Commit Graph

37 Commits (6b61426aabc237398ae465ca6921c6d3d653e3c2)

Author SHA1 Message Date
Glenn Wilkinson 54d9eb28ff
Merge pull request #2105 from gophish/fix-cors-headers
Add PUT and DELETE methods for CORS handling.
2021-03-06 17:40:42 +00:00
Shubhendra Singh Chauhan 15303e32cf
Fix code quality issues (#2118) 2021-02-24 17:34:38 -06:00
Jordan Wright 166ff8a050 Add PUT and DELETE methods for CORS handling. Fixes #2098 2021-01-24 14:01:40 -06:00
Jordan Wright 23154126de Made error handling in the case of a client IP without a port more graceful, so that the ratelimiter doesn't return an error if X-Forwarded-For or X-Real-IP is set. 2020-10-11 17:18:33 -05:00
Jordan Wright 6df62e85fd Added a simple Content-Security-Policy to mitigate clickjacking attempts. 2020-08-20 10:39:23 -05:00
Jordan Wright bb7de8df3e
Initial Implementation of a Password Policy (#1867)
This PR adds the initial work to implement a password policy as defined in #1538.

Specifically, this implements the following

* Rate limiting for the login handler
* Implementing the ability for system admins to require a user to reset their password
* Implementing a password policy that requires passwords to be a minimum of 8 characters
* Removes the default password (gophish) for admin users to instead have the password randomly generated when Gophish first starts up
* Adds a password strength meter when choosing a new password

Fixes #1538
2020-06-19 22:03:51 -05:00
Jordan Wright ec8b17238e General code cleanup as part of an effort to integrate staticcheck into our CI pipeline. 2020-05-25 21:46:36 -05:00
Jordan Wright be459e47bf
Refactoring tests to remove stretchr/testify dependency 2020-02-01 21:44:50 -06:00
Jordan Wright 84096b8724
Implement User Management API (#1473)
This implements the first pass for a user management API allowing users with the `ModifySystem` permission to create, modify, and delete users. In addition to this, any user is able to use the API to view or modify their own account information.
2019-05-31 13:58:18 -05:00
Jordan Wright 1e0a78db30
Refactoring API into separate package for easier management. (#1411) 2019-03-26 22:17:20 -05:00
Jordan Wright ba8ceb81da
Initial commit of RBAC support. (#1366)
* Initial commit of RBAC support. Closes #1333
2019-02-19 20:33:50 -06:00
Jordan Wright a73ac4ab7c Fixed various minor linting issues 2018-12-15 21:38:51 -06:00
Jordan Wright 47f0049c30
Refactor servers (#1321)
* Refactoring servers to support custom workers and graceful shutdown.
* Refactoring workers to support custom mailers.
* Refactoring mailer to be an interface, with proper instances instead of a single global instance
* Cleaning up a few things. Locking maillogs for campaigns set to launch immediately to prevent a race condition.
* Cleaning up API middleware to be simpler
* Moving template parameters to separate struct
* Changed LoadConfig to return config object
* Cleaned up some error handling, removing uninitialized global error in models package
* Changed static file serving to use the unindexed package
2018-12-15 15:42:32 -06:00
Jordan Wright 5f3c94d0cf
Add support for authenticating to the API via an Authorization Bearer token. 2018-04-21 12:19:58 -05:00
Jordan Wright aa8c770e73 Adding "next" parameter to support redirecting after successful login. 2017-12-10 21:40:46 -06:00
Jordan Wright b3cadcb01f Fixing middleware JSON responses 2017-01-18 20:12:25 -06:00
Jordan Wright 103fd72cc8 Fixing context issues with Go 1.7. 2016-09-14 22:24:51 -05:00
Jordan Wright 32aaa15da7 Added documentation for multiple endpoints. Fixes #54 2016-01-24 20:47:16 -06:00
William Woodson 3a0fa4f93f Update bcrypt dependency and code moved to gophish group 2016-01-10 11:04:03 -06:00
unknown 669d96d279 More work implementing pages.
More cleanup - changing *all* API errors to be returned via JSON
Fixed bug where /api/pages/ was not csrf exempt
Changed db column/table names to be more user friendly in the case of acronyms (Id, SMTP, etc.)
2015-02-07 14:31:41 -06:00
Jordan 96cefc4931 Cleaned up possible (very unlikely?) permission issue
Better logging in controllers module
DRY changes to API
Added Data attribute to models.Response struct
Added GetTemplateByName (will be used in filling out campaign)
Changed modal to be 800px on large screens for better previews
2014-06-01 23:38:21 -05:00
Jordan c349860878 Middleware now returns JSON error message 2014-06-01 23:14:05 -05:00
Jordan e137126a90 Working on gorm integration
TODO:
[ ] Finish up groups (many-to-many with group_targets)
[ ] Convert Template models
2014-03-25 23:53:51 -05:00
Jordan 584d7dbc23 Major refactoring - modularized models into separate files. Removed db package (moved to models)
I will be looking to migrate to gorm (instead of gorp) soon!
2014-03-24 22:31:33 -05:00
Jordan 73db7fbdf9 Fixed invalid/unset API Key header to be 400 instead of 500
Successfully handle OPTIONS header for API
2014-02-11 00:14:58 -06:00
Jordan af7a8f4c4e Added easier support for Flashes
Moving DB access (as much as possible) into `db` package.
2014-02-05 10:57:53 -06:00
Jordan 359fa01c1c Cleaned up csrf exemptions
Cleaned up models
Added UNIQUE constraint on many-many tables
Added form parsing/ userid from API key lookup in middleware
2014-02-04 15:23:09 -06:00
Jordan 87fbd41184 Changing int to int64
Starting to implement angularjs
Implemented /api/campaigns/:id GET
Changed template delims to {{% and %}}
2014-01-31 20:49:22 -06:00
Jordan c60b9d584b - Working on implementing the API (started working on /api/campaigns)
- Implemented APIKey middleware
- Changed settings template to look a bit nicer and to, you know, work.
2014-01-30 22:46:25 -06:00
Jordan 2a88b259b3 Working on API layout 2014-01-12 20:00:20 -06:00
Jordan cdb4181406 Renamed CheckLogin to Login
Changed encryption cookie to be 32 bytes (64 bytes not supported)
2014-01-11 00:10:52 -06:00
Jordan 2a62f62bc6 Cleaned API even more (everything is via HandlerFunc)
Sessions are now encrypted as well as signed.
2014-01-10 22:37:42 -06:00
Jordan 42d7c463df Moved Use() to controllers from middleware for cleaner usage (I'll consider moving it back if it doesn't logically make sense)
Renamed Base_Campaigns to Campaigns
2014-01-10 22:11:44 -06:00
Jordan 61ef18b3b4 Implemented auth.GetUser(id)
Impemented RequireLogin() middleware
Login is now working, just need to clean up the architecture a bit
2014-01-09 22:21:12 -06:00
Jordan bb627396ee Implemented Flashes (Model and functionality)
Working on login functionality
Changed the way templates are loaded and rendered
2014-01-09 21:21:54 -06:00
Jordan 7eb90b27ad Moved DB to root folder
Created db package to handle DB connection/queries
Removed Setup.go (now handled in db package)
Setup context in middleware
2014-01-09 17:18:49 -06:00
Jordan 7f084760f9 Major refactoring - created auth, config, models, controllers, and middleware packages. Should help provide modularity and a clean architecture.
Added doc.go for each package
2014-01-09 00:42:05 -06:00