ab068901f1
* refactor: modernize code * refactor: move to Tomcat * chore: bump to Spring Boot 3.3.3 * refactor: use Testcontainers to run integration tests * refactor: lesson/assignment progress * chore: format code * refactor: first step into removing base class for assignment Always been a bit of an ugly construction, as none of the dependencies are clear. The constructors are hidden due to autowiring the base class. This PR removes two of the fields. As a bonus we now wire the authentication principal directly in the controllers. * refactor: use authentication principal directly. * refactor: pass lesson to the endpoints No more need to get the current lesson set in a session. The lesson is now passed to the endpoints. * fix: Testcontainers cannot run on Windows host in Github actions. Since we have Windows specific paths let's run it standalone for now. We need to run these tests on Docker as well (for now disabled)
78 lines
2.3 KiB
Java
78 lines
2.3 KiB
Java
package org.owasp.webgoat;
|
|
|
|
import static org.junit.jupiter.api.Assertions.assertTrue;
|
|
|
|
import io.restassured.RestAssured;
|
|
import java.util.HashMap;
|
|
import java.util.Map;
|
|
import org.junit.jupiter.api.Test;
|
|
|
|
public class WebWolfIntegrationTest extends IntegrationTest {
|
|
|
|
@Test
|
|
public void runTests() {
|
|
startLesson("WebWolfIntroduction");
|
|
|
|
// Assignment 3
|
|
Map<String, Object> params = new HashMap<>();
|
|
params.put("email", this.getUser() + "@webgoat.org");
|
|
checkAssignment(url("WebWolf/mail/send"), params, false);
|
|
|
|
String responseBody =
|
|
RestAssured.given()
|
|
.when()
|
|
.relaxedHTTPSValidation()
|
|
.cookie("WEBWOLFSESSION", getWebWolfCookie())
|
|
.get(new WebWolfUrlBuilder().path("mail").build())
|
|
.then()
|
|
.extract()
|
|
.response()
|
|
.getBody()
|
|
.asString();
|
|
|
|
String uniqueCode = responseBody.replace("%20", " ");
|
|
uniqueCode =
|
|
uniqueCode.substring(
|
|
21 + uniqueCode.lastIndexOf("your unique code is: "),
|
|
uniqueCode.lastIndexOf("your unique code is: ") + (21 + this.getUser().length()));
|
|
params.clear();
|
|
params.put("uniqueCode", uniqueCode);
|
|
checkAssignment(url("WebWolf/mail"), params, true);
|
|
|
|
// Assignment 4
|
|
RestAssured.given()
|
|
.when()
|
|
.relaxedHTTPSValidation()
|
|
.cookie("JSESSIONID", getWebGoatCookie())
|
|
.queryParams(params)
|
|
.get(url("WebWolf/landing/password-reset"))
|
|
.then()
|
|
.statusCode(200);
|
|
RestAssured.given()
|
|
.when()
|
|
.relaxedHTTPSValidation()
|
|
.cookie("WEBWOLFSESSION", getWebWolfCookie())
|
|
.queryParams(params)
|
|
.get(new WebWolfUrlBuilder().path("landing").build())
|
|
.then()
|
|
.statusCode(200);
|
|
responseBody =
|
|
RestAssured.given()
|
|
.when()
|
|
.relaxedHTTPSValidation()
|
|
.cookie("WEBWOLFSESSION", getWebWolfCookie())
|
|
.get(new WebWolfUrlBuilder().path("requests").build())
|
|
.then()
|
|
.extract()
|
|
.response()
|
|
.getBody()
|
|
.asString();
|
|
assertTrue(responseBody.contains(uniqueCode));
|
|
params.clear();
|
|
params.put("uniqueCode", uniqueCode);
|
|
checkAssignment(url("WebWolf/landing"), params, true);
|
|
|
|
checkResults("WebWolfIntroduction");
|
|
}
|
|
}
|