dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix JWT integration tests

Browse Source
This commit is contained in:
Nanne Baars
2021-03-01 10:30:08 +01:00
committed by Nanne Baars
parent 1ebd50cb5b
commit c798e4be32
3 changed files with 17 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java
View File

@ -236,12 +236,14 @@ public abstract class IntegrationTest {
} }
public void checkResults() { public void checkResults() {
MatcherAssert.assertThat(RestAssured.given() var result = RestAssured.given()
.when() .when()
.relaxedHTTPSValidation() .relaxedHTTPSValidation()
.cookie("JSESSIONID", getWebGoatCookie()) .cookie("JSESSIONID", getWebGoatCookie())
.get(url("service/lessonoverview.mvc")) .get(url("service/lessonoverview.mvc"))
.then() .andReturn();
MatcherAssert.assertThat(result.then()
.statusCode(200).extract().jsonPath().getList("solved"), CoreMatchers.everyItem(CoreMatchers.is(true))); .statusCode(200).extract().jsonPath().getList("solved"), CoreMatchers.everyItem(CoreMatchers.is(true)));
} }

27
webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java
View File

@ -45,6 +45,8 @@ public class JWTLessonTest extends IntegrationTest {
buyAsTom(); buyAsTom();
deleteTom(); deleteTom();
quiz();
checkResults("/JWT/"); checkResults("/JWT/");
@ -76,25 +78,14 @@ public class JWTLessonTest extends IntegrationTest {
return null; return null;
} }
private void decodingToken() throws IOException, NoSuchAlgorithmException, InvalidKeyException { private void decodingToken() {
String accessToken = RestAssured.given()
.when()
.relaxedHTTPSValidation()
.cookie("JSESSIONID", getWebGoatCookie())
.get(url("/WebGoat/JWT/secret/gettoken"))
.then()
.extract().response().asString();
String secret = getSecretToken(accessToken);
MatcherAssert.assertThat( MatcherAssert.assertThat(
RestAssured.given() RestAssured.given()
.when() .when()
.relaxedHTTPSValidation() .relaxedHTTPSValidation()
.cookie("JSESSIONID", getWebGoatCookie()) .cookie("JSESSIONID", getWebGoatCookie())
.formParam("token", generateToken(secret)) .formParam("jwt-encode-user", "user")
.post(url("/WebGoat/JWT/secret")) .post(url("/WebGoat/JWT/decode"))
.then() .then()
.statusCode(200) .statusCode(200)
.extract().path("lessonCompleted"), CoreMatchers.is(true)); .extract().path("lessonCompleted"), CoreMatchers.is(true));
@ -215,5 +206,13 @@ public class JWTLessonTest extends IntegrationTest {
.statusCode(200) .statusCode(200)
.extract().path("lessonCompleted"), CoreMatchers.is(true)); .extract().path("lessonCompleted"), CoreMatchers.is(true));
} }
private void quiz() {
Map<String, Object> params = new HashMap<>();
params.put("question_0_solution", "Solution 1");
params.put("question_1_solution", "Solution 2");
checkAssignment(url("/WebGoat/JWT/quiz"), params, true);
}
} }

3
webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTQuiz.java
View File

@ -8,7 +8,6 @@ import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController; import org.springframework.web.bind.annotation.RestController;
import java.io.IOException;
@RestController @RestController
public class JWTQuiz extends AssignmentEndpoint { public class JWTQuiz extends AssignmentEndpoint {
@ -41,8 +40,6 @@ public class JWTQuiz extends AssignmentEndpoint {
} }
} }
@GetMapping("/JWT/quiz") @GetMapping("/JWT/quiz")
@ResponseBody @ResponseBody
public boolean[] getResults() { public boolean[] getResults() {