From ba74898441afba4d62ab4b5b202631029ffc88ca Mon Sep 17 00:00:00 2001
From: Nanne Baars <nanne.baars@owasp.org>
Date: Tue, 12 Nov 2019 08:02:07 +0100
Subject: [PATCH] Add JavaScript to assignment otherwise you will not be able
 to see the flow of the endpoint

---
 .../main/java/org/owasp/webgoat/jwt/JWTRefreshEndpoint.java    | 2 +-
 webgoat-lessons/jwt/src/main/resources/html/JWT.html           | 1 +
 webgoat-lessons/sol.MD                                         | 3 +++
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTRefreshEndpoint.java b/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTRefreshEndpoint.java
index 537bf1253..9ea88894a 100644
--- a/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTRefreshEndpoint.java
+++ b/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTRefreshEndpoint.java
@@ -58,7 +58,7 @@ public class JWTRefreshEndpoint extends AssignmentEndpoint {
         String user = (String) json.get("user");
         String password = (String) json.get("password");
 
-        if ("Jerry".equals(user) && PASSWORD.equals(password)) {
+        if ("Jerry".equalsIgnoreCase(user) && PASSWORD.equals(password)) {
             return ok(createNewTokens(user));
         }
         return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
diff --git a/webgoat-lessons/jwt/src/main/resources/html/JWT.html b/webgoat-lessons/jwt/src/main/resources/html/JWT.html
index 71775a15b..9c1a6889f 100644
--- a/webgoat-lessons/jwt/src/main/resources/html/JWT.html
+++ b/webgoat-lessons/jwt/src/main/resources/html/JWT.html
@@ -122,6 +122,7 @@ $(document).ready(
     <link rel="stylesheet" type="text/css" th:href="@{/lesson_css/jwt.css}"/>
     <script th:src="@{/lesson_js/bootstrap.min.js}" language="JavaScript"></script>
     <script th:src="@{/lesson_js/jwt-buy.js}" language="JavaScript"></script>
+    <script th:src="@{/lesson_js/jwt-refresh.js}" language="JavaScript"></script>
     <div class="attack-container">
         <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
         <form class="attack-form" accept-charset="UNKNOWN"
diff --git a/webgoat-lessons/sol.MD b/webgoat-lessons/sol.MD
index b7dc5043a..042f488e6 100644
--- a/webgoat-lessons/sol.MD
+++ b/webgoat-lessons/sol.MD
@@ -1,3 +1,6 @@
+https://github.com/WebGoat/WebGoat/wiki/(Almost)-Fully-Documented-Solution-(en)
+
+
 ### SQLi ###  
 
 Basic