One can solve this lesson by using `alg:none` instead of using the refresh token flow. Instead of adding a check to force using the refresh token we opt for giving the user extra feedback.
The new solution uses WebWolf paths as these will change automatically when a user start WebGoat on a different port. It no longer depends on the hardcoded port `8080`.
The lesson did not work properly as the directory is reused across several path traversal lessons. First thing before uploading the zip file we now clean the directory.
The html had a reference to a location of the profile picture, this was part of a hint but this only causes confusion as this is not indicating to where you need to upload the picture with the Zip Slip vulnerability.
The assignment now contains a direct hint as where the image needs to be saved. The assignment is about creating a vulnerable zip file and NOT about guessing where the image should be saved inside WebGoat.
* added Robot framework UI tests
* added Robot framework UI tests workflow
* Update test.yml
wait in workflow
* remove obsolete selenium java libs and test
* Update test.yml
push result to commit as comment
* Update test.yml
push comment does not seem to work on WebGoat PR
* clean up unrequired robot options
* update readme
* language selector first steps
* language german intro added
* ascii doc lang attribute as additional option
* removed some commented code
* changed adoc resource loader to take into account the selected language
* added readme
* added lang test cases
