Fix JWT integration tests

2021-03-01 10:30:08 +01:00
parent 1ebd50cb5b
commit c798e4be32
3 changed files with 17 additions and 19 deletions
--- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java
+++ b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java
@ -236,12 +236,14 @@ public abstract class IntegrationTest {
    }

    public void checkResults() {
-    	MatcherAssert.assertThat(RestAssured.given()
+        var result = RestAssured.given()
                .when()
                .relaxedHTTPSValidation()
                .cookie("JSESSIONID", getWebGoatCookie())
                .get(url("service/lessonoverview.mvc"))
-                .then()
+                .andReturn();
+
+    	MatcherAssert.assertThat(result.then()
                .statusCode(200).extract().jsonPath().getList("solved"), CoreMatchers.everyItem(CoreMatchers.is(true)));
    }

--- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java
+++ b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java
@ -45,6 +45,8 @@ public class JWTLessonTest extends IntegrationTest {
        buyAsTom();
        
        deleteTom();
+
+		quiz();
        
        checkResults("/JWT/");

@ -76,25 +78,14 @@ public class JWTLessonTest extends IntegrationTest {
    	return null;
    }

-	private void decodingToken() throws IOException, NoSuchAlgorithmException, InvalidKeyException {
-
-		String accessToken = RestAssured.given()
-				.when()
-				.relaxedHTTPSValidation()
-				.cookie("JSESSIONID", getWebGoatCookie())
-				.get(url("/WebGoat/JWT/secret/gettoken"))
-				.then()
-				.extract().response().asString();
-
-		String secret = getSecretToken(accessToken);
-
+	private void decodingToken() {
 		MatcherAssert.assertThat(
 				RestAssured.given()
 						.when()
 						.relaxedHTTPSValidation()
 						.cookie("JSESSIONID", getWebGoatCookie())
-						.formParam("token", generateToken(secret))
-						.post(url("/WebGoat/JWT/secret"))
+						.formParam("jwt-encode-user", "user")
+						.post(url("/WebGoat/JWT/decode"))
 						.then()
 						.statusCode(200)
 						.extract().path("lessonCompleted"), CoreMatchers.is(true));
@ -215,5 +206,13 @@ public class JWTLessonTest extends IntegrationTest {
 				.statusCode(200)
 				.extract().path("lessonCompleted"), CoreMatchers.is(true));
 	}
+
+	private void quiz() { 
+		Map<String, Object> params = new HashMap<>();
+		params.put("question_0_solution", "Solution 1");
+		params.put("question_1_solution", "Solution 2");
+
+		checkAssignment(url("/WebGoat/JWT/quiz"), params, true);
+	}
    
 }
--- a/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTQuiz.java
+++ b/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTQuiz.java
@ -8,7 +8,6 @@ import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.RestController;

-import java.io.IOException;

@RestController
 public class JWTQuiz extends AssignmentEndpoint {
@ -41,8 +40,6 @@ public class JWTQuiz extends AssignmentEndpoint {
        }
    }

-
-
    @GetMapping("/JWT/quiz")
    @ResponseBody
    public boolean[] getResults() {