diff --git a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java index 3e054b9c2..4d8501a9a 100644 --- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java +++ b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java @@ -236,12 +236,14 @@ public abstract class IntegrationTest { } public void checkResults() { - MatcherAssert.assertThat(RestAssured.given() + var result = RestAssured.given() .when() .relaxedHTTPSValidation() .cookie("JSESSIONID", getWebGoatCookie()) .get(url("service/lessonoverview.mvc")) - .then() + .andReturn(); + + MatcherAssert.assertThat(result.then() .statusCode(200).extract().jsonPath().getList("solved"), CoreMatchers.everyItem(CoreMatchers.is(true))); } diff --git a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java index d3ceb0eb7..8913e4351 100644 --- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java +++ b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java @@ -45,6 +45,8 @@ public class JWTLessonTest extends IntegrationTest { buyAsTom(); deleteTom(); + + quiz(); checkResults("/JWT/"); @@ -76,25 +78,14 @@ public class JWTLessonTest extends IntegrationTest { return null; } - private void decodingToken() throws IOException, NoSuchAlgorithmException, InvalidKeyException { - - String accessToken = RestAssured.given() - .when() - .relaxedHTTPSValidation() - .cookie("JSESSIONID", getWebGoatCookie()) - .get(url("/WebGoat/JWT/secret/gettoken")) - .then() - .extract().response().asString(); - - String secret = getSecretToken(accessToken); - + private void decodingToken() { MatcherAssert.assertThat( RestAssured.given() .when() .relaxedHTTPSValidation() .cookie("JSESSIONID", getWebGoatCookie()) - .formParam("token", generateToken(secret)) - .post(url("/WebGoat/JWT/secret")) + .formParam("jwt-encode-user", "user") + .post(url("/WebGoat/JWT/decode")) .then() .statusCode(200) .extract().path("lessonCompleted"), CoreMatchers.is(true)); @@ -215,5 +206,13 @@ public class JWTLessonTest extends IntegrationTest { .statusCode(200) .extract().path("lessonCompleted"), CoreMatchers.is(true)); } + + private void quiz() { + Map params = new HashMap<>(); + params.put("question_0_solution", "Solution 1"); + params.put("question_1_solution", "Solution 2"); + + checkAssignment(url("/WebGoat/JWT/quiz"), params, true); + } } diff --git a/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTQuiz.java b/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTQuiz.java index 19817b7eb..0eebc255b 100644 --- a/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTQuiz.java +++ b/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTQuiz.java @@ -8,7 +8,6 @@ import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.RestController; -import java.io.IOException; @RestController public class JWTQuiz extends AssignmentEndpoint { @@ -41,8 +40,6 @@ public class JWTQuiz extends AssignmentEndpoint { } } - - @GetMapping("/JWT/quiz") @ResponseBody public boolean[] getResults() {