JohnHammond
/
CTFd
mirror of https://github.com/JohnHammond/CTFd.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
CTFd/tests/challenges/test_dynamic.py

320 lines
10 KiB
Python
Raw Permalink Normal View History

Mark 2.0.0 (#757) * Update CHANGELOG * Update README * Upgrade migration script to port visibility settings * Add message about visibility settings and port over visibility settings * Close #758 * Add tests for dynamic value challenges
2018-11-27 01:32:04 +00:00
#!/usr/bin/env python
# -*- coding: utf-8 -*-
2.2.0 (#1188) 2.2.0 / 2019-12-22 ================== ## Notice 2.2.0 focuses on updating the front end of CTFd to use more modern programming practices and changes some aspects of core CTFd design. If your current installation is using a custom theme or custom plugin with ***any*** kind of JavaScript, it is likely that you will need to upgrade that theme/plugin to be useable with v2.2.0. **General** * Team size limits can now be enforced from the configuration panel * Access tokens functionality for API usage * Admins can now choose how to deliver their notifications * Toast (new default) * Alert * Background * Sound On / Sound Off * There is now a notification counter showing how many unread notifications were received * Setup has been redesigned to have multiple steps * Added Description * Added Start time and End time, * Added MajorLeagueCyber integration * Added Theme and color selection * Fixes issue where updating dynamic challenges could change the value to an incorrect value * Properly use a less restrictive regex to validate email addresses * Bump Python dependencies to latest working versions * Admins can now give awards to team members from the team's admin panel page **API** * Team member removals (`DELETE /api/v1/teams/[team_id]/members`) from the admin panel will now delete the removed members's Submissions, Awards, Unlocks **Admin Panel** * Admins can now user a color input box to specify a theme color which is injected as part of the CSS configuration. Theme developers can use this CSS value to change colors and styles accordingly. * Challenge updates will now alert you if the challenge doesn't have a flag * Challenge entry now allows you to upload files and enter simple flags from the initial challenge creation page **Themes** * Significant JavaScript and CSS rewrite to use ES6, Webpack, yarn, and babel * Theme asset specially generated URLs * Static theme assets are now loaded with either .dev.extension or .min.extension depending on production or development (i.e. debug server) * Static theme assets are also given a `d` GET parameter that changes per server start. Used to bust browser caches. * Use `defer` for script tags to not block page rendering * Only show the MajorLeagueCyber button if configured in configuration * The admin panel now links to https://help.ctfd.io/ in the top right * Create an `ezToast()` function to use [Bootstrap's toasts](https://getbootstrap.com/docs/4.3/components/toasts/) * The user-facing navbar now features icons * Awards shown on a user's profile can now have award icons * The default MarkdownIt render created by CTFd will now open links in new tabs * Country flags can now be shown on the user pages **Deployment** * Switch `Dockerfile` from `python:2.7-alpine` to `python:3.7-alpine` * Add `SERVER_SENT_EVENTS` config value to control whether Notifications are enabled * Challenge ID is now recorded in the submission log **Plugins** * Add an endpoint parameter to `register_plugin_assets_directory()` and `register_plugin_asset()` to control what endpoint Flask uses for the added route **Miscellaneous** * `CTFd.utils.email.sendmail()` now allows the caller to specify subject as an argument * The subject allows for injecting custom variable via the new `CTFd.utils.formatters.safe_format()` function * Admin user information is now error checked during setup * Added yarn to the toolchain and the yarn dev, yarn build, yarn verify, and yarn clean scripts * Prevent old CTFd imports from being imported
2019-12-23 04:17:34 +00:00
from CTFd.models import Challenges
Mark 2.0.0 (#757) * Update CHANGELOG * Update README * Upgrade migration script to port visibility settings * Add message about visibility settings and port over visibility settings * Close #758 * Add tests for dynamic value challenges
2018-11-27 01:32:04 +00:00
from CTFd.plugins.dynamic_challenges import DynamicChallenge, DynamicValueChallenge
Format all the things (#991) * Format Javascript and CSS files with `prettier`: `prettier --write 'CTFd/themes/**/*'` * Format Python with `black`: `black CTFd` & `black tests` * Travis now uses xenial instead of trusty.
