CTFd/tests/users/test_auth.py

360 lines
13 KiB
Python
Raw Normal View History

2.0.0 (#741) * Fix user and admin panel user/team graphs * Closes #682 * Unify login and logout under specific functions * Closes #659 * Rename Challenges.hidden to Challenges.state * Start to clean up API and front end integration starting with profile updating * Slightly cleaner code * Clean API to respond with success, data, and status codes * Simpler COUNTRIES_LIST and update profile to use COUNTRIES_LIST * Lookup country code in users page. Update front end calls to get API data properly * Fix some API endpoints and fix JS to process new responses * Update config.py to support new values * Closes #635 * Update some code to handle user types, add email domain whitelisting * Write a logging wrapper * Use logging wrapper for submissions * Close #656 * Break up config.html to make it easier to maintain * Fix logging, domain_whitelist, and config * Improving views.py, starting to add Announcements * Starting announcements front end * Make it easier to see large images, clean up some more REST API differences * Closes #668 * Update Proxyfix config to REVERSE_PROXY * Add announcements front end * Move creation/edit modals into seperate files. Start moving user updating into their admin profile pages. * Update font-awesome to 5.4.1 * Switch to user-edit icon * Update the update_check function to send up more anonymous data for statistics purposes. * Start work on #640 * Add the user action modals and update API to fix responses * Fix admin teams page * Add challenge requirements * Implement anonymous locked challenges * Team editting from admin panel * Switch from simple cache to filesystem cache * Implements a Cache backed server side session (#658) and fixes Users editting endpoint * Add our messaging for docs * Closes #700 * Remove invalid import * Move challenge enditting around a whole lot and probably break a bunch of things * Show challenge names in prerequisites instead of challenge IDs * Closes #661 * Change user templates to use url_for * Remove extra function * Rewrite admin panel to use url_for * Fix events to work under subdirectories * Start cleaning up config panel * Fix filesystem uploader; deprecate view_challenges_unregistered, view_scoreboard_if_authed, prevent_registration, view_after_ctf; implement new visibility decorators * Remove workshop mode, fix some glitches with the new visibility settings * Fix ctf_logo on core theme * Fix setup errors * Removing default from get_config b/c of memoization issues and getting some tests working * Relax email regex validation rule (#693) * Update to pycodestyle and fix new lint errors * Add a ctf_id to update_check * Change challenge plugin layout. Rename mailgun configs to be more descriptive (Closes #702) * Detect if people try to set routes with '/' to simplify #690 * Closes #690 * Clean up some code * Clean up challenge submit to rate limit * Fix js version compatability issue * Close some TODOs * Hide challenges if not authenticated * Make set_config reset the cache for those config values * Return 404 on empty challenges for /api/v1/<challenge_id>/solves * Fix setting boolean configs * Properly change account config settings * Move datetimes to isoformat (Closes #703) * Remove all .isoformat() calls because it isn't UTC aware (ends in Z). Switch to isoformat function & filter * Make /v1/submissions endpoint work for admin submission creation * Make oauth_id unique for Users and Teams * Move challenge submission endpoint and implement mark solved. Fix some isoformat issues. * Only show team's missing challenges if in team mode * Adding support for Hints & Unlocks * Update challenge submission url * Fix encoding functions in Python3 * Fix hexencode in Python3 * Added functional tests for challenges API for non-admin users (#705) * Set hint default type to be standard * Fix some JS issues. Closes #704 * Implement session.regenerate on top of the CachingSessionInterface * Challenge challenge attempt responses from numbers to strings * Fix password updating for UserSchema * Remove leftover challenge submission code * Remove old migrations :(, resolve challenge requirements not loading correctly, move migration functions * Added functional tests for challenges/hints/admin API (#710) * Fix helpers and re-add JSONLite * Install MySQL 5.7 * Try more mysql * Update password for mysql * Fixing issuse in Users.get_solves * Add new import/export code * Switch to CTFdSerializer for Python 3 * Re-implement import exports and add a very flaky test * Redesign submissions API response * Get export to roundtrip in tests * Int score b/c Decimal is not JSON serializeable * Remove unused route methods * Fix POST /api/v1/configs and start adding admin tests * Add user_id and team_id to top/10 * Fix admin creating Teams * Fix Team website validation * Change admins_only to reply with a 403 if the request is JSON * Organize admin tests and fix authed_only to return 403 on unauthed * Adding check_account_visibility, check_score_visibility for /api/v1/teams/<team_id>/(solves|awards|fails) * Fix teams/me endpoints again * Fix users/me endpoints to return 403 if unauthed * Fix Python 3 config API * Add fetch and promise polyfills. (#712) * Add exec to docker-entrypoint.sh (#713) * Display import_ctf Exceptions via repr (#651) - Wraps exceptions on `/admin/import` returned to users in a `repr()`, making debugging easier. * Add error messages to the admin panel, fix schemas for users, start working on UI for imports/exports * Make unauthed challenge submission attempt return 403 instead of 302, Fix user deletion, fix associated tests, remove TODOs * Remove old means of creating solves * Remove most of the content from teams.js and users.js * Remove extra code from /challenges.js * Fix POST'ing & PATCH'ing pages * Make (users|teams)/fails return only count to users. Fix public score graphs to factor in awards * Fix admin side scoregraphs. Fix Awardschemas for admins * Add requirements to db migration * Adding some team decorators * Fix require_team_mode decorator * Make verified emails decorator return 403 on JSON requests * Redo initial revision * Add SQLiteJSON back * Adding ratelimit to /redirect and removing POST from /oauth * Fix PATCH tags * Actually fix PATCH tags * Simplify 500.html * Added tests for challenges, awards, files, flags, hints ... (#723) * Added tests for challenges, awards, files, flags, hints, notifications, pages, submissions, tags * Fix user data validation functions, Fix hidden challenges and include test * Add a locked state to attempt * OAuth teams get verified, use logging functions in redirect route * Removing extra print call * Update requirements.txt * Fix possible AttributeError * Start work on #716 * Closes #717 * Fix issue patching teams * Rename .j2 to .html, implement preview for challenges if admin * Move admin/challenge.html to admin/challenges/challenge.html * Remove old modals * Add Reset CTF button (#639) * Add Reset link to config.html * Delete Tracking * files handler should return a 404 on files it cant find * Denote official teams (#729), make scoregraph fill to zero * Remove old javascript files, make some challenge elements refresh by reloading * Fix team editting modals to work more reliably * Fix rendering of CTF paused * Remove hide_scores funtion and roll it into scores visibility * Log to stdout/stderr by default (#719) * Fix user searching * Remove searching for users/teams by country * Add badges to admin team and user pages, implement user banning (#643) * Remove shell.py, clean up admin team.html, add tests for banned users, teams * Start cleaning up dynamic_challenges to meet new challenge type plugin format * Remove POST method from teams.public * Add credentials: 'same-origin' to all fetch calls (#734) * Add challenge preview, add challenge deletion, fix file deletions when deleting challenges * Fix imports UI (#735) * Show prerequisites before adding a blank one (#738), Refresh all challenges after a submission (#739) * Admins can see hidden challenges * Fix some UI elements, fix loading location hash, set version to be 2.0.0 * Clean up some challenge plugin pages * Add default for flag type * Fix Python3 bytes/str issues * Add in MLC urls and support user mode for oauth * Fix seeing user graphs when scores are hidden, clean up setup.html, add links to MLC oauth * Add state parameter support * Use URLSafeTimedSerializer wrapper for sending token based emails * setting APPLICATION_ROOT from env var (#732) * Rearrange config.py and update README * Updating README
2018-11-20 04:16:14 +00:00
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from CTFd.models import Users
from CTFd.utils import set_config, get_config
from CTFd.utils.security.signing import serialize
from CTFd.utils.security.passwords import hash_password, check_password
2.0.0 (#741) * Fix user and admin panel user/team graphs * Closes #682 * Unify login and logout under specific functions * Closes #659 * Rename Challenges.hidden to Challenges.state * Start to clean up API and front end integration starting with profile updating * Slightly cleaner code * Clean API to respond with success, data, and status codes * Simpler COUNTRIES_LIST and update profile to use COUNTRIES_LIST * Lookup country code in users page. Update front end calls to get API data properly * Fix some API endpoints and fix JS to process new responses * Update config.py to support new values * Closes #635 * Update some code to handle user types, add email domain whitelisting * Write a logging wrapper * Use logging wrapper for submissions * Close #656 * Break up config.html to make it easier to maintain * Fix logging, domain_whitelist, and config * Improving views.py, starting to add Announcements * Starting announcements front end * Make it easier to see large images, clean up some more REST API differences * Closes #668 * Update Proxyfix config to REVERSE_PROXY * Add announcements front end * Move creation/edit modals into seperate files. Start moving user updating into their admin profile pages. * Update font-awesome to 5.4.1 * Switch to user-edit icon * Update the update_check function to send up more anonymous data for statistics purposes. * Start work on #640 * Add the user action modals and update API to fix responses * Fix admin teams page * Add challenge requirements * Implement anonymous locked challenges * Team editting from admin panel * Switch from simple cache to filesystem cache * Implements a Cache backed server side session (#658) and fixes Users editting endpoint * Add our messaging for docs * Closes #700 * Remove invalid import * Move challenge enditting around a whole lot and probably break a bunch of things * Show challenge names in prerequisites instead of challenge IDs * Closes #661 * Change user templates to use url_for * Remove extra function * Rewrite admin panel to use url_for * Fix events to work under subdirectories * Start cleaning up config panel * Fix filesystem uploader; deprecate view_challenges_unregistered, view_scoreboard_if_authed, prevent_registration, view_after_ctf; implement new visibility decorators * Remove workshop mode, fix some glitches with the new visibility settings * Fix ctf_logo on core theme * Fix setup errors * Removing default from get_config b/c of memoization issues and getting some tests working * Relax email regex validation rule (#693) * Update to pycodestyle and fix new lint errors * Add a ctf_id to update_check * Change challenge plugin layout. Rename mailgun configs to be more descriptive (Closes #702) * Detect if people try to set routes with '/' to simplify #690 * Closes #690 * Clean up some code * Clean up challenge submit to rate limit * Fix js version compatability issue * Close some TODOs * Hide challenges if not authenticated * Make set_config reset the cache for those config values * Return 404 on empty challenges for /api/v1/<challenge_id>/solves * Fix setting boolean configs * Properly change account config settings * Move datetimes to isoformat (Closes #703) * Remove all .isoformat() calls because it isn't UTC aware (ends in Z). Switch to isoformat function & filter * Make /v1/submissions endpoint work for admin submission creation * Make oauth_id unique for Users and Teams * Move challenge submission endpoint and implement mark solved. Fix some isoformat issues. * Only show team's missing challenges if in team mode * Adding support for Hints & Unlocks * Update challenge submission url * Fix encoding functions in Python3 * Fix hexencode in Python3 * Added functional tests for challenges API for non-admin users (#705) * Set hint default type to be standard * Fix some JS issues. Closes #704 * Implement session.regenerate on top of the CachingSessionInterface * Challenge challenge attempt responses from numbers to strings * Fix password updating for UserSchema * Remove leftover challenge submission code * Remove old migrations :(, resolve challenge requirements not loading correctly, move migration functions * Added functional tests for challenges/hints/admin API (#710) * Fix helpers and re-add JSONLite * Install MySQL 5.7 * Try more mysql * Update password for mysql * Fixing issuse in Users.get_solves * Add new import/export code * Switch to CTFdSerializer for Python 3 * Re-implement import exports and add a very flaky test * Redesign submissions API response * Get export to roundtrip in tests * Int score b/c Decimal is not JSON serializeable * Remove unused route methods * Fix POST /api/v1/configs and start adding admin tests * Add user_id and team_id to top/10 * Fix admin creating Teams * Fix Team website validation * Change admins_only to reply with a 403 if the request is JSON * Organize admin tests and fix authed_only to return 403 on unauthed * Adding check_account_visibility, check_score_visibility for /api/v1/teams/<team_id>/(solves|awards|fails) * Fix teams/me endpoints again * Fix users/me endpoints to return 403 if unauthed * Fix Python 3 config API * Add fetch and promise polyfills. (#712) * Add exec to docker-entrypoint.sh (#713) * Display import_ctf Exceptions via repr (#651) - Wraps exceptions on `/admin/import` returned to users in a `repr()`, making debugging easier. * Add error messages to the admin panel, fix schemas for users, start working on UI for imports/exports * Make unauthed challenge submission attempt return 403 instead of 302, Fix user deletion, fix associated tests, remove TODOs * Remove old means of creating solves * Remove most of the content from teams.js and users.js * Remove extra code from /challenges.js * Fix POST'ing & PATCH'ing pages * Make (users|teams)/fails return only count to users. Fix public score graphs to factor in awards * Fix admin side scoregraphs. Fix Awardschemas for admins * Add requirements to db migration * Adding some team decorators * Fix require_team_mode decorator * Make verified emails decorator return 403 on JSON requests * Redo initial revision * Add SQLiteJSON back * Adding ratelimit to /redirect and removing POST from /oauth * Fix PATCH tags * Actually fix PATCH tags * Simplify 500.html * Added tests for challenges, awards, files, flags, hints ... (#723) * Added tests for challenges, awards, files, flags, hints, notifications, pages, submissions, tags * Fix user data validation functions, Fix hidden challenges and include test * Add a locked state to attempt * OAuth teams get verified, use logging functions in redirect route * Removing extra print call * Update requirements.txt * Fix possible AttributeError * Start work on #716 * Closes #717 * Fix issue patching teams * Rename .j2 to .html, implement preview for challenges if admin * Move admin/challenge.html to admin/challenges/challenge.html * Remove old modals * Add Reset CTF button (#639) * Add Reset link to config.html * Delete Tracking * files handler should return a 404 on files it cant find * Denote official teams (#729), make scoregraph fill to zero * Remove old javascript files, make some challenge elements refresh by reloading * Fix team editting modals to work more reliably * Fix rendering of CTF paused * Remove hide_scores funtion and roll it into scores visibility * Log to stdout/stderr by default (#719) * Fix user searching * Remove searching for users/teams by country * Add badges to admin team and user pages, implement user banning (#643) * Remove shell.py, clean up admin team.html, add tests for banned users, teams * Start cleaning up dynamic_challenges to meet new challenge type plugin format * Remove POST method from teams.public * Add credentials: 'same-origin' to all fetch calls (#734) * Add challenge preview, add challenge deletion, fix file deletions when deleting challenges * Fix imports UI (#735) * Show prerequisites before adding a blank one (#738), Refresh all challenges after a submission (#739) * Admins can see hidden challenges * Fix some UI elements, fix loading location hash, set version to be 2.0.0 * Clean up some challenge plugin pages * Add default for flag type * Fix Python3 bytes/str issues * Add in MLC urls and support user mode for oauth * Fix seeing user graphs when scores are hidden, clean up setup.html, add links to MLC oauth * Add state parameter support * Use URLSafeTimedSerializer wrapper for sending token based emails * setting APPLICATION_ROOT from env var (#732) * Rearrange config.py and update README * Updating README
