Skip to content
This repository has been archived by the owner on Nov 4, 2024. It is now read-only.

Commit

Permalink
fix: mac removal request
Browse files Browse the repository at this point in the history
  • Loading branch information
ditsuke committed Apr 16, 2023
1 parent 84b5c6b commit 03da520
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 8 deletions.
7 changes: 3 additions & 4 deletions amizone/amizone.go
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ const (

// deleteWifiMacEndpoint is peculiar in that it requires the user's ID as a parameter.
// This _might_ open doors for an exploit (spoiler: indeed it does)
removeWifiMacEndpoint = macBaseEndpoint + "/Mac1RegistrationDelete?username=%s&Amizone_Id=%s"
removeWifiMacEndpoint = macBaseEndpoint + "/Mac1RegistrationDelete?Amizone_Id=%s&username=%s&X-Requested-With=XMLHttpRequest"

facultyBaseEndpoint = "/FacultyFeeback/FacultyFeedback"
facultyEndpointSubmitEndpoint = facultyBaseEndpoint + "/SaveFeedbackRating"
Expand Down Expand Up @@ -382,9 +382,8 @@ func (a *Client) RegisterWifiMac(addr net.HardwareAddr, bypassLimit bool) error
// I suspect this might go straight into the DB.
payload.Set("Name", "DoesntMatter")

payload.Set("Mac1", marshaller.Mac(wifis[0]))
if len(wifis) == 2 {
payload.Set("Mac2", marshaller.Mac(wifis[1]))
for i, mac := range wifis {
payload.Set(fmt.Sprintf("Mac%d", i+1), marshaller.Mac(mac))
}

res, err := a.doRequest(true, http.MethodPost, registerWifiMacsEndpoint, strings.NewReader(payload.Encode()))
Expand Down
8 changes: 4 additions & 4 deletions amizone/amizone_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -690,8 +690,8 @@ func TestClient_RemoveWifiMac(t *testing.T) {
g.Expect(
mock.GockRegisterWifiMacDeletion(
map[string]string{
"username": mock.ValidUser,
"Amizone_Id": mock.ValidMac2,
"Amizone_Id": mock.ValidUser,
"username": mock.ValidMac2,
},
// Send some unexpected page back
mock.CoursesPage,
Expand All @@ -713,8 +713,8 @@ func TestClient_RemoveWifiMac(t *testing.T) {
g.Expect(
mock.GockRegisterWifiMacDeletion(
map[string]string{
"username": mock.ValidUser,
"Amizone_Id": mock.ValidMac2,
"username": mock.ValidMac2,
"Amizone_Id": mock.ValidUser,
},
mock.WifiPageOneSlotPopulated,
),
Expand Down

0 comments on commit 03da520

Please sign in to comment.