2019-05-12 01:09:37 +00:00
from tests.helpers import (
2.3.0 (#1248) 2.3.0 / 2020-02-17 ================== **General** * During setup, admins can register their email address with the CTFd LLC newsletter for news and updates * Fix editting hints from the admin panel * Allow admins to insert HTML code directly into the header and footer (end of body tag) of pages. This replaces and supercedes the custom CSS feature. * The `views.custom_css` route has been removed. * Admins can now customize the content of outgoing emails and inject certain variables into email content. * The `manage.py` script can now manipulate the CTFd Configs table via the `get_config` and `set_config` commands. (e.g. `python manage.py get_config ctf_theme` and `python manage.py set_config ctf_theme core`) **Themes** * Themes should now reference the `theme_header` and `theme_footer` configs instead of the `views.custom_css` endpoint to allow for user customizations. See the `base.html` file of the core theme. **Plugins** * Make `ezq` functions available to `CTFd.js` under `CTFd.ui.ezq` **Miscellaneous** * Python imports sorted with `isort` and import order enforced * Black formatter running on a majority of Python code
2020-02-17 07:17:25 +00:00
FakeRequest,
Format all the things (#991) * Format Javascript and CSS files with `prettier`: `prettier --write 'CTFd/themes/**/*'` * Format Python with `black`: `black CTFd` & `black tests` * Travis now uses xenial instead of trusty.
2019-05-12 01:09:37 +00:00
create_ctfd,
destroy_ctfd,
gen_flag,
gen_user,
2.3.0 (#1248) 2.3.0 / 2020-02-17 ================== **General** * During setup, admins can register their email address with the CTFd LLC newsletter for news and updates * Fix editting hints from the admin panel * Allow admins to insert HTML code directly into the header and footer (end of body tag) of pages. This replaces and supercedes the custom CSS feature. * The `views.custom_css` route has been removed. * Admins can now customize the content of outgoing emails and inject certain variables into email content. * The `manage.py` script can now manipulate the CTFd Configs table via the `get_config` and `set_config` commands. (e.g. `python manage.py get_config ctf_theme` and `python manage.py set_config ctf_theme core`) **Themes** * Themes should now reference the `theme_header` and `theme_footer` configs instead of the `views.custom_css` endpoint to allow for user customizations. See the `base.html` file of the core theme. **Plugins** * Make `ezq` functions available to `CTFd.js` under `CTFd.ui.ezq` **Miscellaneous** * Python imports sorted with `isort` and import order enforced * Black formatter running on a majority of Python code
2020-02-17 07:17:25 +00:00
login_as_user,
register_user,
Format all the things (#991) * Format Javascript and CSS files with `prettier`: `prettier --write 'CTFd/themes/**/*'` * Format Python with `black`: `black CTFd` & `black tests` * Travis now uses xenial instead of trusty.
2019-05-12 01:09:37 +00:00
)
Mark 2.0.0 (#757) * Update CHANGELOG * Update README * Upgrade migration script to port visibility settings * Add message about visibility settings and port over visibility settings * Close #758 * Add tests for dynamic value challenges
2018-11-27 01:32:04 +00:00
def test_can_create_dynamic_challenge():
"""Test that dynamic challenges can be made from the API/admin panel"""
app = create_ctfd(enable_plugins=True)
with app.app_context():
register_user(app)
client = login_as_user(app, name="admin", password="password")
challenge_data = {
"name": "name",
"category": "category",
"description": "description",
"value": 100,
"decay": 20,
"minimum": 1,
"state": "hidden",
Format all the things (#991) * Format Javascript and CSS files with `prettier`: `prettier --write 'CTFd/themes/**/*'` * Format Python with `black`: `black CTFd` & `black tests` * Travis now uses xenial instead of trusty.
