Closes: gh-2072
* chore: add Maven wrapper jar file
This way we don't download it every time from a Maven repository saving some band with.
* chore: remove @authors tag
* fix: correct number of solved assignments in report card
Filter the list of assignments to accurately count the number of solved assignments.
Closes: gh-2063
* chore: remove scoreboard code
This is added when we run a CTF challenge during OWASP AppSecEU in 2017. We can remove this code.
Closes: gh-2064
Instead of using Robot Framework which does not run during a `mvn install`. Playwright seems to be the better approach. We can now write them as normal JUnit test and they are executed during a build.
Additionally this PR solves some interesting bugs found during writing Playwright tests:
- A reset of a lesson removes all assignments as a result another user wouldn't see any assignments
- If someone solves an assignment the assignment automatically got solved for a new user since the assignment included the `solved` flag which immediately got copied to new lesson progress.
- Introduction of assignment progress linking a assignment not directly to all users.
* refactor: modernize code
* refactor: move to Tomcat
* chore: bump to Spring Boot 3.3.3
* refactor: use Testcontainers to run integration tests
* refactor: lesson/assignment progress
* chore: format code
* refactor: first step into removing base class for assignment
Always been a bit of an ugly construction, as none of the dependencies are clear. The constructors are hidden due to autowiring the base class. This PR removes two of the fields.
As a bonus we now wire the authentication principal directly in the controllers.
* refactor: use authentication principal directly.
* refactor: pass lesson to the endpoints
No more need to get the current lesson set in a session. The lesson is now passed to the endpoints.
* fix: Testcontainers cannot run on Windows host in Github actions.
Since we have Windows specific paths let's run it standalone for now. We need to run these tests on Docker as well (for now disabled)
* fix: report card
Fix and simplify calculation of the number of assignments a user solved.
Rename `UserTracker` to `UserProgress`
Rename `LessonTracker` to `LessonProgress`
Rename tables in database
When a call directly hits a file it is now show up in the requests overview. This helps the user whether an attack from WebGoat actually requested the uploaded file.
Closes: gh-1551
* better check on host and port for password reset and make context roots more flexible
* spotless applied
* removed hardcoded /WebGoat from js
* removed hardcoded /WebGoat from js
* fix spotless
* fix scoreboard
* upgrade WebWolf bootstrap version and icons and templates - part 1
* fixed more bootstrap 5 style issues and context path issues
* organized WebSecurityConfig based on latest conventions and added basic support for oauth (more work needed)
* spotless applied
* added mock bean
* requires updates to properties - commented for now
* requires updates to properties - commented for now
* oauth secrets through env values
* user creation after oauth login
* integration test against non default context paths
* adjusted StartupMessage
* add global model element username
* conditionally show login oauth links
* fixed WebWolf login
---------
Co-authored-by: René Zubcevic <rene@Mac-mini-van-Rene.local>
One can solve this lesson by using `alg:none` instead of using the refresh token flow. Instead of adding a check to force using the refresh token we opt for giving the user extra feedback.
* Some initial refactoring
* Make it one application
* Got it working
* Fix problem on Windows
* Move WebWolf
* Move first lesson
* Moved all lessons
* Fix pom.xml
* Fix tests
* Add option to initialize a lesson
This way we can create content for each user inside a lesson. The initialize method will be called when a new user is created or when a lesson reset happens
* Clean up pom.xml files
* Remove fetching labels based on language.
We only support English at the moment, all the lesson explanations are written in English which makes it very difficult to translate. If we only had labels it would make sense to support multiple languages
* Fix SonarLint issues
* And move it all to the main project
* Fix for documentation paths
* Fix pom warnings
* Remove PMD as it does not work
* Update release notes about refactoring
Update release notes about refactoring
Update release notes about refactoring
* Fix lesson template
* Update release notes
* Keep it in the same repo in Dockerhub
* Update documentation to show how the connection is obtained.
Resolves: #1180
* Rename all integration tests
* Remove command from Dockerfile
* Simplify GitHub actions
Currently, we use a separate actions for pull-requests and branch build.
This is now consolidated in one action.
The PR action triggers always, it now only trigger when the PR is
opened and not in draft.
Running all platforms on a branch build is a bit too much, it is better
to only run all platforms when someone opens a PR.
* Remove duplicate entry from release notes
* Add explicit registry for base image
* Lesson scanner not working when fat jar
When running the fat jar we have to take into account we
are reading from the jar file and not the filesystem. In
this case you cannot use `getFile` for example.
* added info in README and fixed release docker
* changed base image and added ignore file
Co-authored-by: Zubcevic.com <rene@zubcevic.com>
