Improve token handling

2021-03-14 16:45:17 +01:00 · 2021-03-14 16:45:17 +01:00 · e40a26f193
commit e40a26f193
parent 59e04dee6e
2 changed files with 5 additions and 7 deletions
--- a/webwolf/src/main/java/org/owasp/webwolf/jwt/JWTToken.java
+++ b/webwolf/src/main/java/org/owasp/webwolf/jwt/JWTToken.java
@ -30,8 +30,6 @@ import static org.springframework.util.StringUtils.hasText;
@Builder(toBuilder = true)
 public class JWTToken {

-    private static final Pattern jwtPattern = Pattern.compile("(.*)\\.(.*)\\.(.*)");
-
    private String encoded = "";
    private String secretKey;
    private String header;
@ -100,12 +98,12 @@ public class JWTToken {
    }

    private static JWTToken parseToken(String jwt) {
-        var matcher = jwtPattern.matcher(jwt);
+        var token = jwt.split("\\.");
        var builder = JWTToken.builder().encoded(jwt);

-        if (matcher.matches()) {
-            var header = new String(decodeFromUrlSafeString(matcher.group(1)), UTF_8);
-            var payloadAsString = new String(decodeFromUrlSafeString(matcher.group(2)), UTF_8);
+        if (token.length >= 2) {
+            var header = new String(decodeFromUrlSafeString(token[0]), UTF_8);
+            var payloadAsString = new String(decodeFromUrlSafeString(token[1]), UTF_8);
            var headers = parse(header);
            var payload = parse(payloadAsString);
            builder.header(write(header, headers));
--- a/webwolf/src/main/resources/templates/jwt.html
+++ b/webwolf/src/main/resources/templates/jwt.html
@ -54,7 +54,7 @@
        <br/>
        <div class="input-group">
            <span class="input-group-addon">Secret key</span>
-            <input type="text" value="webgoat" class="form-control" id="secretKey">
+            <input type="text" placeholder="Enter your secret key" class="form-control" id="secretKey">
        </div>

        <div class="input-group">