2019-05-12 01:09:37 +00:00
"type": "dynamic",
Mark 2.0.0 (#757) * Update CHANGELOG * Update README * Upgrade migration script to port visibility settings * Add message about visibility settings and port over visibility settings * Close #758 * Add tests for dynamic value challenges
2018-11-27 01:32:04 +00:00
}
Format all the things (#991) * Format Javascript and CSS files with `prettier`: `prettier --write 'CTFd/themes/**/*'` * Format Python with `black`: `black CTFd` & `black tests` * Travis now uses xenial instead of trusty.
2019-05-12 01:09:37 +00:00
r = client.post("/api/v1/challenges", json=challenge_data)
assert r.get_json().get("data")["id"] == 1
Mark 2.0.0 (#757) * Update CHANGELOG * Update README * Upgrade migration script to port visibility settings * Add message about visibility settings and port over visibility settings * Close #758 * Add tests for dynamic value challenges
2018-11-27 01:32:04 +00:00
challenges = DynamicChallenge.query.all()
assert len(challenges) == 1
challenge = challenges[0]
assert challenge.value == 100
assert challenge.initial == 100
assert challenge.decay == 20
assert challenge.minimum == 1
destroy_ctfd(app)
def test_can_update_dynamic_challenge():
"""Test that dynamic challenges can be deleted"""
app = create_ctfd(enable_plugins=True)
with app.app_context():
challenge_data = {
"name": "name",
"category": "category",
"description": "description",
"value": 100,
"decay": 20,
"minimum": 1,
"state": "hidden",
Format all the things (#991) * Format Javascript and CSS files with `prettier`: `prettier --write 'CTFd/themes/**/*'` * Format Python with `black`: `black CTFd` & `black tests` * Travis now uses xenial instead of trusty.
2019-05-12 01:09:37 +00:00
"type": "dynamic",
Mark 2.0.0 (#757) * Update CHANGELOG * Update README * Upgrade migration script to port visibility settings * Add message about visibility settings and port over visibility settings * Close #758 * Add tests for dynamic value challenges
2018-11-27 01:32:04 +00:00
}
req = FakeRequest(form=challenge_data)
challenge = DynamicValueChallenge.create(req)
assert challenge.value == 100
assert challenge.initial == 100
assert challenge.decay == 20
assert challenge.minimum == 1
challenge_data = {
"name": "new_name",
"category": "category",
"description": "new_description",
"value": "200",
"initial": "200",
"decay": "40",
"minimum": "5",
"max_attempts": "0",
Format all the things (#991) * Format Javascript and CSS files with `prettier`: `prettier --write 'CTFd/themes/**/*'` * Format Python with `black`: `black CTFd` & `black tests` * Travis now uses xenial instead of trusty.
2019-05-12 01:09:37 +00:00
"state": "visible",
Mark 2.0.0 (#757) * Update CHANGELOG * Update README * Upgrade migration script to port visibility settings * Add message about visibility settings and port over visibility settings * Close #758 * Add tests for dynamic value challenges
2018-11-27 01:32:04 +00:00
}
req = FakeRequest(form=challenge_data)
challenge = DynamicValueChallenge.update(challenge, req)
Format all the things (#991) * Format Javascript and CSS files with `prettier`: `prettier --write 'CTFd/themes/**/*'` * Format Python with `black`: `black CTFd` & `black tests` * Travis now uses xenial instead of trusty.
