mirror of
https://github.com/gophish/gophish
synced 2024-11-14 16:27:23 +00:00
Added support to allow invalid IMAP certificates (#1909)
This commit allows self-signed certificates to be used in upstream IMAP connections.
This commit is contained in:
parent
90fed5a575
commit
0558da90fe
7 changed files with 48 additions and 12 deletions
|
@ -0,0 +1,7 @@
|
|||
|
||||
-- +goose Up
|
||||
-- SQL in section 'Up' is executed when this migration is applied
|
||||
ALTER TABLE `imap` ADD COLUMN ignore_cert_errors BOOLEAN;
|
||||
|
||||
-- +goose Down
|
||||
-- SQL section 'Down' is executed when this migration is rolled back
|
|
@ -0,0 +1,7 @@
|
|||
|
||||
-- +goose Up
|
||||
-- SQL in section 'Up' is executed when this migration is applied
|
||||
ALTER TABLE imap ADD COLUMN ignore_cert_errors BOOLEAN;
|
||||
|
||||
-- +goose Down
|
||||
-- SQL section 'Down' is executed when this migration is rolled back
|
26
imap/imap.go
26
imap/imap.go
|
@ -35,11 +35,12 @@ type Email struct {
|
|||
// Mailbox holds onto the credentials and other information
|
||||
// needed for connecting to an IMAP server.
|
||||
type Mailbox struct {
|
||||
Host string
|
||||
TLS bool
|
||||
User string
|
||||
Pwd string
|
||||
Folder string
|
||||
Host string
|
||||
TLS bool
|
||||
IgnoreCertErrors bool
|
||||
User string
|
||||
Pwd string
|
||||
Folder string
|
||||
// Read only mode, false (original logic) if not initialized
|
||||
ReadOnly bool
|
||||
}
|
||||
|
@ -54,11 +55,12 @@ func Validate(s *models.IMAP) error {
|
|||
|
||||
s.Host = s.Host + ":" + strconv.Itoa(int(s.Port)) // Append port
|
||||
mailServer := Mailbox{
|
||||
Host: s.Host,
|
||||
TLS: s.TLS,
|
||||
User: s.Username,
|
||||
Pwd: s.Password,
|
||||
Folder: s.Folder}
|
||||
Host: s.Host,
|
||||
TLS: s.TLS,
|
||||
IgnoreCertErrors: s.IgnoreCertErrors,
|
||||
User: s.Username,
|
||||
Pwd: s.Password,
|
||||
Folder: s.Folder}
|
||||
|
||||
imapClient, err := mailServer.newClient()
|
||||
if err != nil {
|
||||
|
@ -183,7 +185,9 @@ func (mbox *Mailbox) newClient() (*client.Client, error) {
|
|||
var imapClient *client.Client
|
||||
var err error
|
||||
if mbox.TLS {
|
||||
imapClient, err = client.DialTLS(mbox.Host, new(tls.Config))
|
||||
config := new(tls.Config)
|
||||
config.InsecureSkipVerify = mbox.IgnoreCertErrors
|
||||
imapClient, err = client.DialTLS(mbox.Host, config)
|
||||
} else {
|
||||
imapClient, err = client.Dial(mbox.Host)
|
||||
}
|
||||
|
|
|
@ -120,6 +120,7 @@ func checkForNewEmails(im models.IMAP) {
|
|||
mailServer := Mailbox{
|
||||
Host: im.Host,
|
||||
TLS: im.TLS,
|
||||
IgnoreCertErrors: im.IgnoreCertErrors,
|
||||
User: im.Username,
|
||||
Pwd: im.Password,
|
||||
Folder: im.Folder}
|
||||
|
|
|
@ -21,6 +21,7 @@ type IMAP struct {
|
|||
Username string `json:"username"`
|
||||
Password string `json:"password"`
|
||||
TLS bool `json:"tls"`
|
||||
IgnoreCertErrors bool `json:"ignore_cert_errors"`
|
||||
Folder string `json:"folder"`
|
||||
RestrictDomain string `json:"restrict_domain"`
|
||||
DeleteReportedCampaignEmail bool `json:"delete_reported_campaign_email"`
|
||||
|
|
|
@ -36,6 +36,7 @@ $(document).ready(function () {
|
|||
imapSettings.folder = $("#folder").val()
|
||||
imapSettings.imap_freq = $("#imapfreq").val()
|
||||
imapSettings.restrict_domain = $("#restrictdomain").val()
|
||||
imapSettings.ignore_cert_errors = $('#ignorecerterrors').prop('checked')
|
||||
imapSettings.delete_reported_campaign_email = $('#deletecampaign').prop('checked')
|
||||
|
||||
//To avoid unmarshalling error in controllers/api/imap.go. It would fail gracefully, but with a generic error.
