Add KeePass challenge

(resolves alexeisnyk#240)

app/views/Login.html

@@ -21,7 +21,7 @@ <h3 class="page-header page-header-sm" translate="TITLE_LOGIN"></h3>
                     </div>
                 </div>
                 <div class="row">
-                    <div class="form-group">
+                    <div class="form-group"> <!-- @echipa de suport: folosiți fișierul nostru cheie a fost de acord, și lăsați-martor parola de master! -->
                         <label for="userPassword" translate="LABEL_PASSWORD"></label>
                         <input type="password" class="form-control input-sm" id="userPassword" name="userPassword" ng-model="user.password" required/>
                     </div>

data/datacreator.js

@@ -303,6 +303,14 @@ module.exports = function () {
     }).success(function (challenge) {
       challenges.loginCisoChallenge = challenge
     })
+    models.Challenge.create({
+      name: 'loginSupport',
+      description: 'Log in with the support team\'s original user credentials without applying SQL Injection or any other bypass.',
+      difficulty: 5,
+      solved: false
+    }).success(function (challenge) {
+      challenges.loginSupportChallenge = challenge
+    })
   }
 
   function createUsers () {
@@ -332,6 +340,12 @@ module.exports = function () {
     }).success(function (user) {
       users.ciso = user
     })
+    models.User.create({
+      email: '[email protected]',
+      password: 'J6aVjTgOpRs$?5l+Zkq2AYnCE@RF§P'
+    }).success(function (user) {
+      users.support = user
+    })
   }
 
   function createProducts () {

routes/login.js

@@ -28,6 +28,9 @@ exports = module.exports = function login () {
     if (utils.notSolved(challenges.weakPasswordChallenge) && req.body.email === '[email protected]' && req.body.password === 'admin123') {
       utils.solve(challenges.weakPasswordChallenge)
     }
+    if (utils.notSolved(challenges.loginSupportChallenge) && req.body.email === '[email protected]' && req.body.password === 'J6aVjTgOpRs$?5l+Zkq2AYnCE@RF§P') {
+      utils.solve(challenges.loginSupportChallenge)
+    }
     if (utils.notSolved(challenges.oauthUserPasswordChallenge) && req.body.email === '[email protected]' && req.body.password === 'YmpvZXJuLmtpbW1pbmljaEBnb29nbGVtYWlsLmNvbQ==') {
       utils.solve(challenges.oauthUserPasswordChallenge)
     }

test/e2e/loginSpec.js

@@ -67,6 +67,18 @@ describe('/#/login', function () {
     protractor.expect.challengeSolved({challenge: 'adminCredentials'})
   })
 
+  describe('challenge "loginSupport"', function () {
+    it('should be able to log in with original support-team credentials', function () {
+      email.sendKeys('[email protected]')
+      password.sendKeys('J6aVjTgOpRs$?5l+Zkq2AYnCE@RF§P')
+      loginButton.click()
+
+      expect(browser.getLocationAbsUrl()).toMatch(/\/search/)
+    })
+
+    protractor.expect.challengeSolved({challenge: 'loginSupport'})
+  })
+
   describe('challenge "oauthUserPassword"', function () {
     it('should be able to log in as [email protected] with base64-encoded email as password', function () {
       email.sendKeys('[email protected]')

test/server/userApiSpec.js

@@ -187,6 +187,18 @@ frisby.create('POST login with admin credentials')
   })
   .toss()
 
+frisby.create('POST login with support-team credentials')
+  .post(REST_URL + '/user/login', {
+    email: '[email protected]',
+    password: 'J6aVjTgOpRs$?5l+Zkq2AYnCE@RF§P'
+  }, { json: true })
+  .expectStatus(200)
+  .expectHeaderContains('content-type', 'application/json')
+  .expectJSONTypes({
+    token: String
+  })
+  .toss()
+
 frisby.create('POST login as [email protected] with known password')
   .post(REST_URL + '/user/login', {
     email: '[email protected]',