2018-11-20 04:16:14 +00:00
from freezegun import freeze_time
from tests.helpers import *
from mock import patch
def test_register_user():
"""Can a user be registered"""
app = create_ctfd()
with app.app_context():
register_user(app)
user_count = Users.query.count()
assert user_count == 2 # There's the admin user and the created user
destroy_ctfd(app)
def test_register_unicode_user():
"""Can a user with a unicode name be registered"""
app = create_ctfd()
with app.app_context():
register_user(app, name="你好")
user_count = Users.query.count()
assert user_count == 2 # There's the admin user and the created user
destroy_ctfd(app)
def test_register_duplicate_username():
"""A user shouldn't be able to use an already registered team name"""
app = create_ctfd()
with app.app_context():
register_user(app, name="user1", email="user1@ctfd.io", password="password", raise_for_error=False)
register_user(app, name="user1", email="user2@ctfd.io", password="password", raise_for_error=False)
2.0.0 (#741) * Fix user and admin panel user/team graphs * Closes #682 * Unify login and logout under specific functions * Closes #659 * Rename Challenges.hidden to Challenges.state * Start to clean up API and front end integration starting with profile updating * Slightly cleaner code * Clean API to respond with success, data, and status codes * Simpler COUNTRIES_LIST and update profile to use COUNTRIES_LIST * Lookup country code in users page. Update front end calls to get API data properly * Fix some API endpoints and fix JS to process new responses * Update config.py to support new values * Closes #635 * Update some code to handle user types, add email domain whitelisting * Write a logging wrapper * Use logging wrapper for submissions * Close #656 * Break up config.html to make it easier to maintain * Fix logging, domain_whitelist, and config * Improving views.py, starting to add Announcements * Starting announcements front end * Make it easier to see large images, clean up some more REST API differences * Closes #668 * Update Proxyfix config to REVERSE_PROXY * Add announcements front end * Move creation/edit modals into seperate files. Start moving user updating into their admin profile pages. * Update font-awesome to 5.4.1 * Switch to user-edit icon * Update the update_check function to send up more anonymous data for statistics purposes. * Start work on #640 * Add the user action modals and update API to fix responses * Fix admin teams page * Add challenge requirements * Implement anonymous locked challenges * Team editting from admin panel * Switch from simple cache to filesystem cache * Implements a Cache backed server side session (#658) and fixes Users editting endpoint * Add our messaging for docs * Closes #700 * Remove invalid import * Move challenge enditting around a whole lot and probably break a bunch of things * Show challenge names in prerequisites instead of challenge IDs * Closes #661 * Change user templates to use url_for * Remove extra function * Rewrite admin panel to use url_for * Fix events to work under subdirectories * Start cleaning up config panel * Fix filesystem uploader; deprecate view_challenges_unregistered, view_scoreboard_if_authed, prevent_registration, view_after_ctf; implement new visibility decorators * Remove workshop mode, fix some glitches with the new visibility settings * Fix ctf_logo on core theme * Fix setup errors * Removing default from get_config b/c of memoization issues and getting some tests working * Relax email regex validation rule (#693) * Update to pycodestyle and fix new lint errors * Add a ctf_id to update_check * Change challenge plugin layout. Rename mailgun configs to be more descriptive (Closes #702) * Detect if people try to set routes with '/' to simplify #690 * Closes #690 * Clean up some code * Clean up challenge submit to rate limit * Fix js version compatability issue * Close some TODOs * Hide challenges if not authenticated * Make set_config reset the cache for those config values * Return 404 on empty challenges for /api/v1/<challenge_id>/solves * Fix setting boolean configs * Properly change account config settings * Move datetimes to isoformat (Closes #703) * Remove all .isoformat() calls because it isn't UTC aware (ends in Z). Switch to isoformat function & filter * Make /v1/submissions endpoint work for admin submission creation * Make oauth_id unique for Users and Teams * Move challenge submission endpoint and implement mark solved. Fix some isoformat issues. * Only show team's missing challenges if in team mode * Adding support for Hints & Unlocks * Update challenge submission url * Fix encoding functions in Python3 * Fix hexencode in Python3 * Added functional tests for challenges API for non-admin users (#705) * Set hint default type to be standard * Fix some JS issues. Closes #704 * Implement session.regenerate on top of the CachingSessionInterface * Challenge challenge attempt responses from numbers to strings * Fix password updating for UserSchema * Remove leftover challenge submission code * Remove old migrations :(, resolve challenge requirements not loading correctly, move migration functions * Added functional tests for challenges/hints/admin API (#710) * Fix helpers and re-add JSONLite * Install MySQL 5.7 * Try more mysql * Update password for mysql * Fixing issuse in Users.get_solves * Add new import/export code * Switch to CTFdSerializer for Python 3 * Re-implement import exports and add a very flaky test * Redesign submissions API response * Get export to roundtrip in tests * Int score b/c Decimal is not JSON serializeable * Remove unused route methods * Fix POST /api/v1/configs and start adding admin tests * Add user_id and team_id to top/10 * Fix admin creating Teams * Fix Team website validation * Change admins_only to reply with a 403 if the request is JSON * Organize admin tests and fix authed_only to return 403 on unauthed * Adding check_account_visibility, check_score_visibility for /api/v1/teams/<team_id>/(solves|awards|fails) * Fix teams/me endpoints again * Fix users/me endpoints to return 403 if unauthed * Fix Python 3 config API * Add fetch and promise polyfills. (#712) * Add exec to docker-entrypoint.sh (#713) * Display import_ctf Exceptions via repr (#651) - Wraps exceptions on `/admin/import` returned to users in a `repr()`, making debugging easier. * Add error messages to the admin panel, fix schemas for users, start working on UI for imports/exports * Make unauthed challenge submission attempt return 403 instead of 302, Fix user deletion, fix associated tests, remove TODOs * Remove old means of creating solves * Remove most of the content from teams.js and users.js * Remove extra code from /challenges.js * Fix POST'ing & PATCH'ing pages * Make (users|teams)/fails return only count to users. Fix public score graphs to factor in awards * Fix admin side scoregraphs. Fix Awardschemas for admins * Add requirements to db migration * Adding some team decorators * Fix require_team_mode decorator * Make verified emails decorator return 403 on JSON requests * Redo initial revision * Add SQLiteJSON back * Adding ratelimit to /redirect and removing POST from /oauth * Fix PATCH tags * Actually fix PATCH tags * Simplify 500.html * Added tests for challenges, awards, files, flags, hints ... (#723) * Added tests for challenges, awards, files, flags, hints, notifications, pages, submissions, tags * Fix user data validation functions, Fix hidden challenges and include test * Add a locked state to attempt * OAuth teams get verified, use logging functions in redirect route * Removing extra print call * Update requirements.txt * Fix possible AttributeError * Start work on #716 * Closes #717 * Fix issue patching teams * Rename .j2 to .html, implement preview for challenges if admin * Move admin/challenge.html to admin/challenges/challenge.html * Remove old modals * Add Reset CTF button (#639) * Add Reset link to config.html * Delete Tracking * files handler should return a 404 on files it cant find * Denote official teams (#729), make scoregraph fill to zero * Remove old javascript files, make some challenge elements refresh by reloading * Fix team editting modals to work more reliably * Fix rendering of CTF paused * Remove hide_scores funtion and roll it into scores visibility * Log to stdout/stderr by default (#719) * Fix user searching * Remove searching for users/teams by country * Add badges to admin team and user pages, implement user banning (#643) * Remove shell.py, clean up admin team.html, add tests for banned users, teams * Start cleaning up dynamic_challenges to meet new challenge type plugin format * Remove POST method from teams.public * Add credentials: 'same-origin' to all fetch calls (#734) * Add challenge preview, add challenge deletion, fix file deletions when deleting challenges * Fix imports UI (#735) * Show prerequisites before adding a blank one (#738), Refresh all challenges after a submission (#739) * Admins can see hidden challenges * Fix some UI elements, fix loading location hash, set version to be 2.0.0 * Clean up some challenge plugin pages * Add default for flag type * Fix Python3 bytes/str issues * Add in MLC urls and support user mode for oauth * Fix seeing user graphs when scores are hidden, clean up setup.html, add links to MLC oauth * Add state parameter support * Use URLSafeTimedSerializer wrapper for sending token based emails * setting APPLICATION_ROOT from env var (#732) * Rearrange config.py and update README * Updating README
2018-11-20 04:16:14 +00:00
user_count = Users.query.count()
assert user_count == 2 # There's the admin user and the first created user
destroy_ctfd(app)
def test_register_duplicate_email():
"""A user shouldn't be able to use an already registered email address"""
app = create_ctfd()
with app.app_context():
register_user(app, name="user1", email="user1@ctfd.io", password="password", raise_for_error=False)
register_user(app, name="user2", email="user1@ctfd.io", password="password", raise_for_error=False)
2.0.0 (#741) * Fix user and admin panel user/team graphs * Closes #682 * Unify login and logout under specific functions * Closes #659 * Rename Challenges.hidden to Challenges.state * Start to clean up API and front end integration starting with profile updating * Slightly cleaner code * Clean API to respond with success, data, and status codes * Simpler COUNTRIES_LIST and update profile to use COUNTRIES_LIST * Lookup country code in users page. Update front end calls to get API data properly * Fix some API endpoints and fix JS to process new responses * Update config.py to support new values * Closes #635 * Update some code to handle user types, add email domain whitelisting * Write a logging wrapper * Use logging wrapper for submissions * Close #656 * Break up config.html to make it easier to maintain * Fix logging, domain_whitelist, and config * Improving views.py, starting to add Announcements * Starting announcements front end * Make it easier to see large images, clean up some more REST API differences * Closes #668 * Update Proxyfix config to REVERSE_PROXY * Add announcements front end * Move creation/edit modals into seperate files. Start moving user updating into their admin profile pages. * Update font-awesome to 5.4.1 * Switch to user-edit icon * Update the update_check function to send up more anonymous data for statistics purposes. * Start work on #640 * Add the user action modals and update API to fix responses * Fix admin teams page * Add challenge requirements * Implement anonymous locked challenges * Team editting from admin panel * Switch from simple cache to filesystem cache * Implements a Cache backed server side session (#658) and fixes Users editting endpoint * Add our messaging for docs * Closes #700 * Remove invalid import * Move challenge enditting around a whole lot and probably break a bunch of things * Show challenge names in prerequisites instead of challenge IDs * Closes #661 * Change user templates to use url_for * Remove extra function * Rewrite admin panel to use url_for * Fix events to work under subdirectories * Start cleaning up config panel * Fix filesystem uploader; deprecate view_challenges_unregistered, view_scoreboard_if_authed, prevent_registration, view_after_ctf; implement new visibility decorators * Remove workshop mode, fix some glitches with the new visibility settings * Fix ctf_logo on core theme * Fix setup errors * Removing default from get_config b/c of memoization issues and getting some tests working * Relax email regex validation rule (#693) * Update to pycodestyle and fix new lint errors * Add a ctf_id to update_check * Change challenge plugin layout. Rename mailgun configs to be more descriptive (Closes #702) * Detect if people try to set routes with '/' to simplify #690 * Closes #690 * Clean up some code * Clean up challenge submit to rate limit * Fix js version compatability issue * Close some TODOs * Hide challenges if not authenticated * Make set_config reset the cache for those config values * Return 404 on empty challenges for /api/v1/<challenge_id>/solves * Fix setting boolean configs * Properly change account config settings * Move datetimes to isoformat (Closes #703) * Remove all .isoformat() calls because it isn't UTC aware (ends in Z). Switch to isoformat function & filter * Make /v1/submissions endpoint work for admin submission creation * Make oauth_id unique for Users and Teams * Move challenge submission endpoint and implement mark solved. Fix some isoformat issues. * Only show team's missing challenges if in team mode * Adding support for Hints & Unlocks * Update challenge submission url * Fix encoding functions in Python3 * Fix hexencode in Python3 * Added functional tests for challenges API for non-admin users (#705) * Set hint default type to be standard * Fix some JS issues. Closes #704 * Implement session.regenerate on top of the CachingSessionInterface * Challenge challenge attempt responses from numbers to strings * Fix password updating for UserSchema * Remove leftover challenge submission code * Remove old migrations :(, resolve challenge requirements not