From 88a321c268e88dee06d19ed6a276d1012257853c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ren=C3=A9=20Zubcevic?= <rene@zubcevic.com>
Date: Thu, 16 Nov 2023 14:42:10 +0100
Subject: [PATCH] search box moved and jwt encode/decode with little delay
 (#1664)

---
 robot/README.md                               |  8 ++--
 robot/goat.robot                              |  3 +-
 src/main/resources/webgoat/static/js/main.js  |  7 +++-
 .../resources/webgoat/templates/main_new.html | 13 ++-----
 src/main/resources/webwolf/static/js/jwt.js   | 37 ++++++++++++++++---
 5 files changed, 47 insertions(+), 21 deletions(-)

diff --git a/robot/README.md b/robot/README.md
index 5ed805c9f..de0db8e7b 100644
--- a/robot/README.md
+++ b/robot/README.md
@@ -12,8 +12,10 @@ Then see security settings and allow the file to run
         pip3 install virtualenv --user
         python3 -m virtualenv .venv
         source .venv/bin/activate
-        pip install robotframework
-        pip install robotframework-SeleniumLibrary
-        pip install webdriver-manager
+        pip install --upgrade robotframework
+        pip install --upgrade robotframework-SeleniumLibrary
+        pip install --upgrade webdriver-manager
+        brew upgrade
         robot --variable HEADLESS:"0" --variable ENDPOINT:"http://127.0.0.1:8080/WebGoat" goat.robot
 
+Make sure that the Chrome version, the webdriver version and all related components are up-to-date and compatible!
diff --git a/robot/goat.robot b/robot/goat.robot
index 87fa2b8be..e0fd074ff 100644
--- a/robot/goat.robot
+++ b/robot/goat.robot
@@ -121,8 +121,9 @@ Check_JWT_Page
   Log To Console  Found token ${OUT_VALUE}
   ${OUT_RESULT}  Evaluate  "ImuPnHvLdU7ULKfbD4aJU" in """${OUT_VALUE}"""
   Log To Console  Found token ${OUT_RESULT}
+  Capture Page Screenshot
 
 Check_Files_Page
   Go To  ${ENDPOINT_WOLF}/files
   Choose File  css:input[type="file"]  ${CURDIR}/goat.robot
-  Click Button  Upload files
\ No newline at end of file
+  Click Button  Upload files
diff --git a/src/main/resources/webgoat/static/js/main.js b/src/main/resources/webgoat/static/js/main.js
index 9bf767402..35e5eabd4 100644
--- a/src/main/resources/webgoat/static/js/main.js
+++ b/src/main/resources/webgoat/static/js/main.js
@@ -33,9 +33,12 @@ require.config({
     bootstrap: 'libs/bootstrap.min',
     text: 'libs/text',
     templates: 'goatApp/templates',
-    polyglot: 'libs/polyglot.min'
+    polyglot: 'libs/polyglot.min',
+    search: 'search'
   },
 
+  deps: ['search'],
+
   shim: {
 	"jqueryui": {
 	  exports:"$",
@@ -67,4 +70,4 @@ require([
 	'bootstrap',
 	'goatApp/goatApp'], function($,jqueryVuln,jqueryui,_,Backbone,Bootstrap,Goat){
     Goat.initApp();
-});
\ No newline at end of file
+});
diff --git a/src/main/resources/webgoat/templates/main_new.html b/src/main/resources/webgoat/templates/main_new.html
index 53d4fec00..1d175ea71 100644
--- a/src/main/resources/webgoat/templates/main_new.html
+++ b/src/main/resources/webgoat/templates/main_new.html
@@ -15,13 +15,8 @@
     <link rel="stylesheet" type="text/css" th:href="@{/css/font-awesome.min.css}"/>
     <link rel="stylesheet" type="text/css" th:href="@{/css/animate.css}"/>
     <link rel="stylesheet" type="text/css" th:href="@{/css/coderay.css}"/>
-<!--    <link rel="stylesheet" type="text/css" th:href="@{/css/asciidoctor-default.css}"/>-->
-
     <!--  end of CSS -->
 
-    <!-- JS -->
-    <!-- <script src="js/modernizr.min.js"></script>-->
-
     <!-- Require.js used to load js asynchronously -->
     <script src="js/libs/require.min.js" data-main="js/main"></script>
     <meta http-equiv="Content-Type" content="text/id; charset=UTF-8"/>
@@ -39,8 +34,9 @@
         <div id="lesson-title-wrapper">
 
         </div><!--lesson title end-->
-        <!--<div class="user-nav pull-right" id="user-and-info-nav" style="margin-right: 75px;">-->
-        <div style="position: absolute;width:400px; z-index:3; top:22px; right: -90px;">
+        <div style="position: absolute;width:600px; z-index:3; top:22px; right: -90px;">
+            <input class="form-control" type="text" id="search" name="search" th:placeholder="#{searchmenu}"  style="width:200px;display:inline-block" />
+            
             <!-- webwolf menu item -->
             <a th:href="@{/WebWolf}" target="_blank">
                 <button type="button" id="webwolf-button" class="btn btn-default right_nav_button"
@@ -151,8 +147,7 @@
                 </button>
             </a>
 
-            <input class="form-control" type="text" id="search" name="search" th:placeholder="#{searchmenu}"  style="width:60%" />
-            <script src="js/search.js" ></script>
+            
 
         </div>
     </header>
diff --git a/src/main/resources/webwolf/static/js/jwt.js b/src/main/resources/webwolf/static/js/jwt.js
index fa95aeafe..e69df64c5 100644
--- a/src/main/resources/webwolf/static/js/jwt.js
+++ b/src/main/resources/webwolf/static/js/jwt.js
@@ -11,17 +11,43 @@
 
 
 $(document).ready(() => {
-    $('#payload').on('input', call(true));
-    $('#header').on('input', call(true));
-    $('#secretKey').on('input', call(true));
-    $('#token').on('input', call(false));
+let tokeninput = document.getElementById('token');
+let headerinput = document.getElementById('header');
+let secretKeyinput = document.getElementById('secretKey');
+let payloadinput = document.getElementById('payload');
+let timeout = null;
+
+tokeninput.addEventListener('keyup', function (e) {
+    clearTimeout(timeout);
+    timeout = setTimeout(function () {
+        call(false);
+    }, 1000);
+});
+headerinput.addEventListener('keyup', function (e) {
+    clearTimeout(timeout);
+    timeout = setTimeout(function () {
+        call(true);
+    }, 1000);
+});
+secretKeyinput.addEventListener('keyup', function (e) {
+    clearTimeout(timeout);
+    timeout = setTimeout(function () {
+        call(true);
+    }, 1000);
+});
+payloadinput.addEventListener('keyup', function (e) {
+    clearTimeout(timeout);
+    timeout = setTimeout(function () {
+        call(true);
+    }, 1000);
+});
 });
 
 function call(encode) {
-    return () => {
         var url = encode ? 'jwt/encode' : 'jwt/decode';
         var formData = encode ? $('#encodeForm').getFormData() : $('#decodeForm').getFormData();
         formData["secretKey"] = $('#secretKey').val();
+        console.log(formData);
 
         $.ajax({
             type: 'POST',
@@ -33,7 +59,6 @@ function call(encode) {
             contentType: "application/x-www-form-urlencoded",
             dataType: 'json'
         });
-    }
 }
 
 function update(token) {