BruteForcer moved in WpUser as a module

spec/shared_examples/wp_user/brute_forcable.rb

@@ -0,0 +1,116 @@
+# encoding: UTF-8
+
+shared_examples 'WpUser::BruteForcable' do
+  let(:fixtures_dir) { MODELS_FIXTURES + '/wp_user/brute_forcable' }
+  let(:wordlist)     { fixtures_dir + '/wordlist.txt' }
+  let(:mod)          { WpUser::BruteForcable }
+  let(:login_url)    { uri.merge('wp-login.php').to_s }
+
+  before { Browser.instance.max_threads = 1 }
+
+  describe '::lines_in_file' do
+    it 'returns 5 (1 line is a comment)' do
+      lines = mod.lines_in_file(wordlist)
+      lines.should == 5
+    end
+  end
+
+  describe '#valid_password?' do
+    let(:response) { Typhoeus::Response.new(resp_options) }
+    let(:resp_options) { {} }
+
+    after do
+      wp_user.valid_password?(response, 'password').should == @expected
+    end
+
+    context 'when 302' do
+      let(:resp_options) { { code: 302 } }
+
+      it 'returns true' do
+        @expected = true
+      end
+    end
+
+    context 'when login_error' do
+      let(:resp_options) { { body: '<div id="login_error">' } }
+
+      it 'returns false' do
+        @expected = false
+      end
+    end
+
+    context 'when timeout' do
+      let(:resp_options) { { return_code: :operation_timedout } }
+
+      it 'returns false' do
+        @expected = false
+      end
+    end
+
+    context 'when no response from server (status = 0)' do
+      let(:resp_options) { { code: 0 } }
+
+      it 'returns false' do
+        @expected = false
+      end
+    end
+
+    context 'when error 50x' do
+      let(:resp_options) { { code: 500 } }
+
+      it 'returns false' do
+        @expected = false
+      end
+    end
+
+    context 'when unknown response' do
+      let(:resp_options) { { code: 202 } }
+
+      it 'returns false' do
+        @expected = false
+      end
+    end
+  end
+
+  describe '#brute_force' do
+    let(:passwords) {
+      passwords = []
+      File.open(wordlist, 'r').each do |line|
+        line.strip!
+        passwords << line unless line[0,1] == '#'
+      end
+      passwords
+    }
+    let(:login) { 'someuser' }
+
+    after do
+      wp_user.login = login
+      wp_user.brute_force(wordlist)
+      wp_user.password.should == @expected
+    end
+
+    context 'when no password is valid' do
+      before do
+        stub_request(:post, login_url).
+          #with(body: { log: login }). # produces an error : undefined method `split' for {:log=>"someuser", :pwd=>"password1"}:Hash
+          to_return(body: 'login_error')
+      end
+
+      it 'does not set @password' do
+        @expected = nil
+      end
+    end
+
+    context 'when a password is valid' do
+      # Due to the error with .with(body: { log: login }) above
+      # We can't use it to stub the request for a specific password
+      # So, the first one will be valid
+      before { stub_request(:post, login_url).to_return(status: 302) }
+
+      it 'sets the @password' do
+        @expected = passwords[0]
+      end
+    end
+  end
+
+end

