github.com/olivierlemoal/gophish@v0.9.0/controllers/route_test.go (about) 1 package controllers 2 3 import ( 4 "fmt" 5 "net/http" 6 "net/url" 7 "strings" 8 9 "github.com/PuerkitoBio/goquery" 10 ) 11 12 func (s *ControllersSuite) TestLoginCSRF() { 13 resp, err := http.PostForm(fmt.Sprintf("%s/login", s.adminServer.URL), 14 url.Values{ 15 "username": {"admin"}, 16 "password": {"gophish"}, 17 }) 18 19 s.Equal(resp.StatusCode, http.StatusForbidden) 20 fmt.Println(err) 21 } 22 23 func (s *ControllersSuite) TestInvalidCredentials() { 24 resp, err := http.Get(fmt.Sprintf("%s/login", s.adminServer.URL)) 25 s.Equal(err, nil) 26 s.Equal(resp.StatusCode, http.StatusOK) 27 28 doc, err := goquery.NewDocumentFromResponse(resp) 29 s.Equal(err, nil) 30 elem := doc.Find("input[name='csrf_token']").First() 31 token, ok := elem.Attr("value") 32 s.Equal(ok, true) 33 34 client := &http.Client{} 35 req, err := http.NewRequest("POST", fmt.Sprintf("%s/login", s.adminServer.URL), strings.NewReader(url.Values{ 36 "username": {"admin"}, 37 "password": {"invalid"}, 38 "csrf_token": {token}, 39 }.Encode())) 40 s.Equal(err, nil) 41 42 req.Header.Set("Cookie", resp.Header.Get("Set-Cookie")) 43 req.Header.Add("Content-Type", "application/x-www-form-urlencoded") 44 45 resp, err = client.Do(req) 46 s.Equal(err, nil) 47 s.Equal(resp.StatusCode, http.StatusUnauthorized) 48 } 49 50 func (s *ControllersSuite) TestSuccessfulLogin() { 51 resp, err := http.Get(fmt.Sprintf("%s/login", s.adminServer.URL)) 52 s.Equal(err, nil) 53 s.Equal(resp.StatusCode, http.StatusOK) 54 55 doc, err := goquery.NewDocumentFromResponse(resp) 56 s.Equal(err, nil) 57 elem := doc.Find("input[name='csrf_token']").First() 58 token, ok := elem.Attr("value") 59 s.Equal(ok, true) 60 61 client := &http.Client{} 62 req, err := http.NewRequest("POST", fmt.Sprintf("%s/login", s.adminServer.URL), strings.NewReader(url.Values{ 63 "username": {"admin"}, 64 "password": {"gophish"}, 65 "csrf_token": {token}, 66 }.Encode())) 67 s.Equal(err, nil) 68 69 req.Header.Set("Cookie", resp.Header.Get("Set-Cookie")) 70 req.Header.Add("Content-Type", "application/x-www-form-urlencoded") 71 72 resp, err = client.Do(req) 73 s.Equal(err, nil) 74 s.Equal(resp.StatusCode, http.StatusOK) 75 } 76 77 func (s *ControllersSuite) TestSuccessfulRedirect() { 78 next := "/campaigns" 79 resp, err := http.Get(fmt.Sprintf("%s/login", s.adminServer.URL)) 80 s.Equal(err, nil) 81 s.Equal(resp.StatusCode, http.StatusOK) 82 83 doc, err := goquery.NewDocumentFromResponse(resp) 84 s.Equal(err, nil) 85 elem := doc.Find("input[name='csrf_token']").First() 86 token, ok := elem.Attr("value") 87 s.Equal(ok, true) 88 89 client := &http.Client{ 90 CheckRedirect: func(req *http.Request, via []*http.Request) error { 91 return http.ErrUseLastResponse 92 }, 93 } 94 req, err := http.NewRequest("POST", fmt.Sprintf("%s/login?next=%s", s.adminServer.URL, next), strings.NewReader(url.Values{ 95 "username": {"admin"}, 96 "password": {"gophish"}, 97 "csrf_token": {token}, 98 }.Encode())) 99 s.Equal(err, nil) 100 101 req.Header.Set("Cookie", resp.Header.Get("Set-Cookie")) 102 req.Header.Add("Content-Type", "application/x-www-form-urlencoded") 103 104 resp, err = client.Do(req) 105 s.Equal(err, nil) 106 s.Equal(resp.StatusCode, http.StatusFound) 107 url, err := resp.Location() 108 s.Equal(err, nil) 109 s.Equal(url.Path, next) 110 }