2019-05-12 01:09:37 +00:00
assert challenge.name == "new_name"
Mark 2.0.0 (#757) * Update CHANGELOG * Update README * Upgrade migration script to port visibility settings * Add message about visibility settings and port over visibility settings * Close #758 * Add tests for dynamic value challenges
2018-11-27 01:32:04 +00:00
assert challenge.description == "new_description"
assert challenge.value == 200
assert challenge.initial == 200
assert challenge.decay == 40
assert challenge.minimum == 5
assert challenge.state == "visible"
destroy_ctfd(app)
Fix divison-by-zero when adding requirement to dynamic challenge (#782) * Fixing a bug where prerequisites could not be set for dynamic challenges due to a division by zero error where defaults were being set unnecessarily. * Creating unit test for adding requirement to dynamic challenges
2018-12-08 05:36:29 +00:00
def test_can_add_requirement_dynamic_challenge():
"""Test that requirements can be added to dynamic challenges"""
app = create_ctfd(enable_plugins=True)
with app.app_context():
challenge_data = {
"name": "name",
"category": "category",
"description": "description",
"value": 100,
"decay": 20,
"minimum": 1,
"state": "hidden",
Format all the things (#991) * Format Javascript and CSS files with `prettier`: `prettier --write 'CTFd/themes/**/*'` * Format Python with `black`: `black CTFd` & `black tests` * Travis now uses xenial instead of trusty.
2019-05-12 01:09:37 +00:00
"type": "dynamic",
Fix divison-by-zero when adding requirement to dynamic challenge (#782) * Fixing a bug where prerequisites could not be set for dynamic challenges due to a division by zero error where defaults were being set unnecessarily. * Creating unit test for adding requirement to dynamic challenges
2018-12-08 05:36:29 +00:00
}
req = FakeRequest(form=challenge_data)
challenge = DynamicValueChallenge.create(req)
assert challenge.value == 100
assert challenge.initial == 100
assert challenge.decay == 20
assert challenge.minimum == 1
challenge_data = {
"name": "second_name",
"category": "category",
"description": "new_description",
"value": "200",
"initial": "200",
"decay": "40",
"minimum": "5",
"max_attempts": "0",
Format all the things (#991) * Format Javascript and CSS files with `prettier`: `prettier --write 'CTFd/themes/**/*'` * Format Python with `black`: `black CTFd` & `black tests` * Travis now uses xenial instead of trusty.
2019-05-12 01:09:37 +00:00
"state": "visible",
Fix divison-by-zero when adding requirement to dynamic challenge (#782) * Fixing a bug where prerequisites could not be set for dynamic challenges due to a division by zero error where defaults were being set unnecessarily. * Creating unit test for adding requirement to dynamic challenges
2018-12-08 05:36:29 +00:00
}
req = FakeRequest(form=challenge_data)
challenge = DynamicValueChallenge.create(req)
Format all the things (#991) * Format Javascript and CSS files with `prettier`: `prettier --write 'CTFd/themes/**/*'` * Format Python with `black`: `black CTFd` & `black tests` * Travis now uses xenial instead of trusty.
2019-05-12 01:09:37 +00:00
assert challenge.name == "second_name"
Fix divison-by-zero when adding requirement to dynamic challenge (#782) * Fixing a bug where prerequisites could not be set for dynamic challenges due to a division by zero error where defaults were being set unnecessarily. * Creating unit test for adding requirement to dynamic challenges
2018-12-08 05:36:29 +00:00
assert challenge.description == "new_description"
assert challenge.value == 200
assert challenge.initial == 200
assert challenge.decay == 40
assert challenge.minimum == 5
assert challenge.state == "visible"
Format all the things (#991) * Format Javascript and CSS files with `prettier`: `prettier --write 'CTFd/themes/**/*'` * Format Python with `black`: `black CTFd` & `black tests` * Travis now uses xenial instead of trusty.
2019-05-12 01:09:37 +00:00
challenge_data = {"requirements": [1]}
Fix divison-by-zero when adding requirement to dynamic challenge (#782) * Fixing a bug where prerequisites could not be set for dynamic challenges due to a division by zero error where defaults were being set unnecessarily. * Creating unit test for adding requirement to dynamic challenges
2018-12-08 05:36:29 +00:00
req = FakeRequest(form=challenge_data)
challenge = DynamicValueChallenge.update(challenge, req)
assert challenge.requirements == [1]
destroy_ctfd(app)
Mark 2.0.0 (#757) * Update CHANGELOG * Update README * Upgrade migration script to port visibility settings * Add message about visibility settings and port over visibility settings * Close #758 * Add tests for dynamic value challenges
2018-11-27 01:32:04 +00:00
def test_can_delete_dynamic_challenge():
app = create_ctfd(enable_plugins=True)
with app.app_context():
register_user(app)
client = login_as_user(app, name="admin", password="password")
challenge_data = {
"name": "name",
"category": "category",
"description": "description",
"value": 100,
"decay": 20,
"minimum": 1,
"state": "hidden",
Format all the things (#991) * Format Javascript and CSS files with `prettier`: `prettier --write 'CTFd/themes/**/*'` * Format Python with `black`: `black CTFd` & `black tests` * Travis now uses xenial instead of trusty.
