Code style (#696)
* Remove Guava dependency from WebGoat * Add Checkstyle to the project with very basic standards so we have a style across lessons. It does not interfere with basic Intellij formatting
This commit is contained in:
Nanne Baars
committed by
René Zubcevic
René Zubcevic
parent
66bd1d8c1a
commit
1a83e2825e
@ -22,24 +22,17 @@
|
||||
|
||||
package org.owasp.webgoat.jwt;
|
||||
|
||||
import com.google.common.collect.Lists;
|
||||
import com.google.common.collect.Maps;
|
||||
import io.jsonwebtoken.*;
|
||||
import org.apache.commons.lang3.RandomStringUtils;
|
||||
import org.owasp.webgoat.assignments.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.assignments.AssignmentHints;
|
||||
import org.owasp.webgoat.assignments.AssignmentPath;
|
||||
import org.owasp.webgoat.assignments.AttackResult;
|
||||
import org.owasp.webgoat.session.WebSession;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.http.MediaType;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
|
||||
import java.util.Date;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.*;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
||||
/**
|
||||
@ -52,7 +45,7 @@ public class JWTRefreshEndpoint extends AssignmentEndpoint {
|
||||
|
||||
public static final String PASSWORD = "bm5nhSkxCXZkKRy4";
|
||||
private static final String JWT_PASSWORD = "bm5n3SkxCX4kKRy4";
|
||||
private static final List<String> validRefreshTokens = Lists.newArrayList();
|
||||
private static final List<String> validRefreshTokens = new ArrayList<>();
|
||||
|
||||
@PostMapping(value = "/JWT/refresh/login", consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@ResponseBody
|
||||
@ -67,7 +60,7 @@ public class JWTRefreshEndpoint extends AssignmentEndpoint {
|
||||
}
|
||||
|
||||
private Map<String, Object> createNewTokens(String user) {
|
||||
Map<String, Object> claims = Maps.newHashMap();
|
||||
Map<String, Object> claims = new HashMap<>();
|
||||
claims.put("admin", "false");
|
||||
claims.put("user", user);
|
||||
String token = Jwts.builder()
|
||||
@ -75,7 +68,7 @@ public class JWTRefreshEndpoint extends AssignmentEndpoint {
|
||||
.setClaims(claims)
|
||||
.signWith(io.jsonwebtoken.SignatureAlgorithm.HS512, JWT_PASSWORD)
|
||||
.compact();
|
||||
Map<String, Object> tokenJson = Maps.newHashMap();
|
||||
Map<String, Object> tokenJson = new HashMap<>();
|
||||
String refreshToken = RandomStringUtils.randomAlphabetic(20);
|
||||
validRefreshTokens.add(refreshToken);
|
||||
tokenJson.put("access_token", token);
|
||||
|
||||
@ -22,24 +22,16 @@
|
||||
|
||||
package org.owasp.webgoat.jwt;
|
||||
|
||||
import com.google.common.collect.Lists;
|
||||
import io.jsonwebtoken.impl.TextCodec;
|
||||
import org.owasp.webgoat.assignments.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.assignments.AssignmentHints;
|
||||
import org.owasp.webgoat.assignments.AssignmentPath;
|
||||
import org.owasp.webgoat.assignments.AttackResult;
|
||||
import org.springframework.http.MediaType;
|
||||
import org.springframework.web.bind.annotation.PostMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestParam;
|
||||
|
||||
import io.jsonwebtoken.Claims;
|
||||
import io.jsonwebtoken.Jwt;
|
||||
import io.jsonwebtoken.Jwts;
|
||||
import io.jsonwebtoken.SignatureAlgorithm;
|
||||
|
||||
import org.springframework.web.bind.annotation.ResponseBody;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
import io.jsonwebtoken.impl.TextCodec;
|
||||
import org.owasp.webgoat.assignments.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.assignments.AssignmentHints;
|
||||
