Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User registration not persistant #986

Closed
RBisso opened this issue Apr 9, 2021 · 11 comments
Closed

User registration not persistant #986

RBisso opened this issue Apr 9, 2021 · 11 comments
Assignees
@nbaars
Labels
bug waiting for release Issue is fix, waiting on new release
Milestone
2023.0

Comments

@RBisso
Copy link

RBisso commented Apr 9, 2021

Hi,

First, thank you for reading this : ).
I started using WebGoat few days ago and every time i start the container i need to create a new account. I started using the command in the README.md.

docker run -p 8080:8080 -p 9090:9090 -e TZ=America/Sao_Paulo webgoat/goatandwolf

Looking at #457, I tryied to relicate the suggested command to the 8.1 version:

docker run -p 8080:8080 p 9090:9090 -it -v /tmp/webgoat-data:/home/webgoat/.webgoat-8.1.0 -e TZ=America/Sao_Paulo webgoat/goatandwolf /home/webgoat/start.sh

That resulted in the following error:

[Server@5c87bfe2]: [Thread[HSQLDB Server @5c87bfe2,5,main]]: Database [index=0, db=file:/home/webgoat/.webgoat-8.1.0//data/webgoat, alias=webgoat] did not open: org.hsqldb.HsqlException: Database lock acquisition failure: lockFile: org.hsqldb.persist.LockFile@f1f8aafc[file =/home/webgoat/.webgoat-8.1.0/data/webgoat.lck, exists=false, locked=false, valid=false, ] method: openRAF reason: java.io.FileNotFoundException: /home/webgoat/.webgoat-8.1.0/data/webgoat.lck (No such file or directory)
[Server@5c87bfe2]: [Thread[HSQLDB Server @5c87bfe2,5,main]]: Shutting down because there are no open databases
13:55:43.602 [main] INFO org.owasp.webgoat.StartWebGoat - Starting WebGoat with args: --webgoat.build.version=8.1.0,--server.address=0.0.0.0

So, looking at the /home/webgoat/.webgoat-8.1.0 folder, I found out that the .lck file was inside data

webgoat@47769bfa6712:~$ ls -la
total 135324
drwxr-xr-x 1 webgoat webgoat     4096 Apr  9 15:23 .
drwxr-xr-x 1 root    root        4096 May 23  2020 ..
-rw-r--r-- 1 webgoat webgoat      220 May 15  2017 .bash_logout
-rw-r--r-- 1 webgoat webgoat     3526 May 15  2017 .bashrc
-rw-r--r-- 1 webgoat webgoat      675 May 15  2017 .profile
drwxr-xr-x 1 webgoat webgoat     4096 Apr  9 15:23 .webgoat-8.1.0
-rw-rw-r-- 1 root    root         320 May 23  2020 start.sh
-rw-rw-r-- 1 root    root    87928531 May 23  2020 webgoat.jar
-rw-r--r-- 1 webgoat webgoat     9624 Apr  9 15:23 webgoat.log
-rw-rw-r-- 1 root    root    50589462 May 23  2020 webwolf.jar
-rw-r--r-- 1 webgoat webgoat     2673 Apr  9 15:23 webwolf.log
webgoat@47769bfa6712:~$ ls -la .webgoat-8.1.0/
total 32
drwxr-xr-x 1 webgoat webgoat 4096 Apr  9 15:23 .
drwxr-xr-x 1 webgoat webgoat 4096 Apr  9 15:23 ..
drwxr-xr-x 2 webgoat webgoat 4096 Apr  9 15:23 ClientSideFiltering
drwxr-xr-x 3 webgoat webgoat 4096 Apr  9 15:23 PathTraversal
drwxr-xr-x 2 webgoat webgoat 4096 Apr  9 15:23 XXE
drwxr-xr-x 3 webgoat webgoat 4096 Apr  9 15:23 data
-rw-r--r-- 1 webgoat webgoat   63 Apr  9 15:23 path-traversal-secret.jpg
webgoat@47769bfa6712:~$ ls -la .webgoat-8.1.0/data/
total 36
drwxr-xr-x 3 webgoat webgoat  4096 Apr  9 15:23 .
drwxr-xr-x 1 webgoat webgoat  4096 Apr  9 15:23 ..
-rw-r--r-- 1 webgoat webgoat    16 Apr  9 15:23 webgoat.lck
-rw-r--r-- 1 webgoat webgoat 12138 Apr  9 15:23 webgoat.log
-rw-r--r-- 1 webgoat webgoat   100 Apr  9 15:23 webgoat.properties
-rw-r--r-- 1 webgoat webgoat  1494 Apr  9 15:23 webgoat.script
drwxr-xr-x 2 webgoat webgoat  4096 Apr  9 15:23 webgoat.tmp

