github.com/edermi/gophish_mods@v0.7.0/controllers/phish_test.go (about) 1 package controllers 2 3 import ( 4 "bytes" 5 "encoding/json" 6 "fmt" 7 "io/ioutil" 8 "log" 9 "net/http" 10 11 "github.com/gophish/gophish/config" 12 "github.com/gophish/gophish/models" 13 ) 14 15 func (s *ControllersSuite) getFirstCampaign() models.Campaign { 16 campaigns, err := models.GetCampaigns(1) 17 s.Nil(err) 18 return campaigns[0] 19 } 20 21 func (s *ControllersSuite) getFirstEmailRequest() models.EmailRequest { 22 campaign := s.getFirstCampaign() 23 req := models.EmailRequest{ 24 TemplateId: campaign.TemplateId, 25 Template: campaign.Template, 26 PageId: campaign.PageId, 27 Page: campaign.Page, 28 URL: "http://localhost.localdomain", 29 UserId: 1, 30 BaseRecipient: campaign.Results[0].BaseRecipient, 31 SMTP: campaign.SMTP, 32 FromAddress: campaign.SMTP.FromAddress, 33 } 34 err := models.PostEmailRequest(&req) 35 s.Nil(err) 36 return req 37 } 38 39 func (s *ControllersSuite) openEmail(rid string) { 40 resp, err := http.Get(fmt.Sprintf("%s/track?%s=%s", ps.URL, models.RecipientParameter, rid)) 41 s.Nil(err) 42 defer resp.Body.Close() 43 body, err := ioutil.ReadAll(resp.Body) 44 s.Nil(err) 45 expected, err := ioutil.ReadFile("static/images/pixel.png") 46 s.Nil(err) 47 s.Equal(bytes.Compare(body, expected), 0) 48 } 49 50 func (s *ControllersSuite) reportedEmail(rid string) { 51 resp, err := http.Get(fmt.Sprintf("%s/report?%s=%s", ps.URL, models.RecipientParameter, rid)) 52 s.Nil(err) 53 s.Equal(resp.StatusCode, http.StatusNoContent) 54 } 55 56 func (s *ControllersSuite) reportEmail404(rid string) { 57 resp, err := http.Get(fmt.Sprintf("%s/report?%s=%s", ps.URL, models.RecipientParameter, rid)) 58 s.Nil(err) 59 s.Equal(resp.StatusCode, http.StatusNotFound) 60 } 61 62 func (s *ControllersSuite) openEmail404(rid string) { 63 resp, err := http.Get(fmt.Sprintf("%s/track?%s=%s", ps.URL, models.RecipientParameter, rid)) 64 s.Nil(err) 65 defer resp.Body.Close() 66 s.Nil(err) 67 s.Equal(resp.StatusCode, http.StatusNotFound) 68 } 69 70 func (s *ControllersSuite) clickLink(rid string, expectedHTML string) { 71 resp, err := http.Get(fmt.Sprintf("%s/?%s=%s", ps.URL, models.RecipientParameter, rid)) 72 s.Nil(err) 73 defer resp.Body.Close() 74 body, err := ioutil.ReadAll(resp.Body) 75 s.Nil(err) 76 log.Printf("%s\n\n\n", body) 77 s.Equal(bytes.Compare(body, []byte(expectedHTML)), 0) 78 } 79 80 func (s *ControllersSuite) clickLink404(rid string) { 81 resp, err := http.Get(fmt.Sprintf("%s/?%s=%s", ps.URL, models.RecipientParameter, rid)) 82 s.Nil(err) 83 defer resp.Body.Close() 84 s.Nil(err) 85 s.Equal(resp.StatusCode, http.StatusNotFound) 86 } 87 88 func (s *ControllersSuite) transparencyRequest(r models.Result, rid, path string) { 89 resp, err := http.Get(fmt.Sprintf("%s%s?%s=%s", ps.URL, path, models.RecipientParameter, rid)) 90 s.Nil(err) 91 defer resp.Body.Close() 92 s.Equal(resp.StatusCode, http.StatusOK) 93 tr := &TransparencyResponse{} 94 err = json.NewDecoder(resp.Body).Decode(tr) 95 s.Nil(err) 96 s.Equal(tr.ContactAddress, config.Conf.ContactAddress) 97 s.Equal(tr.SendDate, r.SendDate) 98 s.Equal(tr.Server, config.ServerName) 99 } 100 101 func (s *ControllersSuite) TestOpenedPhishingEmail() { 102 campaign := s.getFirstCampaign() 103 result := campaign.Results[0] 104 s.Equal(result.Status, models.STATUS_SENDING) 105 106 s.openEmail(result.RId) 107 108 campaign = s.getFirstCampaign() 109 result = campaign.Results[0] 110 lastEvent := campaign.Events[len(campaign.Events)-1] 111 s.Equal(result.Status, models.EVENT_OPENED) 112 s.Equal(lastEvent.Message, models.EVENT_OPENED) 113 s.Equal(result.ModifiedDate, lastEvent.Time) 114 } 115 116 func (s *ControllersSuite) TestReportedPhishingEmail() { 