Merge pull request #4 from gophish/master

SRE-3199: Sync upstream repo with branch

Dockerfile

@@ -23,7 +23,7 @@ FROM debian:stable-slim
 RUN useradd -m -d /opt/gophish -s /bin/bash app
 
 RUN apt-get update && \
-	apt-get install --no-install-recommends -y jq libcap2-bin && \
+	apt-get install --no-install-recommends -y jq libcap2-bin ca-certificates && \
 	apt-get clean && \
 	rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 

docker/run.sh

@@ -66,6 +66,14 @@ if [ -n "${CONTACT_ADDRESS+set}" ] ; then
         cat config.json.tmp > config.json
 fi
 
+# db_name has to be changed to mysql for mysql connection to work
+if [ -n "${DB_NAME+set}" ] ; then
+    jq -r \
+        --arg DB_NAME "${DB_NAME}" \
+        '.db_name = $DB_NAME' config.json > config.json.tmp && \
+        cat config.json.tmp > config.json
+fi
+
 if [ -n "${DB_FILE_PATH+set}" ] ; then
     jq -r \
         --arg DB_FILE_PATH "${DB_FILE_PATH}" \

models/maillog_test.go

@@ -284,7 +284,7 @@ func (s *ModelsSuite) TestMailLogGenerateOverrideTransparencyHeaders(ch *check.C
 	smtp := SMTP{
 		Name:        "Test SMTP",
 		Host:        "1.1.1.1:25",
-		FromAddress: "Foo Bar <[email protected]>",
+		FromAddress: "[email protected]",
 		UserId:      1,
 		Headers: []Header{
 			Header{Key: "X-Gophish-Contact", Value: ""},

models/smtp.go

@@ -5,6 +5,7 @@ import (
 	"errors"
 	"net/mail"
 	"os"
+	"regexp"
 	"strconv"
 	"strings"
 	"time"
@@ -57,6 +58,10 @@ type Header struct {
 // specified in the SMTP configuration
 var ErrFromAddressNotSpecified = errors.New("No From Address specified")
 
+// ErrInvalidFromAddress is thrown when the SMTP From field in the sending
+// profiles containes a value that is not an email address
+var ErrInvalidFromAddress = errors.New("Invalid SMTP From address because it is not an email address")
+
 // ErrHostNotSpecified is thrown when there is no Host specified
 // in the SMTP configuration
 var ErrHostNotSpecified = errors.New("No SMTP Host specified")
@@ -76,6 +81,8 @@ func (s *SMTP) Validate() error {
 		return ErrFromAddressNotSpecified
 	case s.Host == "":
 		return ErrHostNotSpecified
+	case !validateFromAddress(s.FromAddress):
+		return ErrInvalidFromAddress
 	}
 	_, err := mail.ParseAddress(s.FromAddress)
 	if err != nil {
@@ -95,6 +102,12 @@ func (s *SMTP) Validate() error {
 	return err
 }
 
+// validateFromAddress validates
+func validateFromAddress(email string) bool {
+	r, _ := regexp.Compile("^([a-zA-Z0-9_\\-\\.]+)@([a-zA-Z0-9_\\-\\.]+)\\.([a-zA-Z]{2,18})$")
+	return r.MatchString(email)
+}
+
 // GetDialer returns a dialer for the given SMTP profile
 func (s *SMTP) GetDialer() (mailer.Dialer, error) {
 	// Setup the message and dial

