This project is intended to give students a chance to diagnose and recommend security fixes on a containerized web application and authentication server.
You will need to install the following dependencies:
- GitHub Desktop
- Visual Studio Code
- Remote Development VS Code Extension
- Docker Desktop
- MongoDB Compass (Optional)
- From Github Desktop, click 'Clone a Repository from the Internet...'.
- Select the URL tab and paste the repository URL (
https://github.com/VSchool/we-vulnerability-testing.git) into the text field and click 'Clone'. - Once clone is complete, click 'Open in Visual Studio Code'.
- From VS Code, click the 'Open A Remote Window' button (it's blue) in the bottom left corner of the window.
- Select 'Reopen in Container'.
- Once the terminal displays a message that the server and database are connected, visit http://localhost:8080 in a browser to view the app.
- Open MongoDB Compass and enter the URL of the database that was printed to the terminal (it should be something like
mongodb://localhost:27017) into the URI textbox field and click enter. - Select the database 'test' from the side menu to view the collection of users. A few will already be created for you automatically.
- To create a user simply sign up using the web app. You may need to refresh Compass to see new entries.
In MongoDB Compass you can directly edit properties on user objects. For example, To make a user an admin, simply set the property admin to true on the corresponding user object.
npm run dev- Starts the in-memory-db server, express.js web server, and Vite client.
Note: Toggle the
ENABLE_SEEDenvironment variable totrue|falseto switch on/off automatically creating users when the server initializes.