|
10 | 10 | 'PHPSESSID=FAKESESSIONID;' |
11 | 11 | end |
12 | 12 |
|
| 13 | + let(:username) do |
| 14 | + 'username' |
| 15 | + end |
| 16 | + |
| 17 | + let(:good_password) do |
| 18 | + 'good_password' |
| 19 | + end |
| 20 | + |
| 21 | + let(:bad_password) do |
| 22 | + 'bad_password' |
| 23 | + end |
| 24 | + |
13 | 25 | let(:successful_auth_response) do |
14 | 26 | res = Rex::Proto::Http::Response.new(200, 'OK') |
15 | 27 | res.headers['Location'] = 'executive_summary.php' |
16 | | - res.headers['Set-Cookie'] = 'PHPSESSID=NEWSESSIONID' |
| 28 | + res.headers['Set-Cookie'] = 'PHPSESSID=NEWSESSIONID;' |
17 | 29 | res |
18 | 30 | end |
19 | 31 |
|
20 | 32 | let(:fail_auth_response) do |
21 | 33 | res = Rex::Proto::Http::Response.new(200, 'OK') |
22 | | - res.headers['Set-Cookie'] = 'PHPSESSID=NEWSESSIONID' |
| 34 | + res.headers['Set-Cookie'] = 'PHPSESSID=NEWSESSIONID;' |
23 | 35 | res |
24 | 36 | end |
25 | 37 |
|
@@ -94,24 +106,40 @@ def mock_http_cli(res) |
94 | 106 |
|
95 | 107 | describe '#get_login_state' do |
96 | 108 | context 'when the credential is valid' do |
97 | | - it 'returns a hash indicating successful' do |
| 109 | + it 'returns a hash indicating a successful login' do |
| 110 | + mock_http_cli(successful_auth_response) |
| 111 | + successful_status = Metasploit::Model::Login::Status::SUCCESSFUL |
| 112 | + expect(subject.get_login_state(username, good_password)[:status]).to eq(successful_status) |
98 | 113 | end |
99 | 114 | end |
100 | 115 |
|
101 | 116 | context 'when the creential is invalid' do |
102 | 117 | it 'returns a hash indicating an incorrect cred' do |
| 118 | + mock_http_cli(fail_auth_response) |
| 119 | + incorrect_status = Metasploit::Model::Login::Status::INCORRECT |
| 120 | + expect(subject.get_login_state(username, good_password)[:status]).to eq(incorrect_status) |
103 | 121 | end |
104 | 122 | end |
105 | 123 | end |
106 | 124 |
|
107 | 125 | describe '#attempt_login' do |
108 | 126 | context 'when the credential is valid' do |
109 | | - it 'returns a Result object indicating successful' do |
| 127 | + it 'returns a Result object indicating a successful login' do |
| 128 | + cred_obj = Metasploit::Framework::Credential.new(public: username, private: good_password) |
| 129 | + mock_http_cli(successful_auth_response) |
| 130 | + result = subject.attempt_login(cred_obj) |
| 131 | + expect(result).to be_kind_of(::Metasploit::Framework::LoginScanner::Result) |
| 132 | + expect(result.status).to eq(Metasploit::Model::Login::Status::SUCCESSFUL) |
110 | 133 | end |
111 | 134 | end |
112 | 135 |
|
113 | 136 | context 'when the credential is invalid' do |
114 | 137 | it 'returns a Result object indicating an incorrect cred' do |
| 138 | + cred_obj = Metasploit::Framework::Credential.new(public: username, private: bad_password) |
| 139 | + mock_http_cli(fail_auth_response) |
| 140 | + result = subject.attempt_login(cred_obj) |
| 141 | + expect(result).to be_kind_of(::Metasploit::Framework::LoginScanner::Result) |
| 142 | + expect(result.status).to eq(Metasploit::Model::Login::Status::INCORRECT) |
115 | 143 | end |
116 | 144 | end |
117 | 145 | end |
|
0 commit comments