WIP

2021-02-26 12:02:18 +01:00 · 2021-02-26 12:02:18 +01:00 · 1ebd50cb5b
commit 1ebd50cb5b
parent f2ab5c1968
1 changed files with 27 additions and 0 deletions
--- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java
+++ b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java
@ -36,6 +36,8 @@ public class JWTLessonTest extends IntegrationTest {

    	startLesson("JWT");

+    	decodingToken();
+  
        resetVotes();
                
        findPassword();
@ -74,6 +76,31 @@ public class JWTLessonTest extends IntegrationTest {
    	return null;
    }

+	private void decodingToken() throws IOException, NoSuchAlgorithmException, InvalidKeyException {
+
+		String accessToken = RestAssured.given()
+				.when()
+				.relaxedHTTPSValidation()
+				.cookie("JSESSIONID", getWebGoatCookie())
+				.get(url("/WebGoat/JWT/secret/gettoken"))
+				.then()
+				.extract().response().asString();
+
+		String secret = getSecretToken(accessToken);
+
+		MatcherAssert.assertThat(
+				RestAssured.given()
+						.when()
+						.relaxedHTTPSValidation()
+						.cookie("JSESSIONID", getWebGoatCookie())
+						.formParam("token", generateToken(secret))
+						.post(url("/WebGoat/JWT/secret"))
+						.then()
+						.statusCode(200)
+						.extract().path("lessonCompleted"), CoreMatchers.is(true));
+
+	}
+    
    private void findPassword() throws IOException, NoSuchAlgorithmException, InvalidKeyException {
    	
    	String accessToken = RestAssured.given()