Skip to content

Commit 656b3c8

Browse files
eviltestereviltester
committed
added super admin view
1 parent a1fa983 commit 656b3c8

5 files changed

Lines changed: 185 additions & 18 deletions

File tree

java/testingapps/seleniumtestpages/src/main/resources/web/styled/cookies/adminlogin.html

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
<!doctype html>
22
<html>
33
<head>
4-
<title>Cookie Controlled Admin</title>
4+
<title>Cookie Controlled Admin Login</title>
55
<link rel="stylesheet" href="/css/testpages.css">
66
<link rel="shortcut icon" href="/favicon.ico">
77
<script defer data-domain="testpages.eviltester.com" src="https://plausible.io/js/script.js"></script>
@@ -65,24 +65,26 @@ <h2 class="loginmessage"></h2>
6565
<script>
6666

6767

68+
const admin = new Admin();
69+
6870
function loginas(){
6971

7072
var username = document.getElementsByName("username")[0].value;
7173
var password = document.getElementsByName("password")[0].value;
7274
var remember = document.getElementsByName("remember")[0].value=="on" ? true : false;
7375

74-
admin = new Admin();
76+
7577
admin.login(username, password, remember, function(){
7678
document.getElementsByClassName("loginmessage")[0].innerHTML = "Login Details Incorrect";
7779
});
7880

7981
return false;
8082
}
8183

82-
new Admin().activateLoginLink();
84+
admin.activateLoginLink();
8385

84-
if(new Admin().isLoggedIn()){
85-
window.location.href = "adminview.html";
86+
if(admin.isLoggedIn()){
87+
window.location.href = admin.getLoggedInUrl();
8688
}
8789

8890

java/testingapps/seleniumtestpages/src/main/resources/web/styled/cookies/adminview.html

Lines changed: 19 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,9 @@
1818
<div class="page-navigation">
1919
<a href="../index.html">Index</a>
2020
[<a id="navadminlogin" href="adminlogin.html">Admin Login</a>]
21-
[<a id="navadminlogout" onclick="new Admin().logout();" href="">Admin Logout</a>]
21+
[<a id="navadminview" href="adminview.html">Admin View</a>]
22+
[<a id="navadminsuperview" href="superadminview.html">Super Admin View</a>]
23+
[<a id="navadminlogout" onclick="new Admin().logout();" href="">Admin Logout</a>]
2224
</div>
2325
<div class="app-navigation">
2426
<a>Page</a>
@@ -31,8 +33,14 @@ <h1>Admin View</h1>
3133

3234
<div class="explanation">
3335
<p>You are logged in to the Admin View.
34-
i.e. you should not be able to use the login page until you logout because you are already logged in.</p>
35-
<p>Try it and see - <a href="adminlogin.html">adminlogin.html</a> and use dev tools to mess with the cookie or try and inject a cookie with your automated execution</p>
36+
i.e. you should not be able to use the login page until you
37+
logout because you are already logged in.</p>
38+
<p>You should only be able to visit the
39+
"Super Admin View"
40+
page if you are logged in as SuperAdmin.</p>
41+
<p>Try it and see - <a href="adminlogin.html">adminlogin.html</a> and
42+
use dev tools to mess with the cookie or try and inject a cookie
43+
with your automated execution</p>
3644
</div>
3745

3846
<div class="centered">
@@ -43,11 +51,17 @@ <h1>Admin View</h1>
4351

4452
<script>
4553

46-
if(!(new Admin().isLoggedIn())){
54+
const admin = new Admin();
55+
56+
if(!(admin.isLoggedIn())){
4757
window.location.href = "adminlogin.html";
4858
}
4959

50-
new Admin().activateLoginLink();
60+
admin.activateLoginLink();
61+
62+
if(!admin.userCanAccess("adminview.html")){
63+
window.location.href = admin.getLoggedInUrl();
64+
}
5165

5266

5367
</script>

java/testingapps/seleniumtestpages/src/main/resources/web/styled/cookies/js/admin.js

Lines changed: 86 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,16 +1,48 @@
11
function Admin(){
22

33
// Admin : AdminPass
4-
validCredentials = {username : "QWRtaW4=", password: "QWRtaW5QYXNz"};
4+
const UserType = {ADMIN: "admin", SUPERADMIN: "super"};
5+
users = [
6+
{ username: "QWRtaW4=",
7+
type: UserType.ADMIN,
8+
password:"QWRtaW5QYXNz",
9+
loggedInPage: "adminview.html",
10+
validPages:["adminview.html"],
11+
bannedPages:["superadminview.html"],
12+
},
13+
{
14+
username: "U3VwZXJBZG1pbg==",
15+
type: UserType.SUPERADMIN,
16+
password: "QWRtaW5QYXNz",
17+
loggedInPage: "superadminview.html",
18+
validPages: ["adminview.html", "superadminview.html"],
19+
bannedPages: [],
20+
}
21+
]
522

6-
this.checkAuthDetails = function(username, password){
7-
if(btoa(username) !== validCredentials.username){
8-
return false;
23+
this.getUserDetails = function(username, password){
24+
found = users.filter((user)=>{
25+
return user.username == btoa(username) && user.password == btoa(password)
26+
})
27+
if(found.length>0){
28+
return found[0];
29+
}else{
30+
return null
931
}
10-
if(btoa(password) !== validCredentials.password){
11-
return false;
32+
}
33+
34+
this.getUserByName = function(username){
35+
found = users.filter((user)=> user.username == btoa(username))
36+
if(found.length>0){
37+
return found[0];
38+
}else{
39+
return null
1240
}
13-
return true;
41+
}
42+
43+
this.checkAuthDetails = function(username, password){
44+
aUser = this.getUserDetails(username, password);
45+
return aUser != null;
1446
}
1547