spec/shared_examples/wp_user/existable.rb

@@ -0,0 +1,168 @@
+# encoding: UTF-8
+
+shared_examples 'WpUser::Existable' do
+  let(:mod) { WpUser::Existable }
+  let(:fixtures_dir) { MODELS_FIXTURES + '/wp_user/existable' }
+
+  describe '::login_from_author_pattern' do
+    after do
+      mod.login_from_author_pattern(@text).should == @expected
+    end
+
+    context 'when no trailing slash' do
+      it 'returns the correct login' do
+        @text    = '/aurhor/neo'
+        @expeced = 'neo'
+      end
+    end
+
+    context 'when trailing slash' do
+      it 'returns the correct login' do
+        @text     = '/author/admin/'
+        @expected = 'admin'
+      end
+    end
+
+    context 'when pattern not found' do
+      it 'returns nil' do
+        @text     = 'im not from this world'
+        @expected = nil
+      end
+    end
+  end
+
+  describe '::login_from_body' do
+    after { mod.login_from_body(body).should == @expected }
+
+    context 'when the author pattern is in the body' do
+      let(:body) { '/author/admin' }
+
+      it 'returns it' do
+        mod.stub(:login_from_body).with(body).and_return('admin')
+        @expected = 'admin'
+      end
+    end
+
+    context 'otherwise' do
+      let(:body) { '<body class="archive author author-user2 author-1 custom-font-enabled single-author">' }
+
+      it 'gets the login from the body class' do
+        @expected = 'user2'
+      end
+    end
+  end
+
+  describe '::display_name_from_body' do
+    after { mod.display_name_from_body(@body).should == @expected }
+
+    context 'when pattern not found' do
+      it 'returns nil' do
+        @body     = 'im not there'
+        @expected = nil
+      end
+    end
+
+    context 'when the title tag is empty' do
+      it 'returns nil' do
+        @body     = '<title></title>'
+        @expected = nil
+      end
+    end
+
+    context 'when the body is an ASCII-8BIT' do
+      it 'return the correct display_name' do
+        @body = '<title>its me  |  wordpress</title>'.encode('ASCII-8BIT')
+        @expected = 'its me'
+      end
+    end
+
+    context 'when pattern is found' do
+      context 'when unencoded extra chars' do
+        it 'returns the display_name w/o extra chars' do
+          @body = '<title>admin display | Wordpress-3.5.1</title>'
+          @expected = 'admin display'
+        end
+      end
+
+      context 'when encoded extra chars' do
+        it 'returns the display_name w/o extra chars' do
+          @body = '<title>user user &#124; Wordpress-3.5.1</title>'
+          @expected = 'user user'
+        end
+
+        context 'when custom extra chars' do
+          it 'detects them' do
+            @body     = '<title>admin &laquo; Wiener</title>'
+            @expected = 'admin'
+          end
+        end
+      end
+
+      it 'decodes entities' do
+        @body     = '<title>user &amp; nickname &#124; Wordpress-3.5.1</title>'
+        @expected = 'user & nickname'
+      end
+    end
+  end
+
+  describe '#load_from_response' do
+    after do
+      response = Typhoeus::Response.new(@resp_opt || resp_opt)
+      subject.send(:load_from_response, response)
+
+      subject.login.should == @login
+      subject.display_name.should == @display_name
+    end
+
+    context 'with a 301' do
+      let(:location) { 'http://lamp/wordpress-3.5.1/author/admin/' }
+      let(:resp_opt) { { code: 301, headers: { 'Location' => location } } }
+
+      it 'loads the correct values' do
+        stub_request(:get, location).to_return(body: '<title>admin name | wp</title>')
+
+        @login        = 'admin'
+        @display_name = 'admin name'
+      end
+    end
+
+    context 'with a 200' do
+      let(:resp_opt) { { code: 200, body: File.new(fixtures_dir + '/admin.html').read } }
+
+      it 'loads the correct values' do
+        @login        = 'admin'
+        @display_name = 'admin d-name'
+      end
+    end
+
+    context 'otherwise' do
+      it 'does not do anything' do
+        @resp_opt     = { code: 404 }
+        @login        = nil
+        @display_name = nil
+      end
+    end
+  end
+
+  describe '#exists_from_response?' do
+    after do
+      response = Typhoeus::Response.new(@resp_opt || resp_opt)
+      subject.exists_from_response?(response).should == @expected
+    end
+
+    context 'login not found' do
+      it 'returns false' do
+        @resp_opt = { code: 404 }
+        @expected = false
+      end
+    end
+
+    context 'login found' do
+      it 'returns true' do
+        @resp_opt = { code: 200, body: File.new(fixtures_dir + '/admin.html').read }
+        @expected = true
+      end
+    end
+  end
+
+end