dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

WIP

Browse Source
This commit is contained in:
Nanne Baars 2021-02-26 12:02:18 +01:00 committed by Nanne Baars
parent f2ab5c1968
commit 1ebd50cb5b
1 changed files with 27 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java
View File

@ -36,6 +36,8 @@ public class JWTLessonTest extends IntegrationTest {
startLesson("JWT"); startLesson("JWT");
decodingToken();
resetVotes(); resetVotes();
findPassword(); findPassword();
@ -74,6 +76,31 @@ public class JWTLessonTest extends IntegrationTest {
return null; return null;
} }
private void decodingToken() throws IOException, NoSuchAlgorithmException, InvalidKeyException {
String accessToken = RestAssured.given()
.when()
.relaxedHTTPSValidation()
.cookie("JSESSIONID", getWebGoatCookie())
.get(url("/WebGoat/JWT/secret/gettoken"))
.then()
.extract().response().asString();
String secret = getSecretToken(accessToken);
MatcherAssert.assertThat(
RestAssured.given()
.when()
.relaxedHTTPSValidation()
.cookie("JSESSIONID", getWebGoatCookie())
.formParam("token", generateToken(secret))
.post(url("/WebGoat/JWT/secret"))
.then()
.statusCode(200)
.extract().path("lessonCompleted"), CoreMatchers.is(true));
}
private void findPassword() throws IOException, NoSuchAlgorithmException, InvalidKeyException { private void findPassword() throws IOException, NoSuchAlgorithmException, InvalidKeyException {
String accessToken = RestAssured.given() String accessToken = RestAssured.given()