mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
42581dfe93
In order to redirect the user after authentication, Authelia uses rd query parameter provided by the proxy. However an attacker could use phishing to make the user be redirected to a bad domain. In order to avoid the user to be redirected to a bad location, Authelia now verifies the redirection URL is under the protected domain.
31 lines
977 B
TypeScript
31 lines
977 B
TypeScript
import WithDriver from '../helpers/with-driver';
|
|
import FillLoginPageWithUserAndPasswordAndClick from '../helpers/fill-login-page-and-click';
|
|
import VisitPage from '../helpers/visit-page';
|
|
import SeeNotification from '../helpers/see-notification';
|
|
import {AUTHENTICATION_FAILED} from '../../shared/UserMessages';
|
|
|
|
/**
|
|
* When user provides bad password,
|
|
* Then he gets a notification message.
|
|
*/
|
|
describe("Provide bad password", function() {
|
|
WithDriver();
|
|
|
|
describe('failed login as john', function() {
|
|
before(function() {
|
|
this.timeout(10000);
|
|
|
|
const driver = this.driver;
|
|
return VisitPage(driver, "https://login.example.com:8080/")
|
|
.then(function() {
|
|
return FillLoginPageWithUserAndPasswordAndClick(driver, 'john', 'bad_password');
|
|
});
|
|
});
|
|
|
|
it('should get a notification message', function() {
|
|
this.timeout(10000);
|
|
return SeeNotification(this.driver, "error", AUTHENTICATION_FAILED);
|
|
});
|
|
});
|
|
});
|