Commit Graph

817 Commits (4005576c43caf10352180c3d5761a062a7782c1e)

Author SHA1 Message Date
W. Michael Petullo 4005576c43
Merge 7670e8dbc0 into 9561846979 2024-11-21 01:14:45 +00:00
Jordan Wright 9561846979
Update workflow actions and Go versions (#3245)
This PR:

* Updates the versions of various actions used by the CI and release workflows
* Updates the release workflow to use Go version 1.22
* Updates the test matrix to use Go versions 1.21, 1.22, and 1.23

It also updates the CI workflow to run when pull requests are created or changed. This will help give feedback when formatting or tests are broken during a PR.

As a good example of why this is useful, you'll see that I needed to run `gofmt` to get this to pass! We should have caught that earlier and now we'll catch it moving forward.
2024-09-22 23:24:43 -05:00
Caetan 908886f2cd
Enforce account locks when creating new users (#3173)
Properly enforce account locks when new users are created

---------

Co-authored-by: Caetan Tojeiro Carpente <caetan.tojeiro@tier8.com>
2024-09-22 22:53:08 -05:00
W. Michael Petullo 7670e8dbc0 Add option to read version from environment
Signed-off-by: W. Michael Petullo <mike@flyn.org>
2024-01-02 15:10:40 -06:00
Glenn Wilkinson 8e79294413 Added error handling to in-app reporting mechanism 2023-09-15 15:45:30 +01:00
RS ac9e6a7190
Add DB_NAME to run.sh to support mysql (#2850)
Adding environment variable DB_NAME to run.sh so that Gophish Container can be set up with mysql/mariadb.

db_name has to be changed in config to mysql for mysql connection to work.
2023-08-22 21:03:39 -05:00
Philipp 04f0fb6dfd
Install ca-certificates on Docker image (#2888)
The ca-certificates package is necessary for Gophish to connect to webhooks using HTTPS.
2023-08-22 20:50:03 -05:00
Glenn Wilkinson d2efb18ef1
Updated regex pattern to allow longer TLDs 2022-12-16 17:04:55 +00:00
tcastron 2d08befb6b
Modified "SMTP From" field to avoid SMTP server errors with RFC 5321 (#2669)
Co-authored-by: Thomas Castronovo <thocastronovo@cic.be>
2022-11-29 16:41:10 +00:00
Vivek Kekuda cec2da5128
Fix new records being added on completing a campaign (#2599)
There were new records with name '[Deleted]' being added when a campaign was
completed. This used to happen when the resource associated with a campaign
(template, page, profile) was deleted before marking the campaign as
completed. The save gorm call used to upsert these values and ended up adding
rogue records.
2022-10-13 16:16:37 +01:00
Glenn Wilkinson 095a9ba20c Updated README.md with working source installation instructions (see https://github.com/golang/go/issues/48332) 2022-09-29 13:21:31 +01:00
Glenn Wilkinson b1648f0759 Bumped version to 0.12.1 2022-09-14 11:30:00 +01:00
Glenn Wilkinson 06e95c1fb8 Minified campaigns.js #2482 2022-09-14 11:29:18 +01:00
Vivek Kekuda 53537a221a
Fix resource selection during campaign copy (#2482)
Clear the selection of resource (template, page, profile) whenever the original
resource is deleted and there is only one currently available resource present
in the DB while copying a campaign. Without this fix, the only available
resource is shown as the original resource, instead of showing [Deleted].
2022-09-14 12:26:29 +02:00
Glenn Wilkinson 2b85a2bda5 Updated release workflow to mitigate set-env vulnerability and fix Windows build 2022-09-14 11:06:03 +01:00
Glenn Wilkinson a53665b1b6 Updated formatting and CI to be in line with more recent versions of go 2022-09-12 22:05:34 +01:00
Mark Cabanero 78e9a51168
Add Trusted Origins to CSRF Handler (#2301)
Enables the user to add addresses that they expect incoming connections
to come from. Helpful in cases where TLS termination is handled by a
load balancer upstream, rather than the application itself.
2022-09-06 16:20:19 +02:00
Glenn Wilkinson 3863ad31b9 Fixed issue with sorting by login date of users 2022-08-26 23:09:14 +02:00
Glenn Wilkinson 34f7457294
Update README.md
Updated installation command
2022-08-25 15:28:54 +02:00
Glenn Wilkinson 32c0502999 Minified missing sending_profile file (741201b) 2022-08-24 18:00:00 +02:00
Glenn Wilkinson 6b61426aab Bumped version to 0.12.0 2022-08-12 21:31:43 +02:00
Glenn Wilkinson 90cd444dcb Minified template.js resolving #2545 2022-08-09 15:24:29 +01:00
Glenn Wilkinson 5ef2d75e72 Fixed Account Locked bug, allowing user accounts to be locked 2022-06-11 11:25:56 +01:00
Glenn Wilkinson 6fb77bf3ce Fixed formatting from Custom Envelope PR #2334 2022-06-05 21:18:32 +01:00
Glenn Wilkinson d0ff3829e5 Disallow deleting of admin user from the UI (#2487) 2022-06-01 17:01:55 +01:00
Glenn Wilkinson 0c255bbe92 Disallow changing of admin username from the UI (#2487) 2022-06-01 16:40:04 +01:00
Bálint József Jánvári b7c69662ce
Embed or attach files based on their file extension (#1525)
Embed or attach files based on their file extension:
 * Set 'Content-Disposition: inline' for images
 * Set 'Content-Disposition: attachment' for other files
2022-06-01 17:14:22 +02:00
Jake Walker 704e6d56b3
Fix modal titles saying new when editing existing content (#2318) 2022-04-15 16:28:19 +02:00
ptitdoc bb516ef7ab
986 custom envelope sender remerge (#2334)
* Adds the ability to specify an envelope sender in templates (#986)