There is another error popping after this one:

Server@2c88b9fc]: [Thread[HSQLDB Server @2c88b9fc,5,main]]: Shutting down because there are no open databases
2021-04-09 17:50:41.512 ERROR 45 --- [erver @2c88b9fc] hsqldb.db.HSQLDB78B866B2A8.ENGINE        : could not reopen database

org.hsqldb.HsqlException: Database lock acquisition failure: lockFile: org.hsqldb.persist.LockFile@f1f8aafc[file =/home/webgoat/.webgoat-8.1.0/data/webgoat.lck, exists=false, locked=false, valid=false, ] method: openRAF reason: java.io.FileNotFoundException: /home/webgoat/.webgoat-8.1.0/data/webgoat.lck (No such file or directory)
	at org.hsqldb.error.Error.error(Unknown Source) ~[hsqldb-2.5.0.jar!/:2.5.0]
	at org.hsqldb.error.Error.error(Unknown Source) ~[hsqldb-2.5.0.jar!/:2.5.0]
	at org.hsqldb.persist.LockFile.newLockFileLock(Unknown Source) ~[hsqldb-2.5.0.jar!/:2.5.0]
	at org.hsqldb.persist.Logger.acquireLock(Unknown Source) ~[hsqldb-2.5.0.jar!/:2.5.0]
	at org.hsqldb.persist.Logger.open(Unknown Source) ~[hsqldb-2.5.0.jar!/:2.5.0]
	at org.hsqldb.Database.reopen(Unknown Source) ~[hsqldb-2.5.0.jar!/:2.5.0]
	at org.hsqldb.Database.open(Unknown Source) ~[hsqldb-2.5.0.jar!/:2.5.0]
	at org.hsqldb.DatabaseManager.getDatabase(Unknown Source) ~[hsqldb-2.5.0.jar!/:2.5.0]
	at org.hsqldb.DatabaseManager.getDatabase(Unknown Source) ~[hsqldb-2.5.0.jar!/:2.5.0]
	at org.hsqldb.server.Server.openDatabases(Unknown Source) ~[hsqldb-2.5.0.jar!/:2.5.0]
	at org.hsqldb.server.Server.run(Unknown Source) ~[hsqldb-2.5.0.jar!/:2.5.0]
	at org.hsqldb.server.Server.access$000(Unknown Source) ~[hsqldb-2.5.0.jar!/:2.5.0]
	at org.hsqldb.server.Server$ServerThread.run(Unknown Source) ~[hsqldb-2.5.0.jar!/:2.5.0]

[Server@2c88b9fc]: Initiating shutdown sequence...
[Server@2c88b9fc]: Shutdown sequence completed in 7 ms.
[Server@2c88b9fc]: 2021-04-09 20:50:41.533 SHUTDOWN : System.exit() was not called
2021-04-09 17:50:42.085  INFO 45 --- [           main] o.f.c.internal.license.VersionPrinter    : Flyway Community Edition 6.0.8 by Redgate
2021-04-09 17:50:42.183  WARN 45 --- [           main] ConfigServletWebServerApplicationContext : Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'flyWayContainer' defined in class path resource [org/owasp/webgoat/DatabaseInitialization.class]: Invocation of init method failed; nested exception is org.flywaydb.core.internal.exception.FlywaySqlException: 
Unable to obtain connection from database: java.net.ConnectException: Connection refused (Connection refused)
-------------------------------------------------------------------------------------------------------------
SQL State  : 08001
Error Code : -1301
Message    : java.net.ConnectException: Connection refused (Connection refused)

2021-04-09 17:50:42.231  INFO 45 --- [           main] ConditionEvaluationReportLoggingListener : 

