I've updated the PapaParse JS library to the latest version from the master branch which supports the `escapeForumlae` option in order to prevent malicious event entries from being parsed and executed by the Gophish user's spreadsheet software.
When a new PapaParse release is created, I'll update this code to use the updated minified file.
This change adds a `GOPHISH_INITIAL_ADMIN_PASSWORD` environment variable so that system administrators can set the initial admin password rather than having it randomly generated. This is especially useful in automated deployment scenarios, or scenarios using Docker (ref #1876, #1874)
This PR adds the initial work to implement a password policy as defined in #1538.
Specifically, this implements the following
* Rate limiting for the login handler
* Implementing the ability for system admins to require a user to reset their password
* Implementing a password policy that requires passwords to be a minimum of 8 characters
* Removes the default password (gophish) for admin users to instead have the password randomly generated when Gophish first starts up
* Adds a password strength meter when choosing a new password
Fixes#1538
Updates the IMAP processing to use a more mature library. This allows for more robust IMAP support.
Additionally, this adds support for reporting emails as attachments.
The Groups (get all groups and associated targets) call is used while
loading the modal for creating and copying a campaign. As the Groups API gets
all the associated targets for a groups as well, it slows the system
considerably if there are large number of groups and targets (~200
groups each with ~100-10000 targets).
As targets are not really needed in this workflow, this call can be
replaced by the GroupsSummary call.
This change modifies how we populate DataTables to draw the table only once vs. drawing it when we add each new row. This should result in tables loading quicker.
These commit includes changes to start the server as one of admin (also
IMAP) or phish server. Before this change the servers used to run in
monolith this change will decouple the two core component i.e. admin
and phish server so that they can be run independently.
This will help where admin and phish server are required to run
saperately e.g. phish server runs in a DMZ.
The available modes are `admin`, `phish` and `all`. Running the binary
in the `admin` mode will start the admin and IMAP server, while running
the binary in the `phish` mode will start the phish server. `all` mode,
which is also the default mode will start admin, IMAP and phish servers.
e.g. `go run gophish.go --mode admin`