loading correctly, move migration functions * Added functional tests for challenges/hints/admin API (#710) * Fix helpers and re-add JSONLite * Install MySQL 5.7 * Try more mysql * Update password for mysql * Fixing issuse in Users.get_solves * Add new import/export code * Switch to CTFdSerializer for Python 3 * Re-implement import exports and add a very flaky test * Redesign submissions API response * Get export to roundtrip in tests * Int score b/c Decimal is not JSON serializeable * Remove unused route methods * Fix POST /api/v1/configs and start adding admin tests * Add user_id and team_id to top/10 * Fix admin creating Teams * Fix Team website validation * Change admins_only to reply with a 403 if the request is JSON * Organize admin tests and fix authed_only to return 403 on unauthed * Adding check_account_visibility, check_score_visibility for /api/v1/teams/<team_id>/(solves|awards|fails) * Fix teams/me endpoints again * Fix users/me endpoints to return 403 if unauthed * Fix Python 3 config API * Add fetch and promise polyfills. (#712) * Add exec to docker-entrypoint.sh (#713) * Display import_ctf Exceptions via repr (#651) - Wraps exceptions on `/admin/import` returned to users in a `repr()`, making debugging easier. * Add error messages to the admin panel, fix schemas for users, start working on UI for imports/exports * Make unauthed challenge submission attempt return 403 instead of 302, Fix user deletion, fix associated tests, remove TODOs * Remove old means of creating solves * Remove most of the content from teams.js and users.js * Remove extra code from /challenges.js * Fix POST'ing & PATCH'ing pages * Make (users|teams)/fails return only count to users. Fix public score graphs to factor in awards * Fix admin side scoregraphs. Fix Awardschemas for admins * Add requirements to db migration * Adding some team decorators * Fix require_team_mode decorator * Make verified emails decorator return 403 on JSON requests * Redo initial revision * Add SQLiteJSON back * Adding ratelimit to /redirect and removing POST from /oauth * Fix PATCH tags * Actually fix PATCH tags * Simplify 500.html * Added tests for challenges, awards, files, flags, hints ... (#723) * Added tests for challenges, awards, files, flags, hints, notifications, pages, submissions, tags * Fix user data validation functions, Fix hidden challenges and include test * Add a locked state to attempt * OAuth teams get verified, use logging functions in redirect route * Removing extra print call * Update requirements.txt * Fix possible AttributeError * Start work on #716 * Closes #717 * Fix issue patching teams * Rename .j2 to .html, implement preview for challenges if admin * Move admin/challenge.html to admin/challenges/challenge.html * Remove old modals * Add Reset CTF button (#639) * Add Reset link to config.html * Delete Tracking * files handler should return a 404 on files it cant find * Denote official teams (#729), make scoregraph fill to zero * Remove old javascript files, make some challenge elements refresh by reloading * Fix team editting modals to work more reliably * Fix rendering of CTF paused * Remove hide_scores funtion and roll it into scores visibility * Log to stdout/stderr by default (#719) * Fix user searching * Remove searching for users/teams by country * Add badges to admin team and user pages, implement user banning (#643) * Remove shell.py, clean up admin team.html, add tests for banned users, teams * Start cleaning up dynamic_challenges to meet new challenge type plugin format * Remove POST method from teams.public * Add credentials: 'same-origin' to all fetch calls (#734) * Add challenge preview, add challenge deletion, fix file deletions when deleting challenges * Fix imports UI (#735) * Show prerequisites before adding a blank one (#738), Refresh all challenges after a submission (#739) * Admins can see hidden challenges * Fix some UI elements, fix loading location hash, set version to be 2.0.0 * Clean up some challenge plugin pages * Add default for flag type * Fix Python3 bytes/str issues * Add in MLC urls and support user mode for oauth * Fix seeing user graphs when scores are hidden, clean up setup.html, add links to MLC oauth * Add state parameter support * Use URLSafeTimedSerializer wrapper for sending token based emails * setting APPLICATION_ROOT from env var (#732) * Rearrange config.py and update README * Updating README
2018-11-20 04:16:14 +00:00
user_count = Users.query.count()
assert user_count == 2 # There's the admin user and the first created user
destroy_ctfd(app)
def test_register_whitelisted_email():
"""A user shouldn't be able to register with an email that isn't on the whitelist"""
app = create_ctfd()
with app.app_context():
set_config('domain_whitelist', 'whitelisted.com, whitelisted.org, whitelisted.net')
register_user(app, name="not_whitelisted", email='user@nope.com', raise_for_error=False)
assert Users.query.count() == 1
register_user(app, name="user1", email='user@whitelisted.com')
assert Users.query.count() == 2
register_user(app, name="user2", email='user@whitelisted.org')
assert Users.query.count() == 3
register_user(app, name="user3", email='user@whitelisted.net')
assert Users.query.count() == 4
destroy_ctfd(app)
2.0.0 (#741) * Fix user and admin panel user/team graphs * Closes #682 * Unify login and logout under specific functions * Closes #659 * Rename Challenges.hidden to Challenges.state * Start to clean up API and front end integration starting with profile updating * Slightly cleaner code * Clean API to respond with success, data, and status codes * Simpler COUNTRIES_LIST and update profile to use COUNTRIES_LIST * Lookup country code in users page. Update front end calls to get API data properly * Fix some API endpoints and fix JS to process new responses * Update config.py to support new values * Closes #635 * Update some code to handle user types, add email domain whitelisting * Write a logging wrapper * Use logging wrapper for submissions * Close #656 * Break up config.html to make it easier to maintain * Fix logging, domain_whitelist, and config * Improving views.py, starting to add Announcements * Starting announcements front end * Make it easier to see large images, clean up some more REST API differences * Closes #668 * Update Proxyfix config to REVERSE_PROXY * Add announcements front end * Move creation/edit modals into seperate files. Start moving user updating into their admin profile pages. * Update font-awesome to 5.4.1 * Switch to user-edit icon * Update the update_check function to send up more anonymous data for statistics purposes. * Start work on #640 * Add the user action modals and update API to fix responses * Fix admin teams page * Add challenge requirements * Implement anonymous locked challenges * Team editting from admin panel * Switch from simple cache to filesystem cache * Implements a Cache backed server side session (#658) and fixes Users editting endpoint * Add our messaging for docs * Closes #700 * Remove invalid import * Move challenge enditting around a whole lot and probably break a bunch of things * Show challenge names in prerequisites instead of challenge IDs * Closes #661 * Change user templates to use url_for * Remove extra function * Rewrite admin panel to use url_for * Fix events to work under subdirectories * Start cleaning up config panel * Fix filesystem uploader; deprecate view_challenges_unregistered, view_scoreboard_if_authed, prevent_registration, view_after_ctf; implement new visibility decorators * Remove workshop mode, fix some glitches with the new visibility settings * Fix ctf_logo on core theme * Fix setup errors * Removing default from get_config b/c of memoization issues and getting some tests working * Relax email regex validation rule (#693) * Update to pycodestyle and fix new lint errors * Add a ctf_id to update_check * Change challenge plugin layout. Rename mailgun configs to be more descriptive (Closes #702) * Detect if people try to set routes with '/' to simplify #690 * Closes #690 * Clean up some code * Clean up challenge submit to rate limit * Fix js version compatability issue * Close some TODOs * Hide challenges if not authenticated * Make set_config reset the cache for those config values * Return 404 on empty challenges for /api/v1/<challenge_id>/solves * Fix setting boolean configs * Properly change account config settings * Move datetimes to isoformat (Closes #703) * Remove all .isoformat() calls because it isn't UTC aware (ends in Z). Switch to isoformat function & filter * Make /v1/submissions endpoint work for admin submission creation * Make oauth_id unique for Users and Teams * Move challenge submission endpoint and implement mark solved. Fix some isoformat issues. * Only show team's missing challenges if in team mode * Adding support for Hints & Unlocks * Update challenge submission url * Fix encoding functions in Python3 * Fix hexencode in Python3 * Added functional tests for challenges API for non-admin users (#705) * Set hint default type to be standard * Fix some JS issues. Closes #704 * Implement session.regenerate on top of the CachingSessionInterface * Challenge challenge attempt responses from numbers to strings * Fix password updating for UserSchema * Remove leftover challenge submission code * Remove old migrations :(, resolve challenge requirements not loading correctly, move migration functions * Added functional tests for challenges/hints/admin API (#710) * Fix helpers and re-add JSONLite * Install MySQL 5.7 * Try more mysql * Update password for mysql * Fixing issuse in Users.get_solves * Add new import/export code * Switch to CTFdSerializer for Python 3 * Re-implement import exports and add a very flaky test * Redesign submissions API response * Get export to roundtrip in tests * Int score b/c Decimal is not JSON serializeable * Remove unused route methods * Fix POST /api/v1/configs and start adding admin tests * Add user_id and team_id to top/10 * Fix admin creating Teams * Fix Team website validation * Change admins_only to reply with a 403 if the request is JSON * Organize admin tests and fix authed_only to return 403 on unauthed * Adding check_account_visibility, check_score_visibility for /api/v1/teams/<team_id>/(solves|awards|fails) * Fix teams/me endpoints again * Fix users/me endpoints to return 403 if unauthed * Fix Python 3 config API * Add fetch and promise polyfills. (#712) * Add exec to docker-entrypoint.sh (#713) * Display import_ctf Exceptions via repr (#651) - Wraps exceptions on `/admin/import` returned to users in a `repr()`, making debugging easier. * Add error messages to the admin panel, fix schemas for users, start working on UI for imports/exports * Make unauthed challenge submission attempt return 403 instead of 302, Fix user deletion, fix associated tests, remove TODOs * Remove old means of creating solves * Remove most of the content from teams.js and users.js * Remove extra code from /challenges.js * Fix POST'ing & PATCH'ing pages * Make (users|teams)/fails return only count to users. Fix public score graphs to factor in awards * Fix admin side scoregraphs. Fix Awardschemas for admins * Add requirements to db migration * Adding some team decorators * Fix require_team_mode decorator * Make verified emails decorator return 403 on JSON requests * Redo initial revision * Add SQLiteJSON back * Adding ratelimit to /redirect and removing POST from /oauth * Fix PATCH tags * Actually fix PATCH tags * Simplify 500.html * Added tests for challenges, awards, files, flags, hints ... (#723) * Added tests for challenges, awards, files, flags, hints, notifications, pages, submissions, tags * Fix user data validation functions, Fix hidden challenges and include test * Add a locked state to attempt * OAuth teams get verified, use logging functions in redirect route * Removing extra print call * Update requirements.txt * Fix possible AttributeError * Start work on #716 * Closes #717 * Fix issue patching teams * Rename .j2 to .html, implement preview for challenges if admin * Move admin/challenge.html to admin/challenges/challenge.html * Remove old modals * Add Reset CTF button (#639) * Add Reset link to config.html * Delete Tracking * files handler should return a 404 on files it cant find * Denote official teams (#729), make scoregraph fill to zero * Remove old javascript files, make some challenge elements refresh by reloading * Fix team editting modals to work more reliably * Fix rendering of CTF paused * Remove hide_scores funtion and roll it into scores visibility * Log to stdout/stderr by default (#719) * Fix user searching * Remove searching for users/teams by country * Add badges to admin team and user pages, implement user banning (#643) * Remove shell.py, clean up admin team.html, add tests for banned users, teams * Start cleaning up dynamic_challenges to meet new challenge type plugin format * Remove POST method from teams.public * Add credentials: 'same-origin' to all fetch calls (#734) * Add challenge preview, add challenge deletion, fix file deletions when deleting challenges * Fix imports UI (#735) * Show prerequisites before adding a blank one (#738), Refresh all challenges after a submission (#739) * Admins can see hidden challenges * Fix some UI elements, fix loading location hash, set version to be 2.0.0 * Clean up some challenge plugin pages * Add default for flag type * Fix Python3 bytes/str issues * Add in MLC urls and support user mode for oauth * Fix seeing user graphs when scores are hidden, clean up setup.html, add links to MLC oauth * Add state parameter support * Use URLSafeTimedSerializer wrapper for sending token based emails * setting APPLICATION_ROOT from env var (#732) * Rearrange config.py and update README * Updating README
2018-11-20 04:16:14 +00:00
def test_user_bad_login():
"""A user should not be able to login with an incorrect password"""
app = create_ctfd()
with app.app_context():
register_user(app)
client = login_as_user(app, name="user", password="wrong_password", raise_for_error=False)
