techies/authelia
1
0
Fork 0
mirror of https://github.com/0rangebananaspy/authelia.git synced 2024-09-14 22:47:21 +07:00
Code Issues Projects Releases Wiki Activity
1bc0029651
authelia/test/minimal-config/reset_password.ts
Clement Michaud 42581dfe93 Fix open redirection vulnerability. 
In order to redirect the user after authentication, Authelia uses
rd query parameter provided by the proxy. However an attacker could
use phishing to make the user be redirected to a bad domain. In order
to avoid the user to be redirected to a bad location, Authelia now
verifies the redirection URL is under the protected domain.
2018-11-17 17:48:20 +01:00

43 lines
1.9 KiB
TypeScript
Raw Blame History

require("chromedriver");
import Bluebird = require("bluebird");
import ChildProcess = require("child_process");
import WithDriver from '../helpers/with-driver';
import VisitPage from '../helpers/visit-page';
import ClickOnLink from '../helpers/click-on-link';
import ClickOnButton from '../helpers/click-on-button';
import WaitRedirect from '../helpers/wait-redirected';
import FillField from "../helpers/fill-field";
import {GetLinkFromEmail} from "../helpers/get-identity-link";
import FillLoginPageAndClick from "../helpers/fill-login-page-and-click";
const execAsync = Bluebird.promisify(ChildProcess.exec);
describe('Reset password', function() {
this.timeout(10000);
WithDriver();
after(() => {
return execAsync("cp users_database.yml users_database.test.yml");
})
describe('click on reset password', function() {
it("should reset password for john", function() {
return VisitPage(this.driver, "https://login.example.com:8080/")
.then(() => ClickOnLink(this.driver, "Forgot password\?"))
.then(() => WaitRedirect(this.driver, "https://login.example.com:8080/password-reset/request"))
.then(() => FillField(this.driver, "username", "john"))
.then(() => ClickOnButton(this.driver, "Reset Password"))
.then(() => this.driver.sleep(1000)) // Simulate the time to read it from mailbox.
.then(() => GetLinkFromEmail())
.then((link) => VisitPage(this.driver, link))
.then(() => FillField(this.driver, "password1", "newpass"))
.then(() => FillField(this.driver, "password2", "newpass"))
.then(() => ClickOnButton(this.driver, "Reset Password"))
.then(() => WaitRedirect(this.driver, "https://login.example.com:8080/"))
.then(() => FillLoginPageAndClick(this.driver, "john", "newpass"))
.then(() => WaitRedirect(this.driver, "https://login.example.com:8080/secondfactor"))
});
});
});
Reference in New Issue View Git Blame Copy Permalink