1
# frozen_string_literal: true
2

3
describe WPScan::Finders::Users::AuthorPosts do
4
  subject(:finder) { described_class.new(target) }
5
  let(:target)     { WPScan::Target.new(url) }
6
  let(:url)        { 'http://wp.lab/' }
7
  let(:fixtures)   { FINDERS_FIXTURES.join('users', 'author_posts') }
8

9
  describe '#passive' do
10
    xit
11
  end
12

13
  describe '#potential_usernames' do
14
    it 'returns the expected usernames' do
15
      res = Typhoeus::Response.new(body: File.read(fixtures.join('potential_usernames.html')))
16

17
      results = finder.potential_usernames(res)
18

19
      expect(results).to eql [
20
        ['admin', 'Author Pattern', 100],
21
        ['admin display_name', 'Display Name', 30],
22
        ['editor', 'Author Pattern', 100],
23
        ['editor', 'Display Name', 30]
24
      ]
25
    end
26

27
    context 'when a lot of unrelated uris' do
28
      it 'should not take a while to process the page' do
29
        body =  Array.new(300) { |i| "<a href='#{url}#{i}.html'>Some Link</a>" }.join("\n")
30
        body << "<a href='#{url}author/admin/'>Other Link</a>"
31
        body << "<a href='#{url}?author=2'>user display name</a>"
32

33
        time_start = Time.now
34
        results = finder.potential_usernames(Typhoeus::Response.new(body: body))
35
        time_end = Time.now
36

37
        expect(results).to eql [
38
          ['admin', 'Author Pattern', 100],
39
          ['user display name', 'Display Name', 30]
40
        ]
41

42
        expect(time_end - time_start).to be < 1
43
      end
44
    end
45
  end
46
end
47

48