■ ■ ■ ■ ■ ■
src/test/java/org/owasp/wrongsecrets/ChallengesControllerCTFModeTest.java
1 | 1 | | package org.owasp.wrongsecrets; |
2 | 2 | | |
3 | | - | import org.junit.jupiter.api.BeforeEach; |
4 | 3 | | import org.junit.jupiter.api.Test; |
5 | 4 | | import org.junit.jupiter.api.extension.ExtendWith; |
6 | | - | import org.junit.runner.RunWith; |
7 | | - | import org.mockito.Mock; |
8 | | - | import org.mockito.junit.jupiter.MockitoExtension; |
9 | | - | import org.owasp.wrongsecrets.RuntimeEnvironment.Environment; |
10 | | - | import org.owasp.wrongsecrets.challenges.*; |
| 5 | + | import org.owasp.wrongsecrets.challenges.ChallengeForm; |
11 | 6 | | import org.owasp.wrongsecrets.challenges.docker.Challenge1; |
12 | 7 | | import org.springframework.beans.factory.annotation.Autowired; |
13 | 8 | | import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc; |
14 | 9 | | import org.springframework.boot.test.context.SpringBootTest; |
15 | | - | import org.springframework.boot.web.client.RestTemplateBuilder; |
16 | | - | import org.springframework.boot.web.server.LocalServerPort; |
17 | | - | import org.springframework.http.HttpStatus; |
18 | 10 | | import org.springframework.http.MediaType; |
19 | | - | import org.springframework.test.context.junit4.SpringRunner; |
| 11 | + | import org.springframework.test.context.junit.jupiter.SpringExtension; |
20 | 12 | | import org.springframework.test.web.servlet.MockMvc; |
21 | | - | import org.springframework.test.web.servlet.setup.MockMvcBuilders; |
22 | | - | import org.springframework.web.client.RestClientResponseException; |
23 | 13 | | |
24 | | - | import javax.ws.rs.core.Application; |
25 | | - | import java.util.List; |
26 | | - | |
27 | | - | import static org.assertj.core.api.Assertions.assertThat; |
28 | 14 | | import static org.hamcrest.Matchers.containsString; |
29 | | - | import static org.junit.jupiter.api.Assertions.fail; |
30 | | - | import static org.mockito.ArgumentMatchers.anyString; |
31 | | - | import static org.mockito.ArgumentMatchers.contains; |
32 | | - | import static org.mockito.Mockito.when; |
33 | | - | import static org.springframework.boot.test.context.SpringBootTest.WebEnvironment.MOCK; |
| 15 | + | import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf; |
34 | 16 | | import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; |
35 | 17 | | import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post; |
36 | | - | import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*; |
| 18 | + | import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content; |
| 19 | + | import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; |
37 | 20 | | |
38 | | - | @RunWith(SpringRunner.class) |
| 21 | + | @ExtendWith(SpringExtension.class) |
39 | 22 | | @SpringBootTest( |
40 | 23 | | properties = {"CTF_ENABLED=true", "CTF_KEY=randomtextforkey"}, |
41 | 24 | | classes = WrongSecretsApplication.class |
| skipped 15 lines |
57 | 40 | | |
58 | 41 | | @Test |
59 | 42 | | void shouldShowFlagWhenRespondingWithSuccessInCTFMode() throws Exception { |
60 | | - | var spoil = new ChallengeForm(new Challenge1(new InMemoryScoreCard(1)).spoiler().solution()).toString(); |
61 | | - | mvc.perform(post("/challenges/1") |
| 43 | + | var spoil = new Challenge1(new InMemoryScoreCard(1)).spoiler().solution(); |
| 44 | + | mvc.perform(post("/challenge/1") |
62 | 45 | | .contentType(MediaType.APPLICATION_FORM_URLENCODED) |
63 | 46 | | .param("solution", spoil) |
64 | 47 | | .param("action", "submit") |
65 | | - | .param("csrf","fd6aae2e-e85b-4c52-96f3-d71c6c725d11")) |
66 | | - | .andExpect(status().isOk()); |
| 48 | + | .with(csrf())) |
| 49 | + | .andExpect(status().isOk()) |
| 50 | + | .andExpect(content().string(containsString("ba9a72ac7057576344856"))); |
67 | 51 | | |
68 | 52 | | } |
69 | 53 | | } |
| skipped 1 lines |