search

gophish / api-client-python

A Python API Client for Gophish
MIT License
45 stars 48 forks source link

Missing "api_key" parameter in requests (breaks API) #25

Closed RonnyDo closed 4 years ago

RonnyDo commented 4 years ago

Thanks for the awesome project and all the affort you put in it!

It seems that the current API release doesn't work, because no requests seems to send the API key with it. Basic example from the official documenation:

from gophish import Gophish
from gophish.models import *

api_key = 'd667f0e43b7a2ac5bc9438ae059...'
api = Gophish(api_key)

templates = api.templates.get()
print (templates)

Resulting error (tested with python 3.8.1):

Traceback (most recent call last):
  File "gophish_init.py", line 7, in <module>
    templates = api.templates.get()
  File "C:\Users\user\AppData\Local\Programs\Python\Python38-32\lib\site-packages\gophish\api\templates.py", line 12, in get
    return super(API, self).get(resource_id=template_id)
  File "C:\Users\user\AppData\Local\Programs\Python\Python38-32\lib\site-packages\gophish\api\api.py", line 88, in get
    return self.request("GET",
  File "C:\Users\user\AppData\Local\Programs\Python\Python38-32\lib\site-packages\gophish\api\api.py", line 60, in request
    raise Error.parse(response.json())
gophish.models.Error: API Key not set

I had a look into the code and it seems as the "api_key" parameter, which needs to be appended at in the request URL, is not set anywhere. I fixed it by adding the following to api.py:57:

        if resource_action:
            endpoint = self._build_url(endpoint, resource_action)

        # append api_key to request
        endpoint = endpoint + "?api_key=" + self.api.api_key

        response = self.api.execute(method, endpoint, json=body)
        if not response.ok:
            raise Error.parse(response.json())

Hope that helps to fix the issue.

jordan-wright commented 4 years ago

Hi there!

My guess is that you're using an older version of Gophish which expects the API key to be provided in the URL. To prevent the API key from being seen in the browser history (or other forms of logging), we've moved it to the Authorization header.

I'd encourage you to update your version of Gophish. If you're still encountering this issue with the latest version of this library and the latest version of Gophish, please let me know and we can reopen this.