d1e44bbc98
* better check on host and port for password reset and make context roots more flexible * spotless applied * removed hardcoded /WebGoat from js * removed hardcoded /WebGoat from js * fix spotless * fix scoreboard * upgrade WebWolf bootstrap version and icons and templates - part 1 * fixed more bootstrap 5 style issues and context path issues * organized WebSecurityConfig based on latest conventions and added basic support for oauth (more work needed) * spotless applied * added mock bean * requires updates to properties - commented for now * requires updates to properties - commented for now * oauth secrets through env values * user creation after oauth login * integration test against non default context paths * adjusted StartupMessage * add global model element username * conditionally show login oauth links * fixed WebWolf login --------- Co-authored-by: René Zubcevic <rene@Mac-mini-van-Rene.local>
126 lines
4.6 KiB
Java
126 lines
4.6 KiB
Java
/*
|
|
* This file is part of WebGoat, an Open Web Application Security Project utility. For details, please see http://www.owasp.org/
|
|
*
|
|
* Copyright (c) 2002 - 2019 Bruce Mayhew
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify it under the terms of the
|
|
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
|
|
* License, or (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
|
|
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License along with this program; if
|
|
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
|
|
* 02111-1307, USA.
|
|
*
|
|
* Getting Source ==============
|
|
*
|
|
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects.
|
|
*/
|
|
|
|
package org.owasp.webgoat.webwolf;
|
|
|
|
import static org.springframework.http.MediaType.ALL_VALUE;
|
|
|
|
import jakarta.servlet.http.HttpServletRequest;
|
|
import java.io.File;
|
|
import java.io.IOException;
|
|
import java.util.ArrayList;
|
|
import lombok.AllArgsConstructor;
|
|
import lombok.Getter;
|
|
import lombok.extern.slf4j.Slf4j;
|
|
import org.apache.commons.io.FileUtils;
|
|
import org.springframework.beans.factory.annotation.Value;
|
|
import org.springframework.http.MediaType;
|
|
import org.springframework.security.core.Authentication;
|
|
import org.springframework.stereotype.Controller;
|
|
import org.springframework.ui.ModelMap;
|
|
import org.springframework.web.bind.annotation.GetMapping;
|
|
import org.springframework.web.bind.annotation.PostMapping;
|
|
import org.springframework.web.bind.annotation.RequestMapping;
|
|
import org.springframework.web.bind.annotation.RequestParam;
|
|
import org.springframework.web.bind.annotation.ResponseBody;
|
|
import org.springframework.web.multipart.MultipartFile;
|
|
import org.springframework.web.servlet.ModelAndView;
|
|
import org.springframework.web.servlet.view.RedirectView;
|
|
|
|
/** Controller for uploading a file */
|
|
@Controller
|
|
@Slf4j
|
|
public class FileServer {
|
|
|
|
@Value("${webwolf.fileserver.location}")
|
|
private String fileLocation;
|
|
|
|
@Value("${server.address}")
|
|
private String server;
|
|
|
|
@Value("${server.servlet.context-path}")
|
|
private String contextPath;
|
|
|
|
@Value("${server.port}")
|
|
private int port;
|
|
|
|
@RequestMapping(
|
|
path = "/file-server-location",
|
|
consumes = ALL_VALUE,
|
|
produces = MediaType.TEXT_PLAIN_VALUE)
|
|
@ResponseBody
|
|
public String getFileLocation() {
|
|
return fileLocation;
|
|
}
|
|
|
|
@PostMapping(value = "/fileupload")
|
|
public ModelAndView importFile(
|
|
@RequestParam("file") MultipartFile myFile, Authentication authentication)
|
|
throws IOException {
|
|
String username = authentication.getName();
|
|
var destinationDir = new File(fileLocation, username);
|
|
destinationDir.mkdirs();
|
|
myFile.transferTo(new File(destinationDir, myFile.getOriginalFilename()));
|
|
log.debug("File saved to {}", new File(destinationDir, myFile.getOriginalFilename()));
|
|
|
|
return new ModelAndView(
|
|
new RedirectView("files", true),
|
|
new ModelMap().addAttribute("uploadSuccess", "File uploaded successful"));
|
|
}
|
|
|
|
@AllArgsConstructor
|
|
@Getter
|
|
private class UploadedFile {
|
|
private final String name;
|
|
private final String size;
|
|
private final String link;
|
|
}
|
|
|
|
@GetMapping(value = "/files")
|
|
public ModelAndView getFiles(HttpServletRequest request, Authentication authentication) {
|
|
String username = (null != authentication) ? authentication.getName() : "anonymous";
|
|
File destinationDir = new File(fileLocation, username);
|
|
|
|
ModelAndView modelAndView = new ModelAndView();
|
|
modelAndView.setViewName("files");
|
|
File changeIndicatorFile = new File(destinationDir, username + "_changed");
|
|
if (changeIndicatorFile.exists()) {
|
|
modelAndView.addObject("uploadSuccess", request.getParameter("uploadSuccess"));
|
|
}
|
|
changeIndicatorFile.delete();
|
|
|
|
var uploadedFiles = new ArrayList<>();
|
|
File[] files = destinationDir.listFiles(File::isFile);
|
|
if (files != null) {
|
|
for (File file : files) {
|
|
String size = FileUtils.byteCountToDisplaySize(file.length());
|
|
String link = String.format("files/%s/%s", username, file.getName());
|
|
uploadedFiles.add(new UploadedFile(file.getName(), size, link));
|
|
}
|
|
}
|
|
|
|
modelAndView.addObject("files", uploadedFiles);
|
|
modelAndView.addObject("webwolf_url", "http://" + server + ":" + port + contextPath);
|
|
return modelAndView;
|
|
}
|
|
}
|