Error starting ApplicationContext. To display the conditions report re-run your application with 'debug' enabled.
2021-04-09 17:50:42.235 ERROR 45 --- [           main] o.s.boot.SpringApplication               : Application run failed

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'flyWayContainer' defined in class path resource [org/owasp/webgoat/DatabaseInitialization.class]: Invocation of init method failed; nested exception is org.flywaydb.core.internal.exception.FlywaySqlException: 
Unable to obtain connection from database: java.net.ConnectException: Connection refused (Connection refused)
-------------------------------------------------------------------------------------------------------------
SQL State  : 08001
Error Code : -1301
Message    : java.net.ConnectException: Connection refused (Connection refused)

	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1796) ~[spring-beans-5.2.2.RELEASE.jar!/:5.2.2.RELEASE]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:595) ~[spring-beans-5.2.2.RELEASE.jar!/:5.2.2.RELEASE]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:517) ~[spring-beans-5.2.2.RELEASE.jar!/:5.2.2.RELEASE]
	at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:323) ~[spring-beans-5.2.2.RELEASE.jar!/:5.2.2.RELEASE]
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222) ~[spring-beans-5.2.2.RELEASE.jar!/:5.2.2.RELEASE]
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:321) ~[spring-beans-5.2.2.RELEASE.jar!/:5.2.2.RELEASE]
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202) ~[spring-beans-5.2.2.RELEASE.jar!/:5.2.2.RELEASE]
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:310) ~[spring-beans-5.2.2.RELEASE.jar!/:5.2.2.RELEASE]
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202) ~[spring-beans-5.2.2.RELEASE.jar!/:5.2.2.RELEASE]
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:310) ~[spring-beans-5.2.2.RELEASE.jar!/:5.2.2.RELEASE]
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202) ~[spring-beans-5.2.2.RELEASE.jar!/:5.2.2.RELEASE]
	at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1108) ~[spring-context-5.2.2.RELEASE.jar!/:5.2.2.RELEASE]
	at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:868) ~[spring-context-5.2.2.RELEASE.jar!/:5.2.2.RELEASE]
	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:550) ~[spring-context-5.2.2.RELEASE.jar!/:5.2.2.RELEASE]
	at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:141) ~[spring-boot-2.2.2.RELEASE.jar!/:2.2.2.RELEASE]
	at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:747) ~[spring-boot-2.2.2.RELEASE.jar!/:2.2.2.RELEASE]
	at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:397) ~[spring-boot-2.2.2.RELEASE.jar!/:2.2.2.RELEASE]
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:315) ~[spring-boot-2.2.2.RELEASE.jar!/:2.2.2.RELEASE]
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:1226) ~[spring-boot-2.2.2.RELEASE.jar!/:2.2.2.RELEASE]
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:1215) ~[spring-boot-2.2.2.RELEASE.jar!/:2.2.2.RELEASE]
	at org.owasp.webgoat.StartWebGoat.main(StartWebGoat.java:49) ~[classes!/:8.1.0]
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:na]
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na]
	at java.base/java.lang.reflect.Method.invoke(Method.java:566) ~[na:na]
	at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48) ~[webgoat.jar:8.1.0]
	at org.springframework.boot.loader.Launcher.launch(Launcher.java:87) ~[webgoat.jar:8.1.0]
	at org.springframework.boot.loader.Launcher.launch(Launcher.java:51) ~[webgoat.jar:8.1.0]
	at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:52) ~[webgoat.jar:8.1.0]
Caused by: org.flywaydb.core.internal.exception.FlywaySqlException: 
Unable to obtain connection from database: java.net.ConnectException: Connection refused (Connection refused)
-------------------------------------------------------------------------------------------------------------
SQL State  : 08001
Error Code : -1301
Message    : java.net.ConnectException: Connection refused (Connection refused)

