From d05ad0f8f412b8bcc8bb1f11e5e96d88b3d15153 Mon Sep 17 00:00:00 2001
From: erwanlr <erwan.lr@gmail.com>
Date: Thu, 18 Jul 2019 17:40:27 +0100
Subject: [PATCH] Adds an Api Token controller

---
 app/controllers.rb                     |  1 +
 app/controllers/api_token.rb           | 19 +++++++++++++++++++
 bin/wpscan                             |  1 +
 spec/app/controllers/api_token_spec.rb | 24 ++++++++++++++++++++++++
 4 files changed, 45 insertions(+)
 create mode 100644 app/controllers/api_token.rb
 create mode 100644 spec/app/controllers/api_token_spec.rb

diff --git a/app/controllers.rb b/app/controllers.rb
index cd1ff486..c0ad80b6 100644
--- a/app/controllers.rb
+++ b/app/controllers.rb
@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require_relative 'controllers/core'
+require_relative 'controllers/api_token'
 require_relative 'controllers/custom_directories'
 require_relative 'controllers/wp_version'
 require_relative 'controllers/main_theme'
diff --git a/app/controllers/api_token.rb b/app/controllers/api_token.rb
new file mode 100644
index 00000000..070c3f76
--- /dev/null
+++ b/app/controllers/api_token.rb
@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module WPScan
+  module Controller
+    # Controller to handle the API token
+    class ApiToken < CMSScanner::Controller::Base
+      def cli_options
+        [
+          OptString.new(['--api-token TOKEN', 'The API Token to display vulnerability data'])
+        ]
+      end
+
+      def before_scan(opts = {})
+        # TODO, validate the token
+        # res = browser.get()
+      end
+    end
+  end
+end
diff --git a/bin/wpscan b/bin/wpscan
index b4f2d680..6ce65312 100755
--- a/bin/wpscan
+++ b/bin/wpscan
@@ -5,6 +5,7 @@ require 'wpscan'
 
 WPScan::Scan.new do |s|
   s.controllers <<
+    WPScan::Controller::ApiToken.new <<
     WPScan::Controller::CustomDirectories.new <<
     WPScan::Controller::InterestingFindings.new <<
     WPScan::Controller::WpVersion.new <<
diff --git a/spec/app/controllers/api_token_spec.rb b/spec/app/controllers/api_token_spec.rb
new file mode 100644
index 00000000..730d11b5
--- /dev/null
+++ b/spec/app/controllers/api_token_spec.rb
@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+describe WPScan::Controller::ApiToken do
+  subject(:controller) { described_class.new }
+  let(:target_url)     { 'http://ex.lo/' }
+  let(:cli_args)       { "--url #{target_url}" }
+
+  before do
+    WPScan::ParsedCli.options = rspec_parsed_options(cli_args)
+  end
+
+  describe '#cli_options' do
+    its(:cli_options) { should_not be_empty }
+    its(:cli_options) { should be_a Array }
+
+    it 'contains to correct options' do
+      expect(controller.cli_options.map(&:to_sym)).to eq %i[api_token]
+    end
+  end
+
+  describe '#before_scan' do
+    xit
+  end
+end