mirror of https://github.com/gophish/gophish
Updating redirect URL to support template values. Fixes #1235
Jordan Wright
parent
ebc099b6c2
commit
326649b177
|
|
@ -190,7 +190,13 @@ func renderPhishResponse(w http.ResponseWriter, r *http.Request, ptx models.Phis
|
||||||
// should send the user to that URL
|
// should send the user to that URL
|
||||||
if r.Method == "POST" {
|
if r.Method == "POST" {
|
||||||
if p.RedirectURL != "" {
|
if p.RedirectURL != "" {
|
||||||
http.Redirect(w, r, p.RedirectURL, 302)
|
redirectURL, err := models.ExecuteTemplate(p.RedirectURL, ptx)
|
||||||
|
if err != nil {
|
||||||
|
log.Error(err)
|
||||||
|
http.NotFound(w, r)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
http.Redirect(w, r, redirectURL, http.StatusFound)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -7,6 +7,7 @@ import (
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"log"
|
"log"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"net/url"
|
||||||
|
|
||||||
"github.com/gophish/gophish/config"
|
"github.com/gophish/gophish/config"
|
||||||
"github.com/gophish/gophish/models"
|
"github.com/gophish/gophish/models"
|
||||||
|
|
@ -229,3 +230,41 @@ func (s *ControllersSuite) TestTransparencyRequest() {
|
||||||
s.transparencyRequest(result, rid, "/track")
|
s.transparencyRequest(result, rid, "/track")
|
||||||
s.transparencyRequest(result, rid, "/report")
|
s.transparencyRequest(result, rid, "/report")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (s *ControllersSuite) TestRedirectTemplating() {
|
||||||
|
p := models.Page{
|
||||||
|
Name: "Redirect Page",
|
||||||
|
HTML: "<html>Test</html>",
|
||||||
|
UserId: 1,
|
||||||
|
RedirectURL: "http://example.com/{{.RId}}",
|
||||||
|
}
|
||||||
|
err := models.PostPage(&p)
|
||||||
|
s.Nil(err)
|
||||||
|
smtp, _ := models.GetSMTP(1, 1)
|
||||||
|
template, _ := models.GetTemplate(1, 1)
|
||||||
|
group, _ := models.GetGroup(1, 1)
|
||||||
|
|
||||||
|
campaign := models.Campaign{Name: "Redirect campaign"}
|
||||||
|
campaign.UserId = 1
|
||||||
|
campaign.Template = template
|
||||||
|
campaign.Page = p
|
||||||
|
campaign.SMTP = smtp
|
||||||
|
campaign.Groups = []models.Group{group}
|
||||||
|
err = models.PostCampaign(&campaign, campaign.UserId)
|
||||||
|
s.Nil(err)
|
||||||
|
|
||||||
|
client := http.Client{
|
||||||
|
CheckRedirect: func(req *http.Request, via []*http.Request) error {
|
||||||
|
return http.ErrUseLastResponse
|
||||||
|
},
|
||||||
|
}
|
||||||
|
result := campaign.Results[0]
|
||||||
|
resp, err := client.PostForm(fmt.Sprintf("%s/?%s=%s", ps.URL, models.RecipientParameter, result.RId), url.Values{"username": {"test"}, "password": {"test"}})
|
||||||
|
s.Nil(err)
|
||||||
|
defer resp.Body.Close()
|
||||||
|
s.Equal(http.StatusFound, resp.StatusCode)
|
||||||
|
expectedURL := fmt.Sprintf("http://example.com/%s", result.RId)
|
||||||
|
got, err := resp.Location()
|
||||||
|
s.Nil(err)
|
||||||
|
s.Equal(expectedURL, got.String())
|
||||||
|
}
|
||||||
|
|
|
||||||
|
|
@ -73,6 +73,9 @@ func (p *Page) Validate() error {
|
||||||
if err := ValidateTemplate(p.HTML); err != nil {
|
if err := ValidateTemplate(p.HTML); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
if err := ValidateTemplate(p.RedirectURL); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
return p.parseHTML()
|
return p.parseHTML()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -116,4 +116,11 @@ func (s *ModelsSuite) TestPageValidation(c *check.C) {
|
||||||
</html>`
|
</html>`
|
||||||
err = p.Validate()
|
err = p.Validate()
|
||||||
c.Assert(err, check.NotNil)
|
c.Assert(err, check.NotNil)
|
||||||
|
|
||||||
|
// Validate that if the RedirectURL contains an invalid template tag, that
|
||||||
|
// we catch it
|
||||||
|
p.HTML = "valid data"
|
||||||
|
p.RedirectURL = "http://example.com/{{.INVALIDTAG}}"
|
||||||
|
err = p.Validate()
|
||||||
|
c.Assert(err, check.NotNil)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue