kmcquade · November 5, 2024 15:08
diff --git a/README.md b/README.md
diff --git a/docker-compose.yml b/docker-compose.yml
 services:
  jwt2:
    container_name: jwt2
    image: insecureapps/vulnerable-jwt-02-none-algorithm:latest
    ports:
      - "5002:5002"
    environment:
      - HOST=localhost
      - PORT=5002
    restart: always
diff --git a/get_auth_header.py b/get_auth_header.py
 """Run this to get the authorization header for the test user."""
 import requests


 def main():
    login_url = f"http://localhost:5002/login"
    response = requests.post(login_url, json={"username": "test", "password": "test"})
    print(f"Headers:")
    print(f"Authorization: Bearer {response.json()['accessToken']}")


 if __name__ == '__main__':
    main()
diff --git a/openapi-spec.yml b/openapi-spec.yml
 components: {}
 info:
  description: Autogenerated by API ENVY
  title: OpenAPI 3 specification
  version: "0.1"
 openapi: 3.0.0
 paths:
  /:
    get:
      operationId: root_GET
      responses:
        default:
          description: Default response
      x-name: root_GET
      x-source: app.js~~39
    x-name: root
  /admin:
    get:
      operationId: admin_GET
      responses:
        default:
          description: Default response
      x-name: admin_GET
      x-source: app.js~~52
    x-name: admin
  /login:
    post:
      operationId: login_POST
      requestBody:
        content:
          application/json:
            schema:
              properties:
                password:
                  type: string
                  x-field-kind: normal
                  x-field-original-type: <builtin>.String
                  x-field-type: string
                user:
                  type: string
                  x-field-kind: normal
                  x-field-original-type: <builtin>.String
                  x-field-type: string
              type: object
              x-field-kind: normal
              x-field-original-type: object
              x-field-type: object
        x-code: ""
      responses:
        default:
          description: Default response
      x-name: login_POST
      x-source: app.js~~46
    x-name: login
 servers:
  - description: Default server
    url: http://jwt2:5002
diff --git a/requirements.txt b/requirements.txt
 requests
	services:
	jwt2:
	container_name: jwt2
	image: insecureapps/vulnerable-jwt-02-none-algorithm:latest
	ports:
	- "5002:5002"
	environment:
	- HOST=localhost
	- PORT=5002
	restart: always
	"""Run this to get the authorization header for the test user."""
	import requests


	def main():
	login_url = f"http://localhost:5002/login"
	response = requests.post(login_url, json={"username": "test", "password": "test"})
	print(f"Headers:")
	print(f"Authorization: Bearer {response.json()['accessToken']}")


	if __name__ == '__main__':
	main()
	components: {}
	info:
	description: Autogenerated by API ENVY
	title: OpenAPI 3 specification
	version: "0.1"
	openapi: 3.0.0
	paths:
	/:
	get:
	operationId: root_GET
	responses:
	default:
	description: Default response
	x-name: root_GET
	x-source: app.js~~39
	x-name: root
	/admin:
	get:
	operationId: admin_GET
	responses:
	default:
	description: Default response
	x-name: admin_GET
	x-source: app.js~~52
	x-name: admin
	/login:
	post:
	operationId: login_POST
	requestBody:
	content:
	application/json:
	schema:
	properties:
	password:
	type: string
	x-field-kind: normal
	x-field-original-type: <builtin>.String
	x-field-type: string
	user:
	type: string
	x-field-kind: normal
	x-field-original-type: <builtin>.String
	x-field-type: string
	type: object
	x-field-kind: normal
	x-field-original-type: object
	x-field-type: object
	x-code: ""
	responses:
	default:
	description: Default response
	x-name: login_POST
	x-source: app.js~~46
	x-name: login
	servers:
	- description: Default server
	url: http://jwt2:5002