WEB-127 Report Card does not reflect viewing hints

WEB-143 	Add "1 of N" to Hint display

Author: lawson89

src/main/java/org/owasp/webgoat/lessons/model/Hint.java

@@ -1,28 +1,31 @@
-/***************************************************************************************************
- * 
- * 
- * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
- * please see http://www.owasp.org/
- * 
+/**
+ * *************************************************************************************************
+ *
+ *
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ *
  * Copyright (c) 2002 - 20014 Bruce Mayhew
- * 
- * This program is free software; you can redistribute it and/or modify it under the terms of the
- * GNU General Public License as published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- * 
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
- * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- * 
- * You should have received a copy of the GNU General Public License along with this program; if
- * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
- * 
+ *
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ *
  * Getting Source ==============
- * 
- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
- * projects.
- * 
+ *
+ * Source for this application is maintained at
+ * https://github.com/WebGoat/WebGoat, a repository for free software projects.
+ *
  * For details, please see http://webgoat.github.io
  */
 package org.owasp.webgoat.lessons.model;
@@ -36,6 +39,7 @@ public class Hint {
     private String hint;
     private String lesson;
     private int number;
+    private boolean viewed = false;
 
     /**
      * @return the hint
@@ -79,4 +83,18 @@ public void setNumber(int number) {
         this.number = number;
     }
 
+    /**
+     * @return the viewed
+     */
+    public boolean isViewed() {
+        return viewed;
+    }
+
+    /**
+     * @param viewed the viewed to set
+     */
+    public void setViewed(boolean viewed) {
+        this.viewed = viewed;
+    }
+
 }

src/main/java/org/owasp/webgoat/service/HintService.java

@@ -12,9 +12,10 @@
 import org.owasp.webgoat.lessons.model.Hint;
 import org.owasp.webgoat.session.WebSession;
 import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.ResponseBody;
-import org.springframework.web.servlet.ModelAndView;
 
 /**
  *
@@ -43,44 +44,57 @@ List<Hint> showHint(HttpSession session) {
         if (hints == null) {
             return listHints;
         }
+        int maxHintViewed = l.getLessonTracker(ws).getMaxHintLevel();
+        System.out.println("maxHintViewed: " + maxHintViewed);
         int idx = 0;
+
         for (String h : hints) {
             Hint hint = new Hint();
             hint.setHint(h);
             hint.setLesson(l.getName());
             hint.setNumber(idx);
+            if (idx <= maxHintViewed) {
+                hint.setViewed(true);
+            }
             listHints.add(hint);
             idx++;
         }
         return listHints;
     }
 
-    @RequestMapping(value = "/hint_widget.mvc", produces = "text/html")
-    public
-            ModelAndView showHintsAsHtml(HttpSession session) {
-        ModelAndView model = new ModelAndView();
-        List<Hint> listHints = new ArrayList<Hint>();
-        model.addObject("hints", listHints);
+    /**
+     * Marks hint as viewed on the current lesson Yes this is not very RESTish -
+     * clean this up in next version
+     *
+     * @param hintNumber
+     * @param session
+     * @return
+     */
+    @RequestMapping(value = "/hint_mark_as_viewed.mvc", produces = "application/json", method = RequestMethod.POST)
+    public @ResponseBody
+    boolean markHintAsViewed(HttpSession session, @RequestBody Integer hintNumber) {
+        if (hintNumber == null) {
+            return false;
+        }
         WebSession ws = getWebSession(session);
         AbstractLesson l = ws.getCurrentLesson();
-        if (l == null) {            
-            return model;
-        }
-        List<String> hints;
-        hints = l.getHintsPublic(ws);
-        if (hints == null) {
-            return model;
-        }
-        int idx = 0;
-        for (String h : hints) {
-            Hint hint = new Hint();
-            hint.setHint(h);
-            hint.setLesson(l.getName());
-            hint.setNumber(idx);
-            listHints.add(hint);
-            idx++;
-        }
-        model.setViewName("widgets/hints");
-        return model;
+        l.getLessonTracker(ws).setMaxHintLevel(hintNumber);
+        return true;
     }
+
+    /**
+     * Returns max hint viewed for current lesson
+     *
+     * @param session
+     * @return
+     */
+    @RequestMapping(value = "/max_hint_viewed.mvc", produces = "application/json")
+    public @ResponseBody
+    Integer getMaxHintViewed(HttpSession session) {
+        WebSession ws = getWebSession(session);
+        AbstractLesson l = ws.getCurrentLesson();
+        int maxHintViewed = l.getLessonTracker(ws).getMaxHintLevel();
+        return maxHintViewed;
+    }
+
 }

src/main/java/org/owasp/webgoat/service/ParameterService.java

@@ -23,14 +23,13 @@
  *
  * Getting Source ==============
  *
- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository
- * for free software projects.
+ * Source for this application is maintained at
+ * https://github.com/WebGoat/WebGoat, a repository for free software projects.
  *
  * For details, please see http://webgoat.github.io
  */
 package org.owasp.webgoat.service;
 
-import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
 import javax.servlet.http.HttpSession;

src/main/webapp/js/goatConstants.js

@@ -1,35 +1,35 @@
 //goatConstants
 
 var goatConstants = {
-	CATEGORYCLASS:'fa-angle-right pull-right',
-	lessonCompleteClass:'glyphicon glyphicon-check lessonComplete',
-	selectedMenuClass:'selected',
-	keepOpenClass:'keepOpen',
-	menuPrefix : [
-		{
-		name:'LESSONS',
-		type:'STATIC',
-		complete:false,
-		link:'',
-		children:null,
-		class:'fa-bars static'
-	}],
-	//services
-	lessonService: 'service/lessonmenu.mvc',
-	cookieService: 'service/cookie.mvc', //cookies_widget.mvc
-	hintService:'service/hint.mvc',
-	sourceService:'service/source.mvc',
-	solutionService:'service/solution.mvc',
-	lessonPlanService:'service/lessonplan.mvc',
-	menuService: 'service/lessonmenu.mvc',
-	lessonTitleService: 'service/lessontitle.mvc',
-	restartLessonService: 'service/restartlesson.mvc',
-	
-	// literal messages
-	notFound: 'Could not find',
-	noHints: 'There are no hints defined.',
-	noSourcePulled: 'No source was retrieved for this lesson'
-	
+    CATEGORYCLASS: 'fa-angle-right pull-right',
+    lessonCompleteClass: 'glyphicon glyphicon-check lessonComplete',
+    selectedMenuClass: 'selected',
+    keepOpenClass: 'keepOpen',
+    menuPrefix: [
+        {
+            name: 'LESSONS',
+            type: 'STATIC',
+            complete: false,
+            link: '',
+            children: null,
+            class: 'fa-bars static'
+        }],
+    //services
+    lessonService: 'service/lessonmenu.mvc',
+    cookieService: 'service/cookie.mvc', //cookies_widget.mvc
+    hintService: 'service/hint.mvc',    
+    hintServiceMarkAsViewed: 'service/hint_mark_as_viewed.mvc',
+    sourceService: 'service/source.mvc',
+    solutionService: 'service/solution.mvc',
+    lessonPlanService: 'service/lessonplan.mvc',
+    menuService: 'service/lessonmenu.mvc',
+    lessonTitleService: 'service/lessontitle.mvc',
+    restartLessonService: 'service/restartlesson.mvc',
+    // literal messages
+    notFound: 'Could not find',
+    noHints: 'There are no hints defined.',
+    noSourcePulled: 'No source was retrieved for this lesson'
+
 };