Added testcase for LabelService

pom.xml

@@ -20,7 +20,7 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>1.4.1.RELEASE</version>
+        <version>1.4.2.RELEASE</version>
     </parent>
 
     <licenses>

webgoat-container/pom.xml

@@ -283,6 +283,12 @@
             <artifactId>spring-boot-starter-test</artifactId>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-test</artifactId>
+            <version>4.1.3.RELEASE</version>
+            <scope>test</scope>
+        </dependency>
         <dependency>
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>

webgoat-container/src/main/java/org/owasp/webgoat/WebGoat.java

@@ -46,6 +46,7 @@
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.builder.SpringApplicationBuilder;
 import org.springframework.boot.web.support.SpringBootServletInitializer;
+import org.springframework.context.ApplicationContext;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Scope;
 import org.springframework.context.annotation.ScopedProxyMode;
@@ -86,6 +87,11 @@ public WebSession webSession(WebgoatContext webgoatContext) {
         return new WebSession(webgoatContext);
     }
 
+    @Bean
+    public PluginEndpointPublisher pluginEndpointPublisher(ApplicationContext applicationContext) {
+        return new PluginEndpointPublisher(applicationContext);
+    }
+
     @Bean
     public Course course(PluginsExtractor extractor, PluginEndpointPublisher pluginEndpointPublisher) {
         return new PluginsLoader(extractor, pluginEndpointPublisher).loadPlugins();

webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginEndpointPublisher.java

@@ -8,7 +8,6 @@
 import org.springframework.boot.actuate.endpoint.mvc.MvcEndpoint;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.support.AbstractApplicationContext;
-import org.springframework.stereotype.Component;
 
 /**
  * ************************************************************************************************
@@ -39,7 +38,6 @@
  * @version $Id: $Id
  * @since October 16, 2016
  */
-@Component
 @Slf4j
 public class PluginEndpointPublisher {
 

webgoat-container/src/main/java/org/owasp/webgoat/service/LabelDebugService.java

@@ -29,10 +29,9 @@
  */
 package org.owasp.webgoat.service;
 
+import lombok.AllArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
 import org.owasp.webgoat.session.LabelDebugger;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
@@ -51,18 +50,16 @@
  * @version $Id: $Id
  */
 @Controller
+@Slf4j
+@AllArgsConstructor
 public class LabelDebugService {
 
     private static final String URL_DEBUG_LABELS_MVC = "/service/debug/labels.mvc";
     private static final String KEY_ENABLED = "enabled";
     private static final String KEY_SUCCESS = "success";
 
-    private static final Logger logger = LoggerFactory.getLogger(LabelDebugService.class);
-
-    @Autowired
     private LabelDebugger labelDebugger;
 
-
     /**
      * Checks if debugging of labels is enabled or disabled
      *
@@ -71,7 +68,7 @@ public class LabelDebugService {
     @RequestMapping(path = URL_DEBUG_LABELS_MVC, produces = MediaType.APPLICATION_JSON_VALUE)
     public @ResponseBody
     ResponseEntity<Map<String, Object>> checkDebuggingStatus() {
-        logger.debug("Checking label debugging, it is " + labelDebugger.isEnabled()); // FIXME parameterize
+        log.debug("Checking label debugging, it is {}", labelDebugger.isEnabled());
         Map<String, Object> result = createResponse(labelDebugger.isEnabled());
         return new ResponseEntity<>(result, HttpStatus.OK);
     }
@@ -85,7 +82,7 @@ ResponseEntity<Map<String, Object>> checkDebuggingStatus() {
      @RequestMapping(value = URL_DEBUG_LABELS_MVC, produces = MediaType.APPLICATION_JSON_VALUE, params = KEY_ENABLED)
      public @ResponseBody
      ResponseEntity<Map<String, Object>> setDebuggingStatus(@RequestParam("enabled") Boolean enabled) throws Exception {
-         logger.debug("Setting label debugging to " + labelDebugger.isEnabled()); // FIXME parameterize
+         log.debug("Setting label debugging to {} ", labelDebugger.isEnabled());
          Map<String, Object> result = createResponse(enabled);
          labelDebugger.setEnabled(enabled);
          return new ResponseEntity<>(result, HttpStatus.OK);

webgoat-container/src/main/java/org/owasp/webgoat/service/LabelService.java

@@ -1,46 +1,44 @@
 /**
  * *************************************************************************************************
- *
- *
+ * <p>
+ * <p>
  * This file is part of WebGoat, an Open Web Application Security Project
  * utility. For details, please see http://www.owasp.org/
- *
+ * <p>
  * Copyright (c) 2002 - 20014 Bruce Mayhew
- *
+ * <p>
  * This program is free software; you can redistribute it and/or modify it under
  * the terms of the GNU General Public License as published by the Free Software
  * Foundation; either version 2 of the License, or (at your option) any later
  * version.
- *
+ * <p>
  * This program is distributed in the hope that it will be useful, but WITHOUT
  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
  * details.
- *
+ * <p>
  * You should have received a copy of the GNU General Public License along with
  * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
  * Place - Suite 330, Boston, MA 02111-1307, USA.
- *
+ * <p>
  * Getting Source ==============
- *
+ * <p>
  * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository
  * for free software projects.
- *
  */
 package org.owasp.webgoat.service;
 
