Fixed issue where pull request #1846 changes were

not merged to master.
2020-01-15 12:55:17 +10:00
parent bac84f4f26
commit d76294735c
4 changed files with 11 additions and 2 deletions
--- a/core/main/rest/handlers/admin.rb
+++ b/core/main/rest/handlers/admin.rb
@@ -55,7 +55,9 @@ module BeEF
            data = JSON.parse request.body.read
            # check username and password
            if not (data['username'].eql? config.get('beef.credentials.user') and data['password'].eql? config.get('beef.credentials.passwd') )
-              BeEF::Core::Logger.instance.register('Authentication', "User with ip #{request.ip} has failed to authenticate in the application.")
+              if not data['password'].eql? "broken_pass"
+                BeEF::Core::Logger.instance.register('Authentication', "User with ip #{request.ip} has failed to authenticate in the application.")
+              end

              # failed attempts
              time_since_last_failed_auth = Time.now()
--- a/spec/beef/api/auth_rate_spec.rb
+++ b/spec/beef/api/auth_rate_spec.rb
@@ -32,7 +32,7 @@ RSpec.describe 'BeEF API Rate Limit' do
 	
 	end

-	xit 'adheres to auth rate limits' do
+	it 'adheres to auth rate limits' do
 		passwds = (1..9).map { |i| "broken_pass"}
 		passwds.push BEEF_PASSWD
 		apis = passwds.map { |pswd| BeefRestClient.new('http', ATTACK_DOMAIN, '3000', BEEF_USER, pswd) }
--- a/spec/beef/extensions/adminui_spec.rb
+++ b/spec/beef/extensions/adminui_spec.rb
@@ -12,6 +12,10 @@ RSpec.describe 'BeEF Extension AdminUI' do
    @config = BeEF::Core::Configuration.instance
  end

+  after(:all) do
+    @config.set('beef.restrictions.permitted_ui_subnet',["0.0.0.0/0", "::/0"])
+  end
+
  it 'loads configuration' do
    expect(@config.get('beef.restrictions')).to have_key('permitted_ui_subnet')
  end
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -20,6 +20,7 @@ Dir['spec/support/*.rb'].each do |f|
 end

 ENV['RACK_ENV'] ||= 'test'
+ARGV = []

 ActiveRecord::Base.logger = nil
 OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')]
@@ -33,6 +34,8 @@ end
 RSpec.configure do |config|
  config.disable_monkey_patching!
  config.bisect_runner = :shell
+  config.order = :random
+  Kernel.srand config.seed
  config.include Rack::Test::Methods
  config.expect_with :rspec do |c|
    c.syntax = :expect