From ebf2f9d8647c4671a3d1f820aeb7082dbf1363ad Mon Sep 17 00:00:00 2001
From: Nanne Baars <nanne.baars@owasp.org>
Date: Thu, 23 Mar 2017 20:30:23 +0100
Subject: [PATCH] wip

---
 .../owasp/webgoat/session/LessonTracker.java  |  2 +-
 .../org/owasp/webgoat/users/Scoreboard.java   | 79 +++++++++++++++++++
 .../src/main/resources/html/Challenge.html    |  2 +-
 .../resources/lessonPlans/en/Challenge_1.adoc | 10 +--
 4 files changed, 82 insertions(+), 11 deletions(-)
 create mode 100644 webgoat-container/src/main/java/org/owasp/webgoat/users/Scoreboard.java

diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/session/LessonTracker.java b/webgoat-container/src/main/java/org/owasp/webgoat/session/LessonTracker.java
index edd0d1483..3d16e90a8 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/session/LessonTracker.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/session/LessonTracker.java
@@ -61,7 +61,7 @@ public class LessonTracker implements Serializable {
     }
 
     /**
-     * Mark an assingment as solved
+     * Mark an assignment as solved
      *
      * @param solvedAssignment the assignment which the user solved
      */
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/users/Scoreboard.java b/webgoat-container/src/main/java/org/owasp/webgoat/users/Scoreboard.java
new file mode 100644
index 000000000..f6809852d
--- /dev/null
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/users/Scoreboard.java
@@ -0,0 +1,79 @@
+package org.owasp.webgoat.users;
+
+import com.google.common.collect.Maps;
+import com.google.common.io.ByteStreams;
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import lombok.SneakyThrows;
+import org.owasp.webgoat.lessons.Assignment;
+import org.owasp.webgoat.session.LessonTracker;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.core.serializer.DefaultDeserializer;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.io.ByteArrayInputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * Temp endpoint just for the CTF.
+ *
+ * @author nbaars
+ * @since 3/23/17.
+ */
+@RestController
+public class Scoreboard {
+
+    @AllArgsConstructor
+    @Getter
+    private class Challenge {
+        private List<Ranking> rankings;
+    }
+
+    @AllArgsConstructor
+    @Getter
+    private class Ranking {
+        private String username;
+        private int flagsCaptured;
+    }
+
+    private final String webgoatDirectory;
+
+    public Scoreboard(@Value("${webgoat.server.directory}") final String webgoatDirectory) {
+        this.webgoatDirectory = webgoatDirectory;
+    }
+
+    @GetMapping("/scoreboard")
+    public Challenge getRankings() {
+        File homeDir = new File(webgoatDirectory);
+        File[] files = homeDir.listFiles(f -> f.getName().endsWith(".progress"));
+        for (File progressFile : files) {
+            String username = progressFile.getName().replace(".progress", "");
+            Map<String, LessonTracker> storage = load(progressFile);
+            LessonTracker lessonTracker = storage.get("WebGoat Challenge");
+            Map<Assignment, Boolean> lessonOverview = lessonTracker.getLessonOverview();
+            for (int i = 0; i <= 5; i++) {
+                //lessonOverview.e
+
+            }
+        }
+        return null;
+    }
+
+    @SneakyThrows
+    private Map<String, LessonTracker> load(File progressFile) {
+        Map<String, LessonTracker> storage = Maps.newHashMap();
+        if (progressFile.exists() && progressFile.isFile()) {
+            DefaultDeserializer deserializer = new DefaultDeserializer(Thread.currentThread().getContextClassLoader());
+            try (FileInputStream fis = new FileInputStream(progressFile)) {
+                byte[] b = ByteStreams.toByteArray(fis);
+                storage = (Map<String, LessonTracker>) deserializer.deserialize(new ByteArrayInputStream(b));
+            }
+        }
+        return storage;
+    }
+
+}
diff --git a/webgoat-lessons/challenge/src/main/resources/html/Challenge.html b/webgoat-lessons/challenge/src/main/resources/html/Challenge.html
index 76398ed1a..b6bc7f41e 100644
--- a/webgoat-lessons/challenge/src/main/resources/html/Challenge.html
+++ b/webgoat-lessons/challenge/src/main/resources/html/Challenge.html
@@ -36,7 +36,7 @@
             </div>
         </div>
 
-        <form class="form-inline">
+        <form class="form-inline"  method="POST" name="form" action="/WebGoat/challenge/flag">
             <div class="form-group">
                 <div class="input-group">
                     <div class="input-group-addon"><i class="fa fa-flag-checkered" aria-hidden="true" style="font-size:20px"></i></div>
diff --git a/webgoat-lessons/challenge/src/main/resources/lessonPlans/en/Challenge_1.adoc b/webgoat-lessons/challenge/src/main/resources/lessonPlans/en/Challenge_1.adoc
index b1d8e837f..3a0b7ee9f 100644
--- a/webgoat-lessons/challenge/src/main/resources/lessonPlans/en/Challenge_1.adoc
+++ b/webgoat-lessons/challenge/src/main/resources/lessonPlans/en/Challenge_1.adoc
@@ -1,9 +1 @@
-== Welcome to the WebGoat challenge (CTF)
-
-In this CTF you will need to solve a couple of challenges, each challenge will give you a flag which you will
-need to post in order to gain points.
-Flags have the following format: a7179f89-906b-4fec-9d99-f15b796e7208
-
-
-Have fun!!
-Team WebGoat
\ No newline at end of file
+=== Admin forgot password can you help?
\ No newline at end of file