From 589872ad47a640254088ba9e104b7274807b79dc Mon Sep 17 00:00:00 2001
From: Nanne Baars <nanne.baars@owasp.org>
Date: Tue, 29 May 2018 11:20:40 +0200
Subject: [PATCH] Fix for JWT assignment 1 log in now works again. Reset button
 only triggers reset when admin is set to true in the token

---
 .../owasp/webgoat/plugin/JWTVotesEndpoint.java    |  1 -
 .../jwt/src/main/resources/html/JWT.html          | 15 ++++++++-------
 .../js/{jwt-signing.js => jwt-voting.js}          |  4 ++--
 3 files changed, 10 insertions(+), 10 deletions(-)
 rename webgoat-lessons/jwt/src/main/resources/js/{jwt-signing.js => jwt-voting.js} (98%)

diff --git a/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/plugin/JWTVotesEndpoint.java b/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/plugin/JWTVotesEndpoint.java
index 94f829191..c963212ee 100644
--- a/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/plugin/JWTVotesEndpoint.java
+++ b/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/plugin/JWTVotesEndpoint.java
@@ -143,7 +143,6 @@ public class JWTVotesEndpoint extends AssignmentEndpoint {
                 Claims claims = (Claims) jwt.getBody();
                 boolean isAdmin = Boolean.valueOf((String) claims.get("admin"));
                 if (!isAdmin) {
-                    votes.values().forEach(vote -> vote.reset());
                     return trackProgress(failed().feedback("jwt-only-admin").build());
                 } else {
                     votes.values().forEach(vote -> vote.reset());
diff --git a/webgoat-lessons/jwt/src/main/resources/html/JWT.html b/webgoat-lessons/jwt/src/main/resources/html/JWT.html
index e81693e10..136d20d1c 100644
--- a/webgoat-lessons/jwt/src/main/resources/html/JWT.html
+++ b/webgoat-lessons/jwt/src/main/resources/html/JWT.html
@@ -16,8 +16,10 @@
 
     <link rel="stylesheet" type="text/css" th:href="@{/lesson_css/jwt.css}"/>
     <script th:src="@{/lesson_js/bootstrap.min.js}" language="JavaScript"></script>
-    <script th:src="@{/lesson_js/jwt-signing.js}" language="JavaScript"></script>
+    <script th:src="@{/lesson_js/jwt-voting.js}" language="JavaScript"></script>
     <div class="attack-container">
+        <div class="attack-feedback"></div>
+        <div class="attack-output"></div>
         <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
         <form class="attack-form" accept-charset="UNKNOWN"
               method="POST"
@@ -37,16 +39,16 @@
                                 </button>
                                 <ul class="dropdown-menu dropdown-menu-left">
                                     <li role="presentation"><a role="menuitem" tabindex="-1"
-                                                               onclick="javascript:login('Guest')"
+                                                               onclick="javascript:loginVotes('Guest')"
                                                                th:text="Guest">current</a></li>
                                     <li role="presentation"><a role="menuitem" tabindex="-1"
-                                                               onclick="javascript:login('Tom')"
+                                                               onclick="javascript:loginVotes('Tom')"
                                                                th:text="Tom">current</a></li>
                                     <li role="presentation"><a role="menuitem" tabindex="-1"
-                                                               onclick="javascript:login('Jerry')"
+                                                               onclick="javascript:loginVotes('Jerry')"
                                                                th:text="Jerry">current</a></li>
                                     <li role="presentation"><a role="menuitem" tabindex="-1"
-                                                               onclick="javascript:login('Sylvester')"
+                                                               onclick="javascript:loginVotes('Sylvester')"
                                                                th:text="Sylvester">current</a></li>
                                 </ul>
                                 <button type="button" class="btn btn-default fa fa-refresh" title="Refresh votes"
@@ -70,8 +72,7 @@
         </form>
 
         <br/>
-        <div class="attack-feedback"></div>
-        <div class="attack-output"></div>
+
     </div>
 </div>
 
diff --git a/webgoat-lessons/jwt/src/main/resources/js/jwt-signing.js b/webgoat-lessons/jwt/src/main/resources/js/jwt-voting.js
similarity index 98%
rename from webgoat-lessons/jwt/src/main/resources/js/jwt-signing.js
rename to webgoat-lessons/jwt/src/main/resources/js/jwt-voting.js
index 4d692d1bf..55f95b8a0 100644
--- a/webgoat-lessons/jwt/src/main/resources/js/jwt-signing.js
+++ b/webgoat-lessons/jwt/src/main/resources/js/jwt-voting.js
@@ -1,8 +1,8 @@
 $(document).ready(function () {
-    login('Guest');
+    loginVotes('Guest');
 })
 
-function login(user) {
+function loginVotes(user) {
     $("#name").text(user);
     $.ajax({
         url: 'JWT/votings/login?user=' + user,