From 130b6e5974658ce5e60c9623c27d17a36db7be24 Mon Sep 17 00:00:00 2001
From: Marcin Nowak <marcin.nowak@techmetria.pl>
Date: Wed, 6 Apr 2022 20:46:28 +0200
Subject: [PATCH] #44 front end JavaScript library with key obfuscated - update
 profiles for local host development

---
 js/index.js                                                     | 2 +-
 secondkey.txt                                                   | 2 +-
 src/main/resources/application.properties                       | 2 ++
 .../java/org/owasp/wrongsecrets/oauth/TokenControllerTest.java  | 2 +-
 yourkey.txt                                                     | 1 +
 5 files changed, 6 insertions(+), 3 deletions(-)
 create mode 100644 yourkey.txt

diff --git a/js/index.js b/js/index.js
index 116c03daa..5a3952703 100644
--- a/js/index.js
+++ b/js/index.js
@@ -1,4 +1,4 @@
 function secret() { 
- var password = "if you see this please fix the JavaScript setup";
+ var password = "this is second test secret";
  return password;
  }
diff --git a/secondkey.txt b/secondkey.txt
index 161ddd734..fa63387a5 100644
--- a/secondkey.txt
+++ b/secondkey.txt
@@ -1 +1 @@
-this is test secret
\ No newline at end of file
+this is second test secret
\ No newline at end of file
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index 8cc7dc709..d09d90a40 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -48,6 +48,7 @@ spring.cloud.vault.kubernetes.kubernetes-path=kubernetes
 spring.cloud.vault.kubernetes.service-account-token-file=/var/run/secrets/kubernetes.io/serviceaccount/token
 #---
 spring.config.activate.on-profile=local-vault
+challengedockermtpath=./
 wrongsecretvalue=wrongsecret
 spring.config.import=vault://secret/secret-challenge
 spring.application.name=secret-challenge
@@ -59,6 +60,7 @@ spring.cloud.vault.authentication=TOKEN
 spring.cloud.vault.token=00000000-0000-0000-0000-000000000000
 #---
 spring.config.activate.on-profile=without-vault
+challengedockermtpath=./
 wrongsecretvalue=wrongsecret
 spring.cloud.vault.enabled=false
 asciidoctor.enabled=true
diff --git a/src/test/java/org/owasp/wrongsecrets/oauth/TokenControllerTest.java b/src/test/java/org/owasp/wrongsecrets/oauth/TokenControllerTest.java
index 5fd19145e..3249e7a54 100644
--- a/src/test/java/org/owasp/wrongsecrets/oauth/TokenControllerTest.java
+++ b/src/test/java/org/owasp/wrongsecrets/oauth/TokenControllerTest.java
@@ -23,7 +23,7 @@ void shouldGetToken() throws Exception {
         // When
         var response = mvc.perform(post("/token")
             .contentType(MediaType.APPLICATION_FORM_URLENCODED)
-            .content("grant_type=client_credentials&client_id=WRONGSECRET_CLIENT_ID&client_secret=this is test secret"));
+            .content("grant_type=client_credentials&client_id=WRONGSECRET_CLIENT_ID&client_secret=this is second test secret"));
 
         // Then
         response.andExpect(status().isOk())
diff --git a/yourkey.txt b/yourkey.txt
new file mode 100644
index 000000000..161ddd734
--- /dev/null
+++ b/yourkey.txt
@@ -0,0 +1 @@
+this is test secret
\ No newline at end of file