change password reset target to uvogin

Signed-off-by: Scar26 <[email protected]>

config.schema.yml

@@ -384,7 +384,7 @@ ctf:
         type: string
       code:
         type: string
-    resetPasswordScarChallenge:
+    resetPasswordUvoginChallenge:
       name:
         type: string
       code:

config/default.yml

@@ -88,6 +88,8 @@ products:
     price: 2.99
     deluxePrice: 2.49
     image: orange_juice.jpg
+    reviews:
+      - { text: 'y0ur f1r3wall needs m0r3 musc13' author: uvogin }
   -
     name: 'Eggfruit Juice (500ml)'
     description: 'Now with even more exotic flavour.'
@@ -251,7 +253,7 @@ products:
     price: 2.99
     image: carrot_juice.jpeg
     reviews:
-      - { text: 'Just left a 0 star review for the horrible security. -msc4r', author: scar }
+      - { text: '0 st4rs f0r 7h3 h0rr1bl3 s3cur17y', author: uvogin }
   -
     name: 'OWASP Juice Shop Sweden Tour 2017 Sticker Sheet (Special Edition)'
     description: '10 sheets of Sweden-themed stickers with 15 stickers on each.'

config/fbctf.yml

@@ -295,6 +295,6 @@ ctf:
     xssBonusChallenge:
       name: Ethiopia
       code: ET
-    resetPasswordScarChallenge:
+    resetPasswordUvoginChallenge:
       name: Republic of South Africa
       code: RSA

data/static/challenges.yml

@@ -818,10 +818,10 @@
   tutorial:
     order: 3
 -
-  name: 'Reset Scar''s Password'
+  name: 'Reset Uvogin''s Password'
   category: 'Sensitive Data Exposure'
-  description: 'Reset Scar''s password via the <a href="/#/forgot-password">Forgot Password</a> mechanism with <i>the original answer</i> to his security question.'
+  description: 'Reset Uvogin''s password via the <a href="/#/forgot-password">Forgot Password</a> mechanism with <i>the original answer</i> to his security question.'
   difficulty: 3
   hint: 'Maybe you can find some hints across his social media. If only you could find something like an alias...'
   hintUrl: ''
-  key: resetPasswordScarChallenge
+  key: resetPasswordUvoginChallenge

data/static/users.yml

@@ -198,9 +198,9 @@
     id: 7
     answer: 'sdAffsdfrefrbgreq3423'
 -
-  email: scar
+  email: uvogin
   password: 'muda-muda > ora-ora' # https://www.youtube.com/watch?v=vnJv8IoLMwc
-  key: scar
+  key: uvogin
   role: 'customer'
   walletBalance: 100
   securityQuestion:

routes/resetPassword.js

@@ -55,5 +55,5 @@ function verifySecurityAnswerChallenges (user, answer) {
   utils.solveIf(challenges.resetPasswordBjoernChallenge, () => { return user.id === users.bjoern.id && answer === 'West-2082' })
   utils.solveIf(challenges.resetPasswordMortyChallenge, () => { return user.id === users.morty.id && answer === '5N0wb41L' })
   utils.solveIf(challenges.resetPasswordBjoernOwaspChallenge, () => { return user.id === users.bjoernOwasp.id && answer === 'Zaya' })
-  utils.solveIf(challenges.resetPasswordScarChallenge, () => { return user.id === users.scar.id && answer === 'Silence of the Lambs' })
+  utils.solveIf(challenges.resetPasswordUvoginChallenge, () => { return user.id === users.uvogin.id && answer === 'Silence of the Lambs' })
 }

test/e2e/forgotPasswordSpec.js

@@ -102,9 +102,9 @@ describe('/#/forgot-password', () => {
     protractor.expect.challengeSolved({ challenge: 'Reset Morty\'s Password' })
   })
 
-  describe('as Scar', () => {
+  describe('as Uvogin', () => {
     it('should be able to reset password with his security answer', () => {
-      email.sendKeys('scar@' + config.get('application.domain'))
+      email.sendKeys('Uvogin@' + config.get('application.domain'))
       browser.wait(EC.visibilityOf(securityAnswer), 1000, 'Security answer field did not become visible')
       securityAnswer.sendKeys('Silence of the Lambs')
       newPassword.sendKeys('ora-ora > muda-muda')
@@ -114,6 +114,6 @@ describe('/#/forgot-password', () => {
       expect($('.confirmation').getAttribute('hidden')).not.toBeTruthy()
     })
 
-    protractor.expect.challengeSolved({ challenge: 'Reset Scar\'s Password' })
+    protractor.expect.challengeSolved({ challenge: 'Reset Uvogin\'s Password' })
   })
 })