Include user agent in Slack message content instead of HTTP header

Co-authored-by: commjoen <[email protected]>

Author: Copilot

src/main/java/org/owasp/wrongsecrets/challenges/docker/SlackNotificationService.java

@@ -45,16 +45,11 @@ public void notifyChallengeCompletion(String challengeName, String userName, Str
     }
 
     try {
-      String message = buildCompletionMessage(challengeName, userName);
+      String message = buildCompletionMessage(challengeName, userName, userAgent);
       SlackMessage slackMessage = new SlackMessage(message);
 
       HttpHeaders headers = new HttpHeaders();
       headers.setContentType(MediaType.APPLICATION_JSON);
-      
-      // Add User-Agent header if provided
-      if (userAgent != null && !userAgent.trim().isEmpty()) {
-        headers.set("User-Agent", userAgent);
-      }
 
       HttpEntity<SlackMessage> request = new HttpEntity<>(slackMessage, headers);
 
@@ -86,12 +81,17 @@ private boolean isSlackConfigured() {
         && challenge59.get().getSlackWebhookUrl().startsWith("https://hooks.slack.com");
   }
 
-  private String buildCompletionMessage(String challengeName, String userName) {
+  private String buildCompletionMessage(String challengeName, String userName, String userAgent) {
     String userPart = (userName != null && !userName.trim().isEmpty()) ? " by " + userName : "";
+    String userAgentPart = (userAgent != null && !userAgent.trim().isEmpty()) ? " (User-Agent: " + userAgent + ")" : "";
 
     return String.format(
-        "🎉 Challenge %s completed%s! Another secret vulnerability discovered in WrongSecrets.",
-        challengeName, userPart);
+        "🎉 Challenge %s completed%s%s! Another secret vulnerability discovered in WrongSecrets.",
+        challengeName, userPart, userAgentPart);
+  }
+
+  private String buildCompletionMessage(String challengeName, String userName) {
+    return buildCompletionMessage(challengeName, userName, null);
   }
 
   /** Simple record for Slack message payload. */

src/test/java/org/owasp/wrongsecrets/challenges/docker/SlackNotificationServiceTest.java

@@ -51,7 +51,7 @@ void shouldSendNotificationWithUserAgentWhenSlackIsConfigured() {
   }
 
   @Test
-  void shouldSetUserAgentHeaderWhenProvided() {
+  void shouldIncludeUserAgentInMessageWhenProvided() {
     // Given
     String webhookUrl = "https://hooks.slack.com/services/T123456789/B123456789/abcdef123456";
     String userAgent = "Cypress WrongSecrets E2E Tests";
@@ -71,12 +71,12 @@ void shouldSetUserAgentHeaderWhenProvided() {
         .postForEntity(eq(webhookUrl), entityCaptor.capture(), eq(String.class));
 
     HttpEntity capturedEntity = entityCaptor.getValue();
-    HttpHeaders headers = capturedEntity.getHeaders();
-    assertEquals(userAgent, headers.getFirst("User-Agent"));
+    SlackNotificationService.SlackMessage slackMessage = (SlackNotificationService.SlackMessage) capturedEntity.getBody();
+    assertTrue(slackMessage.getText().contains("(User-Agent: " + userAgent + ")"));
   }
 
   @Test
-  void shouldNotSetUserAgentHeaderWhenNotProvided() {
+  void shouldNotIncludeUserAgentInMessageWhenNotProvided() {
     // Given
     String webhookUrl = "https://hooks.slack.com/services/T123456789/B123456789/abcdef123456";
     when(challenge59.getSlackWebhookUrl()).thenReturn(webhookUrl);
@@ -95,8 +95,8 @@ void shouldNotSetUserAgentHeaderWhenNotProvided() {
         .postForEntity(eq(webhookUrl), entityCaptor.capture(), eq(String.class));
 
     HttpEntity capturedEntity = entityCaptor.getValue();
-    HttpHeaders headers = capturedEntity.getHeaders();
-    assertNull(headers.getFirst("User-Agent"));
+    SlackNotificationService.SlackMessage slackMessage = (SlackNotificationService.SlackMessage) capturedEntity.getBody();
+    assertFalse(slackMessage.getText().contains("User-Agent"));
   }
 
   @Test