Refactoring (#1201)
* Some initial refactoring * Make it one application * Got it working * Fix problem on Windows * Move WebWolf * Move first lesson * Moved all lessons * Fix pom.xml * Fix tests * Add option to initialize a lesson This way we can create content for each user inside a lesson. The initialize method will be called when a new user is created or when a lesson reset happens * Clean up pom.xml files * Remove fetching labels based on language. We only support English at the moment, all the lesson explanations are written in English which makes it very difficult to translate. If we only had labels it would make sense to support multiple languages * Fix SonarLint issues * And move it all to the main project * Fix for documentation paths * Fix pom warnings * Remove PMD as it does not work * Update release notes about refactoring Update release notes about refactoring Update release notes about refactoring * Fix lesson template * Update release notes * Keep it in the same repo in Dockerhub * Update documentation to show how the connection is obtained. Resolves: #1180 * Rename all integration tests * Remove command from Dockerfile * Simplify GitHub actions Currently, we use a separate actions for pull-requests and branch build. This is now consolidated in one action. The PR action triggers always, it now only trigger when the PR is opened and not in draft. Running all platforms on a branch build is a bit too much, it is better to only run all platforms when someone opens a PR. * Remove duplicate entry from release notes * Add explicit registry for base image * Lesson scanner not working when fat jar When running the fat jar we have to take into account we are reading from the jar file and not the filesystem. In this case you cannot use `getFile` for example. * added info in README and fixed release docker * changed base image and added ignore file Co-authored-by: Zubcevic.com <rene@zubcevic.com>
This commit is contained in:
Nanne Baars
GitHub
33
src/main/resources/lessons/jwt/i18n/WebGoatLabels.properties
Normal file
33
src/main/resources/lessons/jwt/i18n/WebGoatLabels.properties
Normal file
@ -0,0 +1,33 @@
|
||||
jwt.title=JWT tokens
|
||||
|
||||
#Assignment changing tokens
|
||||
jwt-user=You are logged in as {0}, but you are not an admin yet, please try again
|
||||
jwt-invalid-token=Not a valid JWT token, please try again
|
||||
jwt-only-admin=Only an admin user can reset the votes
|
||||
jwt-change-token-hint1=Select a different user and look at the token you receive back, use the delete button to reset the votes count
|
||||
jwt-change-token-hint2=Decode the token and look at the contents
|
||||
jwt-change-token-hint3=Change the contents of the token and replace the cookie before sending the request for getting the votes
|
||||
jwt-change-token-hint4=Change the admin field to true in the token
|
||||
jwt-change-token-hint5=Submit the token by changing the algorithm to None and remove the signature
|
||||
|
||||
jwt-secret-hint1=Save the token and try to verify the token locally
|
||||
jwt-secret-hint2=Download a word list dictionary (https://github.com/first20hours/google-10000-english)
|
||||
jwt-secret-hint3=Write a small program or use HashCat for brute forcing the token according the word list
|
||||
jwt-secret-claims-missing=You are missing some claims, you should keep all the claims in the token
|
||||
jwt-secret-incorrect-user=The user is {0}, you need to change it to WebGoat
|
||||
|
||||
jwt-refresh-hint1=Look at the access log you will find a token there
|
||||
jwt-refresh-hint2=The token from the access log is no longer valid, can you find a way to refresh it?
|
||||
jwt-refresh-hint3=The endpoint for refreshing a token is 'JWT/refresh/newToken'
|
||||
jwt-refresh-hint4=Use the found access token in the Authorization: Bearer header and use your own refresh token
|
||||
jwt-refresh-not-tom=User is not Tom but {0}, please try again
|
||||
|
||||
jwt-final-jerry-account=Yikes, you are removing Jerry's account, try to delete the account of Tom
|
||||
jwt-final-not-tom=Username is not Tom try to pass a token for Tom
|
||||
|
||||
jwt-final-hint1=Take a look at the token and specifically and the header
|
||||
jwt-final-hint2=The 'kid' (key ID) header parameter is a hint indicating which key was used to secure the JWS
|
||||
jwt-final-hint3=The key can be located on the filesystem in memory or even reside in the database
|
||||
jwt-final-hint4=The key is stored in the database and loaded while verifying a token
|
||||
jwt-final-hint5=Using a SQL injection you might be able to manipulate the key to something you know and create a new token.
|
||||
jwt-final-hint6=Use: hacked' UNION select 'deletingTom' from INFORMATION_SCHEMA.SYSTEM_USERS -- as the kid in the header and change the contents of the token to Tom and hit the endpoint with the new token
|
||||
Reference in New Issue
Block a user