Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Only use first API key output from get-api-key #70

Merged
merged 2 commits into from
Jan 26, 2022
Merged

Only use first API key output from get-api-key #70

merged 2 commits into from
Jan 26, 2022

Conversation

dav3r
Copy link
Member

@dav3r dav3r commented Jan 24, 2022

🗣 Description

This PR fixes a bug that can cause the PCA Gophish composition to fail to start up correctly.

💭 Motivation and context

If Gophish is configured to have multiple users, the get-api-key command (to the Gophish Docker service) will output multiple API keys, which was causing the gophish-init command to fail.

🧪 Testing

I tested this fix by making the same change to pca-gophish-composition.service in an assessment environment, then I added a second Gophish user and restarted the pca-gophish-composition.service. Without this fix, the service fails on startup, but with it, the service starts up cleanly.

✅ Pre-approval checklist

  • This PR has an informative and human-readable title.
  • Changes are limited to a single goal - eschew scope creep!
  • All relevant type-of-change labels have been added.
  • I have read the CONTRIBUTING document.
  • These code changes follow cisagov code standards.
  • All new and existing tests pass.

✅ Pre-merge checklist

  • Finalize version.

✅ Post-merge checklist

  • Add a tag or create a release.

dav3r added 2 commits January 24, 2022 16:57
@dav3r
Only use first API key output from get-api-key
a94bfcb 
If Gophish is configured to have multiple users, the get-api-key command will output multiple API keys, which was causing gophish-init to fail.
@dav3r
Bump version from 0.4.5 to 0.4.6
dd8c939
@dav3r dav3r added the bug This issue or pull request addresses broken functionality label Jan 24, 2022
@dav3r dav3r requested a review from felddy as a code owner January 24, 2022 22:08
@dav3r dav3r self-assigned this Jan 24, 2022
@dav3r dav3r requested a review from jsf9k as a code owner January 24, 2022 22:08
@dav3r dav3r requested a review from mcdonnnj January 24, 2022 22:08
mcdonnnj
mcdonnnj approved these changes Jan 25, 2022
View reviewed changes
Copy link
Member

@mcdonnnj mcdonnnj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This isn't a show-stopper, but I thought I would ask:

Should the SQL query in get-api-key be modified to only return one value instead? Should it be updated to get-api-keys to better represent that multiple keys might be returned? Should it be enhanced to return the API key associated with a given user?

@dav3r
Copy link
Member Author

dav3r commented Jan 25, 2022

This isn't a show-stopper, but I thought I would ask:

Should the SQL query in get-api-key be modified to only return one value instead? Should it be updated to get-api-keys to better represent that multiple keys might be returned? Should it be enhanced to return the API key associated with a given user?

I thought about that too and wasn't sure what the best answer was. I think changing the name to get-api-keys is the simplest solution, but perhaps adding a username input makes more sense. I'm open to suggestions here.

@dav3r dav3r mentioned this pull request Jan 25, 2022
Open
3 tasks
@dav3r
Copy link
Member Author

dav3r commented Jan 25, 2022

This isn't a show-stopper, but I thought I would ask:
Should the SQL query in get-api-key be modified to only return one value instead? Should it be updated to get-api-keys to better represent that multiple keys might be returned? Should it be enhanced to return the API key associated with a given user?

I thought about that too and wasn't sure what the best answer was. I think changing the name to get-api-keys is the simplest solution, but perhaps adding a username input makes more sense. I'm open to suggestions here.

After our team discussion earlier, I have created cisagov/gophish-docker#35 to address this issue. Thanks @mcdonnnj for mentioning this here!

@dav3r dav3r merged commit 72cec18 into develop Jan 26, 2022
@dav3r dav3r deleted the bugfix/only-use-first-api-key branch January 26, 2022 16:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mcdonnnj mcdonnnj mcdonnnj approved these changes

@jsf9k jsf9k jsf9k approved these changes

@felddy felddy Awaiting requested review from felddy felddy is a code owner

Assignees

@dav3r dav3r

Labels
bug This issue or pull request addresses broken functionality
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dav3r @jsf9k @mcdonnnj