2019-05-12 01:09:37 +00:00
"type": "dynamic",
Mark 2.0.0 (#757) * Update CHANGELOG * Update README * Upgrade migration script to port visibility settings * Add message about visibility settings and port over visibility settings * Close #758 * Add tests for dynamic value challenges
2018-11-27 01:32:04 +00:00
}
Format all the things (#991) * Format Javascript and CSS files with `prettier`: `prettier --write 'CTFd/themes/**/*'` * Format Python with `black`: `black CTFd` & `black tests` * Travis now uses xenial instead of trusty.
2019-05-12 01:09:37 +00:00
r = client.post("/api/v1/challenges", json=challenge_data)
assert r.get_json().get("data")["id"] == 1
Mark 2.0.0 (#757) * Update CHANGELOG * Update README * Upgrade migration script to port visibility settings * Add message about visibility settings and port over visibility settings * Close #758 * Add tests for dynamic value challenges
2018-11-27 01:32:04 +00:00
challenges = DynamicChallenge.query.all()
assert len(challenges) == 1
challenge = challenges[0]
DynamicValueChallenge.delete(challenge)
challenges = DynamicChallenge.query.all()
assert len(challenges) == 0
destroy_ctfd(app)
Fix dynamic challenges to work in user mode and team mode (#760) * Fix dynamic challenges to work in user mode and team mode (Closes #759) * Add test for solving dynamic challenges and challenge de-valuation * Add missing oauth_login link to team_enrollment.html
2018-11-27 08:04:51 +00:00
def test_dynamic_challenge_loses_value_properly():
app = create_ctfd(enable_plugins=True)
with app.app_context():
register_user(app)
client = login_as_user(app, name="admin", password="password")
challenge_data = {
"name": "name",
"category": "category",
"description": "description",
"value": 100,
"decay": 20,
"minimum": 1,
"state": "visible",
Format all the things (#991) * Format Javascript and CSS files with `prettier`: `prettier --write 'CTFd/themes/**/*'` * Format Python with `black`: `black CTFd` & `black tests` * Travis now uses xenial instead of trusty.
2019-05-12 01:09:37 +00:00
"type": "dynamic",
Fix dynamic challenges to work in user mode and team mode (#760) * Fix dynamic challenges to work in user mode and team mode (Closes #759) * Add test for solving dynamic challenges and challenge de-valuation * Add missing oauth_login link to team_enrollment.html
2018-11-27 08:04:51 +00:00
}
Format all the things (#991) * Format Javascript and CSS files with `prettier`: `prettier --write 'CTFd/themes/**/*'` * Format Python with `black`: `black CTFd` & `black tests` * Travis now uses xenial instead of trusty.
2019-05-12 01:09:37 +00:00
r = client.post("/api/v1/challenges", json=challenge_data)
assert r.get_json().get("data")["id"] == 1
Fix dynamic challenges to work in user mode and team mode (#760) * Fix dynamic challenges to work in user mode and team mode (Closes #759) * Add test for solving dynamic challenges and challenge de-valuation * Add missing oauth_login link to team_enrollment.html
2018-11-27 08:04:51 +00:00
Format all the things (#991) * Format Javascript and CSS files with `prettier`: `prettier --write 'CTFd/themes/**/*'` * Format Python with `black`: `black CTFd` & `black tests` * Travis now uses xenial instead of trusty.
