Add JavaScript to assignment otherwise you will not be able to see the flow of the endpoint

2019-11-12 08:02:07 +01:00 · 2019-11-12 08:02:07 +01:00 · ba74898441
commit ba74898441
parent 1d477bd0e8
3 changed files with 5 additions and 1 deletions
--- a/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTRefreshEndpoint.java
+++ b/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTRefreshEndpoint.java
@ -58,7 +58,7 @@ public class JWTRefreshEndpoint extends AssignmentEndpoint {
        String user = (String) json.get("user");
        String password = (String) json.get("password");

-        if ("Jerry".equals(user) && PASSWORD.equals(password)) {
+        if ("Jerry".equalsIgnoreCase(user) && PASSWORD.equals(password)) {
            return ok(createNewTokens(user));
        }
        return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
--- a/webgoat-lessons/jwt/src/main/resources/html/JWT.html
+++ b/webgoat-lessons/jwt/src/main/resources/html/JWT.html
@ -122,6 +122,7 @@ $(document).ready(
    <link rel="stylesheet" type="text/css" th:href="@{/lesson_css/jwt.css}"/>
    <script th:src="@{/lesson_js/bootstrap.min.js}" language="JavaScript"></script>
    <script th:src="@{/lesson_js/jwt-buy.js}" language="JavaScript"></script>
+    <script th:src="@{/lesson_js/jwt-refresh.js}" language="JavaScript"></script>
    <div class="attack-container">
        <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
        <form class="attack-form" accept-charset="UNKNOWN"
--- a/webgoat-lessons/sol.MD
+++ b/webgoat-lessons/sol.MD
@ -1,3 +1,6 @@
+https://github.com/WebGoat/WebGoat/wiki/(Almost)-Fully-Documented-Solution-(en)
+
+
 ### SQLi ###  

 Basic