juice-shop
85 строк · 4.9 Кб
1/*
2* Copyright (c) 2014-2024 Bjoern Kimminich & the OWASP Juice Shop contributors.
3* SPDX-License-Identifier: MIT
4*/
5
6import models = require('../models/index')7import { type Request, type Response, type NextFunction } from 'express'8import { type User } from '../data/types'9import { BasketModel } from '../models/basket'10import { UserModel } from '../models/user'11import challengeUtils = require('../lib/challengeUtils')12import config from 'config'13import { challenges } from '../data/datacache'14
15import * as utils from '../lib/utils'16const security = require('../lib/insecurity')17const users = require('../data/datacache').users18
19// vuln-code-snippet start loginAdminChallenge loginBenderChallenge loginJimChallenge
20module.exports = function login () {21function afterLogin (user: { data: User, bid: number }, res: Response, next: NextFunction) {22verifyPostLoginChallenges(user) // vuln-code-snippet hide-line23BasketModel.findOrCreate({ where: { UserId: user.data.id } })24.then(([basket]: [BasketModel, boolean]) => {25const token = security.authorize(user)26user.bid = basket.id // keep track of original basket27security.authenticatedUsers.put(token, user)28res.json({ authentication: { token, bid: basket.id, umail: user.data.email } })29}).catch((error: Error) => {30next(error)31})32}33
34return (req: Request, res: Response, next: NextFunction) => {35verifyPreLoginChallenges(req) // vuln-code-snippet hide-line36models.sequelize.query(`SELECT * FROM Users WHERE email = '${req.body.email || ''}' AND password = '${security.hash(req.body.password || '')}' AND deletedAt IS NULL`, { model: UserModel, plain: true }) // vuln-code-snippet vuln-line loginAdminChallenge loginBenderChallenge loginJimChallenge37.then((authenticatedUser) => { // vuln-code-snippet neutral-line loginAdminChallenge loginBenderChallenge loginJimChallenge38const user = utils.queryResultToJson(authenticatedUser)39if (user.data?.id && user.data.totpSecret !== '') {40res.status(401).json({41status: 'totp_token_required',42data: {43tmpToken: security.authorize({44userId: user.data.id,45type: 'password_valid_needs_second_factor_token'46})47}48})49} else if (user.data?.id) {50// @ts-expect-error FIXME some properties missing in user - vuln-code-snippet hide-line51afterLogin(user, res, next)52} else {53res.status(401).send(res.__('Invalid email or password.'))54}55}).catch((error: Error) => {56next(error)57})58}59// vuln-code-snippet end loginAdminChallenge loginBenderChallenge loginJimChallenge60
61function verifyPreLoginChallenges (req: Request) {62challengeUtils.solveIf(challenges.weakPasswordChallenge, () => { return req.body.email === 'admin@' + config.get<string>('application.domain') && req.body.password === 'admin123' })63challengeUtils.solveIf(challenges.loginSupportChallenge, () => { return req.body.email === 'support@' + config.get<string>('application.domain') && req.body.password === 'J6aVjTgOpRs@?5l!Zkq2AYnCE@RF$P' })64challengeUtils.solveIf(challenges.loginRapperChallenge, () => { return req.body.email === 'mc.safesearch@' + config.get<string>('application.domain') && req.body.password === 'Mr. N00dles' })65challengeUtils.solveIf(challenges.loginAmyChallenge, () => { return req.body.email === 'amy@' + config.get<string>('application.domain') && req.body.password === 'K1f.....................' })66challengeUtils.solveIf(challenges.dlpPasswordSprayingChallenge, () => { return req.body.email === 'J12934@' + config.get<string>('application.domain') && req.body.password === '0Y8rMnww$*9VFYE§59-!Fg1L6t&6lB' })67challengeUtils.solveIf(challenges.oauthUserPasswordChallenge, () => { return req.body.email === 'bjoern.kimminich@gmail.com' && req.body.password === 'bW9jLmxpYW1nQGhjaW5pbW1pay5ucmVvamI=' })68}69
70function verifyPostLoginChallenges (user: { data: User }) {71challengeUtils.solveIf(challenges.loginAdminChallenge, () => { return user.data.id === users.admin.id })72challengeUtils.solveIf(challenges.loginJimChallenge, () => { return user.data.id === users.jim.id })73challengeUtils.solveIf(challenges.loginBenderChallenge, () => { return user.data.id === users.bender.id })74challengeUtils.solveIf(challenges.ghostLoginChallenge, () => { return user.data.id === users.chris.id })75if (challengeUtils.notSolved(challenges.ephemeralAccountantChallenge) && user.data.email === 'acc0unt4nt@' + config.get<string>('application.domain') && user.data.role === 'accounting') {76UserModel.count({ where: { email: 'acc0unt4nt@' + config.get<string>('application.domain') } }).then((count: number) => {77if (count === 0) {78challengeUtils.solve(challenges.ephemeralAccountantChallenge)79}80}).catch(() => {81throw new Error('Unable to verify challenges! Try again')82})83}84}85}
86