github.com/edermi/gophish_mods@v0.7.0/controllers/api_test.go (about)

     1  package controllers
     2  
     3  import (
     4  	"bytes"
     5  	"encoding/json"
     6  	"fmt"
     7  	"net/http"
     8  	"net/http/httptest"
     9  	"os"
    10  	"testing"
    11  
    12  	"github.com/gophish/gophish/config"
    13  	"github.com/gophish/gophish/models"
    14  	"github.com/gorilla/handlers"
    15  	"github.com/stretchr/testify/suite"
    16  )
    17  
    18  // ControllersSuite is a suite of tests to cover API related functions
    19  type ControllersSuite struct {
    20  	suite.Suite
    21  	ApiKey string
    22  }
    23  
    24  // as is the Admin Server for our API calls
    25  var as *httptest.Server = httptest.NewUnstartedServer(handlers.CombinedLoggingHandler(os.Stdout, CreateAdminRouter()))
    26  
    27  // ps is the Phishing Server
    28  var ps *httptest.Server = httptest.NewUnstartedServer(handlers.CombinedLoggingHandler(os.Stdout, CreatePhishingRouter()))
    29  
    30  func (s *ControllersSuite) SetupSuite() {
    31  	config.Conf.DBName = "sqlite3"
    32  	config.Conf.DBPath = ":memory:"
    33  	config.Conf.MigrationsPath = "../db/db_sqlite3/migrations/"
    34  	err := models.Setup()
    35  	if err != nil {
    36  		s.T().Fatalf("Failed creating database: %v", err)
    37  	}
    38  	s.Nil(err)
    39  	// Setup the admin server for use in testing
    40  	as.Config.Addr = config.Conf.AdminConf.ListenURL
    41  	as.Start()
    42  	// Get the API key to use for these tests
    43  	u, err := models.GetUser(1)
    44  	s.Nil(err)
    45  	s.ApiKey = u.ApiKey
    46  	// Start the phishing server
    47  	ps.Config.Addr = config.Conf.PhishConf.ListenURL
    48  	ps.Start()
    49  	// Move our cwd up to the project root for help with resolving
    50  	// static assets
    51  	err = os.Chdir("../")
    52  	s.Nil(err)
    53  }
    54  
    55  func (s *ControllersSuite) TearDownTest() {
    56  	campaigns, _ := models.GetCampaigns(1)
    57  	for _, campaign := range campaigns {
    58  		models.DeleteCampaign(campaign.Id)
    59  	}
    60  }
    61  
    62  func (s *ControllersSuite) SetupTest() {
    63  	// Add a group
    64  	group := models.Group{Name: "Test Group"}
    65  	group.Targets = []models.Target{
    66  		models.Target{BaseRecipient: models.BaseRecipient{Email: "test1@example.com", FirstName: "First", LastName: "Example"}},
    67  		models.Target{BaseRecipient: models.BaseRecipient{Email: "test2@example.com", FirstName: "Second", LastName: "Example"}},
    68  	}
    69  	group.UserId = 1
    70  	models.PostGroup(&group)
    71  
    72  	// Add a template
    73  	t := models.Template{Name: "Test Template"}
    74  	t.Subject = "Test subject"
    75  	t.Text = "Text text"
    76  	t.HTML = "<html>Test</html>"
    77  	t.UserId = 1
    78  	models.PostTemplate(&t)
    79  
    80  	// Add a landing page
    81  	p := models.Page{Name: "Test Page"}
    82  	p.HTML = "<html>Test</html>"
    83  	p.UserId = 1
    84  	models.PostPage(&p)
    85  
    86  	// Add a sending profile
    87  	smtp := models.SMTP{Name: "Test Page"}
    88  	smtp.UserId = 1
    89  	smtp.Host = "example.com"
    90  	smtp.FromAddress = "test@test.com"
    91  	models.PostSMTP(&smtp)
    92  
    93  	// Setup and "launch" our campaign
    94  	// Set the status such that no emails are attempted
    95  	c := models.Campaign{Name: "Test campaign"}
    96  	c.UserId = 1
    97  	c.Template = t
    98  	c.Page = p
    99  	c.SMTP = smtp
   100  	c.Groups = []models.Group{group}
   101  	models.PostCampaign(&c, c.UserId)
   102  	c.UpdateStatus(models.CAMPAIGN_EMAILS_SENT)
   103  }
   104  
   105  func (s *ControllersSuite) TestRequireAPIKey() {
   106  	resp, err := http.Post(fmt.Sprintf("%s/api/import/site", as.URL), "application/json", nil)
   107  	s.Nil(err)
   108  	defer resp.Body.Close()
   109  	s.Equal(resp.StatusCode, http.StatusBadRequest)
   110  }
   111  
   112  func (s *ControllersSuite) TestInvalidAPIKey() {
   113  	resp, err := http.Get(fmt.Sprintf("%s/api/groups/?api_key=%s", as.URL, "bogus-api-key"))
   114  	s.Nil(err)
   115  	defer resp.Body.Close()
   116  	s.Equal(resp.StatusCode, http.StatusBadRequest)
   117  }
   118  
   119  func (s *ControllersSuite) TestBearerToken() {
   120  	req, err := http.NewRequest("GET", fmt.Sprintf("%s/api/groups/", as.URL), nil)
   121  	s.Nil(err)
   122  	req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", s.ApiKey))
   123  	resp, err := http.DefaultClient.Do(req)
   124  	s.Nil(err)
   125  	defer resp.Body.Close()
   126  	s.Equal(resp.StatusCode, http.StatusOK)
   127  }
   128  
   129  func (s *ControllersSuite) TestSiteImportBaseHref() {
   130  	h := "<html><head></head><body><img src=\"/test.png\"/></body></html>"
   131  	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
   132  		fmt.Fprintln(w, h)
   133  	}))
   134  	hr := fmt.Sprintf("<html><head><base href=\"%s\"/></head><body><img src=\"/test.png\"/>\n</body></html>", ts.URL)
   135  	defer ts.Close()
   136  	resp, err := http.Post(fmt.Sprintf("%s/api/import/site?api_key=%s", as.URL, s.ApiKey), "application/json",
   137  		bytes.NewBuffer([]byte(fmt.Sprintf(`
   138  			{
   139  				"url" : "%s",
   140  				"include_resources" : false
   141  			}
   142  		`, ts.URL))))
   143  	s.Nil(err)
   144  	defer resp.Body.Close()
   145  	cs := cloneResponse{}
   146  	err = json.NewDecoder(resp.Body).Decode(&cs)
   147  	s.Nil(err)
   148  	s.Equal(cs.HTML, hr)
   149  }
   150  
   151  func (s *ControllersSuite) TearDownSuite() {
   152  	// Tear down the admin and phishing servers
   153  	as.Close()
   154  	ps.Close()
   155  }
   156  
   157  func TestControllerSuite(t *testing.T) {
   158  	suite.Run(t, new(ControllersSuite))
   159  }