Authored-by: ChessSpider <ChessSpider@users.noreply.github.com>
Authored-by: Olivier MEDOC <o_medoc@yahoo.fr>
Authored-by: ptitdoc <ptitdoc@free.fr>
2022-03-25 16:24:49 +01:00
dependabot[bot] e0acb99734
Bump minimist from 1.2.0 to 1.2.5 (#2401)
Bumps [minimist](https://github.com/substack/minimist) from 1.2.0 to 1.2.5.
- [Release notes](https://github.com/substack/minimist/releases)
- [Commits](https://github.com/substack/minimist/compare/1.2.0...1.2.5)

---
updated-dependencies:
- dependency-name: minimist
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-25 13:10:19 +01:00
dependabot[bot] eb016a437c
Bump copy-props from 2.0.4 to 2.0.5 (#2399)
Bumps [copy-props](https://github.com/gulpjs/copy-props) from 2.0.4 to 2.0.5.
- [Release notes](https://github.com/gulpjs/copy-props/releases)
- [Changelog](https://github.com/gulpjs/copy-props/blob/master/CHANGELOG.md)
- [Commits](https://github.com/gulpjs/copy-props/compare/2.0.4...2.0.5)

---
updated-dependencies:
- dependency-name: copy-props
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-17 15:03:51 +01:00
Kirill 67e304f372
Fix open redirect vulnerability on the login page (#2262) 2022-02-16 17:26:51 +01:00
dependabot[bot] e215132bdf
Bump ajv from 6.10.0 to 6.12.6 (#2395)
Bumps [ajv](https://github.com/ajv-validator/ajv) from 6.10.0 to 6.12.6.
- [Release notes](https://github.com/ajv-validator/ajv/releases)
- [Commits](https://github.com/ajv-validator/ajv/compare/v6.10.0...v6.12.6)

