Path: blob/master/spec/app/finders/passwords/wp_login_spec.rb
1483 views
# frozen_string_literal: true12describe WPScan::Finders::Passwords::WpLogin do3subject(:finder) { described_class.new(target) }4let(:target) { WPScan::Target.new(url) }5let(:url) { 'http://ex.lo/' }67describe '#valid_credentials?' do8context 'when a non 302' do9it 'returns false' do10expect(finder.valid_credentials?(Typhoeus::Response.new(code: 200, headers: {}))).to be_falsey11end12end1314context 'when a 302' do15let(:response) { Typhoeus::Response.new(code: 302, headers: headers) }1617context 'when no cookies set' do18let(:headers) { {} }1920it 'returns false' do21expect(finder.valid_credentials?(response)).to be_falsey22end23end2425context 'when no logged_in cookie set' do26context 'when only one cookie set' do27let(:headers) { 'Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/' }2829it 'returns false' do30expect(finder.valid_credentials?(response)).to be_falsey31end32end3334context 'when multiple cookies set' do35let(:headers) do36"Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/\r\n" \37'Set-Cookie: something=value; path=/'38end3940it 'returns false' do41expect(finder.valid_credentials?(response)).to be_falsey42end43end44end4546context 'when logged_in cookie set' do47let(:headers) do48"Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/\r\r" \49"Set-Cookie: wordpress_xxx=yyy; path=/wp-content/plugins; httponly\r\n" \50"Set-Cookie: wordpress_xxx=yyy; path=/wp-admin; httponly\r\n" \51'Set-Cookie: wordpress_logged_in_xxx=yyy; path=/; httponly'52end5354it 'returns false' do55expect(finder.valid_credentials?(response)).to eql true56end57end58end59end60end616263