {}", e.getKey(), e.getValue()));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@ -50,6 +54,10 @@ public class Flag extends Endpoint {
|
|||||||
@RequestMapping(method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE)
|
@RequestMapping(method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE)
|
||||||
@ResponseStatus(HttpStatus.OK)
|
@ResponseStatus(HttpStatus.OK)
|
||||||
public void postFlag(@RequestParam String flag) {
|
public void postFlag(@RequestParam String flag) {
|
||||||
|
UserTracker userTracker = userTrackerRepository.findOne(webSession.getUserName());
|
||||||
|
if (userTracker == null) {
|
||||||
|
userTracker = new UserTracker(webSession.getUserName());
|
||||||
|
}
|
||||||
String currentChallenge = webSession.getCurrentLesson().getName();
|
String currentChallenge = webSession.getCurrentLesson().getName();
|
||||||
int challengeNumber = Integer.valueOf(currentChallenge.substring(currentChallenge.length() - 1, currentChallenge.length()));
|
int challengeNumber = Integer.valueOf(currentChallenge.substring(currentChallenge.length() - 1, currentChallenge.length()));
|
||||||
String expectedFlag = FLAGS.get(challengeNumber);
|
String expectedFlag = FLAGS.get(challengeNumber);
|
||||||
@ -58,6 +66,7 @@ public class Flag extends Endpoint {
|
|||||||
} else {
|
} else {
|
||||||
userTracker.assignmentFailed(webSession.getCurrentLesson());
|
userTracker.assignmentFailed(webSession.getCurrentLesson());
|
||||||
}
|
}
|
||||||
|
userTrackerRepository.save(userTracker);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user