2.0.0 (#741) * Fix user and admin panel user/team graphs * Closes #682 * Unify login and logout under specific functions * Closes #659 * Rename Challenges.hidden to Challenges.state * Start to clean up API and front end integration starting with profile updating * Slightly cleaner code * Clean API to respond with success, data, and status codes * Simpler COUNTRIES_LIST and update profile to use COUNTRIES_LIST * Lookup country code in users page. Update front end calls to get API data properly * Fix some API endpoints and fix JS to process new responses * Update config.py to support new values * Closes #635 * Update some code to handle user types, add email domain whitelisting * Write a logging wrapper * Use logging wrapper for submissions * Close #656 * Break up config.html to make it easier to maintain * Fix logging, domain_whitelist, and config * Improving views.py, starting to add Announcements * Starting announcements front end * Make it easier to see large images, clean up some more REST API differences * Closes #668 * Update Proxyfix config to REVERSE_PROXY * Add announcements front end * Move creation/edit modals into seperate files. Start moving user updating into their admin profile pages. * Update font-awesome to 5.4.1 * Switch to user-edit icon * Update the update_check function to send up more anonymous data for statistics purposes. * Start work on #640 * Add the user action modals and update API to fix responses * Fix admin teams page * Add challenge requirements * Implement anonymous locked challenges * Team editting from admin panel * Switch from simple cache to filesystem cache * Implements a Cache backed server side session (#658) and fixes Users editting endpoint * Add our messaging for docs * Closes #700 * Remove invalid import * Move challenge enditting around a whole lot and probably break a bunch of things * Show challenge names in prerequisites instead of challenge IDs * Closes #661 * Change user templates to use url_for * Remove extra function * Rewrite admin panel to use url_for * Fix events to work under subdirectories * Start cleaning up config panel * Fix filesystem uploader; deprecate view_challenges_unregistered, view_scoreboard_if_authed, prevent_registration, view_after_ctf; implement new visibility decorators * Remove workshop mode, fix some glitches with the new visibility settings * Fix ctf_logo on core theme * Fix setup errors * Removing default from get_config b/c of memoization issues and getting some tests working * Relax email regex validation rule (#693) * Update to pycodestyle and fix new lint errors * Add a ctf_id to update_check * Change challenge plugin layout. Rename mailgun configs to be more descriptive (Closes #702) * Detect if people try to set routes with '/' to simplify #690 * Closes #690 * Clean up some code * Clean up challenge submit to rate limit * Fix js version compatability issue * Close some TODOs * Hide challenges if not authenticated * Make set_config reset the cache for those config values * Return 404 on empty challenges for /api/v1/<challenge_id>/solves * Fix setting boolean configs * Properly change account config settings * Move datetimes to isoformat (Closes #703) * Remove all .isoformat() calls because it isn't UTC aware (ends in Z). Switch to isoformat function & filter * Make /v1/submissions endpoint work for admin submission creation * Make oauth_id unique for Users and Teams * Move challenge submission endpoint and implement mark solved. Fix some isoformat issues. * Only show team's missing challenges if in team mode * Adding support for Hints & Unlocks * Update challenge submission url * Fix encoding functions in Python3 * Fix hexencode in Python3 * Added functional tests for challenges API for non-admin users (#705) * Set hint default type to be standard * Fix some JS issues. Closes #704 * Implement session.regenerate on top of the CachingSessionInterface * Challenge challenge attempt responses from numbers to strings * Fix password updating for UserSchema * Remove leftover challenge submission code * Remove old migrations :(, resolve challenge requirements not loading correctly, move migration functions * Added functional tests for challenges/hints/admin API (#710) * Fix helpers and re-add JSONLite * Install MySQL 5.7 * Try more mysql * Update password for mysql * Fixing issuse in Users.get_solves * Add new import/export code * Switch to CTFdSerializer for Python 3 * Re-implement import exports and add a very flaky test * Redesign submissions API response * Get export to roundtrip in tests * Int score b/c Decimal is not JSON serializeable * Remove unused route methods * Fix POST /api/v1/configs and start adding admin tests * Add user_id and team_id to top/10 * Fix admin creating Teams * Fix Team website validation * Change admins_only to reply with a 403 if the request is JSON * Organize admin tests and fix authed_only to return 403 on unauthed * Adding check_account_visibility, check_score_visibility for /api/v1/teams/<team_id>/(solves|awards|fails) * Fix teams/me endpoints again * Fix users/me endpoints to return 403 if unauthed * Fix Python 3 config API * Add fetch and promise polyfills. (#712) * Add exec to docker-entrypoint.sh (#713) * Display import_ctf Exceptions via repr (#651) - Wraps exceptions on `/admin/import` returned to users in a `repr()`, making debugging easier. * Add error messages to the admin panel, fix schemas for users, start working on UI for imports/exports * Make unauthed challenge submission attempt return 403 instead of 302, Fix user deletion, fix associated tests, remove TODOs * Remove old means of creating solves * Remove most of the content from teams.js and users.js * Remove extra code from /challenges.js * Fix POST'ing & PATCH'ing pages * Make (users|teams)/fails return only count to users. Fix public score graphs to factor in awards * Fix admin side scoregraphs. Fix Awardschemas for admins * Add requirements to db migration * Adding some team decorators * Fix require_team_mode decorator * Make verified emails decorator return 403 on JSON requests * Redo initial revision * Add SQLiteJSON back * Adding ratelimit to /redirect and removing POST from /oauth * Fix PATCH tags * Actually fix PATCH tags * Simplify 500.html * Added tests for challenges, awards, files, flags, hints ... (#723) * Added tests for challenges, awards, files, flags, hints, notifications, pages, submissions, tags * Fix user data validation functions, Fix hidden challenges and include test * Add a locked state to attempt * OAuth teams get verified, use logging functions in redirect route * Removing extra print call * Update requirements.txt * Fix possible AttributeError * Start work on #716 * Closes #717 * Fix issue patching teams * Rename .j2 to .html, implement preview for challenges if admin * Move admin/challenge.html to admin/challenges/challenge.html * Remove old modals * Add Reset CTF button (#639) * Add Reset link to config.html * Delete Tracking * files handler should return a 404 on files it cant find * Denote official teams (#729), make scoregraph fill to zero * Remove old javascript files, make some challenge elements refresh by reloading * Fix team editting modals to work more reliably * Fix rendering of CTF paused * Remove hide_scores funtion and roll it into scores visibility * Log to stdout/stderr by default (#719) * Fix user searching * Remove searching for users/teams by country * Add badges to admin team and user pages, implement user banning (#643) * Remove shell.py, clean up admin team.html, add tests for banned users, teams * Start cleaning up dynamic_challenges to meet new challenge type plugin format * Remove POST method from teams.public * Add credentials: 'same-origin' to all fetch calls (#734) * Add challenge preview, add challenge deletion, fix file deletions when deleting challenges * Fix imports UI (#735) * Show prerequisites before adding a blank one (#738), Refresh all challenges after a submission (#739) * Admins can see hidden challenges * Fix some UI elements, fix loading location hash, set version to be 2.0.0 * Clean up some challenge plugin pages * Add default for flag type * Fix Python3 bytes/str issues * Add in MLC urls and support user mode for oauth * Fix seeing user graphs when scores are hidden, clean up setup.html, add links to MLC oauth * Add state parameter support * Use URLSafeTimedSerializer wrapper for sending token based emails * setting APPLICATION_ROOT from env var (#732) * Rearrange config.py and update README * Updating README
2018-11-20 04:16:14 +00:00
with client.session_transaction() as sess:
assert sess.get('id') is None
r = client.get('/profile')
assert r.location.startswith("http://localhost/login") # We got redirected to login
destroy_ctfd(app)
def test_user_login():
"""Can a registered user can login"""
app = create_ctfd()
with app.app_context():
register_user(app)
client = login_as_user(app)
r = client.get('/profile')
assert r.location != "http://localhost/login" # We didn't get redirected to login
assert r.status_code == 200
destroy_ctfd(app)
def test_user_login_with_email():
"""Can a registered user can login with an email address instead of a team name"""
app = create_ctfd()
with app.app_context():
register_user(app)
client = login_as_user(app, name="user@ctfd.io", password="password")
r = client.get('/profile')
assert r.location != "http://localhost/login" # We didn't get redirected to login
assert r.status_code == 200
destroy_ctfd(app)
def test_user_get_logout():
"""Can a registered user load /logout"""
app = create_ctfd()
with app.app_context():
register_user(app)
client = login_as_user(app)
client.get('/logout', follow_redirects=True)
r = client.get('/challenges')
assert r.location == "http://localhost/login?next=%2Fchallenges"
assert r.status_code == 302
destroy_ctfd(app)
def test_user_isnt_admin():
"""A registered user cannot access admin pages"""
app = create_ctfd()
with app.app_context():
register_user(app)
client = login_as_user(app)
for page in ['pages', 'users', 'teams', 'scoreboard', 'challenges', 'statistics', 'config']:
r = client.get('/admin/{}'.format(page))
assert r.location.startswith("http://localhost/login?next=")
assert r.status_code == 302
destroy_ctfd(app)
def test_expired_confirmation_links():
"""Test that expired confirmation links are reported to the user"""
app = create_ctfd()
with app.app_context(), freeze_time("2019-02-24 03:21:34"):
2.0.0 (#741) * Fix user and admin panel user/team graphs * Closes #682 * Unify login and logout under specific functions * Closes #659 * Rename Challenges.hidden to Challenges.state * Start to clean up API and front end integration starting with profile updating * Slightly cleaner code * Clean API to respond with success, data, and status codes * Simpler COUNTRIES_LIST and update profile to use COUNTRIES_LIST * Lookup country code in users page. Update front end calls to get API data properly * Fix some API endpoints and fix JS to process new responses * Update config.py to support new values * Closes #635 * Update some code to handle user types, add email domain whitelisting * Write a logging wrapper * Use logging wrapper for submissions * Close #656 * Break up config.html to make it easier to maintain * Fix logging, domain_whitelist, and config * Improving views.py, starting to add Announcements * Starting announcements front end * Make it easier to see large images, clean up some more REST API differences * Closes #668 * Update Proxyfix config to REVERSE_PROXY * Add announcements front end * Move creation/edit modals into seperate files. Start moving user updating into their admin profile pages. * Update font-awesome to 5.4.1 * Switch to user-edit icon * Update the update_check function to send up more anonymous data for statistics purposes. * Start work on #640 * Add the user action modals and update API to fix responses * Fix admin teams page * Add challenge requirements * Implement anonymous locked challenges * Team editting from admin panel * Switch from simple cache to filesystem cache * Implements a Cache backed server side session (#658) and fixes Users editting endpoint * Add our messaging for docs * Closes #700 * Remove invalid import * Move challenge enditting around a whole lot and probably break a bunch of things * Show challenge names in prerequisites instead of challenge IDs * Closes #661 * Change user templates to use url_for * Remove extra function * Rewrite admin panel to use url_for * Fix events to work under subdirectories * Start cleaning up config panel * Fix filesystem uploader; deprecate view_challenges_unregistered, view_scoreboard_if_authed, prevent_registration, view_after_ctf; implement new visibility decorators * Remove workshop mode, fix some glitches with the new visibility settings * Fix ctf_logo on core theme * Fix setup errors * Removing default from get_config b/c of memoization issues and getting some tests working * Relax email regex validation rule (#693) * Update to pycodestyle and fix new lint errors * Add a ctf_id to update_check * Change challenge plugin layout. Rename mailgun configs to be more descriptive (Closes #702) * Detect if people try to set routes with '/' to simplify #690 * Closes #690 * Clean up some code * Clean up challenge submit to rate limit * Fix js version compatability issue * Close some TODOs * Hide challenges if not authenticated * Make set_config reset the cache for those config values * Return 404 on empty challenges for /api/v1/<challenge_id>/solves * Fix setting boolean configs * Properly change account config settings * Move datetimes to isoformat (Closes #703) * Remove all .isoformat() calls because it isn't UTC aware (ends in Z). Switch to isoformat function & filter * Make /v1/submissions endpoint work for admin submission creation * Make oauth_id unique for Users and Teams * Move challenge submission endpoint and implement mark solved. Fix some isoformat issues. * Only show team's missing challenges if in team mode * Adding support for Hints & Unlocks * Update challenge submission url * Fix encoding functions in Python3 * Fix hexencode in Python3 * Added functional tests for challenges API for non-admin users (#705) * Set hint default type to be standard * Fix some JS issues. Closes #704 * Implement session.regenerate on top of the CachingSessionInterface * Challenge challenge attempt responses from numbers to strings * Fix password updating for UserSchema * Remove leftover challenge submission code * Remove old migrations :(, resolve challenge requirements not loading correctly, move migration functions * Added functional tests for challenges/hints/admin API (#710) * Fix helpers and re-add JSONLite * Install MySQL 5.7 * Try more mysql * Update password for mysql * Fixing issuse in Users.get_solves * Add new import/export code * Switch to CTFdSerializer for Python 3 * Re-implement import exports and add a very flaky test * Redesign submissions API response * Get export to roundtrip in tests * Int score b/c Decimal is not JSON serializeable * Remove unused route methods * Fix POST /api/v1/configs and start adding admin tests * Add user_id and team_id to top/10 * Fix admin creating Teams * Fix Team website validation * Change admins_only to reply with a 403 if the request is JSON * Organize admin tests and fix authed_only to return 403 on unauthed * Adding check_account_visibility, check_score_visibility for /api/v1/teams/<team_id>/(solves|awards|fails) * Fix teams/me endpoints again * Fix users/me endpoints to return 403 if unauthed * Fix Python 3 config API * Add fetch and promise polyfills. (#712) * Add exec to docker-entrypoint.sh (#713) * Display import_ctf Exceptions via repr (#651) - Wraps exceptions on `/admin/import` returned to users in a `repr()`, making debugging easier. * Add error messages to the admin panel, fix schemas for users, start working on UI for imports/exports * Make unauthed challenge submission attempt return 403 instead of 302, Fix user deletion, fix associated tests, remove TODOs * Remove old means of creating solves * Remove most of the content from teams.js and users.js * Remove extra code from /challenges.js * Fix POST'ing & PATCH'ing pages * Make (users|teams)/fails return only count to users. Fix public score graphs to factor in awards * Fix admin side scoregraphs. Fix Awardschemas for admins * Add requirements to db migration * Adding some team decorators * Fix require_team_mode decorator * Make verified emails decorator return 403 on JSON requests * Redo initial revision * Add SQLiteJSON back * Adding ratelimit to /redirect and removing POST from /oauth * Fix PATCH tags * Actually fix PATCH tags * Simplify 500.html * Added tests for challenges, awards, files, flags, hints ... (#723) * Added tests for challenges, awards, files, flags, hints, notifications, pages, submissions, tags * Fix user data validation functions, Fix hidden challenges and include test * Add a locked state to attempt * OAuth teams get verified, use logging functions in redirect route * Removing extra print call * Update requirements.txt * Fix possible AttributeError * Start work on #716 * Closes #717 * Fix issue patching teams * Rename .j2 to .html, implement preview for challenges if admin * Move admin/challenge.html to admin/challenges/challenge.html * Remove old modals * Add Reset CTF button (#639) * Add Reset link to config.html * Delete Tracking * files handler should return a 404 on files it cant find * Denote official teams (#729), make scoregraph fill to zero * Remove old javascript files, make some challenge elements refresh by reloading * Fix team editting modals to work more reliably * Fix rendering of CTF paused * Remove hide_scores funtion and roll it into scores visibility * Log to stdout/stderr by default (#719) * Fix user searching * Remove searching for users/teams by country * Add badges to admin team and user pages, implement user banning (#643) * Remove shell.py, clean up admin team.html, add tests for banned users, teams * Start cleaning up dynamic_challenges to meet new challenge type plugin format * Remove POST method from teams.public * Add credentials: 'same-origin' to all fetch calls (#734) * Add challenge preview, add challenge deletion, fix file deletions when deleting challenges * Fix imports UI (#735) * Show prerequisites before adding a blank one (#738), Refresh all challenges after a submission (#739) * Admins can see hidden challenges * Fix some UI elements, fix loading location hash, set version to be 2.0.0 * Clean up some challenge plugin pages * Add default for flag type * Fix Python3 bytes/str issues * Add in MLC urls and support user mode for oauth * Fix seeing user graphs when scores are hidden, clean up setup.html, add links to MLC oauth * Add state parameter support * Use URLSafeTimedSerializer wrapper for sending token based emails * setting APPLICATION_ROOT from env var (#732) * Rearrange config.py and update README * Updating README
