mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
In order to redirect the user after authentication, Authelia uses rd query parameter provided by the proxy. However an attacker could use phishing to make the user be redirected to a bad domain. In order to avoid the user to be redirected to a bad location, Authelia now verifies the redirection URL is under the protected domain.
31 lines
977 B
TypeScript
31 lines
977 B
TypeScript
import WithDriver from '../helpers/with-driver';
|
|
import FillLoginPageWithUserAndPasswordAndClick from '../helpers/fill-login-page-and-click';
|
|
import VisitPage from '../helpers/visit-page';
|
|
import SeeNotification from '../helpers/see-notification';
|
|
import {AUTHENTICATION_FAILED} from '../../shared/UserMessages';
|
|
|
|
/**
|
|
* When user provides bad password,
|
|
* Then he gets a notification message.
|
|
*/
|
|
describe("Provide bad password", function() {
|
|
WithDriver();
|
|
|
|
describe('failed login as john', function() {
|
|
before(function() {
|
|
this.timeout(10000);
|
|
|
|
const driver = this.driver;
|
|
return VisitPage(driver, "https://login.example.com:8080/")
|
|
.then(function() {
|
|
return FillLoginPageWithUserAndPasswordAndClick(driver, 'john', 'bad_password');
|
|
});
|
|
});
|
|
|
|
it('should get a notification message', function() {
|
|
this.timeout(10000);
|
|
return SeeNotification(this.driver, "error", AUTHENTICATION_FAILED);
|
|
});
|
|
});
|
|
});
|