Commit Graph

29 Commits (f034d15aa2fa2097a4b568072cbc1a2333e1f59b)

Author SHA1 Message Date
s vignesh bfb7fd11e8 Fixing XSS Vulnerabilities
This pull request fixed XSS vulnerabilities identified in the gophish admin panel.

**Important: These vulnerabilities could only be exploited if someone had access to the admin panel already, and could only exploit the vulnerability against the same account.**
2016-09-15 00:52:58 -04:00
Jordan Wright 103fd72cc8 Fixing context issues with Go 1.7. 2016-09-14 22:24:51 -05:00
Jordan Wright cb70e0b953 Making all cookies httponly - Fixes #333 2016-08-06 16:00:36 -05:00
Rob Cutmore a5a7b23479 Use more descriptive variable names in auth.go 2016-03-02 19:59:40 -05:00
Rob Cutmore e39ae8dfdd Confirm password on registration or change
Updated to confirm password when registering user or changing a
user's password.

Fixes #180
2016-03-02 08:33:27 -05:00
Jordan Wright 3d9e447992 Removing support for empty passwords - fixes #149 2016-02-13 16:37:12 -06:00
Jordan Wright 32aaa15da7 Added documentation for multiple endpoints. Fixes #54 2016-01-24 20:47:16 -06:00
Jordan Wright fc6d556742 Caused API key to be generated dynamically for admin user. Fixes #60 2016-01-12 20:46:17 -06:00
Jordan Wright 1081258c02 Fixing dependencies 2016-01-11 22:46:48 -06:00
Jordan Wright 737f41e5c6 Updated bcrypt dependency - fixes #63 2016-01-10 14:54:59 -06:00
unknown f21d40d77a Registration works again.
Additional cleanup, removing unused code
2015-02-07 17:30:22 -06:00
Jordan e137126a90 Working on gorm integration
TODO:
[ ] Finish up groups (many-to-many with group_targets)
[ ] Convert Template models
2014-03-25 23:53:51 -05:00
Jordan 584d7dbc23 Major refactoring - modularized models into separate files. Removed db package (moved to models)
I will be looking to migrate to gorm (instead of gorp) soon!
2014-03-24 22:31:33 -05:00
Jordan a3882cbf02 A couple more auth.go cleanups 2014-03-18 14:35:02 -05:00
Jordan 38db9480a2 Cleaned up comments for auth.go 2014-03-18 14:28:47 -05:00
Jordan eb8491c144 Implemented ChangePassword() (now password can be changed from /settings)
A couple of UI fixes in tables
2014-02-10 13:02:44 -06:00
Jordan 40cd2ae837 Cleaned up some errors
Implemented using db.* helpers (ie GetUser)
Implemented ChangePassword (not reachable from UI currently)
Fixed angular issue in settings.html template
2014-02-06 10:49:53 -06:00
Jordan 50292da53f Implemented Registration
Created auth.GenerateSecureKey to handle generating API Keys
2014-02-04 18:39:01 -06:00
Jordan e312e90570 Added ability to reset API token
Cleaned up session flash handling
2014-02-02 14:47:06 -06:00
Jordan 87fbd41184 Changing int to int64
Starting to implement angularjs
Implemented /api/campaigns/:id GET
Changed template delims to {{% and %}}
2014-01-31 20:49:22 -06:00
Jordan c59415a133 Adding some models - Incorporated use of `gorp` package to allow ORM'ish functionality 2014-01-30 15:08:14 -06:00
Jordan 6944854005 Added support for --setup flag to reset database 2014-01-12 22:39:40 -06:00
Jordan 4ad8c3c468 Implemented GetUserByAPIKey and changed GetUser to GetUserById 2014-01-12 20:00:52 -06:00
Jordan cdb4181406 Renamed CheckLogin to Login
Changed encryption cookie to be 32 bytes (64 bytes not supported)
2014-01-11 00:10:52 -06:00
Jordan 2a62f62bc6 Cleaned API even more (everything is via HandlerFunc)
Sessions are now encrypted as well as signed.
2014-01-10 22:37:42 -06:00
Jordan 61ef18b3b4 Implemented auth.GetUser(id)
Impemented RequireLogin() middleware
Login is now working, just need to clean up the architecture a bit
2014-01-09 22:21:12 -06:00
Jordan bb627396ee Implemented Flashes (Model and functionality)
Working on login functionality
Changed the way templates are loaded and rendered
2014-01-09 21:21:54 -06:00
Jordan 7eb90b27ad Moved DB to root folder
Created db package to handle DB connection/queries
Removed Setup.go (now handled in db package)
Setup context in middleware
2014-01-09 17:18:49 -06:00
Jordan 7f084760f9 Major refactoring - created auth, config, models, controllers, and middleware packages. Should help provide modularity and a clean architecture.
Added doc.go for each package
2014-01-09 00:42:05 -06:00