dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Update JWT lesson

Browse Source
This commit is contained in:
Nanne Baars
2021-01-10 15:00:35 +01:00
committed by Nanne Baars
parent ead1d6fffb
commit f2ab5c1968
19 changed files with 571 additions and 251 deletions
Download Patch File Download Diff File Expand all files Collapse all files

103
webwolf/src/main/resources/static/js/jwt.js
View File

@@ -1,76 +1,47 @@
(function ($) {
$.fn.getFormData = function () {
var data = {};
var dataArray = $(this).serializeArray();
for (var i = 0; i < dataArray.length; i++) {
data[dataArray[i].name] = dataArray[i].value;
}
return data;
}
})(jQuery);
$(document).ready(() => {
$('#encodedToken').on('input', () => {
var token = $('#encodedToken').val();
var secretKey = $('#secretKey').val();
$('#payload').on('input', call(true));
$('#header').on('input', call(true));
$('#secretKey').on('input', call(true));
$('#token').on('input', call(false));
});
function call(encode) {
return () => {
var url = encode ? '/WebWolf/jwt/encode' : '/WebWolf/jwt/decode';
var formData = encode ? $('#encodeForm').getFormData() : $('#decodeForm').getFormData();
formData["secretKey"] = $('#secretKey').val();
$.ajax({
type: 'POST',
url: '/WebWolf/jwt/decode',
data: JSON.stringify({encoded: token, secretKey: secretKey}),
url: url,
data: formData,
success: function (data) {
$('#tokenHeader').val(data.header);
$('#tokenPayload').val(data.payload);
updateSignature(data);
update(data)
},
contentType: "application/json",
contentType: "application/x-www-form-urlencoded",
dataType: 'json'
});
});
});
function encode() {
return () => {
var header = $('#tokenHeader').val();
var payload = $('#tokenPayload').val();
var secretKey = $('#secretKey').val();
var token = {header: header, payload: payload, secretKey: secretKey};
if (!parseJson(header)) {
$('#encodedToken').val("");
$('#tokenHeader').css('background-color', 'lightcoral');
} else if (!parseJson(payload)) {
$('#encodedToken').val("");
$('#tokenPayload').css('background-color', 'lightcoral');
} else {
$.ajax({
type: 'POST',
url: '/WebWolf/jwt/encode',
data: JSON.stringify(token),
success: function (data) {
$('#encodedToken').val(data.encoded);
$('#tokenPayload').css('background-color', '#FFFFFF');
$('#encodedToken').css('background-color', '#FFFFFF');
$('#tokenHeader').css('background-color', '#FFFFFF');
updateSignature(data);
},
contentType: "application/json",
dataType: 'json'
});
}
};
}
$(document).ready(() => {
$('#tokenPayload').on('input', encode());
$('#tokenHeader').on('input', encode());
$('#secretKey').on('input', encode());
});
function parseJson(text) {
try {
if (text) {
JSON.parse(text);
}
} catch (e) {
return false;
}
return true;
}
function updateSignature(data) {
if (data.signatureValid) {
$('#signatureValid').html("Signature valid");
} else {
$('#signatureValid').html("Signature invalid");
}
}
function update(token) {
$('#token').val(token.encoded);
$('#payload').val(token.payload);
$('#header').val(token.header);
$('#token').css('background-color', token.validToken ? '#FFFFFF' : 'lightcoral');
$('#header').css('background-color', token.validHeader ? '#FFFFFF' : 'lightcoral');
$('#payload').css('background-color', token.validPayload ? '#FFFFFF' : 'lightcoral');
$('#signatureValid').html(token.signatureValid ? "Signature valid" : "Signature invalid");
}

41
webwolf/src/main/resources/templates/jwt.html
View File

@@ -22,34 +22,39 @@
<div class="panel-group" id="accordion" role="tablist" aria-multiselectable="true">
<div class="form-group">
<label for="encodedToken">Encoded</label>
<form name="encodedTokenForm" id="encodedTokenForm" action="/WebWolf/jwt/encode" method="POST">
<textarea class="form-control" style="font-size: 14pt; font-family:monospace;" id="encodedToken" rows="4"
<label for="token">Encoded</label>
<form id="decodeForm">
<textarea class="form-control" style="font-size: 14pt; font-family:monospace;" id="token" name="token"
rows="4"
placeholder="Paste token here" spellcheck="false"></textarea>
</form>
</div>
<div class="form-group">
<label>Decoded</label>
<div class="row">
<div class="col-xs-6 col-md-5">Header</div>
<div class="col-xs-6 col-md-7">Payload</div>
</div>
<div class="row">
<div class="col-xs-6 col-md-5">
<textarea class="form-control" style="font-size: 14pt; font-family:monospace;" id="tokenHeader"
rows="12"></textarea>
<form id="encodeForm">
<div class="form-group">
<label>Decoded</label>
<div class="row">
<div class="col-xs-6 col-md-5">Header</div>
<div class="col-xs-6 col-md-7">Payload</div>
</div>
<div class="col-xs-6 col-md-7">
<textarea class="form-control" style="font-size: 14pt; font-family:monospace;" id="tokenPayload"
<div class="row">
<div class="col-xs-6 col-md-5">
<textarea class="form-control" style="font-size: 14pt; font-family:monospace;" id="header"
name="header"
rows="12"></textarea>
</div>
<div class="col-xs-6 col-md-7">
<textarea class="form-control" style="font-size: 14pt; font-family:monospace;" id="payload"
name="payload"
rows="12"></textarea>
</div>
</div>
</div>
</div>
</form>
<br/>
<div class="input-group">
<span class="input-group-addon" id="header">Secret key</span>
<input type="text" class="form-control" id="secretKey">
<span class="input-group-addon">Secret key</span>
<input type="text" value="webgoat" class="form-control" id="secretKey">
</div>
<div class="input-group">