dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added validation to detect duplicate users during registration

Browse Source
This commit is contained in:
Nanne Baars 2017-04-08 08:30:14 +02:00
parent dc245bd1e7
commit fbf2d1b422
2 changed files with 68 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
webgoat-container/src/main/java/org/owasp/webgoat/users/UserValidator.java
View File

@ -1,5 +1,6 @@
package org.owasp.webgoat.users; package org.owasp.webgoat.users;
import lombok.AllArgsConstructor;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import org.springframework.validation.Errors; import org.springframework.validation.Errors;
import org.springframework.validation.Validator; import org.springframework.validation.Validator;
@ -9,10 +10,10 @@ import org.springframework.validation.Validator;
* @since 3/19/17. * @since 3/19/17.
*/ */
@Component @Component
@AllArgsConstructor
public class UserValidator implements Validator { public class UserValidator implements Validator {
// @Autowired private final UserRepository userRepository;
// private UserService userService;
@Override @Override
public boolean supports(Class<?> aClass) { public boolean supports(Class<?> aClass) {
@ -23,9 +24,9 @@ public class UserValidator implements Validator {
public void validate(Object o, Errors errors) { public void validate(Object o, Errors errors) {
UserForm userForm = (UserForm) o; UserForm userForm = (UserForm) o;
// if (userService.findByUsername(userForm.getUsername()) != null) { if (userRepository.findByUsername(userForm.getUsername()) != null) {
// errors.rejectValue("username", "Duplicate.userForm.username"); errors.rejectValue("username", "username.duplicate");
// } }
if (!userForm.getMatchingPassword().equals(userForm.getPassword())) { if (!userForm.getMatchingPassword().equals(userForm.getPassword())) {
errors.rejectValue("matchingPassword", "password.diff"); errors.rejectValue("matchingPassword", "password.diff");

62
webgoat-container/src/test/java/org/owasp/webgoat/users/UserValidatorTest.java Normal file
View File

@ -0,0 +1,62 @@
package org.owasp.webgoat.users;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.runners.MockitoJUnitRunner;
import org.owasp.webgoat.session.WebGoatUser;
import org.springframework.validation.BeanPropertyBindingResult;
import org.springframework.validation.Errors;
import static org.assertj.core.api.Assertions.assertThat;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import static org.mockito.Matchers.anyString;
import static org.mockito.Mockito.when;
@RunWith(MockitoJUnitRunner.class)
public class UserValidatorTest {
@Mock
private UserRepository userRepository;
@Test
public void passwordsShouldMatch() {
UserForm userForm = new UserForm();
userForm.setAgree("true");
userForm.setUsername("test1234");
userForm.setPassword("test1234");
userForm.setMatchingPassword("test1234");
Errors errors = new BeanPropertyBindingResult(userForm, "userForm");
new UserValidator(userRepository).validate(userForm, errors);
assertFalse(errors.hasErrors());
}
@Test
public void shouldGiveErrorWhenPasswordsDoNotMatch() {
UserForm userForm = new UserForm();
userForm.setAgree("true");
userForm.setUsername("test1234");
userForm.setPassword("test12345");
userForm.setMatchingPassword("test1234");
Errors errors = new BeanPropertyBindingResult(userForm, "userForm");
new UserValidator(userRepository).validate(userForm, errors);
assertTrue(errors.hasErrors());
assertThat(errors.getFieldError("matchingPassword").getCode()).isEqualTo("password.diff");
}
@Test
public void shouldGiveErrorWhenUserAlreadyExists() {
UserForm userForm = new UserForm();
userForm.setAgree("true");
userForm.setUsername("test12345");
userForm.setPassword("test12345");
userForm.setMatchingPassword("test12345");
when(userRepository.findByUsername(anyString())).thenReturn(new WebGoatUser("test1245", "password"));
Errors errors = new BeanPropertyBindingResult(userForm, "userForm");
new UserValidator(userRepository).validate(userForm, errors);
assertTrue(errors.hasErrors());
assertThat(errors.getFieldError("username").getCode()).isEqualTo("username.duplicate");
}
}