Skip to content

Commit

Permalink
NewPortal
Browse files Browse the repository at this point in the history
new partner login
  • Loading branch information
shawnsnyk committed Dec 13, 2024
1 parent f3bcb85 commit 202f681
Show file tree
Hide file tree
Showing 2 changed files with 84 additions and 0 deletions.
Binary file added .DS_Store
Binary file not shown.
84 changes: 84 additions & 0 deletions routes/loginPartner.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,84 @@
/*
* Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
* SPDX-License-Identifier: MIT
*/

import models = require('../models/index')
import { Request, Response, NextFunction } from 'express'
import { User } from '../data/types'
import { BasketModel } from '../models/basket'
import { UserModel } from '../models/user'
import challengeUtils = require('../lib/challengeUtils')
import config from 'config'

import * as utils from '../lib/utils'
const security = require('../lib/insecurity')
const challenges = require('../data/datacache').challenges
const users = require('../data/datacache').users

// vuln-code-snippet start loginAdminChallenge loginBenderChallenge loginJimChallenge
module.exports = function login () {
function afterLogin (user: { data: User, bid: number }, res: Response, next: NextFunction) {
verifyPostLoginChallenges(user) // vuln-code-snippet hide-line
BasketModel.findOrCreate({ where: { UserId: user.data.id } })
.then(([basket]: [BasketModel, boolean]) => {
const token = security.authorize(user)
user.bid = basket.id // keep track of original basket
security.authenticatedUsers.put(token, user)
res.json({ authentication: { token, bid: basket.id, umail: user.data.email } })
}).catch((error: Error) => {
next(error)
})
}

return (req: Request, res: Response, next: NextFunction) => {
verifyPreLoginChallenges(req) // vuln-code-snippet hide-line
models.sequelize.query(`SELECT * FROM Users WHERE email = '${req.body.email || ''}' AND password = '${security.hash(req.body.password || '')}' AND deletedAt IS NULL`, { model: UserModel, plain: true }) // vuln-code-snippet vuln-line loginAdminChallenge loginBenderChallenge loginJimChallenge

Check failure

Code scanning / CodeQL

Database query built from user-controlled sources High

This query string depends on a
user-provided value
.
.then((authenticatedUser: { data: User }) => { // vuln-code-snippet neutral-line loginAdminChallenge loginBenderChallenge loginJimChallenge
const user = utils.queryResultToJson(authenticatedUser)
if (user.data?.id && user.data.totpSecret !== '') {
res.status(401).json({
status: 'totp_token_required',
data: {
tmpToken: security.authorize({
userId: user.data.id,
type: 'password_valid_needs_second_factor_token'
})
}
})
} else if (user.data?.id) {
afterLogin(user, res, next)
} else {
res.status(401).send(res.__('Invalid email or password.'))
}
}).catch((error: Error) => {
next(error)
})
}
// vuln-code-snippet end loginAdminChallenge loginBenderChallenge loginJimChallenge

function verifyPreLoginChallenges (req: Request) {
challengeUtils.solveIf(challenges.weakPasswordChallenge, () => { return req.body.email === 'admin@' + config.get('application.domain') && req.body.password === 'admin123' })
challengeUtils.solveIf(challenges.loginSupportChallenge, () => { return req.body.email === 'support@' + config.get('application.domain') && req.body.password === 'J6aVjTgOpRs@?5l!Zkq2AYnCE@RF$P' })
challengeUtils.solveIf(challenges.loginRapperChallenge, () => { return req.body.email === 'mc.safesearch@' + config.get('application.domain') && req.body.password === 'Mr. N00dles' })
challengeUtils.solveIf(challenges.loginAmyChallenge, () => { return req.body.email === 'amy@' + config.get('application.domain') && req.body.password === 'K1f.....................' })
challengeUtils.solveIf(challenges.dlpPasswordSprayingChallenge, () => { return req.body.email === 'J12934@' + config.get('application.domain') && req.body.password === '0Y8rMnww$*9VFYE§59-!Fg1L6t&6lB' })
challengeUtils.solveIf(challenges.oauthUserPasswordChallenge, () => { return req.body.email === 'bjoern.kimminich@gmail.com' && req.body.password === 'bW9jLmxpYW1nQGhjaW5pbW1pay5ucmVvamI=' })
}

function verifyPostLoginChallenges (user: { data: User }) {
challengeUtils.solveIf(challenges.loginAdminChallenge, () => { return user.data.id === users.admin.id })
challengeUtils.solveIf(challenges.loginJimChallenge, () => { return user.data.id === users.jim.id })
challengeUtils.solveIf(challenges.loginBenderChallenge, () => { return user.data.id === users.bender.id })
challengeUtils.solveIf(challenges.ghostLoginChallenge, () => { return user.data.id === users.chris.id })
if (challengeUtils.notSolved(challenges.ephemeralAccountantChallenge) && user.data.email === 'acc0unt4nt@' + config.get('application.domain') && user.data.role === 'accounting') {
UserModel.count({ where: { email: 'acc0unt4nt@' + config.get('application.domain') } }).then((count: number) => {
if (count === 0) {
challengeUtils.solve(challenges.ephemeralAccountantChallenge)
}
}).catch(() => {
throw new Error('Unable to verify challenges! Try again')
})
}
}
}

0 comments on commit 202f681

Please sign in to comment.