2015-08-24 01:42:47 +00:00
|
|
|
package controllers
|
|
|
|
|
|
|
|
import (
|
|
|
|
"bytes"
|
2015-08-26 02:03:12 +00:00
|
|
|
"encoding/json"
|
2015-08-24 01:42:47 +00:00
|
|
|
"fmt"
|
|
|
|
"net/http"
|
|
|
|
"net/http/httptest"
|
|
|
|
"os"
|
|
|
|
"testing"
|
|
|
|
|
2016-01-10 17:03:17 +00:00
|
|
|
"github.com/gophish/gophish/config"
|
|
|
|
"github.com/gophish/gophish/models"
|
2015-08-24 01:42:47 +00:00
|
|
|
"github.com/stretchr/testify/suite"
|
|
|
|
)
|
|
|
|
|
|
|
|
// ControllersSuite is a suite of tests to cover API related functions
|
|
|
|
type ControllersSuite struct {
|
|
|
|
suite.Suite
|
2018-12-15 21:42:32 +00:00
|
|
|
ApiKey string
|
|
|
|
config *config.Config
|
|
|
|
adminServer *httptest.Server
|
|
|
|
phishServer *httptest.Server
|
2015-08-24 01:42:47 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (s *ControllersSuite) SetupSuite() {
|
2018-12-15 21:42:32 +00:00
|
|
|
conf := &config.Config{
|
|
|
|
DBName: "sqlite3",
|
|
|
|
DBPath: ":memory:",
|
|
|
|
MigrationsPath: "../db/db_sqlite3/migrations/",
|
|
|
|
}
|
|
|
|
err := models.Setup(conf)
|
2015-08-24 01:42:47 +00:00
|
|
|
if err != nil {
|
|
|
|
s.T().Fatalf("Failed creating database: %v", err)
|
|
|
|
}
|
2018-12-15 21:42:32 +00:00
|
|
|
s.config = conf
|
2015-08-24 01:42:47 +00:00
|
|
|
s.Nil(err)
|
|
|
|
// Setup the admin server for use in testing
|
2018-12-15 21:42:32 +00:00
|
|
|
s.adminServer = httptest.NewUnstartedServer(NewAdminServer(s.config.AdminConf).server.Handler)
|
|
|
|
s.adminServer.Config.Addr = s.config.AdminConf.ListenURL
|
|
|
|
s.adminServer.Start()
|
2015-08-24 01:42:47 +00:00
|
|
|
// Get the API key to use for these tests
|
|
|
|
u, err := models.GetUser(1)
|
|
|
|
s.Nil(err)
|
|
|
|
s.ApiKey = u.ApiKey
|
2017-06-09 04:41:38 +00:00
|
|
|
// Start the phishing server
|
2018-12-15 21:42:32 +00:00
|
|
|
s.phishServer = httptest.NewUnstartedServer(NewPhishingServer(s.config.PhishConf).server.Handler)
|
|
|
|
s.phishServer.Config.Addr = s.config.PhishConf.ListenURL
|
|
|
|
s.phishServer.Start()
|
2017-06-09 04:41:38 +00:00
|
|
|
// Move our cwd up to the project root for help with resolving
|
|
|
|
// static assets
|
|
|
|
err = os.Chdir("../")
|
|
|
|
s.Nil(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *ControllersSuite) TearDownTest() {
|
|
|
|
campaigns, _ := models.GetCampaigns(1)
|
|
|
|
for _, campaign := range campaigns {
|
|
|
|
models.DeleteCampaign(campaign.Id)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *ControllersSuite) SetupTest() {
|
|
|
|
// Add a group
|
|
|
|
group := models.Group{Name: "Test Group"}
|
|
|
|
group.Targets = []models.Target{
|
2018-06-09 02:20:52 +00:00
|
|
|
models.Target{BaseRecipient: models.BaseRecipient{Email: "test1@example.com", FirstName: "First", LastName: "Example"}},
|
|
|
|
models.Target{BaseRecipient: models.BaseRecipient{Email: "test2@example.com", FirstName: "Second", LastName: "Example"}},
|
2017-06-09 04:41:38 +00:00
|
|
|
}
|
|
|
|
group.UserId = 1
|
|
|
|
models.PostGroup(&group)
|
|
|
|
|
|
|
|
// Add a template
|
|
|
|
t := models.Template{Name: "Test Template"}
|
|
|
|
t.Subject = "Test subject"
|
|
|
|
t.Text = "Text text"
|
|
|
|
t.HTML = "<html>Test</html>"
|
|
|
|
t.UserId = 1
|
|
|
|
models.PostTemplate(&t)
|
|
|
|
|
|
|
|
// Add a landing page
|
|
|
|
p := models.Page{Name: "Test Page"}
|
|
|
|
p.HTML = "<html>Test</html>"
|
|
|
|
p.UserId = 1
|
|
|
|
models.PostPage(&p)
|
|
|
|
|
|
|
|
// Add a sending profile