2019-05-12 01:09:37 +00:00
gen_flag(app.db, challenge_id=1, content="flag")
Fix dynamic challenges to work in user mode and team mode (#760) * Fix dynamic challenges to work in user mode and team mode (Closes #759) * Add test for solving dynamic challenges and challenge de-valuation * Add missing oauth_login link to team_enrollment.html
2018-11-27 08:04:51 +00:00
for i, team_id in enumerate(range(2, 26)):
name = "user{}".format(team_id)
email = "user{}@ctfd.io".format(team_id)
# We need to bypass rate-limiting so gen_user instead of register_user
gen_user(app.db, name=name, email=email)
with app.test_client() as client:
# We need to bypass rate-limiting so creating a fake user instead of logging in
with client.session_transaction() as sess:
Format all the things (#991) * Format Javascript and CSS files with `prettier`: `prettier --write 'CTFd/themes/**/*'` * Format Python with `black`: `black CTFd` & `black tests` * Travis now uses xenial instead of trusty.
2019-05-12 01:09:37 +00:00
sess["id"] = team_id
sess["name"] = name
sess["email"] = email
sess["nonce"] = "fake-nonce"
Fix dynamic challenges to work in user mode and team mode (#760) * Fix dynamic challenges to work in user mode and team mode (Closes #759) * Add test for solving dynamic challenges and challenge de-valuation * Add missing oauth_login link to team_enrollment.html
2018-11-27 08:04:51 +00:00
Format all the things (#991) * Format Javascript and CSS files with `prettier`: `prettier --write 'CTFd/themes/**/*'` * Format Python with `black`: `black CTFd` & `black tests` * Travis now uses xenial instead of trusty.
2019-05-12 01:09:37 +00:00
data = {"submission": "flag", "challenge_id": 1}
Fix dynamic challenges to work in user mode and team mode (#760) * Fix dynamic challenges to work in user mode and team mode (Closes #759) * Add test for solving dynamic challenges and challenge de-valuation * Add missing oauth_login link to team_enrollment.html
2018-11-27 08:04:51 +00:00
Format all the things (#991) * Format Javascript and CSS files with `prettier`: `prettier --write 'CTFd/themes/**/*'` * Format Python with `black`: `black CTFd` & `black tests` * Travis now uses xenial instead of trusty.
2019-05-12 01:09:37 +00:00
r = client.post("/api/v1/challenges/attempt", json=data)
resp = r.get_json()["data"]
assert resp["status"] == "correct"
Fix dynamic challenges to work in user mode and team mode (#760) * Fix dynamic challenges to work in user mode and team mode (Closes #759) * Add test for solving dynamic challenges and challenge de-valuation * Add missing oauth_login link to team_enrollment.html
2018-11-27 08:04:51 +00:00
chal = DynamicChallenge.query.filter_by(id=1).first()
if i >= 20:
assert chal.value == chal.minimum
else:
assert chal.initial >= chal.value
assert chal.value > chal.minimum
destroy_ctfd(app)
Record a new solve before calculating the new dynamic value. (#919) * Record a new solve before calculating the new dynamic value so hidden solves can't unintentionally move the challenge value
2019-03-22 16:26:57 +00:00
2.2.0 (#1188) 2.2.0 / 2019-12-22 ================== ## Notice 2.2.0 focuses on updating the front end of CTFd to use more modern programming practices and changes some aspects of core CTFd design. If your current installation is using a custom theme or custom plugin with ***any*** kind of JavaScript, it is likely that you will need to upgrade that theme/plugin to be useable with v2.2.0. **General** * Team size limits can now be enforced from the configuration panel * Access tokens functionality for API usage * Admins can now choose how to deliver their notifications * Toast (new default) * Alert * Background * Sound On / Sound Off * There is now a notification counter showing how many unread notifications were received * Setup has been redesigned to have multiple steps * Added Description * Added Start time and End time, * Added MajorLeagueCyber integration * Added Theme and color selection * Fixes issue where updating dynamic challenges could change the value to an incorrect value * Properly use a less restrictive regex to validate email addresses * Bump Python dependencies to latest working versions * Admins can now give awards to team members from the team's admin panel page **API** * Team member removals (`DELETE /api/v1/teams/[team_id]/members`) from the admin panel will now delete the removed members's Submissions, Awards, Unlocks **Admin Panel** * Admins can now user a color input box to specify a theme color which is injected as part of the CSS configuration. Theme developers can use this CSS value to change colors and styles accordingly. * Challenge updates will now alert you if the challenge doesn't have a flag * Challenge entry now allows you to upload files and enter simple flags from the initial challenge creation page **Themes** * Significant JavaScript and CSS rewrite to use ES6, Webpack, yarn, and babel * Theme asset specially generated URLs * Static theme assets are now loaded with either .dev.extension or .min.extension depending on production or development (i.e. debug server) * Static theme assets are also given a `d` GET parameter that changes per server start. Used to bust browser caches. * Use `defer` for script tags to not block page rendering * Only show the MajorLeagueCyber button if configured in configuration * The admin panel now links to https://help.ctfd.io/ in the top right * Create an `ezToast()` function to use [Bootstrap's toasts](https://getbootstrap.com/docs/4.3/components/toasts/) * The user-facing navbar now features icons * Awards shown on a user's profile can now have award icons * The default MarkdownIt render created by CTFd will now open links in new tabs * Country flags can now be shown on the user pages **Deployment** * Switch `Dockerfile` from `python:2.7-alpine` to `python:3.7-alpine` * Add `SERVER_SENT_EVENTS` config value to control whether Notifications are enabled * Challenge ID is now recorded in the submission log **Plugins** * Add an endpoint parameter to `register_plugin_assets_directory()` and `register_plugin_asset()` to control what endpoint Flask uses for the added route **Miscellaneous** * `CTFd.utils.email.sendmail()` now allows the caller to specify subject as an argument * The subject allows for injecting custom variable via the new `CTFd.utils.formatters.safe_format()` function * Admin user information is now error checked during setup * Added yarn to the toolchain and the yarn dev, yarn build, yarn verify, and yarn clean scripts * Prevent old CTFd imports from being imported
2019-12-23 04:17:34 +00:00
def test_dynamic_challenge_doesnt_lose_value_on_update():
"""Dynamic challenge updates without changing any values or solves shouldn't change the current value. See #1043"""
app = create_ctfd(enable_plugins=True)
with app.app_context():
challenge_data = {
"name": "name",
"category": "category",
"description": "description",
"value": 10000,
"decay": 4,
"minimum": 10,
"state": "visible",
"type": "dynamic",
}
req = FakeRequest(form=challenge_data)
challenge = DynamicValueChallenge.create(req)
challenge_id = challenge.id
gen_flag(app.db, challenge_id=challenge.id, content="flag")
register_user(app)
with login_as_user(app) as client:
data = {"submission": "flag", "challenge_id": challenge_id}
r = client.post("/api/v1/challenges/attempt", json=data)
assert r.status_code == 200
assert r.get_json()["data"]["status"] == "correct"
chal = Challenges.query.filter_by(id=challenge_id).first()
prev_chal_value = chal.value
chal = DynamicValueChallenge.update(chal, req)
assert prev_chal_value == chal.value
destroy_ctfd(app)
Record a new solve before calculating the new dynamic value. (#919) * Record a new solve before calculating the new dynamic value so hidden solves can't unintentionally move the challenge value
2019-03-22 16:26:57 +00:00
def test_dynamic_challenge_value_isnt_affected_by_hidden_users():
app = create_ctfd(enable_plugins=True)
with app.app_context():
register_user(app)
client = login_as_user(app, name="admin", password="password")
challenge_data = {
"name": "name",
"category": "category",
"description": "description",
"value": 100,
"decay": 20,
"minimum": 1,
"state": "visible",
Format all the things (#991) * Format Javascript and CSS files with `prettier`: `prettier --write 'CTFd/themes/**/*'` * Format Python with `black`: `black CTFd` & `black tests` * Travis now uses xenial instead of trusty.
