diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/session/CreateDB.java b/webgoat-container/src/main/java/org/owasp/webgoat/session/CreateDB.java index 47545ef35..1805bd161 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/session/CreateDB.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/session/CreateDB.java @@ -101,7 +101,7 @@ public class CreateDB { // Create the new table try { String createTableStatement = "CREATE TABLE jwt_keys" - + " (" + "id varchar(10)," + + " (" + "id varchar(20)," + "key varchar(20))"; statement.executeUpdate(createTableStatement); diff --git a/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/plugin/JWTFinalEndpoint.java b/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/plugin/JWTFinalEndpoint.java index 1dd765faf..4549c3942 100644 --- a/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/plugin/JWTFinalEndpoint.java +++ b/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/plugin/JWTFinalEndpoint.java @@ -54,7 +54,7 @@ public class JWTFinalEndpoint extends AssignmentEndpoint { final String kid = (String) header.get("kid"); try { Connection connection = DatabaseUtilities.getConnection(webSession); - ResultSet rs = connection.createStatement().executeQuery("SELECT key FROM jwt_keys WHERE id = " + kid); + ResultSet rs = connection.createStatement().executeQuery("SELECT key FROM jwt_keys WHERE id = '" + kid + "'"); while (rs.next()) { return rs.getString(1).getBytes(Charsets.UTF_8); } diff --git a/webgoat-lessons/jwt/src/main/resources/html/JWT.html b/webgoat-lessons/jwt/src/main/resources/html/JWT.html index bd2326f0d..9eebc1f37 100644 --- a/webgoat-lessons/jwt/src/main/resources/html/JWT.html +++ b/webgoat-lessons/jwt/src/main/resources/html/JWT.html @@ -176,6 +176,7 @@ action="/WebGoat/JWT/final/delete?token=eyJ0eXAiOiJKV1QiLCJraWQiOiJ3ZWJnb2F0X2tleSIsImFsZyI6IkhTMjU2In0.eyJpc3MiOiJXZWJHb2F0IFRva2VuIEJ1aWxkZXIiLCJpYXQiOjE1MjQyMTA5MDQsImV4cCI6MTYxODkwNTMwNCwiYXVkIjoid2ViZ29hdC5vcmciLCJzdWIiOiJqZXJyeUB3ZWJnb2F0LmNvbSIsInVzZXJuYW1lIjoiSmVycnkiLCJFbWFpbCI6ImplcnJ5QHdlYmdvYXQuY29tIiwiUm9sZSI6WyJDYXQiXX0.CgZ27DzgVW8gzc0n6izOU638uUCi6UhiOJKYzoEZGE8" enctype="application/json;charset=UTF-8">
+
@@ -208,7 +209,7 @@
Last updated 12 days ago - +
diff --git a/webgoat-lessons/jwt/src/main/resources/js/jwt-final.js b/webgoat-lessons/jwt/src/main/resources/js/jwt-final.js index 7d3cc2c41..faa31b927 100644 --- a/webgoat-lessons/jwt/src/main/resources/js/jwt-final.js +++ b/webgoat-lessons/jwt/src/main/resources/js/jwt-final.js @@ -3,8 +3,7 @@ function follow(user) { type: 'POST', url: 'JWT/final/follow/' + user }).then(function (result) { - $("#toast").setTextContent(result); + $("#toast").append(result); }) } -} diff --git a/webgoat-lessons/jwt/src/main/resources/js/jwt-signing.js b/webgoat-lessons/jwt/src/main/resources/js/jwt-signing.js index 389145c4d..55791c32a 100644 --- a/webgoat-lessons/jwt/src/main/resources/js/jwt-signing.js +++ b/webgoat-lessons/jwt/src/main/resources/js/jwt-signing.js @@ -5,11 +5,10 @@ $(document).ready(function () { function login(user) { $("#name").text(user); $.ajax({ - url: "JWT/votings/login?user=" + user, - complete: function (result, status) { - getVotings(); - } - }); + url: 'JWT/votings/login?user=' + user + }).then(function () { + getVotings(); + }) } var html = '' + @@ -65,7 +64,7 @@ function getVotings() { }) } -webgoat.customjs.jwtSigningCallback = function() { +webgoat.customjs.jwtSigningCallback = function () { getVotings(); }