dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixed and improved first two jwt challenges

Browse Source
This commit is contained in:
Rene Zubcevic
2019-09-17 08:35:34 +02:00
committed by Nanne Baars
parent fb2e11fe11
commit 57e6a84cef
7 changed files with 191 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/plugin/JWTVotesEndpointTest.java
View File

@ -48,7 +48,7 @@ public class JWTVotesEndpointTest extends LessonTest {
String token = Jwts.builder().setClaims(claims).setHeaderParam("alg", "none").compact();
//Call the reset endpoint
mockMvc.perform(MockMvcRequestBuilders.post("/JWT/votings/reset")
mockMvc.perform(MockMvcRequestBuilders.post("/JWT/votings")
.contentType(MediaType.APPLICATION_JSON)
.cookie(new Cookie("access_token", token)))
.andExpect(status().isOk())
@ -57,7 +57,7 @@ public class JWTVotesEndpointTest extends LessonTest {
@Test
public void resetWithoutTokenShouldNotWork() throws Exception {
mockMvc.perform(MockMvcRequestBuilders.post("/JWT/votings/reset")
mockMvc.perform(MockMvcRequestBuilders.post("/JWT/votings")
.contentType(MediaType.APPLICATION_JSON))
.andExpect(status().isOk())
.andExpect(jsonPath("$.feedback", CoreMatchers.is(messages.getMessage("jwt-invalid-token"))));
@ -128,7 +128,7 @@ public class JWTVotesEndpointTest extends LessonTest {
Object[] nodes = new ObjectMapper().readValue(result.getResponse().getContentAsString(), Object[].class);
int currentNumberOfVotes = (int) findNodeByTitle(nodes, "Admin lost password").get("numberOfVotes");
mockMvc.perform(MockMvcRequestBuilders.post("/JWT/votings/Admin lost password")
mockMvc.perform(MockMvcRequestBuilders.post("/JWT/votings/vote/Admin lost password")
.cookie(cookie))
.andExpect(status().isAccepted());
result = mockMvc.perform(MockMvcRequestBuilders.get("/JWT/votings")
@ -151,7 +151,7 @@ public class JWTVotesEndpointTest extends LessonTest {
@Test
public void guestShouldNotBeAbleToVote() throws Exception {
mockMvc.perform(MockMvcRequestBuilders.post("/JWT/votings/Admin lost password")
mockMvc.perform(MockMvcRequestBuilders.post("/JWT/votings/vote/Admin lost password")
.cookie(new Cookie("access_token", "")))
.andExpect(status().isUnauthorized());
}
@ -163,7 +163,7 @@ public class JWTVotesEndpointTest extends LessonTest {
claims.put("user", "Intruder");
String token = Jwts.builder().signWith(io.jsonwebtoken.SignatureAlgorithm.HS512, JWT_PASSWORD).setClaims(claims).compact();
mockMvc.perform(MockMvcRequestBuilders.post("/JWT/votings/Admin lost password")
mockMvc.perform(MockMvcRequestBuilders.post("/JWT/votings/vote/Admin lost password")
.cookie(new Cookie("access_token", token)))
.andExpect(status().isUnauthorized());
}