Moved template validation into separate function, and added validation for pages

models/page.go

@@ -70,6 +70,9 @@ func (p *Page) Validate() error {
 	if p.CapturePasswords && !p.CaptureCredentials {
 		p.CaptureCredentials = true
 	}
+	if err := ValidateTemplate(p.HTML); err != nil {
+		return err
+	}
 	return p.parseHTML()
 }
 

models/page_test.go

@@ -83,3 +83,37 @@ func (s *ModelsSuite) TestPostPage(c *check.C) {
 		c.Assert(ok, check.Equals, false)
 	})
 }
+
+func (s *ModelsSuite) TestPageValidation(c *check.C) {
+	html := `<html>
+			<head></head>
+			<body>{{.BaseURL}}</body>
+		  </html>`
+	p := Page{
+		HTML:        html,
+		RedirectURL: "http://example.com",
+	}
+	// Validate that a name is required
+	err := p.Validate()
+	c.Assert(err, check.Equals, ErrPageNameNotSpecified)
+
+	p.Name = "Test Page"
+
+	// Validate that CaptureCredentials is automatically set if somehow the
+	// user fails to set it, but does indicate that passwords should be
+	// captured
+	p.CapturePasswords = true
+	c.Assert(p.CaptureCredentials, check.Equals, false)
+	err = p.Validate()
+	c.Assert(err, check.Equals, nil)
+	c.Assert(p.CaptureCredentials, check.Equals, true)
+
+	// Validate that if the HTML contains an invalid template tag, that we
+	// catch it
+	p.HTML = `<html>
+		<head></head>
+		<body>{{.INVALIDTAG}}</body>
+	  </html>`
+	err = p.Validate()
+	c.Assert(err, check.NotNil)
+}

models/template.go

@@ -34,31 +34,10 @@ func (t *Template) Validate() error {
 	case t.Text == "" && t.HTML == "":
 		return ErrTemplateMissingParameter
 	}
-	// Test that the variables used in the template
+	if err = ValidateTemplate(t.HTML); err != nil {
-	// validate with no issues
-	vc := ValidationContext{
-		FromAddress: "foo@bar.com",
-		BaseURL:     "http://example.com",
-	}
-	td := Result{
-		BaseRecipient: BaseRecipient{
-			Email:     "foo@bar.com",
-			FirstName: "Foo",
-			LastName:  "Bar",
-			Position:  "Test",
-		},
-		RId: "123456",
-	}
-	ptx, err := NewPhishingTemplateContext(vc, td.BaseRecipient, td.RId)
-	if err != nil {
 		return err
 	}
-	_, err = ExecuteTemplate(t.HTML, ptx)
+	if err = ValidateTemplate(t.Text); err != nil {
-	if err != nil {
-		return err
-	}
-	_, err = ExecuteTemplate(t.Text, ptx)
-	if err != nil {
 		return err
 	}
 	return nil

models/template_context.go

@@ -15,20 +15,6 @@ type TemplateContext interface {
 	getBaseURL() string
 }
 
-// ValidationContext is used for validating templates and pages
-type ValidationContext struct {
-	FromAddress string
-	BaseURL     string
-}
-
-func (vc ValidationContext) getFromAddress() string {
-	return vc.FromAddress
-}
-
-func (vc ValidationContext) getBaseURL() string {
-	return vc.BaseURL
-}
-
 // PhishingTemplateContext is the context that is sent to any template, such
 // as the email or landing page content.
 type PhishingTemplateContext struct {
@@ -94,3 +80,44 @@ func ExecuteTemplate(text string, data interface{}) (string, error) {
 	err = tmpl.Execute(&buff, data)
 	return buff.String(), err
 }
+
+// ValidationContext is used for validating templates and pages
+type ValidationContext struct {
+	FromAddress string
+	BaseURL     string
+}
+
+func (vc ValidationContext) getFromAddress() string {
+	return vc.FromAddress
+}
+
+func (vc ValidationContext) getBaseURL() string {
+	return vc.BaseURL
+}
+
+// ValidateTemplate ensures that the provided text in the page or template
+// uses the supported template variables correctly.
+func ValidateTemplate(text string) error {
+	vc := ValidationContext{
+		FromAddress: "foo@bar.com",
+		BaseURL:     "http://example.com",
+	}
+	td := Result{
+		BaseRecipient: BaseRecipient{
+			Email:     "foo@bar.com",
+			FirstName: "Foo",
+			LastName:  "Bar",
+			Position:  "Test",
+		},
+		RId: "123456",
+	}
+	ptx, err := NewPhishingTemplateContext(vc, td.BaseRecipient, td.RId)
+	if err != nil {
+		return err
+	}
+	_, err = ExecuteTemplate(text, ptx)
+	if err != nil {
+		return err
+	}
+	return nil
+}