2018-11-20 04:16:14 +00:00
set_config('verify_emails', True)
register_user(app, email="user@user.com")
client = login_as_user(app, name="user", password="password")
# user@user.com "2012-01-14 03:21:34"
confirm_link = 'http://localhost/confirm/InVzZXJAdXNlci5jb20i.TxD0vg.cAGwAy8cK1T0saEEbrDEBVF2plI'
r = client.get(confirm_link)
assert "Your confirmation link has expired" in r.get_data(as_text=True)
user = Users.query.filter_by(email='user@user.com').first()
assert user.verified is not True
destroy_ctfd(app)
def test_invalid_confirmation_links():
"""Test that invalid confirmation links are reported to the user"""
app = create_ctfd()
with app.app_context():
set_config('verify_emails', True)
register_user(app, email="user@user.com")
client = login_as_user(app, name="user", password="password")
# user@user.com "2012-01-14 03:21:34"
confirm_link = 'http://localhost/confirm/a8375iyu<script>alert(1)<script>hn3048wueorighkgnsfg'
r = client.get(confirm_link)
assert "Your confirmation token is invalid" in r.get_data(as_text=True)
user = Users.query.filter_by(email='user@user.com').first()
assert user.verified is not True
destroy_ctfd(app)
def test_expired_reset_password_link():
"""Test that expired reset password links are reported to the user"""
app = create_ctfd()
with app.app_context():
set_config('mail_server', 'localhost')
set_config('mail_port', 25)
set_config('mail_useauth', True)
2.0.0 (#741) * Fix user and admin panel user/team graphs * Closes #682 * Unify login and logout under specific functions * Closes #659 * Rename Challenges.hidden to Challenges.state * Start to clean up API and front end integration starting with profile updating * Slightly cleaner code * Clean API to respond with success, data, and status codes * Simpler COUNTRIES_LIST and update profile to use COUNTRIES_LIST * Lookup country code in users page. Update front end calls to get API data properly * Fix some API endpoints and fix JS to process new responses * Update config.py to support new values * Closes #635 * Update some code to handle user types, add email domain whitelisting * Write a logging wrapper * Use logging wrapper for submissions * Close #656 * Break up config.html to make it easier to maintain * Fix logging, domain_whitelist, and config * Improving views.py, starting to add Announcements * Starting announcements front end * Make it easier to see large images, clean up some more REST API differences * Closes #668 * Update Proxyfix config to REVERSE_PROXY * Add announcements front end * Move creation/edit modals into seperate files. Start moving user updating into their admin profile pages. * Update font-awesome to 5.4.1 * Switch to user-edit icon * Update the update_check function to send up more anonymous data for statistics purposes. * Start work on #640 * Add the user action modals and update API to fix responses * Fix admin teams page * Add challenge requirements * Implement anonymous locked challenges * Team editting from admin panel * Switch from simple cache to filesystem cache * Implements a Cache backed server side session (#658) and fixes Users editting endpoint * Add our messaging for docs * Closes #700 * Remove invalid import * Move challenge enditting around a whole lot and probably break a bunch of things * Show challenge names in prerequisites instead of challenge IDs * Closes #661 * Change user templates to use url_for * Remove extra function * Rewrite admin panel to use url_for * Fix events to work under subdirectories * Start cleaning up config panel * Fix filesystem uploader; deprecate view_challenges_unregistered, view_scoreboard_if_authed, prevent_registration, view_after_ctf; implement new visibility decorators * Remove workshop mode, fix some glitches with the new visibility settings * Fix ctf_logo on core theme * Fix setup errors * Removing default from get_config b/c of memoization issues and getting some tests working * Relax email regex validation rule (#693) * Update to pycodestyle and fix new lint errors * Add a ctf_id to update_check * Change challenge plugin layout. Rename mailgun configs to be more descriptive (Closes #702) * Detect if people try to set routes with '/' to simplify #690 * Closes #690 * Clean up some code * Clean up challenge submit to rate limit * Fix js version compatability issue * Close some TODOs * Hide challenges if not authenticated * Make set_config reset the cache for those config values * Return 404 on empty challenges for /api/v1/<challenge_id>/solves * Fix setting boolean configs * Properly change account config settings * Move datetimes to isoformat (Closes #703) * Remove all .isoformat() calls because it isn't UTC aware (ends in Z). Switch to isoformat function & filter * Make /v1/submissions endpoint work for admin submission creation * Make oauth_id unique for Users and Teams * Move challenge submission endpoint and implement mark solved. Fix some isoformat issues. * Only show team's missing challenges if in team mode * Adding support for Hints & Unlocks * Update challenge submission url * Fix encoding functions in Python3 * Fix hexencode in Python3 * Added functional tests for challenges API for non-admin users (#705) * Set hint default type to be standard * Fix some JS issues. Closes #704 * Implement session.regenerate on top of the CachingSessionInterface * Challenge challenge attempt responses from numbers to strings * Fix password updating for UserSchema * Remove leftover challenge submission code * Remove old migrations :(, resolve challenge requirements not loading correctly, move migration functions * Added functional tests for challenges/hints/admin API (#710) * Fix helpers and re-add JSONLite * Install MySQL 5.7 * Try more mysql * Update password for mysql * Fixing issuse in Users.get_solves * Add new import/export code * Switch to CTFdSerializer for Python 3 * Re-implement import exports and add a very flaky test * Redesign submissions API response * Get export to roundtrip in tests * Int score b/c Decimal is not JSON serializeable * Remove unused route methods * Fix POST /api/v1/configs and start adding admin tests * Add user_id and team_id to top/10 * Fix admin creating Teams * Fix Team website validation * Change admins_only to reply with a 403 if the request is JSON * Organize admin tests and fix authed_only to return 403 on unauthed * Adding check_account_visibility, check_score_visibility for /api/v1/teams/<team_id>/(solves|awards|fails) * Fix teams/me endpoints again * Fix users/me endpoints to return 403 if unauthed * Fix Python 3 config API * Add fetch and promise polyfills. (#712) * Add exec to docker-entrypoint.sh (#713) * Display import_ctf Exceptions via repr (#651) - Wraps exceptions on `/admin/import` returned to users in a `repr()`, making debugging easier. * Add error messages to the admin panel, fix schemas for users, start working on UI for imports/exports * Make unauthed challenge submission attempt return 403 instead of 302, Fix user deletion, fix associated tests, remove TODOs * Remove old means of creating solves * Remove most of the content from teams.js and users.js * Remove extra code from /challenges.js * Fix POST'ing & PATCH'ing pages * Make (users|teams)/fails return only count to users. Fix public score graphs to factor in awards * Fix admin side scoregraphs. Fix Awardschemas for admins * Add requirements to db migration * Adding some team decorators * Fix require_team_mode decorator * Make verified emails decorator return 403 on JSON requests * Redo initial revision * Add SQLiteJSON back * Adding ratelimit to /redirect and removing POST from /oauth * Fix PATCH tags * Actually fix PATCH tags * Simplify 500.html * Added tests for challenges, awards, files, flags, hints ... (#723) * Added tests for challenges, awards, files, flags, hints, notifications, pages, submissions, tags * Fix user data validation functions, Fix hidden challenges and include test * Add a locked state to attempt * OAuth teams get verified, use logging functions in redirect route * Removing extra print call * Update requirements.txt * Fix possible AttributeError * Start work on #716 * Closes #717 * Fix issue patching teams * Rename .j2 to .html, implement preview for challenges if admin * Move admin/challenge.html to admin/challenges/challenge.html * Remove old modals * Add Reset CTF button (#639) * Add Reset link to config.html * Delete Tracking * files handler should return a 404 on files it cant find * Denote official teams (#729), make scoregraph fill to zero * Remove old javascript files, make some challenge elements refresh by reloading * Fix team editting modals to work more reliably * Fix rendering of CTF paused * Remove hide_scores funtion and roll it into scores visibility * Log to stdout/stderr by default (#719) * Fix user searching * Remove searching for users/teams by country * Add badges to admin team and user pages, implement user banning (#643) * Remove shell.py, clean up admin team.html, add tests for banned users, teams * Start cleaning up dynamic_challenges to meet new challenge type plugin format * Remove POST method from teams.public * Add credentials: 'same-origin' to all fetch calls (#734) * Add challenge preview, add challenge deletion, fix file deletions when deleting challenges * Fix imports UI (#735) * Show prerequisites before adding a blank one (#738), Refresh all challenges after a submission (#739) * Admins can see hidden challenges * Fix some UI elements, fix loading location hash, set version to be 2.0.0 * Clean up some challenge plugin pages * Add default for flag type * Fix Python3 bytes/str issues * Add in MLC urls and support user mode for oauth * Fix seeing user graphs when scores are hidden, clean up setup.html, add links to MLC oauth * Add state parameter support * Use URLSafeTimedSerializer wrapper for sending token based emails * setting APPLICATION_ROOT from env var (#732) * Rearrange config.py and update README * Updating README
2018-11-20 04:16:14 +00:00
set_config('mail_username', 'username')
set_config('mail_password', 'password')
register_user(app, name="user1", email="user@user.com")
with app.test_client() as client, freeze_time("2019-02-24 03:21:34"):
2.0.0 (#741) * Fix user and admin panel user/team graphs * Closes #682 * Unify login and logout under specific functions * Closes #659 * Rename Challenges.hidden to Challenges.state * Start to clean up API and front end integration starting with profile updating * Slightly cleaner code * Clean API to respond with success, data, and status codes * Simpler COUNTRIES_LIST and update profile to use COUNTRIES_LIST * Lookup country code in users page. Update front end calls to get API data properly * Fix some API endpoints and fix JS to process new responses * Update config.py to support new values * Closes #635 * Update some code to handle user types, add email domain whitelisting * Write a logging wrapper * Use logging wrapper for submissions * Close #656 * Break up config.html to make it easier to maintain * Fix logging, domain_whitelist, and config * Improving views.py, starting to add Announcements * Starting announcements front end * Make it easier to see large images, clean up some more REST API differences * Closes #668 * Update Proxyfix config to REVERSE_PROXY * Add announcements front end * Move creation/edit modals into seperate files. Start moving user updating into their admin profile pages. * Update font-awesome to 5.4.1 * Switch to user-edit icon * Update the update_check function to send up more anonymous data for statistics purposes. * Start work on #640 * Add the user action modals and update API to fix responses * Fix admin teams page * Add challenge requirements * Implement anonymous locked challenges * Team editting from admin panel * Switch from simple cache to filesystem cache * Implements a Cache backed server side session (#658) and fixes Users editting endpoint * Add our messaging for docs * Closes #700 * Remove invalid import * Move challenge enditting around a whole lot and probably break a bunch of things * Show challenge names in prerequisites instead of challenge IDs * Closes #661 * Change user templates to use url_for * Remove extra function * Rewrite admin panel to use url_for * Fix events to work under subdirectories * Start cleaning up config panel * Fix filesystem uploader; deprecate view_challenges_unregistered, view_scoreboard_if_authed, prevent_registration, view_after_ctf; implement new visibility decorators * Remove workshop mode, fix some glitches with the new visibility settings * Fix ctf_logo on core theme * Fix setup errors * Removing default from get_config b/c of memoization issues and getting some tests working * Relax email regex validation rule (#693) * Update to pycodestyle and fix new lint errors * Add a ctf_id to update_check * Change challenge plugin layout. Rename mailgun configs to be more descriptive (Closes #702) * Detect if people try to set routes with '/' to simplify #690 * Closes #690 * Clean up some code * Clean up challenge submit to rate limit * Fix js version compatability issue * Close some TODOs * Hide challenges if not authenticated * Make set_config reset the cache for those config values * Return 404 on empty challenges for /api/v1/<challenge_id>/solves * Fix setting boolean configs * Properly change account config settings * Move datetimes to isoformat (Closes #703) * Remove all .isoformat() calls because it isn't UTC aware (ends in Z). Switch to isoformat function & filter * Make /v1/submissions endpoint work for admin submission creation * Make oauth_id unique for Users and Teams * Move challenge submission endpoint and implement mark solved. Fix some isoformat issues. * Only show team's missing challenges if in team mode * Adding support for Hints & Unlocks * Update challenge submission url * Fix encoding functions in Python3 * Fix hexencode in Python3 * Added functional tests for challenges API for non-admin users (#705) * Set hint default type to be standard * Fix some JS issues. Closes #704 * Implement session.regenerate on top of the CachingSessionInterface * Challenge challenge attempt responses from numbers to strings * Fix password updating for UserSchema * Remove leftover challenge submission code * Remove old migrations :(, resolve challenge requirements not loading correctly, move migration functions * Added functional tests for challenges/hints/admin API (#710) * Fix helpers and re-add JSONLite * Install MySQL 5.7 * Try more mysql * Update password for mysql * Fixing issuse in Users.get_solves * Add new import/export code * Switch to CTFdSerializer for Python 3 * Re-implement import exports and add a very flaky test * Redesign submissions API response * Get export to roundtrip in tests * Int score b/c Decimal is not JSON serializeable * Remove unused route methods * Fix POST /api/v1/configs and start adding admin tests * Add user_id and team_id to top/10 * Fix admin creating Teams * Fix Team website validation * Change admins_only to reply with a 403 if the request is JSON * Organize admin tests and fix authed_only to return 403 on unauthed * Adding check_account_visibility, check_score_visibility for /api/v1/teams/<team_id>/(solves|awards|fails) * Fix teams/me endpoints again * Fix users/me endpoints to return 403 if unauthed * Fix Python 3 config API * Add fetch and promise polyfills. (#712) * Add exec to docker-entrypoint.sh (#713) * Display import_ctf Exceptions via repr (#651) - Wraps exceptions on `/admin/import` returned to users in a `repr()`, making debugging easier. * Add error messages to the admin panel, fix schemas for users, start working on UI for imports/exports * Make unauthed challenge submission attempt return 403 instead of 302, Fix user deletion, fix associated tests, remove TODOs * Remove old means of creating solves * Remove most of the content from teams.js and users.js * Remove extra code from /challenges.js * Fix POST'ing & PATCH'ing pages * Make (users|teams)/fails return only count to users. Fix public score graphs to factor in awards * Fix admin side scoregraphs. Fix Awardschemas for admins * Add requirements to db migration * Adding some team decorators * Fix require_team_mode decorator * Make verified emails decorator return 403 on JSON requests * Redo initial revision * Add SQLiteJSON back * Adding ratelimit to /redirect and removing POST from /oauth * Fix PATCH tags * Actually fix PATCH tags * Simplify 500.html * Added tests for challenges, awards, files, flags, hints ... (#723) * Added tests for challenges, awards, files, flags, hints, notifications, pages, submissions, tags * Fix user data validation functions, Fix hidden challenges and include test * Add a locked state to attempt * OAuth teams get verified, use logging functions in redirect route * Removing extra print call * Update requirements.txt * Fix possible AttributeError * Start work on #716 * Closes #717 * Fix issue patching teams * Rename .j2 to .html, implement preview for challenges if admin * Move admin/challenge.html to admin/challenges/challenge.html * Remove old modals * Add Reset CTF button (#639) * Add Reset link to config.html * Delete Tracking * files handler should return a 404 on files it cant find * Denote official teams (#729), make scoregraph fill to zero * Remove old javascript files, make some challenge elements refresh by reloading * Fix team editting modals to work more reliably * Fix rendering of CTF paused * Remove hide_scores funtion and roll it into scores visibility * Log to stdout/stderr by default (#719) * Fix user searching * Remove searching for users/teams by country * Add badges to admin team and user pages, implement user banning (#643) * Remove shell.py, clean up admin team.html, add tests for banned users, teams * Start cleaning up dynamic_challenges to meet new challenge type plugin format * Remove POST method from teams.public * Add credentials: 'same-origin' to all fetch calls (#734) * Add challenge preview, add challenge deletion, fix file deletions when deleting challenges * Fix imports UI (#735) * Show prerequisites before adding a blank one (#738), Refresh all challenges after a submission (#739) * Admins can see hidden challenges * Fix some UI elements, fix loading location hash, set version to be 2.0.0 * Clean up some challenge plugin pages * Add default for flag type * Fix Python3 bytes/str issues * Add in MLC urls and support user mode for oauth * Fix seeing user graphs when scores are hidden, clean up setup.html, add links to MLC oauth * Add state parameter support * Use URLSafeTimedSerializer wrapper for sending token based emails * setting APPLICATION_ROOT from env var (#732) * Rearrange config.py and update README * Updating README
2018-11-20 04:16:14 +00:00
# user@user.com "2012-01-14 03:21:34"
forgot_link = 'http://localhost/reset_password/InVzZXJAdXNlci5jb20i.TxD0vg.cAGwAy8cK1T0saEEbrDEBVF2plI'
r = client.get(forgot_link)
assert "Your link has expired" in r.get_data(as_text=True)
destroy_ctfd(app)
def test_invalid_reset_password_link():
"""Test that invalid reset password links are reported to the user"""
app = create_ctfd()
with app.app_context():
set_config('mail_server', 'localhost')
set_config('mail_port', 25)
set_config('mail_useauth', True)
2.0.0 (#741) * Fix user and admin panel user/team graphs * Closes #682 * Unify login and logout under specific functions * Closes #659 * Rename Challenges.hidden to Challenges.state * Start to clean up API and front end integration starting with profile updating * Slightly cleaner code * Clean API to respond with success, data, and status codes * Simpler COUNTRIES_LIST and update profile to use COUNTRIES_LIST * Lookup country code in users page. Update front end calls to get API data properly * Fix some API endpoints and fix JS to process new responses * Update config.py to support new values * Closes #635 * Update some code to handle user types, add email domain whitelisting * Write a logging wrapper * Use logging wrapper for submissions * Close #656 * Break up config.html to make it easier to maintain * Fix logging, domain_whitelist, and config * Improving views.py, starting to add Announcements * Starting announcements front end * Make it easier to see large images, clean up some more REST API differences * Closes #668 * Update Proxyfix config to REVERSE_PROXY * Add announcements front end * Move creation/edit modals into seperate files. Start moving user updating into their admin profile pages. * Update font-awesome to 5.4.1 * Switch to user-edit icon * Update the update_check function to send up more anonymous data for statistics purposes. * Start work on #640 * Add the user action modals and update API to fix responses * Fix admin teams page * Add challenge requirements * Implement anonymous locked challenges * Team editting from admin panel * Switch from simple cache to filesystem cache * Implements a Cache backed server side session (#658) and fixes Users editting endpoint * Add our messaging for docs * Closes #700 * Remove invalid import * Move challenge enditting around a whole lot and probably break a bunch of things * Show challenge names in prerequisites instead of challenge IDs * Closes #661 * Change user templates to use url_for * Remove extra function * Rewrite admin panel to use url_for * Fix events to work under subdirectories * Start cleaning up config panel * Fix filesystem uploader; deprecate view_challenges_unregistered, view_scoreboard_if_authed, prevent_registration, view_after_ctf; implement new visibility decorators * Remove workshop mode, fix some glitches with the new visibility settings * Fix ctf_logo on core theme * Fix setup errors * Removing default from get_config b/c of memoization issues and getting some tests working * Relax email regex validation rule (#693) * Update to pycodestyle and fix new lint errors * Add a ctf_id to update_check * Change challenge plugin layout. Rename mailgun configs to be more descriptive (Closes #702) * Detect if people try to set routes with '/' to simplify #690 * Closes #690 * Clean up some code * Clean up challenge submit to rate limit * Fix js version compatability issue * Close some TODOs * Hide challenges if not authenticated * Make set_config reset the cache for those config values * Return 404 on empty challenges for /api/v1/<challenge_id>/solves * Fix setting boolean configs * Properly change account config settings * Move datetimes to isoformat (Closes #703) * Remove all .isoformat() calls because it isn't UTC aware (ends in Z). Switch to isoformat function & filter * Make /v1/submissions endpoint work for admin submission creation * Make oauth_id unique for Users and Teams * Move challenge submission endpoint and implement mark solved. Fix some isoformat issues. * Only show team's missing challenges if in team mode * Adding support for Hints & Unlocks * Update challenge submission url * Fix encoding functions in Python3 * Fix hexencode in Python3 * Added functional tests for challenges API for non-admin users (#705) * Set hint default type to be standard * Fix some JS issues. Closes #704 * Implement session.regenerate on top of the CachingSessionInterface * Challenge challenge attempt responses from numbers to strings * Fix password updating for UserSchema * Remove leftover challenge submission code * Remove old migrations :(, resolve challenge requirements not loading correctly, move migration functions * Added functional tests for challenges/hints/admin API (#710) * Fix helpers and re-add JSONLite * Install MySQL 5.7 * Try more mysql * Update password for mysql * Fixing issuse in Users.get_solves * Add new import/export code * Switch to CTFdSerializer for Python 3 * Re-implement import exports and add a very flaky test * Redesign submissions API response * Get export to roundtrip in tests * Int score b/c Decimal is not JSON serializeable * Remove unused route methods * Fix POST /api/v1/configs and start adding admin tests * Add user_id and team_id to top/10 * Fix admin creating Teams * Fix Team website validation * Change admins_only to reply with a 403 if the request is JSON * Organize admin tests and fix authed_only to return 403 on unauthed * Adding check_account_visibility, check_score_visibility for /api/v1/teams/<team_id>/(solves|awards|fails) * Fix teams/me endpoints again * Fix users/me endpoints to return 403 if unauthed * Fix Python 3 config API * Add fetch and promise polyfills. (#712) * Add exec to docker-entrypoint.sh (#713) * Display import_ctf Exceptions via repr (#651) - Wraps exceptions on `/admin/import` returned to users in a `repr()`, making debugging easier. * Add error messages to the admin panel, fix schemas for users, start working on UI for imports/exports * Make unauthed challenge submission attempt return 403 instead of 302, Fix user deletion, fix associated tests, remove TODOs * Remove old means of creating solves * Remove most of the content from teams.js and users.js * Remove extra code from /challenges.js * Fix POST'ing & PATCH'ing pages * Make (users|teams)/fails return only count to users. Fix public score graphs to factor in awards * Fix admin side scoregraphs. Fix Awardschemas for admins * Add requirements to db migration * Adding some team decorators * Fix require_team_mode decorator * Make verified emails decorator return 403 on JSON requests * Redo initial revision * Add SQLiteJSON back * Adding ratelimit to /redirect and removing POST from /oauth * Fix PATCH tags * Actually fix PATCH tags * Simplify 500.html * Added tests for challenges, awards, files, flags, hints ... (#723) * Added tests for challenges, awards, files, flags, hints, notifications, pages, submissions, tags * Fix user data validation functions, Fix hidden challenges and include test * Add a locked state to attempt * OAuth teams get verified, use logging functions in redirect route * Removing extra print call * Update requirements.txt * Fix possible AttributeError * Start work on #716 * Closes #717 * Fix issue patching teams * Rename .j2 to .html, implement preview for challenges if admin * Move admin/challenge.html to admin/challenges/challenge.html * Remove old modals * Add Reset CTF button (#639) * Add Reset link to config.html * Delete Tracking * files handler should return a 404 on files it cant find * Denote official teams (#729), make scoregraph fill to zero * Remove old javascript files, make some challenge elements refresh by reloading * Fix team editting modals to work more reliably * Fix rendering of CTF paused * Remove hide_scores funtion and roll it into scores visibility * Log to stdout/stderr by default (#719) * Fix user searching * Remove searching for users/teams by country * Add badges to admin team and user pages, implement user banning (#643) * Remove shell.py, clean up admin team.html, add tests for banned users, teams * Start cleaning up dynamic_challenges to meet new challenge type plugin format * Remove POST method from teams.public * Add credentials: 'same-origin' to all fetch calls (#734) * Add challenge preview, add challenge deletion, fix file deletions when deleting challenges * Fix imports UI (#735) * Show prerequisites before adding a blank one (#738), Refresh all challenges after a submission (#739) * Admins can see hidden challenges * Fix some UI elements, fix loading location hash, set version to be 2.0.0 * Clean up some challenge plugin pages * Add default for flag type * Fix Python3 bytes/str issues * Add in MLC urls and support user mode for oauth * Fix seeing user graphs when scores are hidden, clean up setup.html, add links to MLC oauth * Add state parameter support * Use URLSafeTimedSerializer wrapper for sending token based emails * setting APPLICATION_ROOT from env var (#732) * Rearrange config.py and update README * Updating README
2018-11-20 04:16:14 +00:00
set_config('mail_username', 'username')
set_config('mail_password', 'password')
register_user(app, name="user1", email="user@user.com")
with app.test_client() as client:
# user@user.com "2012-01-14 03:21:34"
forgot_link = 'http://localhost/reset_password/5678ytfghjiu876tyfg<INVALID DATA>hvbnmkoi9u87y6trdf'
r = client.get(forgot_link)
assert "Your reset token is invalid" in r.get_data(as_text=True)
destroy_ctfd(app)
def test_contact_for_password_reset():
"""Test that if there is no mailserver configured, users should contact admins"""
app = create_ctfd()
with app.app_context():
register_user(app, name="user1", email="user@user.com")
with app.test_client() as client:
forgot_link = 'http://localhost/reset_password'
r = client.get(forgot_link)
assert "Contact a CTF organizer" in r.get_data(as_text=True)
destroy_ctfd(app)
@patch('smtplib.SMTP')
def test_user_can_confirm_email(mock_smtp):
"""Test that a user is capable of confirming their email address"""
app = create_ctfd()
with app.app_context(), freeze_time("2012-01-14 03:21:34"):
