mirror of
https://github.com/gophish/gophish
synced 2024-11-14 00:07:19 +00:00
Support Re-enabling CapturePasswords for Landing Pages (#1271)
Fixed a bug when marking the capture password, saving and unmarking the capture password, the attribute does not comeback and the password will never be captured again for this template.
This commit is contained in:
Jordan Wright
GitHub
parent
69ffb70b35
commit
7fd0657a91
2 changed files with 29 additions and 4 deletions
|
|
@ -46,6 +46,15 @@ func (p *Page) parseHTML() error {
|
|||
input.RemoveAttr("name")
|
||||
}
|
||||
})
|
||||
} else {
|
||||
// If the user chooses to re-enable the capture passwords setting,
|
||||
// we need to re-add the name attribute
|
||||
inputs := f.Find("input")
|
||||
inputs.Each(func(j int, input *goquery.Selection) {
|
||||
if t, _ := input.Attr("type"); strings.EqualFold(t, "password") {
|
||||
input.SetAttr("name", "password")
|
||||
}
|
||||
})
|
||||
}
|
||||
} else {
|
||||
// Otherwise, remove the name from all
|
||||
|
|
|
|||
|
|
@ -41,6 +41,7 @@ func (s *ModelsSuite) TestPostPage(c *check.C) {
|
|||
c.Assert(ok, check.Equals, true)
|
||||
c.Assert(u, check.Equals, "username")
|
||||
})
|
||||
|
||||
// Check what happens when we don't capture passwords
|
||||
p.CapturePasswords = false
|
||||
p.HTML = html
|
||||
|
|
@ -55,7 +56,7 @@ func (s *ModelsSuite) TestPostPage(c *check.C) {
|
|||
// Check the action has been set
|
||||
a, _ := f.Attr("action")
|
||||
c.Assert(a, check.Equals, "")
|
||||
// Check the password still has a name
|
||||
// Check the password name has been removed
|
||||
_, ok := f.Find("input[type=\"password\"]").Attr("name")
|
||||
c.Assert(ok, check.Equals, false)
|
||||
// Check the username is still correct
|
||||
|
|
@ -63,7 +64,8 @@ func (s *ModelsSuite) TestPostPage(c *check.C) {
|
|||
c.Assert(ok, check.Equals, true)
|
||||
c.Assert(u, check.Equals, "username")
|
||||
})
|
||||
// Finally, check when we don't capture credentials
|
||||
|
||||
// Check when we don't capture credentials
|
||||
p.CaptureCredentials = false
|
||||
p.HTML = html
|
||||
err = PutPage(&p)
|
||||
|
|
@ -75,13 +77,27 @@ func (s *ModelsSuite) TestPostPage(c *check.C) {
|
|||
// Check the action has been set
|
||||
a, _ := f.Attr("action")
|
||||
c.Assert(a, check.Equals, "")
|
||||
// Check the password still has a name
|
||||
// Check the password name has been removed
|
||||
_, ok := f.Find("input[type=\"password\"]").Attr("name")
|
||||
c.Assert(ok, check.Equals, false)
|
||||
// Check the username is still correct
|
||||
// Check the username name has been removed
|
||||
_, ok = f.Find("input").Attr("name")
|
||||
c.Assert(ok, check.Equals, false)
|
||||
})
|
||||
|
||||
// Finally, re-enable capturing passwords (ref: #1267)
|
||||
p.CaptureCredentials = true
|
||||
p.CapturePasswords = true
|
||||
err = PutPage(&p)
|
||||
c.Assert(err, check.Equals, nil)
|
||||
d, err = goquery.NewDocumentFromReader(strings.NewReader(p.HTML))
|
||||
c.Assert(err, check.Equals, nil)
|
||||
forms = d.Find("form")
|
||||
forms.Each(func(i int, f *goquery.Selection) {
|
||||
// Check the password still has a name
|
||||
_, ok := f.Find("input[type=\"password\"]").Attr("name")
|
||||
c.Assert(ok, check.Equals, true)
|
||||
})
|
||||
}
|
||||
|
||||
func (s *ModelsSuite) TestPageValidation(c *check.C) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue