From 8e2bff3fb077410fd7facc41e4a460b402e08045 Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 7 Aug 2013 17:45:03 +0200 Subject: integration test exploiting srp vulnerability --- users/test/integration/browser/account_test.rb | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'users/test/integration/browser/account_test.rb') diff --git a/users/test/integration/browser/account_test.rb b/users/test/integration/browser/account_test.rb index ce63baf..b5776ff 100644 --- a/users/test/integration/browser/account_test.rb +++ b/users/test/integration/browser/account_test.rb @@ -20,4 +20,23 @@ class AccountTest < BrowserIntegrationTest assert_equal '/', current_path end + # trying to seed an invalid A for srp login + test "detects attempt to circumvent SRP" do + user = FactoryGirl.create :user + visit '/sessions/new' + fill_in 'Username', with: user.login + fill_in 'Password', with: "password" + inject_malicious_js + click_on 'Log In' + assert !page.has_content?("Welcome") + end + + def inject_malicious_js + page.execute_script <<-EOJS + var calc = new srp.Calculate(); + calc.A = function(_a) {return "00";}; + calc.S = calc.A; + srp.session = new srp.Session(null, calc); + EOJS + end end -- cgit v1.2.3 From a0b276e4b8ae86dec7deee898e85b65784d89933 Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 7 Aug 2013 18:09:20 +0200 Subject: close srp vulnerability and report error in webapp --- users/test/integration/browser/account_test.rb | 1 + 1 file changed, 1 insertion(+) (limited to 'users/test/integration/browser/account_test.rb') diff --git a/users/test/integration/browser/account_test.rb b/users/test/integration/browser/account_test.rb index b5776ff..c65c491 100644 --- a/users/test/integration/browser/account_test.rb +++ b/users/test/integration/browser/account_test.rb @@ -29,6 +29,7 @@ class AccountTest < BrowserIntegrationTest inject_malicious_js click_on 'Log In' assert !page.has_content?("Welcome") + assert page.has_content?("Invalid random key") end def inject_malicious_js -- cgit v1.2.3 From 75db45671d432a0d81805ad50c6cc9f8f7eff7a7 Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 21 Aug 2013 09:49:26 +0200 Subject: use the same login validations on sessions and users The session ones were outdated so valid usernames could not login if they contained a '.' Refactored so both models use the same module for this validation to ensure consistency. --- users/test/integration/browser/account_test.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'users/test/integration/browser/account_test.rb') diff --git a/users/test/integration/browser/account_test.rb b/users/test/integration/browser/account_test.rb index c65c491..b412980 100644 --- a/users/test/integration/browser/account_test.rb +++ b/users/test/integration/browser/account_test.rb @@ -28,8 +28,8 @@ class AccountTest < BrowserIntegrationTest fill_in 'Password', with: "password" inject_malicious_js click_on 'Log In' - assert !page.has_content?("Welcome") assert page.has_content?("Invalid random key") + assert page.has_no_content?("Welcome") end def inject_malicious_js -- cgit v1.2.3