2.0.0 (#741) * Fix user and admin panel user/team graphs * Closes #682 * Unify login and logout under specific functions * Closes #659 * Rename Challenges.hidden to Challenges.state * Start to clean up API and front end integration starting with profile updating * Slightly cleaner code * Clean API to respond with success, data, and status codes * Simpler COUNTRIES_LIST and update profile to use COUNTRIES_LIST * Lookup country code in users page. Update front end calls to get API data properly * Fix some API endpoints and fix JS to process new responses * Update config.py to support new values * Closes #635 * Update some code to handle user types, add email domain whitelisting * Write a logging wrapper * Use logging wrapper for submissions * Close #656 * Break up config.html to make it easier to maintain * Fix logging, domain_whitelist, and config * Improving views.py, starting to add Announcements * Starting announcements front end * Make it easier to see large images, clean up some more REST API differences * Closes #668 * Update Proxyfix config to REVERSE_PROXY * Add announcements front end * Move creation/edit modals into seperate files. Start moving user updating into their admin profile pages. * Update font-awesome to 5.4.1 * Switch to user-edit icon * Update the update_check function to send up more anonymous data for statistics purposes. * Start work on #640 * Add the user action modals and update API to fix responses * Fix admin teams page * Add challenge requirements * Implement anonymous locked challenges * Team editting from admin panel * Switch from simple cache to filesystem cache * Implements a Cache backed server side session (#658) and fixes Users editting endpoint * Add our messaging for docs * Closes #700 * Remove invalid import * Move challenge enditting around a whole lot and probably break a bunch of things * Show challenge names in prerequisites instead of challenge IDs * Closes #661 * Change user templates to use url_for * Remove extra function * Rewrite admin panel to use url_for * Fix events to work under subdirectories * Start cleaning up config panel * Fix filesystem uploader; deprecate view_challenges_unregistered, view_scoreboard_if_authed, prevent_registration, view_after_ctf; implement new visibility decorators * Remove workshop mode, fix some glitches with the new visibility settings * Fix ctf_logo on core theme * Fix setup errors * Removing default from get_config b/c of memoization issues and getting some tests working * Relax email regex validation rule (#693) * Update to pycodestyle and fix new lint errors * Add a ctf_id to update_check * Change challenge plugin layout. Rename mailgun configs to be more descriptive (Closes #702) * Detect if people try to set routes with '/' to simplify #690 * Closes #690 * Clean up some code * Clean up challenge submit to rate limit * Fix js version compatability issue * Close some TODOs * Hide challenges if not authenticated * Make set_config reset the cache for those config values * Return 404 on empty challenges for /api/v1/<challenge_id>/solves * Fix setting boolean configs * Properly change account config settings * Move datetimes to isoformat (Closes #703) * Remove all .isoformat() calls because it isn't UTC aware (ends in Z). Switch to isoformat function & filter * Make /v1/submissions endpoint work for admin submission creation * Make oauth_id unique for Users and Teams * Move challenge submission endpoint and implement mark solved. Fix some isoformat issues. * Only show team's missing challenges if in team mode * Adding support for Hints & Unlocks * Update challenge submission url * Fix encoding functions in Python3 * Fix hexencode in Python3 * Added functional tests for challenges API for non-admin users (#705) * Set hint default type to be standard * Fix some JS issues. Closes #704 * Implement session.regenerate on top of the CachingSessionInterface * Challenge challenge attempt responses from numbers to strings * Fix password updating for UserSchema * Remove leftover challenge submission code * Remove old migrations :(, resolve challenge requirements not loading correctly, move migration functions * Added functional tests for challenges/hints/admin API (#710) * Fix helpers and re-add JSONLite * Install MySQL 5.7 * Try more mysql * Update password for mysql * Fixing issuse in Users.get_solves * Add new import/export code * Switch to CTFdSerializer for Python 3 * Re-implement import exports and add a very flaky test * Redesign submissions API response * Get export to roundtrip in tests * Int score b/c Decimal is not JSON serializeable * Remove unused route methods * Fix POST /api/v1/configs and start adding admin tests * Add user_id and team_id to top/10 * Fix admin creating Teams * Fix Team website validation * Change admins_only to reply with a 403 if the request is JSON * Organize admin tests and fix authed_only to return 403 on unauthed * Adding check_account_visibility, check_score_visibility for /api/v1/teams/<team_id>/(solves|awards|fails) * Fix teams/me endpoints again * Fix users/me endpoints to return 403 if unauthed * Fix Python 3 config API * Add fetch and promise polyfills. (#712) * Add exec to docker-entrypoint.sh (#713) * Display import_ctf Exceptions via repr (#651) - Wraps exceptions on `/admin/import` returned to users in a `repr()`, making debugging easier. * Add error messages to the admin panel, fix schemas for users, start working on UI for imports/exports * Make unauthed challenge submission attempt return 403 instead of 302, Fix user deletion, fix associated tests, remove TODOs * Remove old means of creating solves * Remove most of the content from teams.js and users.js * Remove extra code from /challenges.js * Fix POST'ing & PATCH'ing pages * Make (users|teams)/fails return only count to users. Fix public score graphs to factor in awards * Fix admin side scoregraphs. Fix Awardschemas for admins * Add requirements to db migration * Adding some team decorators * Fix require_team_mode decorator * Make verified emails decorator return 403 on JSON requests * Redo initial revision * Add SQLiteJSON back * Adding ratelimit to /redirect and removing POST from /oauth * Fix PATCH tags * Actually fix PATCH tags * Simplify 500.html * Added tests for challenges, awards, files, flags, hints ... (#723) * Added tests for challenges, awards, files, flags, hints, notifications, pages, submissions, tags * Fix user data validation functions, Fix hidden challenges and include test * Add a locked state to attempt * OAuth teams get verified, use logging functions in redirect route * Removing extra print call * Update requirements.txt * Fix possible AttributeError * Start work on #716 * Closes #717 * Fix issue patching teams * Rename .j2 to .html, implement preview for challenges if admin * Move admin/challenge.html to admin/challenges/challenge.html * Remove old modals * Add Reset CTF button (#639) * Add Reset link to config.html * Delete Tracking * files handler should return a 404 on files it cant find * Denote official teams (#729), make scoregraph fill to zero * Remove old javascript files, make some challenge elements refresh by reloading * Fix team editting modals to work more reliably * Fix rendering of CTF paused * Remove hide_scores funtion and roll it into scores visibility * Log to stdout/stderr by default (#719) * Fix user searching * Remove searching for users/teams by country * Add badges to admin team and user pages, implement user banning (#643) * Remove shell.py, clean up admin team.html, add tests for banned users, teams * Start cleaning up dynamic_challenges to meet new challenge type plugin format * Remove POST method from teams.public * Add credentials: 'same-origin' to all fetch calls (#734) * Add challenge preview, add challenge deletion, fix file deletions when deleting challenges * Fix imports UI (#735) * Show prerequisites before adding a blank one (#738), Refresh all challenges after a submission (#739) * Admins can see hidden challenges * Fix some UI elements, fix loading location hash, set version to be 2.0.0 * Clean up some challenge plugin pages * Add default for flag type * Fix Python3 bytes/str issues * Add in MLC urls and support user mode for oauth * Fix seeing user graphs when scores are hidden, clean up setup.html, add links to MLC oauth * Add state parameter support * Use URLSafeTimedSerializer wrapper for sending token based emails * setting APPLICATION_ROOT from env var (#732) * Rearrange config.py and update README * Updating README
2018-11-20 04:16:14 +00:00
# Set CTFd to only allow confirmed users and send emails
set_config('verify_emails', True)
set_config('mail_server', 'localhost')
set_config('mail_port', 25)
set_config('mail_useauth', True)
2.0.0 (#741) * Fix user and admin panel user/team graphs * Closes #682 * Unify login and logout under specific functions * Closes #659 * Rename Challenges.hidden to Challenges.state * Start to clean up API and front end integration starting with profile updating * Slightly cleaner code * Clean API to respond with success, data, and status codes * Simpler COUNTRIES_LIST and update profile to use COUNTRIES_LIST * Lookup country code in users page. Update front end calls to get API data properly * Fix some API endpoints and fix JS to process new responses * Update config.py to support new values * Closes #635 * Update some code to handle user types, add email domain whitelisting * Write a logging wrapper * Use logging wrapper for submissions * Close #656 * Break up config.html to make it easier to maintain * Fix logging, domain_whitelist, and config * Improving views.py, starting to add Announcements * Starting announcements front end * Make it easier to see large images, clean up some more REST API differences * Closes #668 * Update Proxyfix config to REVERSE_PROXY * Add announcements front end * Move creation/edit modals into seperate files. Start moving user updating into their admin profile pages. * Update font-awesome to 5.4.1 * Switch to user-edit icon * Update the update_check function to send up more anonymous data for statistics purposes. * Start work on #640 * Add the user action modals and update API to fix responses * Fix admin teams page * Add challenge requirements * Implement anonymous locked challenges * Team editting from admin panel * Switch from simple cache to filesystem cache * Implements a Cache backed server side session (#658) and fixes Users editting endpoint * Add our messaging for docs * Closes #700 * Remove invalid import * Move challenge enditting around a whole lot and probably break a bunch of things * Show challenge names in prerequisites instead of challenge IDs * Closes #661 * Change user templates to use url_for * Remove extra function * Rewrite admin panel to use url_for * Fix events to work under subdirectories * Start cleaning up config panel * Fix filesystem uploader; deprecate view_challenges_unregistered, view_scoreboard_if_authed, prevent_registration, view_after_ctf; implement new visibility decorators * Remove workshop mode, fix some glitches with the new visibility settings * Fix ctf_logo on core theme * Fix setup errors * Removing default from get_config b/c of memoization issues and getting some tests working * Relax email regex validation rule (#693) * Update to pycodestyle and fix new lint errors * Add a ctf_id to update_check * Change challenge plugin layout. Rename mailgun configs to be more descriptive (Closes #702) * Detect if people try to set routes with '/' to simplify #690 * Closes #690 * Clean up some code * Clean up challenge submit to rate limit * Fix js version compatability issue * Close some TODOs * Hide challenges if not authenticated * Make set_config reset the cache for those config values * Return 404 on empty challenges for /api/v1/<challenge_id>/solves * Fix setting boolean configs * Properly change account config settings * Move datetimes to isoformat (Closes #703) * Remove all .isoformat() calls because it isn't UTC aware (ends in Z). Switch to isoformat function & filter * Make /v1/submissions endpoint work for admin submission creation * Make oauth_id unique for Users and Teams * Move challenge submission endpoint and implement mark solved. Fix some isoformat issues. * Only show team's missing challenges if in team mode * Adding support for Hints & Unlocks * Update challenge submission url * Fix encoding functions in Python3 * Fix hexencode in Python3 * Added functional tests for challenges API for non-admin users (#705) * Set hint default type to be standard * Fix some JS issues. Closes #704 * Implement session.regenerate on top of the CachingSessionInterface * Challenge challenge attempt responses from numbers to strings * Fix password updating for UserSchema * Remove leftover challenge submission code * Remove old migrations :(, resolve challenge requirements not loading correctly, move migration functions * Added functional tests for challenges/hints/admin API (#710) * Fix helpers and re-add JSONLite * Install MySQL 5.7 * Try more mysql * Update password for mysql * Fixing issuse in Users.get_solves * Add new import/export code * Switch to CTFdSerializer for Python 3 * Re-implement import exports and add a very flaky test * Redesign submissions API response * Get export to roundtrip in tests * Int score b/c Decimal is not JSON serializeable * Remove unused route methods * Fix POST /api/v1/configs and start adding admin tests * Add user_id and team_id to top/10 * Fix admin creating Teams * Fix Team website validation * Change admins_only to reply with a 403 if the request is JSON * Organize admin tests and fix authed_only to return 403 on unauthed * Adding check_account_visibility, check_score_visibility for /api/v1/teams/<team_id>/(solves|awards|fails) * Fix teams/me endpoints again * Fix users/me endpoints to return 403 if unauthed * Fix Python 3 config API * Add fetch and promise polyfills. (#712) * Add exec to docker-entrypoint.sh (#713) * Display import_ctf Exceptions via repr (#651) - Wraps exceptions on `/admin/import` returned to users in a `repr()`, making debugging easier. * Add error messages to the admin panel, fix schemas for users, start working on UI for imports/exports * Make unauthed challenge submission attempt return 403 instead of 302, Fix user deletion, fix associated tests, remove TODOs * Remove old means of creating solves * Remove most of the content from teams.js and users.js * Remove extra code from /challenges.js * Fix POST'ing & PATCH'ing pages * Make (users|teams)/fails return only count to users. Fix public score graphs to factor in awards * Fix admin side scoregraphs. Fix Awardschemas for admins * Add requirements to db migration * Adding some team decorators * Fix require_team_mode decorator * Make verified emails decorator return 403 on JSON requests * Redo initial revision * Add SQLiteJSON back * Adding ratelimit to /redirect and removing POST from /oauth * Fix PATCH tags * Actually fix PATCH tags * Simplify 500.html * Added tests for challenges, awards, files, flags, hints ... (#723) * Added tests for challenges, awards, files, flags, hints, notifications, pages, submissions, tags * Fix user data validation functions, Fix hidden challenges and include test * Add a locked state to attempt * OAuth teams get verified, use logging functions in redirect route * Removing extra print call * Update requirements.txt * Fix possible AttributeError * Start work on #716 * Closes #717 * Fix issue patching teams * Rename .j2 to .html, implement preview for challenges if admin * Move admin/challenge.html to admin/challenges/challenge.html * Remove old modals * Add Reset CTF button (#639) * Add Reset link to config.html * Delete Tracking * files handler should return a 404 on files it cant find * Denote official teams (#729), make scoregraph fill to zero * Remove old javascript files, make some challenge elements refresh by reloading * Fix team editting modals to work more reliably * Fix rendering of CTF paused * Remove hide_scores funtion and roll it into scores visibility * Log to stdout/stderr by default (#719) * Fix user searching * Remove searching for users/teams by country * Add badges to admin team and user pages, implement user banning (#643) * Remove shell.py, clean up admin team.html, add tests for banned users, teams * Start cleaning up dynamic_challenges to meet new challenge type plugin format * Remove POST method from teams.public * Add credentials: 'same-origin' to all fetch calls (#734) * Add challenge preview, add challenge deletion, fix file deletions when deleting challenges * Fix imports UI (#735) * Show prerequisites before adding a blank one (#738), Refresh all challenges after a submission (#739) * Admins can see hidden challenges * Fix some UI elements, fix loading location hash, set version to be 2.0.0 * Clean up some challenge plugin pages * Add default for flag type * Fix Python3 bytes/str issues * Add in MLC urls and support user mode for oauth * Fix seeing user graphs when scores are hidden, clean up setup.html, add links to MLC oauth * Add state parameter support * Use URLSafeTimedSerializer wrapper for sending token based emails * setting APPLICATION_ROOT from env var (#732) * Rearrange config.py and update README * Updating README
