Mirrors/gophish
2
0
Fork 0
mirror of https://github.com/gophish/gophish synced 2024-11-14 16:27:23 +00:00
Code Issues Projects Releases Packages Wiki Activity
812 commits 25 branches 17 tags 118 MiB
Commit graph

35 commits

Author SHA1 Message Date
Jordan Wright
bb7de8df3e
Initial Implementation of a Password Policy (#1867) 
This PR adds the initial work to implement a password policy as defined in #1538.

Specifically, this implements the following

* Rate limiting for the login handler
* Implementing the ability for system admins to require a user to reset their password
* Implementing a password policy that requires passwords to be a minimum of 8 characters
* Removes the default password (gophish) for admin users to instead have the password randomly generated when Gophish first starts up
* Adds a password strength meter when choosing a new password

Fixes #1538
 2020-06-19 22:03:51 -05:00
Jordan Wright
84096b8724
Implement User Management API (#1473) 
This implements the first pass for a user management API allowing users with the `ModifySystem` permission to create, modify, and delete users. In addition to this, any user is able to use the API to view or modify their own account information.
 2019-05-31 13:58:18 -05:00
Jordan Wright
a73ac4ab7c Fixed various minor linting issues 2018-12-15 21:38:51 -06:00
Jordan Wright
5d23263898
Moved logging to logrus package. Not perfect yet (still want to update the access logs), but should set the foundation to make better logging in the future. 2018-05-03 19:07:41 -05:00
Shuhei Kitagawa
d7810ddd2b Fix to raise error when trying to register a duplicate username (#926) 
This corrects a minor error from recent changes in which registering an existing username didn't throw an error.
 2018-01-13 16:35:58 -06:00
Shuhei Kitagawa
405bc5effe Refactor GetUserByUsername method not to suppress an error (#920) 
Also adding some other tests for the User models.
 2018-01-11 18:37:38 -06:00
s vignesh
bfb7fd11e8 Fixing XSS Vulnerabilities 
This pull request fixed XSS vulnerabilities identified in the gophish admin panel.

**Important: These vulnerabilities could only be exploited if someone had access to the admin panel already, and could only exploit the vulnerability against the same account.**
 2016-09-15 00:52:58 -04:00
Jordan Wright
103fd72cc8 Fixing context issues with Go 1.7. 2016-09-14 22:24:51 -05:00
Jordan Wright
cb70e0b953 Making all cookies httponly - Fixes #333 2016-08-06 16:00:36 -05:00
Rob Cutmore
a5a7b23479 Use more descriptive variable names in auth.go 2016-03-02 19:59:40 -05:00
Rob Cutmore
e39ae8dfdd Confirm password on registration or change 
Updated to confirm password when registering user or changing a
user's password.

Fixes #180
 2016-03-02 08:33:27 -05:00
Jordan Wright
3d9e447992 Removing support for empty passwords - fixes #149 2016-02-13 16:37:12 -06:00
Jordan Wright
32aaa15da7 Added documentation for multiple endpoints. Fixes #54 2016-01-24 20:47:16 -06:00
Jordan Wright
fc6d556742 Caused API key to be generated dynamically for admin user. Fixes #60 2016-01-12 20:46:17 -06:00
Jordan Wright
1081258c02 Fixing dependencies 2016-01-11 22:46:48 -06:00
Jordan Wright
737f41e5c6 Updated bcrypt dependency - fixes #63 2016-01-10 14:54:59 -06:00
unknown
f21d40d77a Registration works again. 
Additional cleanup, removing unused code
 2015-02-07 17:30:22 -06:00
Jordan
e137126a90 Working on gorm integration 
TODO:
[ ] Finish up groups (many-to-many with group_targets)
[ ] Convert Template models
 2014-03-25 23:53:51 -05:00
Jordan
584d7dbc23 Major refactoring - modularized models into separate files. Removed db package (moved to models) 
I will be looking to migrate to gorm (instead of gorp) soon!
 2014-03-24 22:31:33 -05:00
Jordan
a3882cbf02 A couple more auth.go cleanups 2014-03-18 14:35:02 -05:00
Jordan
38db9480a2 Cleaned up comments for auth.go 2014-03-18 14:28:47 -05:00
Jordan
eb8491c144 Implemented ChangePassword() (now password can be changed from /settings) 
A couple of UI fixes in tables
 2014-02-10 13:02:44 -06:00
Jordan
40cd2ae837 Cleaned up some errors 
Implemented using db.* helpers (ie GetUser)
Implemented ChangePassword (not reachable from UI currently)
Fixed angular issue in settings.html template
 2014-02-06 10:49:53 -06:00
Jordan
50292da53f Implemented Registration 
Created auth.GenerateSecureKey to handle generating API Keys
 2014-02-04 18:39:01 -06:00
Jordan
e312e90570 Added ability to reset API token 
Cleaned up session flash handling
 2014-02-02 14:47:06 -06:00
Jordan
87fbd41184 Changing int to int64 
Starting to implement angularjs
Implemented /api/campaigns/:id GET
Changed template delims to {{% and %}}
 2014-01-31 20:49:22 -06:00
Jordan
c59415a133 Adding some models - Incorporated use of gorp package to allow ORM'ish functionality 2014-01-30 15:08:14 -06:00
Jordan
6944854005 Added support for --setup flag to reset database 2014-01-12 22:39:40 -06:00
Jordan
4ad8c3c468 Implemented GetUserByAPIKey and changed GetUser to GetUserById 2014-01-12 20:00:52 -06:00
Jordan
cdb4181406 Renamed CheckLogin to Login 
Changed encryption cookie to be 32 bytes (64 bytes not supported)
 2014-01-11 00:10:52 -06:00
Jordan
2a62f62bc6 Cleaned API even more (everything is via HandlerFunc) 
Sessions are now encrypted as well as signed.
 2014-01-10 22:37:42 -06:00
Jordan
61ef18b3b4 Implemented auth.GetUser(id) 
Impemented RequireLogin() middleware
Login is now working, just need to clean up the architecture a bit
 2014-01-09 22:21:12 -06:00
Jordan
bb627396ee Implemented Flashes (Model and functionality) 
Working on login functionality
Changed the way templates are loaded and rendered
 2014-01-09 21:21:54 -06:00
Jordan
7eb90b27ad Moved DB to root folder 
Created db package to handle DB connection/queries
Removed Setup.go (now handled in db package)
Setup context in middleware
 2014-01-09 17:18:49 -06:00
Jordan
7f084760f9 Major refactoring - created auth, config, models, controllers, and middleware packages. Should help provide modularity and a clean architecture. 
Added doc.go for each package
 2014-01-09 00:42:05 -06:00