Removed Mongodb, so we do not have issues with downloading the embedd…

…ed Mongodb. Moved back to JPA and use HSQLDB for storing user information.

docker-compose.yml

@@ -1,34 +1,15 @@
 version: '2.0'
 
 services:
-  mongo:
-    image: mongo:latest
-    expose:
-      - "27017"
-    volumes:
-      - './mongo-data:/data/db'
   webgoat:
     build: webgoat-server/
     command: "sh /home/webgoat/start.sh"
     ports:
       - "8080:8080"
-    depends_on:
-      [mongo, activemq]
-    environment:
-      WG_MONGO_PORT: 27017
-      WG_MONGO_HOST: mongo
-      WG_MQ_HOST: activemq
-      WG_MQ_PORT: 61616
-      WG_INTERNAL_MONGO: "false"
   webwolf:
     build: webwolf/
     command: "sh /home/webwolf/start.sh"
     depends_on:
       - webgoat
     ports:
-      - "8081:8081"
-    environment:
-      WG_MONGO_PORT: 27017
-      WG_MONGO_HOST: mongo
-      WG_MQ_HOST: activemq
-      WG_MQ_PORT: 61616
+      - "8081:8081"

webgoat-container/pom.xml

@@ -36,16 +36,6 @@
 
     </profiles>
 
-    <dependencyManagement>
-        <dependencies>
-            <dependency>
-                <groupId>de.flapdoodle.embed</groupId>
-                <artifactId>de.flapdoodle.embed.mongo</artifactId>
-                <version>2.0.0</version>
-            </dependency>
-        </dependencies>
-    </dependencyManagement>
-
     <build>
         <resources>
             <resource>
@@ -127,7 +117,7 @@
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-data-mongodb</artifactId>
+            <artifactId>spring-boot-starter-data-jpa</artifactId>
         </dependency>
         <dependency>
             <groupId>org.apache.commons</groupId>
@@ -202,12 +192,6 @@
             <version>${junit.version}</version>
             <type>jar</type>
         </dependency>
-        <dependency>
-            <groupId>com.github.fakemongo</groupId>
-            <artifactId>fongo</artifactId>
-            <version>2.1.0</version>
-            <scope>test</scope>
-        </dependency>
         <!-- ************* END: Dependencies for Unit and Integration Testing ************** -->
         <!-- ************* END: <dependencies> ************** -->
     </dependencies>

webgoat-container/src/main/java/org/owasp/webgoat/CleanupLocalProgressFiles.java

@@ -23,11 +23,5 @@ public class CleanupLocalProgressFiles {
 
     @PostConstruct
     public void clean() {
-        File dir = new File(webgoatHome);
-        //do it safe, check whether the subdir mongodb is available as subdirectory
-        File[] mongoDir = dir.listFiles(f -> f.isDirectory() && f.getName().contains("mongodb"));
-        if (mongoDir != null && mongoDir.length == 1) {
-            FileSystemUtils.deleteRecursively(dir);
-        }
     }
 }

webgoat-container/src/main/java/org/owasp/webgoat/lessons/Assignment.java

@@ -2,6 +2,10 @@
 
 import lombok.*;
 
+import javax.persistence.Entity;
+import javax.persistence.Id;
+import javax.persistence.OneToMany;
+import javax.persistence.Transient;
 import java.util.List;
 
 /**
@@ -38,11 +42,14 @@
 @NoArgsConstructor
 @Getter
 @EqualsAndHashCode
+@Entity
 public class Assignment {
     @NonNull
+    @Id
     private String name;
     @NonNull
     private String path;
+    @Transient
     private List<String> hints;
 
 }

webgoat-container/src/main/java/org/owasp/webgoat/users/LessonTracker.java

@@ -7,6 +7,7 @@
 import org.owasp.webgoat.lessons.AbstractLesson;
 import org.owasp.webgoat.lessons.Assignment;
 
+import javax.persistence.*;
 import java.util.List;
 import java.util.Map;
 import java.util.Optional;
@@ -44,16 +45,20 @@
  * @version $Id: $Id
  * @since October 29, 2003
  */
+@Entity
 public class LessonTracker {
     @Getter
+    @Id
     private String lessonName;
+    @OneToMany(cascade = CascadeType.ALL, fetch = FetchType.EAGER)
     private final Set<Assignment> solvedAssignments = Sets.newHashSet();
+    @OneToMany(cascade = CascadeType.ALL, fetch = FetchType.EAGER)
     private final List<Assignment> allAssignments = Lists.newArrayList();
     @Getter
     private int numberOfAttempts = 0;
 
-    protected LessonTracker() {
-        //Mongo
+    private LessonTracker() {
+        //JPA
     }
 
     public LessonTracker(AbstractLesson lesson) {

webgoat-container/src/main/java/org/owasp/webgoat/users/UserRepository.java

@@ -1,14 +1,14 @@
 package org.owasp.webgoat.users;
 
-import org.springframework.data.mongodb.repository.MongoRepository;
+import org.springframework.data.jpa.repository.JpaRepository;
 
 import java.util.List;
 
