New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
app.routing.ts: Making use of isAdmin #840
Conversation
Enforcing isAdmin is true to route to /#/administration Part of juice-shop#336
The flow of the challenge can be seen here. |
Looks good to me, but I think other than making the "Admin Section" challenge ⭐⭐ instead of ⭐ there's no additional new challenge to be made out of this, because there's already multiple ways to elevate privileges to get to the Admin page. |
|
Hi @bkimminich It sounds great. Then I will go on building the challenge "JWT Tier 0.5" and about this if there is no change can I start writing the tests(solving it in a way where user uses an admin account) ?🤩 |
Ah, sorry, I just re-watched your video in better resolution and saw that you actually used the same attack needed for "JWT Tier 1" to manipulate the admin flag in the token. So, no new challenge here, I guess... I'll merge your change as is and just increase difficulty for "Admin Access" challenge by 1. Thanks a lot for adding a first step of role-based authorization via JWT to the Juice Shop! 👍 |
* Block new user registration if registering via MLC * Allow login with MLC while registration is disabled
This thread has been automatically locked because it has not had recent activity after it was closed. 🔒 Please open a new issue for regressions or related bugs. |
Enforcing isAdmin is true to route to
/#/administration
Part of #336