---
updated-dependencies:
- dependency-name: ajv
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-16 16:46:30 +01:00
Glenn Wilkinson 741201b7f0 Added JS for Fix sending profile form (#2389) 2022-02-16 15:30:38 +00:00
Mark Steward 1f95efcb7b
Fix sending profile form (#2389)
Credentials no longer suggested in the Search box in 'Sending Profiles'
2022-02-07 17:12:55 +01:00
Glenn Wilkinson a6627dfc6b
Added support for templating attachments (#1936)
The following attachment types support template variables: docx, docm, pptx, xlsx, xlsm, txt, html, ics.
2022-02-02 15:41:27 +01:00
Bilal Retiat 0646f14c99
Updated the Ansible Playbook (#2138)
* Update Ansible role
* lint Ansible role
* Update Ansible Playbook README
* use python3 packages instead python2
2021-12-23 19:13:43 +01:00
Glenn Wilkinson ceab0509eb
Merge pull request #2296 from gophish/dependabot/npm_and_yarn/tar-4.4.19
Bump tar from 4.4.8 to 4.4.19
2021-12-18 09:49:34 +01:00
Glenn Wilkinson 202ecd3397
Merge pull request #2277 from gophish/dependabot/npm_and_yarn/path-parse-1.0.7
Bump path-parse from 1.0.6 to 1.0.7
2021-12-18 09:49:20 +01:00
Glenn Wilkinson 4b106b3fe2
Merge pull request #2211 from gophish/dependabot/npm_and_yarn/browserslist-4.16.6
Bump browserslist from 4.6.1 to 4.16.6
2021-12-18 09:49:11 +01:00
Glenn Wilkinson 1d18ea7e01
Merge pull request #2196 from gophish/dependabot/npm_and_yarn/hosted-git-info-2.8.9
Bump hosted-git-info from 2.7.1 to 2.8.9
2021-12-18 09:48:50 +01:00
Glenn Wilkinson b3f0bad5ce
Merge pull request #2195 from gophish/dependabot/npm_and_yarn/lodash-4.17.21
Bump lodash from 4.17.19 to 4.17.21
2021-12-18 09:48:41 +01:00
Glenn Wilkinson 12ecfd84cc
Merge pull request #2182 from gophish/dependabot/npm_and_yarn/ssri-6.0.2
Bump ssri from 6.0.1 to 6.0.2
2021-12-18 09:48:33 +01:00
Glenn Wilkinson 4814620cdc
Merge pull request #2157 from gophish/dependabot/npm_and_yarn/y18n-3.2.2
Bump y18n from 3.2.1 to 3.2.2
2021-12-18 09:48:00 +01:00
dependabot[bot] 003d143641
Bump tar from 4.4.8 to 4.4.19
Bumps [tar](https://github.com/npm/node-tar) from 4.4.8 to 4.4.19.
- [Release notes](https://github.com/npm/node-tar/releases)
- [Changelog](https://github.com/npm/node-tar/blob/main/CHANGELOG.md)
- [Commits](https://github.com/npm/node-tar/compare/v4.4.8...v4.4.19)

---
updated-dependencies:
- dependency-name: tar
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-09-01 04:00:10 +00:00
dependabot[bot] f89c85f558
Bump path-parse from 1.0.6 to 1.0.7
Bumps [path-parse](https://github.com/jbgutierrez/path-parse) from 1.0.6 to 1.0.7.
- [Release notes](https://github.com/jbgutierrez/path-parse/releases)
- [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7)

---
updated-dependencies:
- dependency-name: path-parse
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-08-10 23:42:11 +00:00
dependabot[bot] 5aa3a858cb
Bump browserslist from 4.6.1 to 4.16.6
Bumps [browserslist](https://github.com/browserslist/browserslist) from 4.6.1 to 4.16.6.
- [Release notes](https://github.com/browserslist/browserslist/releases)
- [Changelog](https://github.com/browserslist/browserslist/blob/main/CHANGELOG.md)
- [Commits](https://github.com/browserslist/browserslist/compare/4.6.1...4.16.6)

Signed-off-by: dependabot[bot] <support@github.com>
2021-05-25 07:33:27 +00:00
dependabot[bot] 82fd6adf68
Bump hosted-git-info from 2.7.1 to 2.8.9
Bumps [hosted-git-info](https://github.com/npm/hosted-git-info) from 2.7.1 to 2.8.9.
- [Release notes](https://github.com/npm/hosted-git-info/releases)
- [Changelog](https://github.com/npm/hosted-git-info/blob/v2.8.9/CHANGELOG.md)
- [Commits](https://github.com/npm/hosted-git-info/compare/v2.7.1...v2.8.9)

Signed-off-by: dependabot[bot] <support@github.com>
2021-05-10 07:08:01 +00:00
dependabot[bot] 5fc6ba6bef
Bump lodash from 4.17.19 to 4.17.21
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.19 to 4.17.21.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.19...4.17.21)

Signed-off-by: dependabot[bot] <support@github.com>
2021-05-08 15:03:26 +00:00
dependabot[bot] a5b3b134ba
Bump ssri from 6.0.1 to 6.0.2
Bumps [ssri](https://github.com/npm/ssri) from 6.0.1 to 6.0.2.
- [Release notes](https://github.com/npm/ssri/releases)
- [Changelog](https://github.com/npm/ssri/blob/v6.0.2/CHANGELOG.md)
- [Commits](https://github.com/npm/ssri/compare/v6.0.1...v6.0.2)

Signed-off-by: dependabot[bot] <support@github.com>
2021-04-29 18:52:25 +00:00