Fixes #1244

spec/app/finders/users/oembed_api_spec.rb

@@ -7,6 +7,59 @@ describe WPScan::Finders::Users::OembedApi do
   let(:fixtures)   { File.join(FINDERS_FIXTURES, 'users', 'oembed_api') }
 
   describe '#aggressive' do
-    xit
+    before do
+      allow(target).to receive(:sub_dir).and_return(false)
+      stub_request(:get, finder.api_url).to_return(body: body)
+    end
+
+    context 'when not a JSON response' do
+      let(:body) { '' }
+
+      its(:aggressive) { should eql([]) }
+    end
+
+    context 'when a JSON response' do
+      context 'when 404' do
+        let(:body) { File.read(File.join(fixtures, '404.json')) }
+
+        its(:aggressive) { should eql([]) }
+      end
+
+      context 'when 200' do
+        context 'when author_url present' do
+          let(:body) { File.read(File.join(fixtures, '200_author_url.json')) }
+
+          it 'returns the expected array of users' do
+            users = finder.aggressive
+
+            expect(users.size).to eql 1
+
+            user = users.first
+
+            expect(user.username).to eql 'admin'
+            expect(user.confidence).to eql 90
+            expect(user.found_by).to eql 'Oembed API - Author URL (Aggressive Detection)'
+            expect(user.interesting_entries).to eql ['http://wp.lab/wp-json/oembed/1.0/embed?url=http://wp.lab/&format=json']
+          end
+        end
+
+        context 'when author_url not present but author_name' do
+          let(:body) { File.read(File.join(fixtures, '200_author_name.json')) }
+
+          it 'returns the expected array of users' do
+            users = finder.aggressive
+
+            expect(users.size).to eql 1
+
+            user = users.first
+
+            expect(user.username).to eql 'admin sa'
+            expect(user.confidence).to eql 70
+            expect(user.found_by).to eql 'Oembed API - Author Name (Aggressive Detection)'
+            expect(user.interesting_entries).to eql ['http://wp.lab/wp-json/oembed/1.0/embed?url=http://wp.lab/&format=json']
+          end
+        end
+      end
+    end
   end
 end

spec/app/finders/users/wp_json_api_spec.rb

@@ -8,7 +8,6 @@ describe WPScan::Finders::Users::WpJsonApi do
 
   describe '#aggressive' do
     before do
-      # allow(target).to receive(:content_dir).and_return('wp-content')
       allow(target).to receive(:sub_dir).and_return(false)
       stub_request(:get, finder.api_url).to_return(body: body)
     end

spec/fixtures/finders/users/oembed_api/200_author_name.json

@@ -0,0 +1,11 @@
+{
+   "type" : "rich",
+   "version" : "1.0",
+   "provider_url" : "https://wp.lab",
+   "provider_name" : "WP Lab",
+   "width" : 600,
+   "author_name" : "admin sa",
+   "height" : 338,
+   "html" : "aaa",
+   "title" : "HOME"
+}

spec/fixtures/finders/users/oembed_api/200_author_url.json

@@ -0,0 +1,12 @@
+{
+   "type" : "rich",
+   "version" : "1.0",
+   "provider_url" : "https://wp.lab",
+   "provider_name" : "WP Lab",
+   "author_url" : "https://wp.lab/author/admin/",
+   "width" : 600,
+   "author_name" : "admin",
+   "height" : 338,
+   "html" : "aaa",
+   "title" : "HOME"
+}

spec/fixtures/finders/users/oembed_api/404.json

@@ -0,0 +1 @@
+{"code":"oembed_invalid_url","message":"Not Found","data":{"status":404}}