/
a1exx.y
/
juice-shop
GigaCode
beta
ОбзорЦентр заботыВойти

juice-shop

Форк
0
Ветки: 13Коммиты: 20082Теги: 213
juice-shop
/routes
/
login.ts 
85 строк · 4.9 Кб
1
/*
2
 * Copyright (c) 2014-2024 Bjoern Kimminich & the OWASP Juice Shop contributors.
3
 * SPDX-License-Identifier: MIT
4
 */
5


6
import models = require('../models/index')
7
import { type Request, type Response, type NextFunction } from 'express'
8
import { type User } from '../data/types'
9
import { BasketModel } from '../models/basket'
10
import { UserModel } from '../models/user'
11
import challengeUtils = require('../lib/challengeUtils')
12
import config from 'config'
13
import { challenges } from '../data/datacache'
14


15
import * as utils from '../lib/utils'
16
const security = require('../lib/insecurity')
17
const users = require('../data/datacache').users
18


19
// vuln-code-snippet start loginAdminChallenge loginBenderChallenge loginJimChallenge
20
module.exports = function login () {
21
  function afterLogin (user: { data: User, bid: number }, res: Response, next: NextFunction) {
22
    verifyPostLoginChallenges(user) // vuln-code-snippet hide-line
23
    BasketModel.findOrCreate({ where: { UserId: user.data.id } })
24
      .then(([basket]: [BasketModel, boolean]) => {
25
        const token = security.authorize(user)
26
        user.bid = basket.id // keep track of original basket
27
        security.authenticatedUsers.put(token, user)
28
        res.json({ authentication: { token, bid: basket.id, umail: user.data.email } })
29
      }).catch((error: Error) => {
30
        next(error)
31
      })
32
  }
33


34
  return (req: Request, res: Response, next: NextFunction) => {
35
    verifyPreLoginChallenges(req) // vuln-code-snippet hide-line
36
    models.sequelize.query(`SELECT * FROM Users WHERE email = '${req.body.email || ''}' AND password = '${security.hash(req.body.password || '')}' AND deletedAt IS NULL`, { model: UserModel, plain: true }) // vuln-code-snippet vuln-line loginAdminChallenge loginBenderChallenge loginJimChallenge
37
      .then((authenticatedUser) => { // vuln-code-snippet neutral-line loginAdminChallenge loginBenderChallenge loginJimChallenge
38
        const user = utils.queryResultToJson(authenticatedUser)
39
        if (user.data?.id && user.data.totpSecret !== '') {
40
          res.status(401).json({
41
            status: 'totp_token_required',
42
            data: {
43
              tmpToken: security.authorize({
44
                userId: user.data.id,
45
                type: 'password_valid_needs_second_factor_token'
46
              })
47
            }
48
          })
49
        } else if (user.data?.id) {
50
          // @ts-expect-error FIXME some properties missing in user - vuln-code-snippet hide-line
51
          afterLogin(user, res, next)
52
        } else {
53
          res.status(401).send(res.__('Invalid email or password.'))
54
        }
55
      }).catch((error: Error) => {
56
        next(error)
57
      })
58
  }
59
  // vuln-code-snippet end loginAdminChallenge loginBenderChallenge loginJimChallenge
60


61
  function verifyPreLoginChallenges (req: Request) {
62
    challengeUtils.solveIf(challenges.weakPasswordChallenge, () => { return req.body.email === 'admin@' + config.get<string>('application.domain') && req.body.password === 'admin123' })
63
    challengeUtils.solveIf(challenges.loginSupportChallenge, () => { return req.body.email === 'support@' + config.get<string>('application.domain') && req.body.password === 'J6aVjTgOpRs@?5l!Zkq2AYnCE@RF$P' })
64
    challengeUtils.solveIf(challenges.loginRapperChallenge, () => { return req.body.email === 'mc.safesearch@' + config.get<string>('application.domain') && req.body.password === 'Mr. N00dles' })
65
    challengeUtils.solveIf(challenges.loginAmyChallenge, () => { return req.body.email === 'amy@' + config.get<string>('application.domain') && req.body.password === 'K1f.....................' })
66
    challengeUtils.solveIf(challenges.dlpPasswordSprayingChallenge, () => { return req.body.email === 'J12934@' + config.get<string>('application.domain') && req.body.password === '0Y8rMnww$*9VFYE§59-!Fg1L6t&6lB' })
67
    challengeUtils.solveIf(challenges.oauthUserPasswordChallenge, () => { return req.body.email === 'bjoern.kimminich@gmail.com' && req.body.password === 'bW9jLmxpYW1nQGhjaW5pbW1pay5ucmVvamI=' })
68
  }
69


70
  function verifyPostLoginChallenges (user: { data: User }) {
71
    challengeUtils.solveIf(challenges.loginAdminChallenge, () => { return user.data.id === users.admin.id })
72
    challengeUtils.solveIf(challenges.loginJimChallenge, () => { return user.data.id === users.jim.id })
73
    challengeUtils.solveIf(challenges.loginBenderChallenge, () => { return user.data.id === users.bender.id })
74
    challengeUtils.solveIf(challenges.ghostLoginChallenge, () => { return user.data.id === users.chris.id })
75
    if (challengeUtils.notSolved(challenges.ephemeralAccountantChallenge) && user.data.email === 'acc0unt4nt@' + config.get<string>('application.domain') && user.data.role === 'accounting') {
76
      UserModel.count({ where: { email: 'acc0unt4nt@' + config.get<string>('application.domain') } }).then((count: number) => {
77
        if (count === 0) {
78
          challengeUtils.solve(challenges.ephemeralAccountantChallenge)
79
        }
80
      }).catch(() => {
81
        throw new Error('Unable to verify challenges! Try again')
82
      })
83
    }
84
  }
85
}
86

Использование cookies

Мы используем файлы cookie в соответствии с Политикой конфиденциальности и Политикой использования cookies.

Нажимая кнопку «Принимаю», Вы даете АО «СберТех» согласие на обработку Ваших персональных данных в целях совершенствования нашего веб-сайта и Сервиса GitVerse, а также повышения удобства их использования.

Запретить использование cookies Вы можете самостоятельно в настройках Вашего браузера.