|
|
|
|
smtp := models.SMTP{Name: "Test Page"}
|
|
|
|
smtp.UserId = 1
|
|
|
|
smtp.Host = "example.com"
|
|
|
|
smtp.FromAddress = "test@test.com"
|
|
|
|
models.PostSMTP(&smtp)
|
|
|
|
|
|
|
|
// Setup and "launch" our campaign
|
|
|
|
// Set the status such that no emails are attempted
|
|
|
|
c := models.Campaign{Name: "Test campaign"}
|
|
|
|
c.UserId = 1
|
|
|
|
c.Template = t
|
|
|
|
c.Page = p
|
|
|
|
c.SMTP = smtp
|
|
|
|
c.Groups = []models.Group{group}
|
|
|
|
models.PostCampaign(&c, c.UserId)
|
|
|
|
c.UpdateStatus(models.CAMPAIGN_EMAILS_SENT)
|
2015-08-24 01:42:47 +00:00
|
|
|
}
|
|
|
|
|
2018-03-27 02:04:22 +00:00
|
|
|
func (s *ControllersSuite) TestRequireAPIKey() {
|
2018-12-15 21:42:32 +00:00
|
|
|
resp, err := http.Post(fmt.Sprintf("%s/api/import/site", s.adminServer.URL), "application/json", nil)
|
2018-03-27 02:04:22 +00:00
|
|
|
s.Nil(err)
|
|
|
|
defer resp.Body.Close()
|
2018-12-15 21:42:32 +00:00
|
|
|
s.Equal(resp.StatusCode, http.StatusUnauthorized)
|
2018-03-27 02:04:22 +00:00
|
|
|
}
|
|
|
|
|
2018-04-21 17:19:58 +00:00
|
|
|
func (s *ControllersSuite) TestInvalidAPIKey() {
|
2018-12-15 21:42:32 +00:00
|
|
|
resp, err := http.Get(fmt.Sprintf("%s/api/groups/?api_key=%s", s.adminServer.URL, "bogus-api-key"))
|
2018-04-21 17:19:58 +00:00
|
|
|
s.Nil(err)
|
|
|
|
defer resp.Body.Close()
|
2018-12-15 21:42:32 +00:00
|
|
|
s.Equal(resp.StatusCode, http.StatusUnauthorized)
|
2018-04-21 17:19:58 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (s *ControllersSuite) TestBearerToken() {
|
2018-12-15 21:42:32 +00:00
|
|
|
req, err := http.NewRequest("GET", fmt.Sprintf("%s/api/groups/", s.adminServer.URL), nil)
|
2018-04-21 17:19:58 +00:00
|
|
|
s.Nil(err)
|
|
|
|
req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", s.ApiKey))
|
|
|
|
resp, err := http.DefaultClient.Do(req)
|
|
|
|
s.Nil(err)
|
|
|
|
defer resp.Body.Close()
|
|
|
|
s.Equal(resp.StatusCode, http.StatusOK)
|
|
|
|
}
|
|
|
|
|
2015-08-24 01:42:47 +00:00
|
|
|
func (s *ControllersSuite) TestSiteImportBaseHref() {
|
|
|
|
h := "<html><head></head><body><img src=\"/test.png\"/></body></html>"
|
|
|
|
ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
fmt.Fprintln(w, h)
|
|
|
|
}))
|
2015-08-26 02:03:12 +00:00
|
|
|
hr := fmt.Sprintf("<html><head><base href=\"%s\"/></head><body><img src=\"/test.png\"/>\n</body></html>", ts.URL)
|
2015-08-24 01:42:47 +00:00
|
|
|
defer ts.Close()
|
2018-12-15 21:42:32 +00:00
|
|
|
resp, err := http.Post(fmt.Sprintf("%s/api/import/site?api_key=%s", s.adminServer.URL, s.ApiKey), "application/json",
|
2015-08-24 01:42:47 +00:00
|
|
|
bytes.NewBuffer([]byte(fmt.Sprintf(`
|
|
|
|
{
|
|
|
|
"url" : "%s",
|
|
|
|
"include_resources" : false
|
|
|
|
}
|
|
|
|
`, ts.URL))))
|
|
|
|
s.Nil(err)
|
|
|
|
defer resp.Body.Close()
|
2015-08-26 02:03:12 +00:00
|
|
|
cs := cloneResponse{}
|
|
|
|
err = json.NewDecoder(resp.Body).Decode(&cs)
|
2015-08-24 01:42:47 +00:00
|
|
|
s.Nil(err)
|
2015-08-26 02:03:12 +00:00
|
|
|
s.Equal(cs.HTML, hr)
|
2015-08-24 01:42:47 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (s *ControllersSuite) TearDownSuite() {
|
2017-06-09 04:41:38 +00:00
|
|
|
// Tear down the admin and phishing servers
|
2018-12-15 21:42:32 +00:00
|
|
|
s.adminServer.Close()
|
|
|
|
s.phishServer.Close()
|
2015-08-24 01:42:47 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func TestControllerSuite(t *testing.T) {
|
|
|
|
suite.Run(t, new(ControllersSuite))
|
|
|
|
}
|