models/smtp_test.go

@@ -12,7 +12,7 @@ func (s *ModelsSuite) TestPostSMTP(c *check.C) {
 	smtp := SMTP{
 		Name:        "Test SMTP",
 		Host:        "1.1.1.1:25",
-		FromAddress: "Foo Bar <[email protected]>",
+		FromAddress: "[email protected]",
 		UserId:      1,
 	}
 	err := PostSMTP(&smtp)
@@ -25,7 +25,7 @@ func (s *ModelsSuite) TestPostSMTP(c *check.C) {
 func (s *ModelsSuite) TestPostSMTPNoHost(c *check.C) {
 	smtp := SMTP{
 		Name:        "Test SMTP",
-		FromAddress: "Foo Bar <[email protected]>",
+		FromAddress: "[email protected]",
 		UserId:      1,
 	}
 	err := PostSMTP(&smtp)
@@ -42,12 +42,34 @@ func (s *ModelsSuite) TestPostSMTPNoFrom(c *check.C) {
 	c.Assert(err, check.Equals, ErrFromAddressNotSpecified)
 }
 
-func (s *ModelsSuite) TestPostSMTPValidHeader(c *check.C) {
+func (s *ModelsSuite) TestPostInvalidFrom(c *check.C) {
 	smtp := SMTP{
 		Name:        "Test SMTP",
 		Host:        "1.1.1.1:25",
 		FromAddress: "Foo Bar <[email protected]>",
 		UserId:      1,
+	}
+	err := PostSMTP(&smtp)
+	c.Assert(err, check.Equals, ErrInvalidFromAddress)
+}
+
+func (s *ModelsSuite) TestPostInvalidFromEmail(c *check.C) {
+	smtp := SMTP{
+		Name:        "Test SMTP",
+		Host:        "1.1.1.1:25",
+		FromAddress: "example.com",
+		UserId:      1,
+	}
+	err := PostSMTP(&smtp)
+	c.Assert(err, check.Equals, ErrInvalidFromAddress)
+}
+
+func (s *ModelsSuite) TestPostSMTPValidHeader(c *check.C) {
+	smtp := SMTP{
+		Name:        "Test SMTP",
+		Host:        "1.1.1.1:25",
+		FromAddress: "[email protected]",
+		UserId:      1,
 		Headers: []Header{
 			Header{Key: "Reply-To", Value: "[email protected]"},
 			Header{Key: "X-Mailer", Value: "gophish"},

static/js/src/app/campaign_results.js

@@ -935,13 +935,25 @@ function report_mail(rid, cid) {
             api.campaignId.get(cid).success((function(c) {
                 report_url = new URL(c.url)
                 report_url.pathname = '/report'
-                report_url.search = "?rid=" + rid
-                $.ajax({
-                    url: report_url,
-                    method: "GET",
-                    success: function(data) {
-                        refresh();
+                report_url.search = "?rid=" + rid 
+                fetch(report_url)
+                .then(response => {
+                    if (!response.ok) {
+                        throw new Error(`HTTP error! Status: ${response.status}`);
                     }
+                    refresh();
+                })
+                .catch(error => {
+                    let errorMessage = error.message;
+                    if (error.message === "Failed to fetch") {
+                        errorMessage = "This might be due to Mixed Content issues or network problems.";
+                    }
+                    Swal.fire({
+                        title: 'Error',
+                        text: errorMessage,
+                        type: 'error',
+                        confirmButtonText: 'Close'
+                    });
                 });
             }));
         }

templates/sending_profiles.html

@@ -52,7 +52,7 @@ <h4 class="modal-title" id="profileModalLabel">New Sending Profile</h4>
                         <input type="text" class="form-control" value="SMTP" id="interface_type" disabled />
                         <label class="control-label" for="from">SMTP From: <i class="fa fa-question-circle"
                                 data-toggle="tooltip" data-placement="right" title="Set this to an email address from your sending domain to bypass SPF-checks. You can set the Envelope Sender in Email Templates. The Envelope Sender is shown to the user."></i></label>
-                        <input type="text" class="form-control" placeholder="First Last <[email protected]>" id="from"
+                        <input type="text" class="form-control" placeholder="[email protected]" id="from"
                             required />
                         <label class="control-label" for="host">Host:</label>
                         <input type="text" class="form-control" placeholder="smtp.example.com:25" id="host" required />