Rename and rephrase DRY challenge

jurbz2019 · Apr 15, 2019 · b9be5c7 · b9be5c7
1 parent b466d0b
commit b9be5c7
Show file tree

Hide file tree

Showing 5 changed files with 11 additions and 11 deletions.
diff --git a/config/fbctf.yml b/config/fbctf.yml
@@ -260,6 +260,6 @@ ctf:
     privacyPolicyProofChallenge:
       name: Namibia
       code: NA
-    dryRegistrationChallenge:
+    passwordRepeatChallenge:
       name: Guyana
       code: GY
diff --git a/data/static/challenges.yml b/data/static/challenges.yml
@@ -680,10 +680,10 @@
   hintUrl: 'https://bkimminich.gitbooks.io/pwning-owasp-juice-shop/content/part2/security-through-obscurity.html#prove-that-you-actually-read-our-privacy-policy'
   key: privacyPolicyProofChallenge
 -
-  name: 'User Registration'
+  name: 'Repetitive Registration'
   category: 'Improper Input Validation'
-  description: 'Register but "<strong>D</strong>on''t <strong>R</strong>epeat <strong>Y</strong>ourself".'
+  description: 'Follow the DRY principle while registering a user.'
   difficulty: 1
-  hint: 'Avoid any repetitive tasks during user registration.'
-  # hintUrl: ''
-  key: dryRegistrationChallenge
+  hint: 'You can solve this by cleverly interacting with the UI or bypassing it altogether.'
+  # hintUrl: 'https://bkimminich.gitbooks.io/pwning-owasp-juice-shop/content/part2/improper-input-validation.html#follow-the-dry-principle-while-registering-a-user'
+  key: passwordRepeatChallenge
diff --git a/routes/verify.js b/routes/verify.js
@@ -43,10 +43,10 @@ exports.registerAdminChallenge = () => (req, res, next) => {
   next()
 }
 
-exports.dryRegistrationChallenge = () => (req, res, next) => {
-  if (utils.notSolved(challenges.dryRegistrationChallenge)) {
+exports.passwordRepeatChallenge = () => (req, res, next) => {
+  if (utils.notSolved(challenges.passwordRepeatChallenge)) {
     if (req.body && req.body.passwordRepeat !== req.body.password) {
-      utils.solve(challenges.dryRegistrationChallenge)
+      utils.solve(challenges.passwordRepeatChallenge)
     }
   }
   next()

diff --git a/server.js b/server.js
@@ -222,7 +222,7 @@ app.post('/api/Feedbacks', captcha.verifyCaptcha())
 app.post('/api/Feedbacks', verify.captchaBypassChallenge())
 /* User registration challenge verifications before finale takes over */
 app.post('/api/Users', verify.registerAdminChallenge())
-app.post('/api/Users', verify.dryRegistrationChallenge())
+app.post('/api/Users', verify.passwordRepeatChallenge())
 /* Unauthorized users are not allowed to access B2B API */
 app.use('/b2b/v2', insecurity.isAuthorized())
 /* Add item to basket */

diff --git a/test/e2e/registerSpec.js b/test/e2e/registerSpec.js
@@ -49,7 +49,7 @@ describe('/#/register', () => {
     protractor.expect.challengeSolved({ challenge: 'Admin Registration' })
   })
 
-  describe('challenge "dryRegistration"', () => {
+  describe('challenge "passwordRepeat"', () => {
     it('should be possible to register user without repeating the password', () => {
       browser.executeScript(() => {
         var xhttp = new XMLHttpRequest()