CTFd/tests/users/test_profile.py

#!/usr/bin/env python
# -*- coding: utf-8 -*-

from CTFd.models import Users
from CTFd.utils.crypto import verify_password
from tests.helpers import create_ctfd, destroy_ctfd, login_as_user, register_user


def test_email_cannot_be_changed_without_password():
    """Test that a user can't update their email address without current password"""
    app = create_ctfd()
    with app.app_context():
        register_user(app)
        client = login_as_user(app)

        data = {"name": "user", "email": "user2@ctfd.io"}

        r = client.patch("/api/v1/users/me", json=data)
        assert r.status_code == 400
        user = Users.query.filter_by(id=2).first()
        assert user.email == "user@ctfd.io"

        data = {"name": "user", "email": "user2@ctfd.io", "confirm": "asdf"}

        r = client.patch("/api/v1/users/me", json=data)
        assert r.status_code == 400
        user = Users.query.filter_by(id=2).first()
        assert user.email == "user@ctfd.io"

        data = {"name": "user", "email": "user2@ctfd.io", "confirm": "password"}

        r = client.patch("/api/v1/users/me", json=data)
        assert r.status_code == 200
        user = Users.query.filter_by(id=2).first()
        assert user.email == "user2@ctfd.io"
        assert verify_password(plaintext="password", ciphertext=user.password)
    destroy_ctfd(app)
Require password for email change (#1077) * Require password for email changes 2019-08-05 00:28:20 +00:00			`#!/usr/bin/env python`
			`# -- coding: utf-8 --`

			`from CTFd.models import Users`
			`from CTFd.utils.crypto import verify_password`
2.3.0 (#1248) 2.3.0 / 2020-02-17 ================== General * During setup, admins can register their email address with the CTFd LLC newsletter for news and updates * Fix editting hints from the admin panel * Allow admins to insert HTML code directly into the header and footer (end of body tag) of pages. This replaces and supercedes the custom CSS feature. * The `views.custom_css` route has been removed. * Admins can now customize the content of outgoing emails and inject certain variables into email content. * The `manage.py` script can now manipulate the CTFd Configs table via the `get_config` and `set_config` commands. (e.g. `python manage.py get_config ctf_theme` and `python manage.py set_config ctf_theme core`) Themes * Themes should now reference the `theme_header` and `theme_footer` configs instead of the `views.custom_css` endpoint to allow for user customizations. See the `base.html` file of the core theme. Plugins * Make `ezq` functions available to `CTFd.js` under `CTFd.ui.ezq` Miscellaneous * Python imports sorted with `isort` and import order enforced * Black formatter running on a majority of Python code 2020-02-17 07:17:25 +00:00			`from tests.helpers import create_ctfd, destroy_ctfd, login_as_user, register_user`
Require password for email change (#1077) * Require password for email changes 2019-08-05 00:28:20 +00:00

			`def test_email_cannot_be_changed_without_password():`
			`"""Test that a user can't update their email address without current password"""`
			`app = create_ctfd()`
			`with app.app_context():`
			`register_user(app)`
			`client = login_as_user(app)`

			`data = {"name": "user", "email": "user2@ctfd.io"}`

			`r = client.patch("/api/v1/users/me", json=data)`
			`assert r.status_code == 400`
			`user = Users.query.filter_by(id=2).first()`
			`assert user.email == "user@ctfd.io"`

			`data = {"name": "user", "email": "user2@ctfd.io", "confirm": "asdf"}`

			`r = client.patch("/api/v1/users/me", json=data)`
			`assert r.status_code == 400`
			`user = Users.query.filter_by(id=2).first()`
			`assert user.email == "user@ctfd.io"`

			`data = {"name": "user", "email": "user2@ctfd.io", "confirm": "password"}`

			`r = client.patch("/api/v1/users/me", json=data)`
			`assert r.status_code == 200`
			`user = Users.query.filter_by(id=2).first()`
			`assert user.email == "user2@ctfd.io"`
			`assert verify_password(plaintext="password", ciphertext=user.password)`
			`destroy_ctfd(app)`