Last assignment for JWT tokens finished

2018-05-22 17:06:03 +02:00
parent e06d4642eb
commit dda6f674a3
10 changed files with 394 additions and 45 deletions
--- a/webgoat-lessons/jwt/src/main/resources/js/jwt-refresh.js
+++ b/webgoat-lessons/jwt/src/main/resources/js/jwt-refresh.js
@ -0,0 +1,42 @@
+$(document).ready(function () {
+    login('Jerry');
+})
+
+function login(user) {
+    $.ajax({
+        type: 'POST',
+        url: 'JWT/refresh/login',
+        contentType: "application/json",
+        data: JSON.stringify({user: user, password: "bm5nhSkxCXZkKRy4"})
+    }).success(
+        function (response) {
+            localStorage.setItem('access_token', response['access_token']);
+            localStorage.setItem('refresh_token', response['refresh_token']);
+        }
+    )
+}
+
+//Dev comment: Pass token as header as we had an issue with tokens ending up in the access_log
+webgoat.customjs.addBearerToken = function () {
+    var headers_to_set = {};
+    headers_to_set['Authorization'] = 'Bearer ' + localStorage.getItem('access_token');
+    return headers_to_set;
+}
+
+//Dev comment: Temporarily disabled from page we need to work out the refresh token flow but for now we can go live with the checkout page
+function newToken() {
+    localStorage.getItem('refreshToken');
+    $.ajax({
+        headers: {
+            'Authorization': 'Bearer ' + localStorage.getItem('access_token')
+        },
+        type: 'POST',
+        url: 'JWT/refresh/newToken',
+        data: JSON.stringify({refreshToken: localStorage.getItem('refresh_token')})
+    }).success(
+        function () {
+            localStorage.setItem('access_token', apiToken);
+            localStorage.setItem('refresh_token', refreshToken);
+        }
+    )
+}