+import lombok.AllArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
 import org.owasp.webgoat.i18n.LabelProvider;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
-import org.springframework.stereotype.Controller;
 import org.springframework.util.StringUtils;
-import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.ResponseBody;
+import org.springframework.web.bind.annotation.RestController;
 
 import javax.servlet.http.HttpServletRequest;
 import java.util.Locale;
@@ -53,15 +51,13 @@
  * @author zupzup
  */
 
-@Controller
+@RestController
+@Slf4j
+@AllArgsConstructor
 public class LabelService {
 
-    private static final String URL_LABELS_MVC = "/service/labels.mvc";
-
-    private static final Logger logger = LoggerFactory.getLogger(LabelService.class);
-
-    @Autowired
-    private LabelProvider labelProvider;
+    public static final String URL_LABELS_MVC = "/service/labels.mvc";
+    private final LabelProvider labelProvider;
 
     /**
      * Fetches labels for given language
@@ -72,19 +68,19 @@ public class LabelService {
      * @return a map of labels
      * @throws Exception
      */
-    @RequestMapping(path = URL_LABELS_MVC, produces = MediaType.APPLICATION_JSON_VALUE)
-    public @ResponseBody
-    ResponseEntity<Map<String, String>> fetchLabels(@RequestParam(value = "lang", required = false) String lang, HttpServletRequest request) throws Exception {
+    @GetMapping(path = URL_LABELS_MVC, produces = MediaType.APPLICATION_JSON_VALUE)
+    @ResponseBody
+    public ResponseEntity<Map<String, String>> fetchLabels(@RequestParam(value = "lang", required = false) String lang, HttpServletRequest request) {
         Locale locale;
         if (StringUtils.isEmpty(lang)) {
-            logger.debug("No language provided, determining from request headers");
+            log.debug("No language provided, determining from request headers");
             locale = request.getLocale();
             if (locale != null) {
-                logger.debug("Locale set to {}", locale);
+                log.debug("Locale set to {}", locale);
             }
         } else {
             locale = Locale.forLanguageTag(lang);
-            logger.debug("Language provided: {} leads to Locale: {}", lang, locale);
+            log.debug("Language provided: {} leads to Locale: {}", lang, locale);
         }
         return new ResponseEntity<>(labelProvider.getLabels(locale), HttpStatus.OK);
     }

webgoat-container/src/test/java/org/owasp/webgoat/service/LabelServiceTest.java

@@ -0,0 +1,78 @@
+package org.owasp.webgoat.service;
+
+import org.assertj.core.util.Maps;
+import org.hamcrest.CoreMatchers;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.owasp.webgoat.i18n.LabelProvider;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
+import org.springframework.boot.test.mock.mockito.MockBean;
+import org.springframework.security.test.context.support.WithMockUser;
+import org.springframework.test.context.junit4.SpringRunner;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
+
+import java.util.Locale;
+
+import static org.mockito.Mockito.when;
+import static org.owasp.webgoat.service.LabelService.URL_LABELS_MVC;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+/**
+ * ************************************************************************************************
+ * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
+ * please see http://www.owasp.org/
+ * <p>
+ * Copyright (c) 2002 - 20014 Bruce Mayhew
+ * <p>
+ * This program is free software; you can redistribute it and/or modify it under the terms of the
+ * GNU General Public License as published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ * <p>
+ * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
+ * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ * <p>
+ * You should have received a copy of the GNU General Public License along with this program; if
+ * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ * <p>
+ * Getting Source ==============
+ * <p>
+ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
+ * projects.
+ * <p>
+ *
+ * @author nbaars
+ * @version $Id: $Id
+ * @since November 29, 2016
+ */
+@WebMvcTest(value = {LabelService.class, LabelProvider.class})
+@RunWith(SpringRunner.class)
+public class LabelServiceTest {
+
+    @Autowired
+    public MockMvc mockMvc;
+    @MockBean
+    private LabelProvider labelProvider;
+
+    @Test
+    @WithMockUser(username = "guest", password = "guest")
+    public void withoutLocale() throws Exception {
+        when(labelProvider.getLabels(Locale.ENGLISH)).thenReturn(Maps.newHashMap("key", "value"));
+        mockMvc.perform(MockMvcRequestBuilders.get(URL_LABELS_MVC))
+                .andExpect(status().isOk())
+                .andExpect(jsonPath("key", CoreMatchers.is("value")));
+    }
+
+    @Test
+    @WithMockUser(username = "guest", password = "guest")
+    public void withLocale() throws Exception {
+        when(labelProvider.getLabels(Locale.GERMAN)).thenReturn(Maps.newHashMap("key", "value"));
+        mockMvc.perform(MockMvcRequestBuilders.get(URL_LABELS_MVC).param("lang", "de"))
+                .andExpect(status().isOk())
+                .andExpect(jsonPath("key", CoreMatchers.is("value")));
+    }
+}