dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

skip validation for JWT (#1663)

Browse Source 
* skip validation for JWT

* skip validation for JWT

* skip validation for JWT
This commit is contained in:
René Zubcevic
2023-11-15 18:30:14 +01:00
committed by GitHub
parent ba75e10efd
commit 8450c5a5be
2 changed files with 30 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/main/java/org/owasp/webgoat/webwolf/jwt/JWTToken.java
View File

@ -1,11 +1,11 @@
package org.owasp.webgoat.webwolf.jwt;
import static java.nio.charset.StandardCharsets.UTF_8;
import static org.springframework.util.Base64Utils.decodeFromUrlSafeString;
import static org.springframework.util.StringUtils.hasText;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.util.Base64;
import java.util.Map;
import java.util.TreeMap;
import lombok.AllArgsConstructor;
@ -103,8 +103,8 @@ public class JWTToken {
var builder = JWTToken.builder().encoded(jwt);
if (token.length >= 2) {
var header = new String(decodeFromUrlSafeString(token[0]), UTF_8);
var payloadAsString = new String(decodeFromUrlSafeString(token[1]), UTF_8);
var header = new String(Base64.getUrlDecoder().decode(token[0]), UTF_8);
var payloadAsString = new String(Base64.getUrlDecoder().decode(token[1]), UTF_8);
var headers = parse(header);
var payload = parse(payloadAsString);
builder.header(write(header, headers));