	at org.flywaydb.core.internal.jdbc.JdbcUtils.openConnection(JdbcUtils.java:60) ~[flyway-core-6.0.8.jar!/:na]
	at org.flywaydb.core.internal.jdbc.JdbcConnectionFactory.<init>(JdbcConnectionFactory.java:80) ~[flyway-core-6.0.8.jar!/:na]
	at org.flywaydb.core.Flyway.execute(Flyway.java:438) ~[flyway-core-6.0.8.jar!/:na]
	at org.flywaydb.core.Flyway.migrate(Flyway.java:149) ~[flyway-core-6.0.8.jar!/:na]
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:na]
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na]
	at java.base/java.lang.reflect.Method.invoke(Method.java:566) ~[na:na]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeCustomInitMethod(AbstractAutowireCapableBeanFactory.java:1922) ~[spring-beans-5.2.2.RELEASE.jar!/:5.2.2.RELEASE]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1864) ~[spring-beans-5.2.2.RELEASE.jar!/:5.2.2.RELEASE]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1792) ~[spring-beans-5.2.2.RELEASE.jar!/:5.2.2.RELEASE]
	... 28 common frames omitted
Caused by: java.sql.SQLTransientConnectionException: java.net.ConnectException: Connection refused (Connection refused)
	at org.hsqldb.jdbc.JDBCUtil.sqlException(Unknown Source) ~[hsqldb-2.5.0.jar!/:2.5.0]
	at org.hsqldb.jdbc.JDBCUtil.sqlException(Unknown Source) ~[hsqldb-2.5.0.jar!/:2.5.0]
	at org.hsqldb.jdbc.JDBCConnection.<init>(Unknown Source) ~[hsqldb-2.5.0.jar!/:2.5.0]
	at org.hsqldb.jdbc.JDBCDriver.getConnection(Unknown Source) ~[hsqldb-2.5.0.jar!/:2.5.0]
	at org.hsqldb.jdbc.JDBCDriver.connect(Unknown Source) ~[hsqldb-2.5.0.jar!/:2.5.0]
	at java.sql/java.sql.DriverManager.getConnection(DriverManager.java:677) ~[java.sql:na]
	at java.sql/java.sql.DriverManager.getConnection(DriverManager.java:189) ~[java.sql:na]
	at org.springframework.jdbc.datasource.DriverManagerDataSource.getConnectionFromDriverManager(DriverManagerDataSource.java:154) ~[spring-jdbc-5.2.2.RELEASE.jar!/:5.2.2.RELEASE]
	at org.springframework.jdbc.datasource.DriverManagerDataSource.getConnectionFromDriver(DriverManagerDataSource.java:145) ~[spring-jdbc-5.2.2.RELEASE.jar!/:5.2.2.RELEASE]
	at org.springframework.jdbc.datasource.AbstractDriverBasedDataSource.getConnectionFromDriver(AbstractDriverBasedDataSource.java:205) ~[spring-jdbc-5.2.2.RELEASE.jar!/:5.2.2.RELEASE]
	at org.springframework.jdbc.datasource.AbstractDriverBasedDataSource.getConnection(AbstractDriverBasedDataSource.java:169) ~[spring-jdbc-5.2.2.RELEASE.jar!/:5.2.2.RELEASE]
	at org.flywaydb.core.internal.jdbc.JdbcUtils.openConnection(JdbcUtils.java:56) ~[flyway-core-6.0.8.jar!/:na]
	... 38 common frames omitted
Caused by: org.hsqldb.HsqlException: java.net.ConnectException: Connection refused (Connection refused)
	at org.hsqldb.ClientConnection.openConnection(Unknown Source) ~[hsqldb-2.5.0.jar!/:2.5.0]
	at org.hsqldb.ClientConnection.initConnection(Unknown Source) ~[hsqldb-2.5.0.jar!/:2.5.0]
	at org.hsqldb.ClientConnection.<init>(Unknown Source) ~[hsqldb-2.5.0.jar!/:2.5.0]
	... 48 common frames omitted
Caused by: java.net.ConnectException: Connection refused (Connection refused)
	at java.base/java.net.PlainSocketImpl.socketConnect(Native Method) ~[na:na]
	at java.base/java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:399) ~[na:na]
	at java.base/java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:240) ~[na:na]
	at java.base/java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:224) ~[na:na]
	at java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:403) ~[na:na]
	at java.base/java.net.Socket.connect(Socket.java:591) ~[na:na]
	at java.base/java.net.Socket.connect(Socket.java:540) ~[na:na]
	at java.base/java.net.Socket.<init>(Socket.java:436) ~[na:na]
	at java.base/java.net.Socket.<init>(Socket.java:213) ~[na:na]
	at org.hsqldb.server.HsqlSocketFactory.createSocket(Unknown Source) ~[hsqldb-2.5.0.jar!/:2.5.0]
	... 51 common frames omitted

Thank you again for reading this, appreciate any help :)
@github-actions
Copy link

github-actions bot commented Apr 9, 2021

Thanks for submitting your first issue, we will have a look as quickly as possible.