117 campaign := s.getFirstCampaign() 118 result := campaign.Results[0] 119 s.Equal(result.Status, models.STATUS_SENDING) 120 121 s.reportedEmail(result.RId) 122 123 campaign = s.getFirstCampaign() 124 result = campaign.Results[0] 125 lastEvent := campaign.Events[len(campaign.Events)-1] 126 s.Equal(result.Reported, true) 127 s.Equal(lastEvent.Message, models.EVENT_REPORTED) 128 s.Equal(result.ModifiedDate, lastEvent.Time) 129 } 130 131 func (s *ControllersSuite) TestClickedPhishingLinkAfterOpen() { 132 campaign := s.getFirstCampaign() 133 result := campaign.Results[0] 134 s.Equal(result.Status, models.STATUS_SENDING) 135 136 s.openEmail(result.RId) 137 s.clickLink(result.RId, campaign.Page.HTML) 138 139 campaign = s.getFirstCampaign() 140 result = campaign.Results[0] 141 lastEvent := campaign.Events[len(campaign.Events)-1] 142 s.Equal(result.Status, models.EVENT_CLICKED) 143 s.Equal(lastEvent.Message, models.EVENT_CLICKED) 144 s.Equal(result.ModifiedDate, lastEvent.Time) 145 } 146 147 func (s *ControllersSuite) TestNoRecipientID() { 148 resp, err := http.Get(fmt.Sprintf("%s/track", ps.URL)) 149 s.Nil(err) 150 s.Equal(resp.StatusCode, http.StatusNotFound) 151 152 resp, err = http.Get(ps.URL) 153 s.Nil(err) 154 s.Equal(resp.StatusCode, http.StatusNotFound) 155 } 156 157 func (s *ControllersSuite) TestInvalidRecipientID() { 158 rid := "XXXXXXXXXX" 159 s.openEmail404(rid) 160 s.clickLink404(rid) 161 s.reportEmail404(rid) 162 } 163 164 func (s *ControllersSuite) TestCompletedCampaignClick() { 165 campaign := s.getFirstCampaign() 166 result := campaign.Results[0] 167 s.Equal(result.Status, models.STATUS_SENDING) 168 s.openEmail(result.RId) 169 170 campaign = s.getFirstCampaign() 171 result = campaign.Results[0] 172 s.Equal(result.Status, models.EVENT_OPENED) 173 174 models.CompleteCampaign(campaign.Id, 1) 175 s.openEmail404(result.RId) 176 s.clickLink404(result.RId) 177 178 campaign = s.getFirstCampaign() 179 result = campaign.Results[0] 180 s.Equal(result.Status, models.EVENT_OPENED) 181 } 182 183 func (s *ControllersSuite) TestRobotsHandler() { 184 expected := []byte("User-agent: *\nDisallow: /\n") 185 resp, err := http.Get(fmt.Sprintf("%s/robots.txt", ps.URL)) 186 s.Nil(err) 187 s.Equal(resp.StatusCode, http.StatusOK) 188 defer resp.Body.Close() 189 body, err := ioutil.ReadAll(resp.Body) 190 s.Nil(err) 191 s.Equal(bytes.Compare(body, expected), 0) 192 } 193 194 func (s *ControllersSuite) TestInvalidPreviewID() { 195 bogusRId := fmt.Sprintf("%sbogus", models.PreviewPrefix) 196 s.openEmail404(bogusRId) 197 s.clickLink404(bogusRId) 198 s.reportEmail404(bogusRId) 199 } 200 201 func (s *ControllersSuite) TestPreviewTrack() { 202 req := s.getFirstEmailRequest() 203 s.openEmail(req.RId) 204 } 205 206 func (s *ControllersSuite) TestPreviewClick() { 207 req := s.getFirstEmailRequest() 208 s.clickLink(req.RId, req.Page.HTML) 209 } 210 211 func (s *ControllersSuite) TestInvalidTransparencyRequest() { 212 bogusRId := fmt.Sprintf("bogus%s", TransparencySuffix) 213 s.openEmail404(bogusRId) 214 s.clickLink404(bogusRId) 215 s.reportEmail404(bogusRId) 216 } 217 218 func (s *ControllersSuite) TestTransparencyRequest() { 219 campaign := s.getFirstCampaign() 220 result := campaign.Results[0] 221 rid := fmt.Sprintf("%s%s", result.RId, TransparencySuffix) 222 s.transparencyRequest(result, rid, "/") 223 s.transparencyRequest(result, rid, "/track") 224 s.transparencyRequest(result, rid, "/report") 225 226 // And check with the URL encoded version of a + 227 rid = fmt.Sprintf("%s%s", result.RId, "%2b") 228 s.transparencyRequest(result, rid, "/") 229 s.transparencyRequest(result, rid, "/track") 230 s.transparencyRequest(result, rid, "/report") 231 }