|
||||
|
@ -91,6 +92,7 @@ $(document).ready(function () {
|
|||
server.username = $("#imapusername").val()
|
||||
server.password = $("#imappassword").val()
|
||||
server.tls = $('#use_tls').prop('checked')
|
||||
server.ignore_cert_errors = $('#ignorecerterrors').prop('checked')
|
||||
|
||||
//To avoid unmarshalling error in controllers/api/imap.go. It would fail gracefully, but with a generic error.
|
||||
if (server.host == ""){
|
||||
|
@ -120,6 +122,7 @@ $(document).ready(function () {
|
|||
$("#imappassword").attr("disabled", true);
|
||||
$("#use_imap").attr("disabled", true);
|
||||
$("#use_tls").attr("disabled", true);
|
||||
$('#ignorecerterrors').attr("disabled", true);
|
||||
$("#folder").attr("disabled", true);
|
||||
$("#restrictdomain").attr("disabled", true);
|
||||
$('#deletecampaign').attr("disabled", true);
|
||||
|
@ -171,6 +174,7 @@ $(document).ready(function () {
|
|||
$("#imappassword").attr("disabled", false);
|
||||
$("#use_imap").attr("disabled", false);
|
||||
$("#use_tls").attr("disabled", false);
|
||||
$('#ignorecerterrors').attr("disabled", false);
|
||||
$("#folder").attr("disabled", false);
|
||||
$("#restrictdomain").attr("disabled", false);
|
||||
$('#deletecampaign').attr("disabled", false);
|
||||
|
@ -208,6 +212,7 @@ $(document).ready(function () {
|
|||
$("#imapport").val(imap.port)
|
||||
$("#imappassword").val(imap.password)
|
||||
$('#use_tls').prop('checked', imap.tls)
|
||||
$('#ignorecerterrors').prop('checked', imap.ignore_cert_errors)
|
||||
$('#use_imap').prop('checked', imap.enabled)
|
||||
$("#folder").val(imap.folder)
|
||||
$("#restrictdomain").val(imap.restrict_domain)
|
||||
|
|
|
@ -191,7 +191,18 @@
|
|||
</div>
|
||||
</div>
|
||||
<br />
|
||||
|
||||
|
||||
<div class="row">
|
||||
<label for="ignorecerterrors" class="col-sm-2 control-label form-label" data-toggle="tooltip" title="Ignore common certificate errors such as self-signed certs (exposes you to MiTM attacks - use carefully!)">Ignore Certificate Errors:</label>
|
||||
<div class="col-md-6">
|
||||
<div class="checkbox checkbox-primary">
|
||||
<input id="ignorecerterrors" type="checkbox">
|
||||
<label for="ignorecerterrors"></label>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<br />
|
||||
|
||||
<div class="row">
|
||||
<label for="deletecampaign" class="col-sm-2 control-label form-label" data-toggle="tooltip" title="Delete campaign emails after they've been reported.">Delete campaigns emails:</label>
|
||||
<div class="col-md-6">
|
||||
|
|
Loading…
Reference in a new issue