diff --git a/phishing/tests/attachments.py b/phishing/tests/attachments.py index e2ae2bb..60b60d4 100644 --- a/phishing/tests/attachments.py +++ b/phishing/tests/attachments.py @@ -2,14 +2,18 @@ import os from shutil import copyfile +from datetime import timedelta from django.conf import settings from django.core.exceptions import SuspiciousOperation from django.core.files.uploadedfile import SimpleUploadedFile from django.test import TestCase from django.urls import reverse +from django.utils.timezone import now from phishing.models import Attachment, Tracker +from phishing.models import Campaign +from phishing.models import EmailTemplate from phishing.strings import TRACKER_ATTACHMENT_EXECUTED from phishing.tests.constant import FILES_PATH, FIXTURE_PATH @@ -21,7 +25,25 @@ class AttachmentTestCase(TestCase): os.path.join(FIXTURE_PATH, 'user.json'), ] + def _create_campaign(self): + # add email template + email_template = EmailTemplate.objects.create( + email_subject='Hello!', + from_email='account@example.com', + name='email template name', + text_content='Goodbye!', + ) + + # create campaign + return Campaign.objects.create( + email_template=email_template, + name='test group graph', + send_at=now() + timedelta(hours=1) + ) + def test_build(self): + campaign = self._create_campaign() + attachment_name = 'build.json' attachment_path = os.path.join(settings.MEDIA_ROOT, 'test_attachment') copyfile(os.path.join(FILES_PATH, 'archive.zip'), attachment_path) @@ -34,7 +56,7 @@ def test_build(self): kwargs = { 'key': TRACKER_ATTACHMENT_EXECUTED, - 'campaign_id': 1, + 'campaign_id': campaign.pk, 'target_id': 1, 'value': 'tracker: not opened', } @@ -53,6 +75,8 @@ def test_build(self): os.remove(attachment_path) def test_build_invalid_zip(self): + campaign = self._create_campaign() + attachment_name = 'build.json' attachment_path = os.path.join(settings.MEDIA_ROOT, 'test_attachment') copyfile(os.path.join(FILES_PATH, 'invalid_archive.zip'), @@ -66,7 +90,7 @@ def test_build_invalid_zip(self): kwargs = { 'key': TRACKER_ATTACHMENT_EXECUTED, - 'campaign_id': 1, + 'campaign_id': campaign.pk, 'target_id': 1, 'value': 'tracker: not opened', } @@ -75,6 +99,8 @@ def test_build_invalid_zip(self): attachment.build(tracker) def test_build_static(self): + campaign = self._create_campaign() + attachment_name = 'b64.png' attachment_path = os.path.join(settings.MEDIA_ROOT, 'test_attachment') copyfile(os.path.join(FILES_PATH, 'image.png'), attachment_path) @@ -87,7 +113,7 @@ def test_build_static(self): kwargs = { 'key': TRACKER_ATTACHMENT_EXECUTED, - 'campaign_id': 1, + 'campaign_id': campaign.pk, 'target_id': 1, 'value': 'tracker: not opened', } diff --git a/phishing/tests/landing_page.py b/phishing/tests/landing_page.py index 56026e3..2726908 100644 --- a/phishing/tests/landing_page.py +++ b/phishing/tests/landing_page.py @@ -445,44 +445,6 @@ def test_landing_page_view_invalid_post_id(self): self.assertEqual(infos.raw, 'tracker_post_id of %s in unknown' % tracker.pk) - def test_landing_page_view_exception(self): - target = 'http://www.simplehtmlguide.com/examples/forms1.html' - - # We create a landing page - lp = LandingPage.objects.create( - name='Test delete perm', - html=clone_url(target) - ) - - et = EmailTemplate.objects.create( - name='Test landing page view', - email_subject='foo bar', - text_content='lorem ipsum', - landing_page_id=lp.pk, - ) - - # We create a campaign - camp = Campaign.objects.create( - email_template_id=et.pk, - name='Test landing page campaign' - ) - target_grp = TargetGroup.objects.get(pk=1) - camp.target_groups_add(target_grp) - self.assertTrue(camp.send()) - - tracker = camp.trackers.filter(key='landing_page_open').first() - - # set incorrect value for make crash - tracker.campaign_id = 99999999 - tracker.save() - - resp = self.client.get(reverse('landing_page', args=(tracker.uuid,))) - - # Strange behavior, google set multiple redirect. - # So we can't use "assertRedirect" function - self.assertEqual(resp.status_code, 302) - self.assertEqual(resp['Location'], 'https://www.google.com/') - def test_landing_page_post(self): target = 'http://www.simplehtmlguide.com/examples/forms1.html' diff --git a/phishing/tests/target.py b/phishing/tests/target.py index 2a134e2..b818973 100644 --- a/phishing/tests/target.py +++ b/phishing/tests/target.py @@ -20,11 +20,11 @@ def