Web. Практическая работа № 1.

# Web. Практическая работа № 1. ## 1.1 Установка и настройка Ubuntu 20.04 Создадим виртуальную машину ![](https://i.imgur.com/dtUaaSi.png) --- Укажем установочный диск ![](https://i.imgur.com/OsZLwyg.png) ---- Начнем установку Укажем язык ![](https://i.imgur.com/yThhO8q.png) --- Укажем локаль ![](https://i.imgur.com/BC7l12F.png) --- Сетевые настройки ![](https://i.imgur.com/ps42wPW.png) --- Прокси нет ![](https://i.imgur.com/UDq0W1S.png) ---- Зеркало репозитория ![](https://i.imgur.com/aytu4fO.png) --- Разметка диска ![](https://i.imgur.com/J0NvvfI.png) --- По умолчанию ![](https://i.imgur.com/CfXMqHq.png) --- Записываем разметку ![](https://i.imgur.com/Ku3jyQE.png) --- Имя сервера, пользователя и пароль ![](https://i.imgur.com/VQjy1N1.png) --- Установим ssh сервер ![](https://i.imgur.com/Jlagd4a.png) --- Дополнительно ничего выбирать не будем ![](https://i.imgur.com/gI1eqWk.png) --- Процесс установки ![](https://i.imgur.com/d83GVVM.png) --- Установка завершена, перезагрузка ![](https://i.imgur.com/5ieSvUy.png) --- Войдем в систему ![](https://i.imgur.com/K0OMKck.png) --- ## 1.2 Подключение репозиториев docker ```bash= sudo apt update ``` ![](https://i.imgur.com/hWWAeKr.png) --- ```bash= sudo apt install apt-transport-https ca-certificates curl software-properties-common ``` ![](https://i.imgur.com/abPbwCn.png) --- ```bash= curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - ``` ![](https://i.imgur.com/kgdTr1W.png) --- ```bash= apt-key list ``` ![](https://i.imgur.com/bClvSll.png) --- ```bash= sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable" ``` ![](https://i.imgur.com/naMeHbV.png) --- ```bash= sudo apt update ``` ![](https://i.imgur.com/7aGTMxn.png) --- ## 1.3 Установка Docker CE ```bash= sudo apt install docker-ce ``` ![](https://i.imgur.com/xLlvl7o.png) ![](https://i.imgur.com/0QXbLPU.png) --- ```bash= sudo systemctl enable docker ``` ![](https://i.imgur.com/dRsJ1jk.png) --- ```bash= sudo service docker start ``` ![](https://i.imgur.com/W6XllzW.png) --- ## 1.4 Установка веб-приложения https://hub.docker.com/r/bkimminich/juice-shop ```bash= sudo docker pull bkimminich/juice-shop ``` ![](https://i.imgur.com/VhilkDs.png) --- ```bash= sudo usermod -aG docker user ``` ![](https://i.imgur.com/osFNiBs.png) --- ```bash= sudo docker run --rm -p 3000:3000 bkimminich/juice-shop ``` ![](https://i.imgur.com/21kJ4uH.png) --- Откроем в браузере http://192.168.1.75:3000 ![](https://i.imgur.com/TmQWNz0.png) --- ## 1.5 Изучение запросов браузера к приложению и форме регистрации пользователей Посмотрим процесс логина ![](https://i.imgur.com/0IB2kgz.png) ![](https://i.imgur.com/civg8cy.png) ---- Посмотрим процесс регистрации ![](https://i.imgur.com/ZAFrjJq.png) ![](https://i.imgur.com/jCLJtc6.png) ![](https://i.imgur.com/DAjIGAE.png) ![](https://i.imgur.com/JN9erhB.png) ![](https://i.imgur.com/xqi1lDl.png) ![](https://i.imgur.com/N29Q21Y.png) ---- Посмотрим процесс входа пользователя ![](https://i.imgur.com/7nW7rRZ.png) ![](https://i.imgur.com/ThKEI5P.png) ![](https://i.imgur.com/e2HJY7A.png) ---- И, например процесс добавления в корзину ![](https://i.imgur.com/ZkMFhY6.png) ![](https://i.imgur.com/rDFyfOt.png) --- ## 1.6 Запрос к приложению через curl На основе данных полученных в предыдущем разделе, составим запросы к сервису ![](https://i.imgur.com/iymEudQ.png) Попробуем в лоб обратимся к сервису указав логин пароль ```bash= curl -u mynewuser@prsecurity.com:mynewpassword http://192.168.1.75:3000/api/Basketitems/ ``` ![](https://i.imgur.com/OpgzQwC.png) --- ![](https://i.imgur.com/zP21U8E.png) Попробуем залогиниться ```bash= curl -X POST http://192.168.1.75:3000/rest/user/login -H 'Content-Type: application/json' -d '{"email":"mynewuser@ptsecurity.com","password":"mynewpassword"}' ``` ![](https://i.imgur.com/VHuxDtI.png) --- Используя jq спарсим токен ```bash= curl -X POST http://192.168.1.75:3000/rest/user/login -H 'Content-Type: application/json' -d '{"email":"mynewuser@ptsecurity.com","password":"mynewpassword"}' | jq ``` ![](https://i.imgur.com/F50PLLk.png) --- Токен спарсили ```bash= curl -X POST http://192.168.1.75:3000/rest/user/login -H 'Content-Type: application/json' -d '{"email":"mynewuser@ptsecurity.com","password":"mynewpassword"}' | jq -r .authentication.token ``` ![](https://i.imgur.com/klL66Kv.png) --- Положим токен в переменную ```bash= TOKEN=$(curl -X POST http://192.168.1.75:3000/rest/user/login -H 'Content-Type: application/json' -d '{"email":"mynewuser@ptsecurity.com","password":"mynewpassword"}' | jq -r .authentication.token ) ``` ![](https://i.imgur.com/hkC2Kxl.png) --- Обратимся к сервису используя токен ```bash= curl -H 'Accept: application/json' -H "Authorization: Bearer $TOKEN" http://192.168.1.75:3000/rest/products/search ``` ![](https://i.imgur.com/xOLjg1Y.png) --- Распарсим ответ используя jq ```bash= curl -H 'Accept: application/json' -H "Authorization: Bearer $TOKEN" http://192.168.1.75:3000/rest/products/search | jq ``` ![](https://i.imgur.com/M6Vxzaz.png) --- Выберем, например, только интересующие нас значения ```bash= curl -H 'Accept: application/json' -H "Authorization: Bearer $TOKEN" http://192.168.1.75:3000/rest/products/search | jq '.data[] | {name, description}' ``` ![](https://i.imgur.com/V5DsjUq.png) --- Обратимся к корзине ```bash= curl -X PUT -H 'Accept: application/json' -H "Authorization: Bearer $TOKEN" http://192.168.1.75:3000/api/BasketItems/3 -d '{"quantity":"8"}' ``` ![](https://i.imgur.com/lZ6npEQ.png) --- Распарсим ответ ```bash= curl -X PUT -H 'Accept: application/json' -H "Authorization: Bearer $TOKEN" http://192.168.1.75:3000/api/BasketItems/3 -d '{"quantity":"8"}' | jq ``` ![](https://i.imgur.com/Cuy2Hi8.png) --- Поменяем адрес ```bash= curl -X POST -H 'Accept: application/json' -H "Authorization: Bearer $TOKEN" http://192.168.1.75:3000/api/Addresss/ -H 'Content-Type: application/json' -d '{"city":"2sdfsd", "country":"russia", "fullName":"User", "mobileNum":"2222222222", "state":"msk", "streetAddress":"street", "zipCode":"123"}' ``` ![](https://i.imgur.com/IjzRbzQ.png) --- Ответ немного распарсим ```bash= curl -X POST -H 'Accept: application/json' -H "Authorization: Bearer $TOKEN" http://192.168.1.75:3000/api/Addresss/ -H 'Content-Type: application/json' -d '{"city":"2sdfsd", "country":"russia", "fullName":"User", "mobileNum":"2222222222", "state":"msk", "streetAddress":"street", "zipCode":"123"}' | jq ``` ![](https://i.imgur.com/sH98Rec.png) --- Можем выбирать различные значения ```bash= curl -X POST -H 'Accept: application/json' -H "Authorization: Bearer $TOKEN" http://192.168.1.75:3000/api/Addresss/ -H 'Content-Type: application/json' -d '{"city":"2sdfsd", "country":"russia", "fullName":"User", "mobileNum":"2222222222", "state":"msk", "streetAddress":"street", "zipCode":"123"}' | jq curl -X POST -H 'Accept: