From 8e2bff3fb077410fd7facc41e4a460b402e08045 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Wed, 7 Aug 2013 17:45:03 +0200
Subject: integration test exploiting srp vulnerability

---
 users/test/integration/browser/account_test.rb | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

(limited to 'users/test')

diff --git a/users/test/integration/browser/account_test.rb b/users/test/integration/browser/account_test.rb
index ce63baf..b5776ff 100644
--- a/users/test/integration/browser/account_test.rb
+++ b/users/test/integration/browser/account_test.rb
@@ -20,4 +20,23 @@ class AccountTest < BrowserIntegrationTest
     assert_equal '/', current_path
   end
 
+  # trying to seed an invalid A for srp login
+  test "detects attempt to circumvent SRP" do
+    user = FactoryGirl.create :user
+    visit '/sessions/new'
+    fill_in 'Username', with: user.login
+    fill_in 'Password', with: "password"
+    inject_malicious_js
+    click_on 'Log In'
+    assert !page.has_content?("Welcome")
+  end
+
+  def inject_malicious_js
+    page.execute_script <<-EOJS
+      var calc = new srp.Calculate();
+      calc.A = function(_a) {return "00";};
+      calc.S = calc.A;
+      srp.session = new srp.Session(null, calc);
+    EOJS
+  end
 end
-- 
cgit v1.2.3