test_form_target_invalid_name(self): response = self.client.post(reverse("target_group_add"), { 'name': '', - 'targets-0-DELETE': None, + 'targets-0-DELETE': '', 'targets-0-email': 'test@test.com', - 'targets-0-first_name': None, - 'targets-0-id': None, - 'targets-0-last_name': None, + 'targets-0-first_name': '', + 'targets-0-id': '', + 'targets-0-last_name': '', 'targets-INITIAL_FORMS': 0, 'targets-MAX_NUM_FORMS': 1000, 'targets-MIN_NUM_FORMS': 0, @@ -67,11 +67,11 @@ def test_form_target_valid(self): response = self.client.post(reverse("target_group_add"), { 'name': 'OLOL', - 'targets-0-DELETE': None, + 'targets-0-DELETE': '', 'targets-0-email': 'test@test.com', - 'targets-0-first_name': None, - 'targets-0-id': None, - 'targets-0-last_name': None, + 'targets-0-first_name': '', + 'targets-0-id': '', + 'targets-0-last_name': '', 'targets-INITIAL_FORMS': 0, 'targets-MAX_NUM_FORMS': 1000, 'targets-MIN_NUM_FORMS': 0, @@ -90,11 +90,11 @@ def test_print_target(self): self.client.post(reverse("target_group_add"), { 'name': 'OLOL', - 'targets-0-DELETE': None, + 'targets-0-DELETE': '', 'targets-0-email': 'test@test.com', - 'targets-0-first_name': None, - 'targets-0-id': None, - 'targets-0-last_name': None, + 'targets-0-first_name': '', + 'targets-0-id': '', + 'targets-0-last_name': '', 'targets-INITIAL_FORMS': 0, 'targets-MAX_NUM_FORMS': 1000, 'targets-MIN_NUM_FORMS': 0, @@ -110,11 +110,11 @@ def test_form_target_edit(self): self.client.post(reverse("target_group_add"), { 'name': 'OLOL', - 'targets-0-DELETE': None, + 'targets-0-DELETE': '', 'targets-0-email': 'test@test.com', - 'targets-0-first_name': None, - 'targets-0-id': None, - 'targets-0-last_name': None, + 'targets-0-first_name': '', + 'targets-0-id': '', + 'targets-0-last_name': '', 'targets-INITIAL_FORMS': 0, 'targets-MAX_NUM_FORMS': 1000, 'targets-MIN_NUM_FORMS': 0, @@ -127,11 +127,11 @@ def test_form_target_edit(self): args=(targetGroup.pk,)), { 'name': 'OLOLOL', - 'targets-0-DELETE': None, + 'targets-0-DELETE': '', 'targets-0-email': 'foo@test.com', - 'targets-0-first_name': None, - 'targets-0-id': None, - 'targets-0-last_name': None, + 'targets-0-first_name': '', + 'targets-0-id': '', + 'targets-0-last_name': '', 'targets-INITIAL_FORMS': 0, 'targets-MAX_NUM_FORMS': 1000, 'targets-MIN_NUM_FORMS': 0, @@ -154,11 +154,11 @@ def test_form_target_delete(self): self.client.post(reverse("target_group_add"), { 'name': 'OLOL', - 'targets-0-DELETE': None, + 'targets-0-DELETE': '', 'targets-0-email': 'test@test.com', - 'targets-0-first_name': None, - 'targets-0-id': None, - 'targets-0-last_name': None, + 'targets-0-first_name': '', + 'targets-0-id': '', + 'targets-0-last_name': '', 'targets-INITIAL_FORMS': 0, 'targets-MAX_NUM_FORMS': 1000, 'targets-MIN_NUM_FORMS': 0, diff --git a/phishing/tests/user.py b/phishing/tests/user.py index 2328746..4ae373b 100644 --- a/phishing/tests/user.py +++ b/phishing/tests/user.py @@ -61,15 +61,13 @@ def test_default_permission(self): # delete not authorized url = reverse('campaign_delete', args=(campaign.pk,)) response = self.client.get(url) - self.assertEqual(response.status_code, 302) - self.assertEqual(response.url, '/accounts/login/?next=%s' % url) + self.assertEqual(response.status_code, 403) # add not authorized url = reverse('campaign_add') campaign_infos['name'] = 'test 4' response = self.client.post(url, campaign_infos) - self.assertEqual(response.status_code, 302) - self.assertEqual(response.url, '/accounts/login/?next=%s' % url) + self.assertEqual(response.status_code, 403) def test_permission(self): permissions = ['view_emailtemplate', 'view_targetgroup'] diff --git a/phishing/views/landing_page.py b/phishing/views/landing_page.py index 3689e06..d4195d0 100644 --- a/phishing/views/landing_page.py +++ b/phishing/views/landing_page.py @@ -125,6 +125,8 @@ def landing_page(request, tracker_id): landing_page=landing_page) return HttpResponse(landing_page.html, content_type='text/html') + # TODO: It seems that django correctly handle foreignkey + # an this case is not possible anymore. except Exception as e: tracker_infos.raw = '%s: %s' % (e.__class__.__name__, e) tracker_infos.save() diff --git a/requirements.txt b/requirements.txt index eb7d4bd..820b235 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,5 +1,5 @@ # Basics -django==2.0.7 +django==2.2.1 djangorestframework==3.9.4 # Templates