Added ui structure

src/asgi.py → config/asgi.py

@@ -11,6 +11,6 @@ import os
 
 from django.core.asgi import get_asgi_application
 
-os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'src.settings')
+os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'config.settings')
 
 application = get_asgi_application()

src/settings.py → config/settings.py

@@ -37,6 +37,7 @@ INSTALLED_APPS = [
     'django.contrib.sessions',
     'django.contrib.messages',
     'django.contrib.staticfiles',
+    'website',
 ]
 
 MIDDLEWARE = [
@@ -49,7 +50,7 @@ MIDDLEWARE = [
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
 ]
 
-ROOT_URLCONF = 'src.urls'
+ROOT_URLCONF = 'config.urls'
 
 TEMPLATES = [
     {
@@ -67,7 +68,7 @@ TEMPLATES = [
     },
 ]
 
-WSGI_APPLICATION = 'src.wsgi.application'
+WSGI_APPLICATION = 'config.wsgi.application'
 
 
 # Database

src/urls.py → config/urls.py

@@ -14,8 +14,10 @@ Including another URLconf
     2. Add a URL to urlpatterns:  path('blog/', include('blog.urls'))
 """
 from django.contrib import admin
-from django.urls import path
+from django.urls import path, include
 
 urlpatterns = [
     path('admin/', admin.site.urls),
+    path('accounts/', include('django.contrib.auth.urls')),
+    path('', include('website.urls'))
 ]

src/wsgi.py → config/wsgi.py

@@ -11,6 +11,6 @@ import os
 
 from django.core.wsgi import get_wsgi_application
 
-os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'src.settings')
+os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'config.settings')
 
 application = get_wsgi_application()

manage.py

@@ -6,7 +6,7 @@ import sys
 
 def main():
     """Run administrative tasks."""
-    os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'src.settings')
+    os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'config.settings')
     try:
         from django.core.management import execute_from_command_line
     except ImportError as exc:

website/admin.py

+from django.contrib import admin
+
+# Register your models here.

website/apps.py

+from django.apps import AppConfig
+
+
+class WebsiteConfig(AppConfig):
+    default_auto_field = 'django.db.models.BigAutoField'
+    name = 'website'

website/migrations/0001_messages.py

+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+    initial = True
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Message',
+            fields=[
+                ('id', models.AutoField(auto_created=True,
+                 primary_key=True, serialize=False, verbose_name='ID')),
+                ('source', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE,
+                 related_name='source', to=settings.AUTH_USER_MODEL)),
+                ('target', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE,
+                 related_name='target', to=settings.AUTH_USER_MODEL)),
+                ('content', models.TextField()),
+                ('time', models.DateTimeField(auto_now_add=True)),
+            ],
+        ),
+    ]

website/models.py

+from django.db import models
+from django.contrib.auth.models import User
+
+
+class Message(models.Model):
+    source = models.ForeignKey(
+        User, on_delete=models.CASCADE, related_name='source')
+    target = models.ForeignKey(
+        User, on_delete=models.CASCADE, related_name='target')
+    content = models.TextField()
+    time = models.DateTimeField(auto_now_add=True)

website/templates/pages/index.html

+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+  <title>Exploitable website</title>
+</head>
+
+<body>
+  <h1>Hello {{user.username}}</h1>
+  <hr />
+  <h2>Received messages:</h2>
+
+  <h3>Search messages:</h3>
+  <form>
+    <input type="text" />
+    <input type="button" value="Search" />
+  </form>
+
+
+  <h2>Send message:</h2>
+  <form>
+    To: <select name="target">
+      {% for recipient in recipients %}
+      <option value="{{recipient.username}}">{{recipient.username}}</option>
+      {% endfor %}
+    </select><br />
+    <br />
+    Message:<br />
+    <textarea name="message" style="width: 600px; height: 120px;"></textarea><br />
+    <br />
+    <input type="button" value="Send message">
+  </form>
+
+</body>
+
+</html>
\ No newline at end of file

website/templates/registration/login.html

+<h2>Login</h2>
+<form method="post">
+  {% csrf_token %}
+  {{ form.as_p }}
+  <button type="submit">Login</button>
+</form>
\ No newline at end of file

website/tests.py

+from django.test import TestCase
+
+# Create your tests here.

website/urls.py

+from django.urls import path
+from .views import homePageView, messageView
+
+urlpatterns = [
+    path('', homePageView, name='home'),
+    path('messages', messageView, name='messages')
+]

website/views.py

+from django.http import HttpResponse
+from django.contrib.auth.decorators import login_required
+from django.shortcuts import render
+from .models import Message
+from django.contrib.auth.models import User
+from django.db.models import Q
+
+
+# @login_required
+def messageView(request):
+    uid = request.GET.get('uid')
+    # uid = request.user
+    messages = Message.objects.filter(Q(source=uid) | Q(target=uid))
+    return HttpResponse('MEH')
+
+
+@login_required
+def homePageView(request):
+    recipients = User.objects.exclude(pk=request.user.id)
+    return render(request, 'pages/index.html', {'recipients': recipients})