1648
this.logout = function(){
@@ -24,7 +56,8 @@ function Admin(){
2456

2557
if(admin.checkAuthDetails(username, password)){
2658
admin.setLogin(username, remember);
27-
window.location.href = "adminview.html";
59+
window.location.href =
60+
admin.getUserDetails(username, password).loggedInPage;
2861
}else{
2962
incorrectCallback();
3063
}
@@ -42,6 +75,32 @@ function Admin(){
4275
return document.cookie.indexOf('loggedin=')!=-1;
4376
}
4477

78+
this.getLoggedInUrl = function(){
79+
try{
80+
theUser = this.getUserByName(this.loggedInUserName());
81+
return theUser.loggedInPage;
82+
}catch(e){
83+
return "adminlogin.html";
84+
}
85+
}
86+
87+
this.loggedInUserName = function(){
88+
re_username = /loggedin=(.*);?/
89+
matches = document.cookie.match(re_username)
90+
if(matches==null) return "";
91+
if(matches.length>1) return matches[1];
92+
return "";
93+
}
94+
95+
this.userCanAccess = function(aUrl){
96+
theUser = this.getUserByName(this.loggedInUserName());
97+
if(theUser){
98+
return theUser.validPages.includes(aUrl);
99+
}else{
100+
return false;
101+
}
102+
}
103+
45104
// TODO: too tightly coupled to GUI
46105
this.activateLoginLink= function(){
47106

@@ -54,6 +113,25 @@ function Admin(){
54113
a.innerText = "Admin Login";
55114
a.setAttribute("href", "adminview.html");
56115

116+
theUser = this.getUserByName(this.loggedInUserName())
117+
if(theUser!=null){
118+
119+
a = document.getElementById("navadminlogin");
120+
a.innerText = "Admin Login";
121+
a.setAttribute("href", this.getLoggedInUrl());
122+
123+
viewlinks = document.querySelectorAll("a[id$='view']");
124+
for (var i = 0; i < viewlinks.length; i++) {
125+
currentValue = viewlinks[i];
126+
if(theUser.bannedPages.includes(
127+
currentValue.getAttribute("href")))
128+
{
129+
// cannot access page
130+
currentValue.removeAttribute("href")
131+
}
132+
};
133+
}
134+
57135
}else{
58136
a = document.getElementById("navadminlogout");
59137
a.onclick = null;

java/testingapps/seleniumtestpages/src/main/resources/web/styled/cookies/superadminview.html

Lines changed: 72 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,72 @@
1+
<!doctype html>
2+
<html>
3+
<head>
4+
<title>Cookie Controlled Super Admin</title>
5+
<link rel="stylesheet" href="/css/testpages.css">
6+
<link rel="shortcut icon" href="/favicon.ico">
7+
<script defer data-domain="testpages.eviltester.com" src="https://plausible.io/js/script.js"></script>
8+
<!-- HEAD -->
9+
10+
<script src="js/admin.js"></script>
11+
</head>
12+
13+
<body>
14+
15+
<div class="page-body">
16+
17+
<div class="navigation">
18+
<div class="page-navigation">
19+
<a href="../index.html">Index</a>
20+
[<a id="navadminlogin" href="adminlogin.html">Admin Login</a>]
21+
[<a id="navadminview" href="adminview.html">Admin View</a>]
22+
[<a id="navadminsuperview" href="superadminview.html">Super Admin View</a>]
23+
[<a id="navadminlogout" onclick="new Admin().logout();" href="">Admin Logout</a>]
24+
</div>
25+
<div class="app-navigation">
26+
<a>Page</a>
27+
<a href="../page?app=cookiecontrolledpage&t=About">About</a>
28+
</div>
29+
</div>
30+
31+
32+
<h1>Super Admin View</h1>
33+
34+
<div class="explanation">
35+
<p>You are logged in to the Super Admin View.
36+
i.e. you should not be able to use the login page until you logout because you are already logged in.</p>
37+
<p><strong>You should be able to switch to the Admin View, because Super Admin is also an admin.</strong></p>
38+
</div>
39+
40+
<div class="centered">
41+
42+
<a id="gologin" class="styled-click-button" href="adminlogin.html">Go To Login</a>
43+
44+
</div>
45+
46+
<script>
47+
48+
const admin = new Admin();
49+
50+
if(!(admin.isLoggedIn())){
51+
window.location.href = "adminlogin.html";
52+
}
53+
54+
admin.activateLoginLink();
55+
56+
if(!admin.userCanAccess("superadminview.html")){
57+
window.location.href = admin.getLoggedInUrl();
58+
}
59+
60+
61+
</script>
62+
63+
<div class="page-footer">
64+
<p><a target="_blank" rel="noopener noreferrer" href="https://eviltester.com">EvilTester.com</a>,
65+
<a target="_blank" rel="noopener noreferrer" href="https://compendiumdev.co.uk">Compendium Developments</a></p>
66+
</div>
67+
68+
</div>
69+
70+
71+
</body>
72+
</html>

java/testingapps/seleniumtestpages/src/main/resources/web/styled/index.html

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@
22
<head>
33
<title>Web Testing and Automation Practice Application Pages</title>
44

5+
<link rel="sitemap" type="application/xml" title="Sitemap" href="/sitemap.xml" />
56
<link rel="stylesheet" href="/css/testpages.css">
67
<link rel="shortcut icon" href="/favicon.ico">
78
<script defer data-domain="testpages.eviltester.com" src="https://plausible.io/js/script.js"></script>

0 commit comments

Comments
 (0)