2019-05-12 01:09:37 +00:00
"type": "dynamic",
Record a new solve before calculating the new dynamic value. (#919) * Record a new solve before calculating the new dynamic value so hidden solves can't unintentionally move the challenge value
2019-03-22 16:26:57 +00:00
}
Format all the things (#991) * Format Javascript and CSS files with `prettier`: `prettier --write 'CTFd/themes/**/*'` * Format Python with `black`: `black CTFd` & `black tests` * Travis now uses xenial instead of trusty.
2019-05-12 01:09:37 +00:00
r = client.post("/api/v1/challenges", json=challenge_data)
assert r.get_json().get("data")["id"] == 1
Record a new solve before calculating the new dynamic value. (#919) * Record a new solve before calculating the new dynamic value so hidden solves can't unintentionally move the challenge value
2019-03-22 16:26:57 +00:00
Format all the things (#991) * Format Javascript and CSS files with `prettier`: `prettier --write 'CTFd/themes/**/*'` * Format Python with `black`: `black CTFd` & `black tests` * Travis now uses xenial instead of trusty.
2019-05-12 01:09:37 +00:00
gen_flag(app.db, challenge_id=1, content="flag")
Record a new solve before calculating the new dynamic value. (#919) * Record a new solve before calculating the new dynamic value so hidden solves can't unintentionally move the challenge value
2019-03-22 16:26:57 +00:00
# Make a solve as a regular user. This should not affect the value.
Format all the things (#991) * Format Javascript and CSS files with `prettier`: `prettier --write 'CTFd/themes/**/*'` * Format Python with `black`: `black CTFd` & `black tests` * Travis now uses xenial instead of trusty.
2019-05-12 01:09:37 +00:00
data = {"submission": "flag", "challenge_id": 1}
Record a new solve before calculating the new dynamic value. (#919) * Record a new solve before calculating the new dynamic value so hidden solves can't unintentionally move the challenge value
2019-03-22 16:26:57 +00:00
Format all the things (#991) * Format Javascript and CSS files with `prettier`: `prettier --write 'CTFd/themes/**/*'` * Format Python with `black`: `black CTFd` & `black tests` * Travis now uses xenial instead of trusty.
2019-05-12 01:09:37 +00:00
r = client.post("/api/v1/challenges/attempt", json=data)
resp = r.get_json()["data"]
assert resp["status"] == "correct"
Record a new solve before calculating the new dynamic value. (#919) * Record a new solve before calculating the new dynamic value so hidden solves can't unintentionally move the challenge value
2019-03-22 16:26:57 +00:00
# Make solves as hidden users. Also should not affect value
for i, team_id in enumerate(range(2, 26)):
name = "user{}".format(team_id)
email = "user{}@ctfd.io".format(team_id)
# We need to bypass rate-limiting so gen_user instead of register_user
user = gen_user(app.db, name=name, email=email)
user.hidden = True
app.db.session.commit()
with app.test_client() as client:
# We need to bypass rate-limiting so creating a fake user instead of logging in
with client.session_transaction() as sess:
Format all the things (#991) * Format Javascript and CSS files with `prettier`: `prettier --write 'CTFd/themes/**/*'` * Format Python with `black`: `black CTFd` & `black tests` * Travis now uses xenial instead of trusty.
2019-05-12 01:09:37 +00:00
sess["id"] = team_id
sess["name"] = name
sess["email"] = email
sess["nonce"] = "fake-nonce"
data = {"submission": "flag", "challenge_id": 1}
r = client.post("/api/v1/challenges/attempt", json=data)
resp = r.get_json()["data"]
assert resp["status"] == "correct"
Record a new solve before calculating the new dynamic value. (#919) * Record a new solve before calculating the new dynamic value so hidden solves can't unintentionally move the challenge value
2019-03-22 16:26:57 +00:00
chal = DynamicChallenge.query.filter_by(id=1).first()
assert chal.value == chal.initial
destroy_ctfd(app)