@nbaars nbaars self-assigned this Apr 10, 2021
@nbaars
Copy link
Collaborator

nbaars commented Apr 22, 2021

@RBisso did you create the directory /tmp/webgoat-data before running the Docker command?
I can reproduce the issue when locally the directory does not exists.

@ng1215
Copy link

ng1215 commented Sep 29, 2021

@RBisso did you create the directory /tmp/webgoat-data before running the Docker command? I can reproduce the issue when locally the directory does not exists.

Sorry to bump the thread too late, I'm still having the same issue too when I was playing around with WebGoat last week. I'll give this a try when I find time on the weekend.

@rambasnet
Copy link

I'm playing with 8.2.2. User registration info still doesn't persist.

@nbaars
Copy link
Collaborator

nbaars commented Oct 25, 2021

@rambasnet it is not persistent between releases that would be possible for the user administration but it has a lower priority.
If you mount a volume in the Docker container within the same release the user registration is persistent.

@rambasnet
Copy link

rambasnet commented Oct 25, 2021
edited

@rambasnet it is not persistent between releases that would be possible for the user administration but it has a lower priority. If you mount a volume in the Docker container within the same release the user registration is persistent.

@nbaars I've tried what @RBisso did and also the solution suggested in the #457 issue. I've used the same version latest (8.2.2) on Kali Linux. I did create /tmp/webgoat-data folder before running docker.

Is there an official documentation step, I can follow that has been tested and works? Thank you!

@nbaars
Copy link
Collaborator

nbaars commented Oct 25, 2021

That is indeed missing, I will add this to the documentation and do some additional testing.

@frost19k
Copy link

Could you please try frost19k/webgoat & lemme know if the issue persists?

❯ docker pull frost19k/webgoat
❯ docker run -it --rm \
  -p 8081:8081 \
  -p 9091:9091 \
  -e TZ=Europe/Amsterdam \
  frost19k/webgoat

Note that the ports are incremented by one, as compared to the original.

@arayofcode
Copy link

arayofcode commented Dec 14, 2022
edited

I deleted my previous comment as I missed giving an update on it. A day after commenting here (2 May 2022), I realized the issue was me running the following command without having an understanding of how the command (or docker) works

docker run -p 8080:8080 -p 9090:9090 -e TZ=America/Sao_Paulo webgoat/goatandwolf

Running this command creates a new container, which means it's a new, clean environment with no data. So everytime I run it, I'm doing a fresh start in WebGoat.

The fix was restarting the docker container I used earlier. Do something like this:

docker run --name webgoat_docker -it -p 127.0.0.1:8080:8080 -p 127.0.0.1:9090:9090 -e TZ=Europe/Amsterdam webgoat/webgoat

This creates a docker container with name webgoat_docker. Now, after closing this docker container, I can restart it by running

docker start webgoat_docker

Please check if this works for you

@nbaars
Copy link
Collaborator

nbaars commented Jan 5, 2023

@arayofcode indeed that's even a better suggestion. Since we don't support migration of user data across versions I've added this to the README.md as an extra option. This will definitely help users to run the same container skipping the need to create a new user every time.

Thanks for your suggestion 👍

@nbaars nbaars added the waiting for release Issue is fix, waiting on new release label Jan 5, 2023
@nbaars nbaars added this to the 2023.0 milestone Jan 5, 2023
@nbaars
Copy link
Collaborator

nbaars commented Jan 6, 2023

Closing as we released 2023.3

@nbaars nbaars closed this as completed Jan 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nbaars nbaars

Labels
bug waiting for release Issue is fix, waiting on new release
Projects
None yet
Milestone
2023.0
Development

No branches or pull requests
6 participants
@nbaars @rambasnet @RBisso @ng1215 @arayofcode @frost19k