diff --git a/models/page.go b/models/page.go index 1a40abfb..0f8cc53b 100644 --- a/models/page.go +++ b/models/page.go @@ -70,6 +70,9 @@ func (p *Page) Validate() error { if p.CapturePasswords && !p.CaptureCredentials { p.CaptureCredentials = true } + if err := ValidateTemplate(p.HTML); err != nil { + return err + } return p.parseHTML() } diff --git a/models/page_test.go b/models/page_test.go index c78c3285..c219a1cc 100644 --- a/models/page_test.go +++ b/models/page_test.go @@ -83,3 +83,37 @@ func (s *ModelsSuite) TestPostPage(c *check.C) { c.Assert(ok, check.Equals, false) }) } + +func (s *ModelsSuite) TestPageValidation(c *check.C) { + html := ` + + {{.BaseURL}} + ` + p := Page{ + HTML: html, + RedirectURL: "http://example.com", + } + // Validate that a name is required + err := p.Validate() + c.Assert(err, check.Equals, ErrPageNameNotSpecified) + + p.Name = "Test Page" + + // Validate that CaptureCredentials is automatically set if somehow the + // user fails to set it, but does indicate that passwords should be + // captured + p.CapturePasswords = true + c.Assert(p.CaptureCredentials, check.Equals, false) + err = p.Validate() + c.Assert(err, check.Equals, nil) + c.Assert(p.CaptureCredentials, check.Equals, true) + + // Validate that if the HTML contains an invalid template tag, that we + // catch it + p.HTML = ` + + {{.INVALIDTAG}} + ` + err = p.Validate() + c.Assert(err, check.NotNil) +} diff --git a/models/template.go b/models/template.go index 5f383ed0..a4e071ca 100644 --- a/models/template.go +++ b/models/template.go @@ -34,31 +34,10 @@ func (t *Template) Validate() error { case t.Text == "" && t.HTML == "": return ErrTemplateMissingParameter } - // Test that the variables used in the template - // validate with no issues - vc := ValidationContext{ - FromAddress: "foo@bar.com", - BaseURL: "http://example.com", - } - td := Result{ - BaseRecipient: BaseRecipient{ - Email: "foo@bar.com", - FirstName: "Foo", - LastName: "Bar", - Position: "Test", - }, - RId: "123456", - } - ptx, err := NewPhishingTemplateContext(vc, td.BaseRecipient, td.RId) - if err != nil { + if err = ValidateTemplate(t.HTML); err != nil { return err } - _, err = ExecuteTemplate(t.HTML, ptx) - if err != nil { - return err - } - _, err = ExecuteTemplate(t.Text, ptx) - if err != nil { + if err = ValidateTemplate(t.Text); err != nil { return err } return nil diff --git a/models/template_context.go b/models/template_context.go index 153a2166..96e03f3e 100644 --- a/models/template_context.go +++ b/models/template_context.go @@ -15,20 +15,6 @@ type TemplateContext interface { getBaseURL() string } -// ValidationContext is used for validating templates and pages -type ValidationContext struct { - FromAddress string - BaseURL string -} - -func (vc ValidationContext) getFromAddress() string { - return vc.FromAddress -} - -func (vc ValidationContext) getBaseURL() string { - return vc.BaseURL -} - // PhishingTemplateContext is the context that is sent to any template, such // as the email or landing page content. type PhishingTemplateContext struct { @@ -94,3 +80,44 @@ func ExecuteTemplate(text string, data interface{}) (string, error) { err = tmpl.Execute(&buff, data) return buff.String(), err } + +// ValidationContext is used for validating templates and pages +type ValidationContext struct { + FromAddress string + BaseURL string +} + +func (vc ValidationContext) getFromAddress() string { + return vc.FromAddress +} + +func (vc ValidationContext) getBaseURL() string { + return vc.BaseURL +} + +// ValidateTemplate ensures that the provided text in the page or template +// uses the supported template variables correctly. +func ValidateTemplate(text string) error { + vc := ValidationContext{ + FromAddress: "foo@bar.com", + BaseURL: "http://example.com", + } + td := Result{ + BaseRecipient: BaseRecipient{ + Email: "foo@bar.com", + FirstName: "Foo", + LastName: "Bar", + Position: "Test", + }, + RId: "123456", + } + ptx, err := NewPhishingTemplateContext(vc, td.BaseRecipient, td.RId) + if err != nil { + return err + } + _, err = ExecuteTemplate(text, ptx) + if err != nil { + return err + } + return nil +}