application/json' -H "Authorization: Bearer $TOKEN" http://192.168.1.75:3000/api/Addresss/ -H 'Content-Type: application/json' -d '{"city":"2sdfsd", "country":"russia", "fullName":"User", "mobileNum":"2222222222", "state":"msk", "streetAddress":"street", "zipCode":"123"}' | jq .data[] curl -X POST -H 'Accept: application/json' -H "Authorization: Bearer $TOKEN" http://192.168.1.75:3000/api/Addresss/ -H 'Content-Type: application/json' -d '{"city":"2sdfsd", "country":"russia", "fullName":"User", "mobileNum":"2222222222", "state":"msk", "streetAddress":"street", "zipCode":"123"}' | jq .data.city curl -X POST -H 'Accept: application/json' -H "Authorization: Bearer $TOKEN" http://192.168.1.75:3000/api/Addresss/ -H 'Content-Type: application/json' -d '{"city":"2sdfsd", "country":"russia", "fullName":"User", "mobileNum":"2222222222", "state":"msk", "streetAddress":"street", "zipCode":"123"}' | jq .data.state curl -X POST -H 'Accept: application/json' -H "Authorization: Bearer $TOKEN" http://192.168.1.75:3000/api/Addresss/ -H 'Content-Type: application/json' -d '{"city":"2sdfsd", "country":"russia", "fullName":"User", "mobileNum":"2222222222", "state":"msk", "streetAddress":"street", "zipCode":"123"}' | jq .data.streetAddress ``` ![](https://i.imgur.com/OIgTgdC.png) --- ## 1.7 Запрос к приложению через powershell Powershell действуем аналогично curl Создадим пользователя ```powershell= $newuserJSON = @{"email"="usertwo@ptsecurity.com";"password"="verycoolpass";"passwordRepeat"="verycoolpass";"securityQuestion"=@{"id"=1;"question"="Your eldest siblings middle name?";"createdAt"="2022-09-08T19:54:51.352Z";"updatedAt"="2022-09-08T19:54:51.352Z"};"securityAnswer"="John"} | ConvertTo-Json Invoke-WebRequest -Uri http://192.168.1.75:3000/api/Users/ -Method POST -Body $newuserJSON -ContentType "application/json" ``` ![](https://i.imgur.com/gz7aPof.png) --- Залогинимся под пользователем ```powershell= $credJSON = @{"email"="usertwo@ptsecurity.com";"password"="verycoolpass"} | ConvertTo-Json Invoke-WebRequest -Uri http://192.168.1.75:3000/rest/user/login -Method POST -Body $credJSON -ContentType "application/json" ``` ![](https://i.imgur.com/8NlrUWV.png) --- ```powershell= $response = Invoke-WebRequest -Uri http://192.168.1.75:3000/rest/user/login -Method POST -Body $credJSON -ContentType "application/json" $token = $response.Content.Split(":{").split(":").split(",").split('"')[7] $token ``` ![](https://i.imgur.com/VzMLMSK.png) --- Получим токен ```powershell= $secureToken = $token | ConvertTo-SecureString -AsPlainText -Force Invoke-WebRequest -Uri http://192.168.1.75:3000/rest/products/search -Authentication Bearer -Token $secureToken -AllowUnencryptedAuthentication ``` ![](https://i.imgur.com/6oe1msP.png) ---- Используя токен обратимся, например, к корзине ```powershell= Invoke-WebRequest -Uri http://192.168.1.75:3000/api/BasketItems/3 -Authentication Bearer -Token $secureToken -AllowUnencryptedAuthentication ``` ![](https://i.imgur.com/MWkbrI9.png) --- Поменяем адрес ```powershell= $address = @{"city"="msk";"country"="Russia";"fullName"="Vasya";"mobileNum"="2222222222";"state"="msk";"streetAddress"="street";"zipCode"="222"} | ConvertTo-Json Invoke-WebRequest -Uri http://192.168.1.75:3000/api/Addresss/ -Authentication Bearer -Token $secureToken -AllowUnencryptedAuthentication -Method POST -Body $address ``` ![](https://i.imgur.com/alIO9sS.png) --- ## 1.8 Изучение ответа приложения и его парсинг с помощью утилит jq Утилиту jq использовали при составлении запросов к сервису через curl, тут приведем данные запросы отдельно. ```bash= curl -X POST http://192.168.1.75:3000/rest/user/login -H 'Content-Type: application/json' -d '{"email":"mynewuser@ptsecurity.com","password":"mynewpassword"}' | jq ``` ![](https://i.imgur.com/F50PLLk.png) --- ```bash= curl -X POST http://192.168.1.75:3000/rest/user/login -H 'Content-Type: application/json' -d '{"email":"mynewuser@ptsecurity.com","password":"mynewpassword"}' | jq -r .authentication.token ``` ![](https://i.imgur.com/klL66Kv.png) --- ```bash= TOKEN=$(curl -X POST http://192.168.1.75:3000/rest/user/login -H 'Content-Type: application/json' -d '{"email":"mynewuser@ptsecurity.com","password":"mynewpassword"}' | jq -r .authentication.token ) ``` ![](https://i.imgur.com/hkC2Kxl.png) --- ```bash= curl -H 'Accept: application/json' -H "Authorization: Bearer $TOKEN" http://192.168.1.75:3000/rest/products/search | jq ``` ![](https://i.imgur.com/M6Vxzaz.png) --- ```bash= curl -H 'Accept: application/json' -H "Authorization: Bearer $TOKEN" http://192.168.1.75:3000/rest/products/search | jq '.data[] | {name, description}' ``` ![](https://i.imgur.com/V5DsjUq.png) --- ```bash= curl -X PUT -H 'Accept: application/json' -H "Authorization: Bearer $TOKEN" http://192.168.1.75:3000/api/BasketItems/3 -d '{"quantity":"8"}' | jq ``` ![](https://i.imgur.com/Cuy2Hi8.png) --- ```bash= curl -X POST -H 'Accept: application/json' -H "Authorization: Bearer $TOKEN" http://192.168.1.75:3000/api/Addresss/ -H 'Content-Type: application/json' -d '{"city":"2sdfsd", "country":"russia", "fullName":"User", "mobileNum":"2222222222", "state":"msk", "streetAddress":"street", "zipCode":"123"}' | jq ``` ![](https://i.imgur.com/sH98Rec.png) --- ```bash= curl -X POST -H 'Accept: application/json' -H "Authorization: Bearer $TOKEN" http://192.168.1.75:3000/api/Addresss/ -H 'Content-Type: application/json' -d '{"city":"2sdfsd", "country":"russia", "fullName":"User", "mobileNum":"2222222222", "state":"msk", "streetAddress":"street", "zipCode":"123"}' | jq curl -X POST -H 'Accept: application/json' -H "Authorization: Bearer $TOKEN" http://192.168.1.75:3000/api/Addresss/ -H 'Content-Type: application/json' -d '{"city":"2sdfsd", "country":"russia", "fullName":"User", "mobileNum":"2222222222", "state":"msk", "streetAddress":"street", "zipCode":"123"}' | jq .data[] curl -X POST -H 'Accept: application/json' -H "Authorization: Bearer $TOKEN" http://192.168.1.75:3000/api/Addresss/ -H 'Content-Type: application/json' -d '{"city":"2sdfsd", "country":"russia", "fullName":"User", "mobileNum":"2222222222", "state":"msk", "streetAddress":"street", "zipCode":"123"}' | jq .data.city curl -X POST -H 'Accept: application/json' -H "Authorization: Bearer $TOKEN" http://192.168.1.75:3000/api/Addresss/ -H 'Content-Type: application/json' -d '{"city":"2sdfsd", "country":"russia", "fullName":"User", "mobileNum":"2222222222", "state":"msk", "streetAddress":"street", "zipCode":"123"}' | jq .data.state curl -X POST -H 'Accept: application/json' -H "Authorization: Bearer $TOKEN" http://192.168.1.75:3000/api/Addresss/ -H 'Content-Type: application/json' -d '{"city":"2sdfsd", "country":"russia", "fullName":"User", "mobileNum":"2222222222", "state":"msk", "streetAddress":"street", "zipCode":"123"}' | jq .data.streetAddress ``` ![](https://i.imgur.com/OIgTgdC.png) ---