 /**
  * @author nbaars
  * @since 3/19/17.
  */
-public interface UserRepository extends MongoRepository<WebGoatUser, String> {
+public interface UserRepository extends JpaRepository<WebGoatUser, String> {
 
     WebGoatUser findByUsername(String username);
 

webgoat-container/src/main/java/org/owasp/webgoat/users/UserTracker.java

@@ -5,8 +5,8 @@
 import lombok.extern.slf4j.Slf4j;
 import org.owasp.webgoat.lessons.AbstractLesson;
 import org.owasp.webgoat.lessons.Assignment;
-import org.springframework.data.annotation.Id;
 
+import javax.persistence.*;
 import java.util.List;
 import java.util.Map;
 import java.util.Optional;
@@ -44,12 +44,16 @@
  * @since October 29, 2003
  */
 @Slf4j
+@Entity
 public class UserTracker {
 
     @Id
-    private final String user;
+    private String user;
+    @OneToMany(cascade = CascadeType.ALL, fetch = FetchType.EAGER)
     private List<LessonTracker> lessonTrackers = Lists.newArrayList();
 
+    private UserTracker() {}
+
     public UserTracker(final String user) {
         this.user = user;
     }

webgoat-container/src/main/java/org/owasp/webgoat/users/UserTrackerRepository.java

@@ -1,12 +1,12 @@
 package org.owasp.webgoat.users;
 
-import org.springframework.data.mongodb.repository.MongoRepository;
+import org.springframework.data.jpa.repository.JpaRepository;
 
 /**
  * @author nbaars
  * @since 4/30/17.
  */
-public interface UserTrackerRepository extends MongoRepository<UserTracker, String> {
+public interface UserTrackerRepository extends JpaRepository<UserTracker, String> {
 
 
 }

webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java

@@ -1,13 +1,14 @@
 package org.owasp.webgoat.users;
 
 import lombok.Getter;
-import org.springframework.data.annotation.Id;
-import org.springframework.data.annotation.Transient;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 
+import javax.persistence.Entity;
+import javax.persistence.Id;
+import javax.persistence.Transient;
 import java.util.Collection;
 import java.util.Collections;
 
@@ -16,6 +17,7 @@
  * @since 3/19/17.
  */
 @Getter
+@Entity
 public class WebGoatUser implements UserDetails {
 
     public static final String ROLE_USER = "WEBGOAT_USER";

webgoat-container/src/main/resources/application.properties

@@ -4,6 +4,9 @@ server.session.timeout=600
 server.contextPath=/WebGoat
 server.port=8080
 
+spring.datasource.url=jdbc:hsqldb:file:${webgoat.server.directory}/data/webgoat
+spring.jpa.hibernate.ddl-auto=update
+
 
 logging.level.org.springframework=WARN
 logging.level.org.springframework.boot.devtools=WARN
@@ -28,7 +31,6 @@ webgoat.feedback.address.html=<A HREF=mailto:[email protected]>[email protected]
 webgoat.database.driver=org.hsqldb.jdbcDriver
 webgoat.database.connection.string=jdbc:hsqldb:mem:{USER}
 webgoat.default.language=en
-webgoat.embedded.mongo=${WG_INTERNAL_MONGO:true}
 
 webwolf.host=${WEBWOLF_HOST:localhost}
 webwolf.port=${WEBWOLF_PORT:8081}
@@ -39,10 +41,5 @@ webwolf.url.mail=http://${webwolf.host}:${webwolf.port}/mail
 spring.jackson.serialization.indent_output=true
 spring.jackson.serialization.write-dates-as-timestamps=false
 
-spring.data.mongodb.host=${WG_MONGO_HOST:localhost}
-spring.data.mongodb.port=${WG_MONGO_PORT:27017}
-spring.data.mongodb.database=webgoat
-spring.mongodb.embedded.storage.databaseDir=${webgoat.user.directory}/mongodb/
-
 #For static file refresh ... and faster dev :D
 spring.devtools.restart.additional-paths=webgoat-container/src/main/resources/static/js,webgoat-container/src/main/resources/static/css

webgoat-container/src/test/java/org/owasp/webgoat/users/UserRepositoryTest.java

@@ -0,0 +1,29 @@
+package org.owasp.webgoat.users;
+
+import org.assertj.core.api.Assertions;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest;
+import org.springframework.test.context.junit4.SpringRunner;
+
+@DataJpaTest
+@RunWith(SpringRunner.class)
+public class UserRepositoryTest {
+
+    @Autowired
+    private UserRepository userRepository;
+
+    @Test
+    public void userShouldBeSaved() {
+        WebGoatUser user = new WebGoatUser("test", "password");
+        userRepository.saveAndFlush(user);
+
+        user = userRepository.findByUsername("test");
+
+        Assertions.assertThat(user.getUsername()).isEqualTo("test");
+        Assertions.assertThat(user.getPassword()).isEqualTo("password");
+    }
+
+
+}