193 Commits (master)

Author SHA1 Message Date
  Shubhendra Singh Chauhan 15303e32cf
Fix code quality issues (#2118) 3 months ago
  Glenn Wilkinson ced5261678
Added functionality to lock accounts (+bug fix) (#2060) 6 months ago
  Jordan Wright 8b8e88b077 Adjusting how we handle IP address parsing to more gracefully handle X-Forwarded-For headers. Ref #1999 8 months ago
  Jordan Wright af3122f93b Adds support for X-Forwarded-For and X-Real-IP headers so that the correct IP address shows up in the logs. 8 months ago
  Glenn Wilkinson b53cff0c98
Added functionality to display last user login (#1967) 8 months ago
  Jordan Wright 6df62e85fd Added a simple Content-Security-Policy to mitigate clickjacking attempts. 10 months ago
  Jordan Wright e3352f481e
Implement SSRF Mitigations (#1940) 10 months ago
  Jordan Wright bb7de8df3e
Initial Implementation of a Password Policy (#1867) 1 year ago
  Jordan Wright ec8b17238e General code cleanup as part of an effort to integrate staticcheck into our CI pipeline. 1 year ago
  Glenn Wilkinson 38a6a77c9c
Added ability to allow admin to 'su' to other accounts (#1812) 1 year ago
  Jordan Wright a0e8c4a369 Added optional csrf_key to config to better support H/A configurations. Fixes #1816. Fixes #1820. 1 year ago
  Jordan Wright 07b46d226a Updated the TLS configuration. 1 year ago
  Jordan Wright be459e47bf
Refactoring tests to remove stretchr/testify dependency 1 year ago
  Glenn Wilkinson 9de32746ee Added IMAP support for checking reported emails (#1612) 1 year ago
  Jordan Wright da4e468c1f Deleted unneeded .DS_Store file that was accidentally merged as part of #1642. 1 year ago
  Jordan Wright 01287e0dd5 Minor cleanup on webhook feature integration 1 year ago
  Alex Maslakov 28cd7a238e Add Webhook Support 1 year ago
  Jordan Wright 79e680e675 Updates the tls.Config of the phishing and admin servers to support TLS 1.2 as the minimum TLS version. This addresses #1691 and #1689. 1 year ago
  Glenn Wilkinson 28252bcb56 Will exit on port binding failure (#1635) 1 year ago
  Jordan Wright f95e9554c7
Add CORS support for Reporting Handler (#1529) 1 year ago
  Jordan Wright 84096b8724
Implement User Management API (#1473) 2 years ago
  Jordan Wright 5c753465d1 Quick fix: Forgot to remove api_test.go 2 years ago
  Jordan Wright e634cbd670 Moving api_test.go to controllers_test.go 2 years ago
  Jordan Wright 1e0a78db30
Refactoring API into separate package for easier management. (#1411) 2 years ago
  Jordan Wright 8d32bc2fab Fixed phishing server log output. Fixes #1345 2 years ago
  Jordan Wright ba8ceb81da
Initial commit of RBAC support. (#1366) 2 years ago
  Jordan Wright a73ac4ab7c Fixed various minor linting issues 2 years ago
  Jordan Wright 47f0049c30
Refactor servers (#1321) 2 years ago
  Jordan Wright 326649b177 Updating redirect URL to support template values. Fixes #1235 2 years ago
  Jordan Wright abafe3526b Moved documentation links to point to docs.getgophish.com. 2 years ago
  Jordan Wright 9f334281ab Added X-Mailer and X-Gophish-Contact headers (Ref: #1057) 3 years ago
  Jordan Wright 1efb71d1e9 Added transparency handler to return information JSON when a "+" is appended to a valid result ID (ref #1057) 3 years ago
  Jordan Wright ebb6cd61b2 Implemented the ability to preview landing pages when sending a test email. 3 years ago
  Jordan Wright 420410b52c Refactored result updating to be in result.go. 3 years ago
  Jordan Wright f7dee1e938 Removed directory listing of static assets. Fixes #1077. Fixes #815 3 years ago
  Jordan Wright 5d23263898
Moved logging to logrus package. Not perfect yet (still want to update the access logs), but should set the foundation to make better logging in the future. 3 years ago
  Jordan Wright 5f3c94d0cf
Add support for authenticating to the API via an Authorization Bearer token. 3 years ago
  Jordan Wright 3a7a62e9d6
Changed /api/reset to require API key instead of just requiring a valid session. Fixes #1028 3 years ago
  Jordan Wright 2131c17c33
Fixing SSRF by requiring an API key for all import endpoints. Fixes #1026 3 years ago
  Jordan Wright eb2f0e38c7
Better handling of template errors when rendering the phishing page. Fixes #1008. 3 years ago
  Jordan Wright f21536da7c
Adding "Report Email" Support (#1014) 3 years ago
  Jordan Wright c9ff8714a0
Moved rid parameter to a separate constant. Fixes #911 3 years ago
  Jordan Wright aa8c770e73 Adding "next" parameter to support redirecting after successful login. 3 years ago
  Jordan Wright 227da5c7b9 Change failed login status code to 401. Fixes #833 3 years ago
  Jordan Wright 76ece15b71
Email refactoring (#878) 3 years ago
  Jordan Wright 26d2ca7344 Fixed some validation weirdness when sending a test email. Fixes #739 3 years ago
  Jordan Wright 58a57589bd Updates all datetimes to use UTC on the backend. This includes a DB migration to convert existing dates. 3 years ago
  Jordan Wright e42302ebf9 Moved phishing handlers into separate file and added a ton of tests. 4 years ago
  Jordan Wright 871114a17d Cleaning up RobotsHandler 4 years ago
  Matt D 5f5c8141c9 Add robots.txt handler (#604) 4 years ago