github.com/devshell/gophish@v0.6.0/controllers/api_test.go (about) 1 package controllers 2 3 import ( 4 "bytes" 5 "encoding/json" 6 "fmt" 7 "net/http" 8 "net/http/httptest" 9 "os" 10 "testing" 11 12 "github.com/gophish/gophish/config" 13 "github.com/gophish/gophish/models" 14 "github.com/gorilla/handlers" 15 "github.com/stretchr/testify/suite" 16 ) 17 18 // ControllersSuite is a suite of tests to cover API related functions 19 type ControllersSuite struct { 20 suite.Suite 21 ApiKey string 22 } 23 24 // as is the Admin Server for our API calls 25 var as *httptest.Server = httptest.NewUnstartedServer(handlers.CombinedLoggingHandler(os.Stdout, CreateAdminRouter())) 26 27 // ps is the Phishing Server 28 var ps *httptest.Server = httptest.NewUnstartedServer(handlers.CombinedLoggingHandler(os.Stdout, CreatePhishingRouter())) 29 30 func (s *ControllersSuite) SetupSuite() { 31 config.Conf.DBName = "sqlite3" 32 config.Conf.DBPath = ":memory:" 33 config.Conf.MigrationsPath = "../db/db_sqlite3/migrations/" 34 err := models.Setup() 35 if err != nil { 36 s.T().Fatalf("Failed creating database: %v", err) 37 } 38 s.Nil(err) 39 // Setup the admin server for use in testing 40 as.Config.Addr = config.Conf.AdminConf.ListenURL 41 as.Start() 42 // Get the API key to use for these tests 43 u, err := models.GetUser(1) 44 s.Nil(err) 45 s.ApiKey = u.ApiKey 46 // Start the phishing server 47 ps.Config.Addr = config.Conf.PhishConf.ListenURL 48 ps.Start() 49 // Move our cwd up to the project root for help with resolving 50 // static assets 51 err = os.Chdir("../") 52 s.Nil(err) 53 } 54 55 func (s *ControllersSuite) TearDownTest() { 56 campaigns, _ := models.GetCampaigns(1) 57 for _, campaign := range campaigns { 58 models.DeleteCampaign(campaign.Id) 59 } 60 } 61 62 func (s *ControllersSuite) SetupTest() { 63 // Add a group 64 group := models.Group{Name: "Test Group"} 65 group.Targets = []models.Target{ 66 models.Target{Email: "test1@example.com", FirstName: "First", LastName: "Example"}, 67 models.Target{Email: "test2@example.com", FirstName: "Second", LastName: "Example"}, 68 } 69 group.UserId = 1 70 models.PostGroup(&group) 71 72 // Add a template 73 t := models.Template{Name: "Test Template"} 74 t.Subject = "Test subject" 75 t.Text = "Text text" 76 t.HTML = "<html>Test</html>" 77 t.UserId = 1 78 models.PostTemplate(&t) 79 80 // Add a landing page 81 p := models.Page{Name: "Test Page"} 82 p.HTML = "<html>Test</html>" 83 p.UserId = 1 84 models.PostPage(&p) 85 86 // Add a sending profile 87 smtp := models.SMTP{Name: "Test Page"} 88 smtp.UserId = 1 89 smtp.Host = "example.com" 90 smtp.FromAddress = "test@test.com" 91 models.PostSMTP(&smtp) 92 93 // Setup and "launch" our campaign 94 // Set the status such that no emails are attempted 95 c := models.Campaign{Name: "Test campaign"} 96 c.UserId = 1 97 c.Template = t 98 c.Page = p 99 c.SMTP = smtp 100 c.Groups = []models.Group{group} 101 models.PostCampaign(&c, c.UserId) 102 c.UpdateStatus(models.CAMPAIGN_EMAILS_SENT) 103 } 104 105 func (s *ControllersSuite) TestRequireAPIKey() { 106 resp, err := http.Post(fmt.Sprintf("%s/api/import/site", as.URL), "application/json", nil) 107 s.Nil(err) 108 defer resp.Body.Close() 109 s.Equal(resp.StatusCode, http.StatusBadRequest) 110 } 111 112 func (s *ControllersSuite) TestInvalidAPIKey() { 113 resp, err := http.Get(fmt.Sprintf("%s/api/groups/?api_key=%s", as.URL, "bogus-api-key")) 114 s.Nil(err) 115 defer resp.Body.Close() 116 s.Equal(resp.StatusCode, http.StatusBadRequest) 117 } 118 119 func (s *ControllersSuite) TestBearerToken() { 120 req, err := http.NewRequest("GET", fmt.Sprintf("%s/api/groups/", as.URL), nil) 121 s.Nil(err) 122 req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", s.ApiKey)) 123 resp, err := http.DefaultClient.Do(req) 124 s.Nil(err) 125 defer resp.Body.Close() 126 s.Equal(resp.StatusCode, http.StatusOK) 127 } 128 129 func (s *ControllersSuite) TestSiteImportBaseHref() { 130 h := "<html><head></head><body><img src=\"/test.png\"/></body></html>" 131 ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 132 fmt.Fprintln(w, h) 133 })) 134 hr := fmt.Sprintf("<html><head><base href=\"%s\"/></head><body><img src=\"/test.png\"/>\n</body></html>", ts.URL) 135 defer ts.Close() 136 resp, err := http.Post(fmt.Sprintf("%s/api/import/site?api_key=%s", as.URL, s.ApiKey), "application/json", 137 bytes.NewBuffer([]byte(fmt.Sprintf(` 138 { 139 "url" : "%s", 140 "include_resources" : false 141 } 142 `, ts.URL)))) 143 s.Nil(err) 144 defer resp.Body.Close() 145 cs := cloneResponse{} 146 err = json.NewDecoder(resp.Body).Decode(&cs) 147 s.Nil(err) 148 s.Equal(cs.HTML, hr) 149 } 150 151 func (s *ControllersSuite) TearDownSuite() { 152 // Tear down the admin and phishing servers 153 as.Close() 154 ps.Close() 155 } 156 157 func TestControllerSuite(t *testing.T) { 158 suite.Run(t, new(ControllersSuite)) 159 }