import org.owasp.webgoat.assignments.AttackResult;
|
||||
import org.springframework.http.MediaType;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
|
||||
import java.time.Instant;
|
||||
import java.util.Calendar;
|
||||
@ -55,24 +47,24 @@ import java.util.Random;
|
||||
@AssignmentHints({"jwt-secret-hint1", "jwt-secret-hint2", "jwt-secret-hint3"})
|
||||
public class JWTSecretKeyEndpoint extends AssignmentEndpoint {
|
||||
|
||||
public static final String[] SECRETS = {"victory","business","available", "shipping", "washington"};
|
||||
public static final String[] SECRETS = {"victory", "business", "available", "shipping", "washington"};
|
||||
public static final String JWT_SECRET = TextCodec.BASE64.encode(SECRETS[new Random().nextInt(SECRETS.length)]);
|
||||
private static final String WEBGOAT_USER = "WebGoat";
|
||||
private static final List<String> expectedClaims = Lists.newArrayList("iss", "iat", "exp", "aud", "sub", "username", "Email", "Role");
|
||||
private static final List<String> expectedClaims = List.of("iss", "iat", "exp", "aud", "sub", "username", "Email", "Role");
|
||||
|
||||
@RequestMapping(path="/JWT/secret/gettoken",produces=MediaType.TEXT_HTML_VALUE)
|
||||
@RequestMapping(path = "/JWT/secret/gettoken", produces = MediaType.TEXT_HTML_VALUE)
|
||||
@ResponseBody
|
||||
public String getSecretToken() {
|
||||
return Jwts.builder()
|
||||
.setIssuer("WebGoat Token Builder")
|
||||
.setAudience("webgoat.org")
|
||||
.setIssuedAt(Calendar.getInstance().getTime())
|
||||
.setExpiration(Date.from(Instant.now().plusSeconds(60)))
|
||||
.setSubject("tom@webgoat.org")
|
||||
.claim("username", "Tom")
|
||||
.claim("Email", "tom@webgoat.org")
|
||||
.claim("Role", new String[] {"Manager", "Project Administrator"})
|
||||
.signWith(SignatureAlgorithm.HS256, JWT_SECRET).compact();
|
||||
return Jwts.builder()
|
||||
.setIssuer("WebGoat Token Builder")
|
||||
.setAudience("webgoat.org")
|
||||
.setIssuedAt(Calendar.getInstance().getTime())
|
||||
.setExpiration(Date.from(Instant.now().plusSeconds(60)))
|
||||
.setSubject("tom@webgoat.org")
|
||||
.claim("username", "Tom")
|
||||
.claim("Email", "tom@webgoat.org")
|
||||
.claim("Role", new String[]{"Manager", "Project Administrator"})
|
||||
.signWith(SignatureAlgorithm.HS256, JWT_SECRET).compact();
|
||||
}
|
||||
|
||||
@PostMapping("/JWT/secret")
|
||||
@ -93,7 +85,7 @@ public class JWTSecretKeyEndpoint extends AssignmentEndpoint {
|
||||
}
|
||||
}
|
||||
} catch (Exception e) {
|
||||
e.printStackTrace();
|
||||
e.printStackTrace();
|
||||
return trackProgress(failed().feedback("jwt-invalid-token").output(e.getMessage()).build());
|
||||
}
|
||||
}
|
||||
|
||||
@ -22,7 +22,6 @@
|
||||
|
||||
package org.owasp.webgoat.jwt;
|
||||
|
||||
import com.google.common.collect.Maps;
|
||||
import io.jsonwebtoken.Claims;
|
||||
import io.jsonwebtoken.Jwt;
|
||||
import io.jsonwebtoken.JwtException;
|
||||
@ -46,6 +45,7 @@ import javax.servlet.http.HttpServletResponse;
|
||||
import java.time.Duration;
|
||||
import java.time.Instant;
|
||||
import java.util.Date;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
import static java.util.Comparator.comparingLong;
|
||||
@ -64,7 +64,7 @@ public class JWTVotesEndpoint extends AssignmentEndpoint {
|
||||
private static String validUsers = "TomJerrySylvester";
|
||||
|
||||
private static int totalVotes = 38929;
|
||||
private Map<String, Vote> votes = Maps.newHashMap();
|
||||
private Map<String, Vote> votes = new HashMap<>();
|
||||
|
||||
@PostConstruct
|
||||
public void initVotes() {
|
||||
|
||||
Reference in New Issue
Block a user