Basic auth

spec/lib/browser_spec.rb

@@ -235,6 +235,24 @@ describe Browser do
 
       @browser.merge_request_params(:headers => {'accept' => 'text/html'}).should == expected_params
     end
+
+    it "should merge the basic-auth" do
+      @browser.basic_auth = "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=="
+      expected_params = {
+        :disable_ssl_host_verification => true,
+        :disable_ssl_peer_verification => true,
+        :headers                       => {
+          "Authorization" => "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==",
+          "user-agent"    => @browser.user_agent
+        },
+        :cache_timeout                 => @json_config_without_proxy['cache_timeout']
+      }
+
+      @browser.merge_request_params().should == expected_params
+
+      expected_params[:headers].merge!("user-agent" => "Fake FF")
+      @browser.merge_request_params(:headers => {"user-agent" => "Fake FF"}).should == expected_params
+    end
   end
 
   describe "#merge_request_params with proxy" do

spec/lib/wpscan/modules/web_site_spec.rb

@@ -57,7 +57,7 @@ shared_examples_for "WebSite" do
 
     it "should return true if the xmlrpc is found" do
       stub_request(:get, @module.xmlrpc_url).
-          to_return(:status => 200, :body => File.new(fixtures_dir + '/xmlrpc.php'))
+        to_return(:status => 200, :body => File.new(fixtures_dir + '/xmlrpc.php'))
 
       @module.is_wordpress?.should be_true
     end
@@ -75,6 +75,18 @@ shared_examples_for "WebSite" do
     end
   end
 
+  describe "#has_basic_auth?" do
+    it "should detect that the wpsite is basic auth protected" do
+      stub_request(:get, "http://example.localhost/").to_return(:status => 401)
+      @module.should have_basic_auth
+    end
+
+    it "should not have a basic auth for a 200" do
+      stub_request(:get, "http://example.localhost/").to_return(:status => 200)
+      @module.should_not have_basic_auth
+    end
+  end
+
   describe "#redirection" do
     it "should return nil if no redirection detected" do
       stub_request(:get, @module.url).to_return(:status => 200, :body => '')

spec/lib/wpscan/wpscan_options_spec.rb

@@ -197,17 +197,20 @@ describe "WpscanOptions" do
     end
   end
 
-  describe "#to_h" do
-    it "should return an empty hash" do
-      @wpscan_options.to_h.should be_a Hash
-      @wpscan_options.to_h.should be_empty
+  describe "#basic_auth=" do
+    context "invalid format" do
+      it "should raise an error if the : is missing" do
+        expect { @wpscan_options.basic_auth = "helloworld" }.to raise_error(
+          RuntimeError, "Invalid basic authentication format, login:password expected"
+        )
+      end
     end
 
-    it "should return a hash with :verbose = true" do
-      expected = {:verbose => true}
-      @wpscan_options.verbose = true
-
-      @wpscan_options.to_h.should === expected
+    context "valid format" do
+      it "should add the 'Basic' word and do the encode64. See RFC 2617" do
+        @wpscan_options.basic_auth = "Aladdin:open sesame"
+        @wpscan_options.basic_auth.should == "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=="
+      end
     end
   end
 
@@ -222,6 +225,20 @@ describe "WpscanOptions" do
     end
   end
 
+  describe "#to_h" do
+    it "should return an empty hash" do
+      @wpscan_options.to_h.should be_a Hash
+      @wpscan_options.to_h.should be_empty
+    end
+
+    it "should return a hash with :verbose = true" do
+      expected = {:verbose => true}
+      @wpscan_options.verbose = true
+
+      @wpscan_options.to_h.should === expected
+    end
+  end
+
   describe "#clean_option" do
     after :each do
       WpscanOptions.clean_option(@option).should === @expected