Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/spec/integration/msfmcpd/messagepack_auth_flow_spec.rb
70330 views
1
# frozen_string_literal: true

2


3
require 'msf/core/mcp'

4
require 'webmock/rspec'

5


6
RSpec.describe 'MessagePack Authentication Flow Integration' do

7
  # Disable real HTTP connections for integration tests

8
  before(:all) do

9
    WebMock.disable_net_connect!(allow_localhost: false)

10
  end

11


12
  after(:all) do

13
    WebMock.allow_net_connect!

14
  end

15


16
  let(:host) { 'localhost' }

17
  let(:port) { 55553 }

18
  let(:endpoint) { '/api/' }

19
  let(:user) { 'test_user' }

20
  let(:password) { 'test_password' }

21
  let(:api_url) { "https://#{host}:#{port}#{endpoint}" }

22


23
  describe 'Successful Authentication' do

24
    it 'authenticates with username and password' do

25
      # Stub authentication endpoint

26
      stub_request(:post, api_url)

27
        .with(body: ['auth.login', user, password].to_msgpack)

28
        .to_return(

29
          status: 200,

30
          body: { 'result' => 'success', 'token' => 'test_token_12345' }.to_msgpack,

31
          headers: { 'Content-Type' => 'binary/message-pack' }

32
        )

33


34
      client = Msf::MCP::Metasploit::MessagePackClient.new(

35
        host: host,

36
        port: port,

37
        endpoint: endpoint

38
      )

39


40
      token = client.authenticate(user, password)

41
      expect(token).to eq('test_token_12345')

42
    end

43
  end

44


45
  describe 'Token Reuse' do

46
    it 'stores token for subsequent API calls' do

47
      # Stub authentication endpoint

48
      stub_request(:post, api_url)

49
        .with(body: ['auth.login', user, password].to_msgpack)

50
        .to_return(

51
          status: 200,

52
          body: { 'result' => 'success', 'token' => 'test_token_12345' }.to_msgpack,

53
          headers: { 'Content-Type' => 'binary/message-pack' }

54
        )

55


56
      # Stub subsequent API call with token

57
      stub_request(:post, api_url)

58
        .with(body: ['module.search', 'test_token_12345', 'smb'].to_msgpack)

59
        .to_return(

60
          status: 200,

61
          body: [].to_msgpack,

62
          headers: { 'Content-Type' => 'binary/message-pack' }

63
        )

64


65
      client = Msf::MCP::Metasploit::MessagePackClient.new(

66
        host: host,

67
        port: port,

68
        endpoint: endpoint

69
      )

70


71
      stored_token = client.authenticate(user, password)

72


73
      # Subsequent request should use the stored token

74
      client.call_api('module.search', ['smb'])

75


76
      # Token should still be the same

77
      expect(client.instance_variable_get(:@token)).to eq(stored_token)

78
      expect(stored_token).to eq('test_token_12345')

79
    end

80
  end

81
end

82


83