2018-11-20 04:16:14 +00:00
set_config('mail_username', 'username')
set_config('mail_password', 'password')
register_user(app, name="user1", email="user@user.com")
# Teams are not verified by default
user = Users.query.filter_by(email='user@user.com').first()
assert user.verified is False
client = login_as_user(app, name="user1", password="password")
r = client.get('http://localhost/confirm')
assert "Need to resend the confirmation email?" in r.get_data(as_text=True)
2.0.0 (#741) * Fix user and admin panel user/team graphs * Closes #682 * Unify login and logout under specific functions * Closes #659 * Rename Challenges.hidden to Challenges.state * Start to clean up API and front end integration starting with profile updating * Slightly cleaner code * Clean API to respond with success, data, and status codes * Simpler COUNTRIES_LIST and update profile to use COUNTRIES_LIST * Lookup country code in users page. Update front end calls to get API data properly * Fix some API endpoints and fix JS to process new responses * Update config.py to support new values * Closes #635 * Update some code to handle user types, add email domain whitelisting * Write a logging wrapper * Use logging wrapper for submissions * Close #656 * Break up config.html to make it easier to maintain * Fix logging, domain_whitelist, and config * Improving views.py, starting to add Announcements * Starting announcements front end * Make it easier to see large images, clean up some more REST API differences * Closes #668 * Update Proxyfix config to REVERSE_PROXY * Add announcements front end * Move creation/edit modals into seperate files. Start moving user updating into their admin profile pages. * Update font-awesome to 5.4.1 * Switch to user-edit icon * Update the update_check function to send up more anonymous data for statistics purposes. * Start work on #640 * Add the user action modals and update API to fix responses * Fix admin teams page * Add challenge requirements * Implement anonymous locked challenges * Team editting from admin panel * Switch from simple cache to filesystem cache * Implements a Cache backed server side session (#658) and fixes Users editting endpoint * Add our messaging for docs * Closes #700 * Remove invalid import * Move challenge enditting around a whole lot and probably break a bunch of things * Show challenge names in prerequisites instead of challenge IDs * Closes #661 * Change user templates to use url_for * Remove extra function * Rewrite admin panel to use url_for * Fix events to work under subdirectories * Start cleaning up config panel * Fix filesystem uploader; deprecate view_challenges_unregistered, view_scoreboard_if_authed, prevent_registration, view_after_ctf; implement new visibility decorators * Remove workshop mode, fix some glitches with the new visibility settings * Fix ctf_logo on core theme * Fix setup errors * Removing default from get_config b/c of memoization issues and getting some tests working * Relax email regex validation rule (#693) * Update to pycodestyle and fix new lint errors * Add a ctf_id to update_check * Change challenge plugin layout. Rename mailgun configs to be more descriptive (Closes #702) * Detect if people try to set routes with '/' to simplify #690 * Closes #690 * Clean up some code * Clean up challenge submit to rate limit * Fix js version compatability issue * Close some TODOs * Hide challenges if not authenticated * Make set_config reset the cache for those config values * Return 404 on empty challenges for /api/v1/<challenge_id>/solves * Fix setting boolean configs * Properly change account config settings * Move datetimes to isoformat (Closes #703) * Remove all .isoformat() calls because it isn't UTC aware (ends in Z). Switch to isoformat function & filter * Make /v1/submissions endpoint work for admin submission creation * Make oauth_id unique for Users and Teams * Move challenge submission endpoint and implement mark solved. Fix some isoformat issues. * Only show team's missing challenges if in team mode * Adding support for Hints & Unlocks * Update challenge submission url * Fix encoding functions in Python3 * Fix hexencode in Python3 * Added functional tests for challenges API for non-admin users (#705) * Set hint default type to be standard * Fix some JS issues. Closes #704 * Implement session.regenerate on top of the CachingSessionInterface * Challenge challenge attempt responses from numbers to strings * Fix password updating for UserSchema * Remove leftover challenge submission code * Remove old migrations :(, resolve challenge requirements not loading correctly, move migration functions * Added functional tests for challenges/hints/admin API (#710) * Fix helpers and re-add JSONLite * Install MySQL 5.7 * Try more mysql * Update password for mysql * Fixing issuse in Users.get_solves * Add new import/export code * Switch to CTFdSerializer for Python 3 * Re-implement import exports and add a very flaky test * Redesign submissions API response * Get export to roundtrip in tests * Int score b/c Decimal is not JSON serializeable * Remove unused route methods * Fix POST /api/v1/configs and start adding admin tests * Add user_id and team_id to top/10 * Fix admin creating Teams * Fix Team website validation * Change admins_only to reply with a 403 if the request is JSON * Organize admin tests and fix authed_only to return 403 on unauthed * Adding check_account_visibility, check_score_visibility for /api/v1/teams/<team_id>/(solves|awards|fails) * Fix teams/me endpoints again * Fix users/me endpoints to return 403 if unauthed * Fix Python 3 config API * Add fetch and promise polyfills. (#712) * Add exec to docker-entrypoint.sh (#713) * Display import_ctf Exceptions via repr (#651) - Wraps exceptions on `/admin/import` returned to users in a `repr()`, making debugging easier. * Add error messages to the admin panel, fix schemas for users, start working on UI for imports/exports * Make unauthed challenge submission attempt return 403 instead of 302, Fix user deletion, fix associated tests, remove TODOs * Remove old means of creating solves * Remove most of the content from teams.js and users.js * Remove extra code from /challenges.js * Fix POST'ing & PATCH'ing pages * Make (users|teams)/fails return only count to users. Fix public score graphs to factor in awards * Fix admin side scoregraphs. Fix Awardschemas for admins * Add requirements to db migration * Adding some team decorators * Fix require_team_mode decorator * Make verified emails decorator return 403 on JSON requests * Redo initial revision * Add SQLiteJSON back * Adding ratelimit to /redirect and removing POST from /oauth * Fix PATCH tags * Actually fix PATCH tags * Simplify 500.html * Added tests for challenges, awards, files, flags, hints ... (#723) * Added tests for challenges, awards, files, flags, hints, notifications, pages, submissions, tags * Fix user data validation functions, Fix hidden challenges and include test * Add a locked state to attempt * OAuth teams get verified, use logging functions in redirect route * Removing extra print call * Update requirements.txt * Fix possible AttributeError * Start work on #716 * Closes #717 * Fix issue patching teams * Rename .j2 to .html, implement preview for challenges if admin * Move admin/challenge.html to admin/challenges/challenge.html * Remove old modals * Add Reset CTF button (#639) * Add Reset link to config.html * Delete Tracking * files handler should return a 404 on files it cant find * Denote official teams (#729), make scoregraph fill to zero * Remove old javascript files, make some challenge elements refresh by reloading * Fix team editting modals to work more reliably * Fix rendering of CTF paused * Remove hide_scores funtion and roll it into scores visibility * Log to stdout/stderr by default (#719) * Fix user searching * Remove searching for users/teams by country * Add badges to admin team and user pages, implement user banning (#643) * Remove shell.py, clean up admin team.html, add tests for banned users, teams * Start cleaning up dynamic_challenges to meet new challenge type plugin format * Remove POST method from teams.public * Add credentials: 'same-origin' to all fetch calls (#734) * Add challenge preview, add challenge deletion, fix file deletions when deleting challenges * Fix imports UI (#735) * Show prerequisites before adding a blank one (#738), Refresh all challenges after a submission (#739) * Admins can see hidden challenges * Fix some UI elements, fix loading location hash, set version to be 2.0.0 * Clean up some challenge plugin pages * Add default for flag type * Fix Python3 bytes/str issues * Add in MLC urls and support user mode for oauth * Fix seeing user graphs when scores are hidden, clean up setup.html, add links to MLC oauth * Add state parameter support * Use URLSafeTimedSerializer wrapper for sending token based emails * setting APPLICATION_ROOT from env var (#732) * Rearrange config.py and update README * Updating README
2018-11-20 04:16:14 +00:00
# smtp.sendmail was called
mock_smtp.return_value.sendmail.assert_called()
with client.session_transaction() as sess:
data = {
"nonce": sess.get('nonce')
}
r = client.post('http://localhost/confirm', data=data)
assert "confirmation email has been resent" in r.get_data(as_text=True)
2.0.0 (#741) * Fix user and admin panel user/team graphs * Closes #682 * Unify login and logout under specific functions * Closes #659 * Rename Challenges.hidden to Challenges.state * Start to clean up API and front end integration starting with profile updating * Slightly cleaner code * Clean API to respond with success, data, and status codes * Simpler COUNTRIES_LIST and update profile to use COUNTRIES_LIST * Lookup country code in users page. Update front end calls to get API data properly * Fix some API endpoints and fix JS to process new responses * Update config.py to support new values * Closes #635 * Update some code to handle user types, add email domain whitelisting * Write a logging wrapper * Use logging wrapper for submissions * Close #656 * Break up config.html to make it easier to maintain * Fix logging, domain_whitelist, and config * Improving views.py, starting to add Announcements * Starting announcements front end * Make it easier to see large images, clean up some more REST API differences * Closes #668 * Update Proxyfix config to REVERSE_PROXY * Add announcements front end * Move creation/edit modals into seperate files. Start moving user updating into their admin profile pages. * Update font-awesome to 5.4.1 * Switch to user-edit icon * Update the update_check function to send up more anonymous data for statistics purposes. * Start work on #640 * Add the user action modals and update API to fix responses * Fix admin teams page * Add challenge requirements * Implement anonymous locked challenges * Team editting from admin panel * Switch from simple cache to filesystem cache * Implements a Cache backed server side session (#658) and fixes Users editting endpoint * Add our messaging for docs * Closes #700 * Remove invalid import * Move challenge enditting around a whole lot and probably break a bunch of things * Show challenge names in prerequisites instead of challenge IDs * Closes #661 * Change user templates to use url_for * Remove extra function * Rewrite admin panel to use url_for * Fix events to work under subdirectories * Start cleaning up config panel * Fix filesystem uploader; deprecate view_challenges_unregistered, view_scoreboard_if_authed, prevent_registration, view_after_ctf; implement new visibility decorators * Remove workshop mode, fix some glitches with the new visibility settings * Fix ctf_logo on core theme * Fix setup errors * Removing default from get_config b/c of memoization issues and getting some tests working * Relax email regex validation rule (#693) * Update to pycodestyle and fix new lint errors * Add a ctf_id to update_check * Change challenge plugin layout. Rename mailgun configs to be more descriptive (Closes #702) * Detect if people try to set routes with '/' to simplify #690 * Closes #690 * Clean up some code * Clean up challenge submit to rate limit * Fix js version compatability issue * Close some TODOs * Hide challenges if not authenticated * Make set_config reset the cache for those config values * Return 404 on empty challenges for /api/v1/<challenge_id>/solves * Fix setting boolean configs * Properly change account config settings * Move datetimes to isoformat (Closes #703) * Remove all .isoformat() calls because it isn't UTC aware (ends in Z). Switch to isoformat function & filter * Make /v1/submissions endpoint work for admin submission creation * Make oauth_id unique for Users and Teams * Move challenge submission endpoint and implement mark solved. Fix some isoformat issues. * Only show team's missing challenges if in team mode * Adding support for Hints & Unlocks * Update challenge submission url * Fix encoding functions in Python3 * Fix hexencode in Python3 * Added functional tests for challenges API for non-admin users (#705) * Set hint default type to be standard * Fix some JS issues. Closes #704 * Implement session.regenerate on top of the CachingSessionInterface * Challenge challenge attempt responses from numbers to strings * Fix password updating for UserSchema * Remove leftover challenge submission code * Remove old migrations :(, resolve challenge requirements not loading correctly, move migration functions * Added functional tests for challenges/hints/admin API (#710) * Fix helpers and re-add JSONLite * Install MySQL 5.7 * Try more mysql * Update password for mysql * Fixing issuse in Users.get_solves * Add new import/export code * Switch to CTFdSerializer for Python 3 * Re-implement import exports and add a very flaky test * Redesign submissions API response * Get export to roundtrip in tests * Int score b/c Decimal is not JSON serializeable * Remove unused route methods * Fix POST /api/v1/configs and start adding admin tests * Add user_id and team_id to top/10 * Fix admin creating Teams * Fix Team website validation * Change admins_only to reply with a 403 if the request is JSON * Organize admin tests and fix authed_only to return 403 on unauthed * Adding check_account_visibility, check_score_visibility for /api/v1/teams/<team_id>/(solves|awards|fails) * Fix teams/me endpoints again * Fix users/me endpoints to return 403 if unauthed * Fix Python 3 config API * Add fetch and promise polyfills. (#712) * Add exec to docker-entrypoint.sh (#713) * Display import_ctf Exceptions via repr (#651) - Wraps exceptions on `/admin/import` returned to users in a `repr()`, making debugging easier. * Add error messages to the admin panel, fix schemas for users, start working on UI for imports/exports * Make unauthed challenge submission attempt return 403 instead of 302, Fix user deletion, fix associated tests, remove TODOs * Remove old means of creating solves * Remove most of the content from teams.js and users.js * Remove extra code from /challenges.js * Fix POST'ing & PATCH'ing pages * Make (users|teams)/fails return only count to users. Fix public score graphs to factor in awards * Fix admin side scoregraphs. Fix Awardschemas for admins * Add requirements to db migration * Adding some team decorators * Fix require_team_mode decorator * Make verified emails decorator return 403 on JSON requests * Redo initial revision * Add SQLiteJSON back * Adding ratelimit to /redirect and removing POST from /oauth * Fix PATCH tags * Actually fix PATCH tags * Simplify 500.html * Added tests for challenges, awards, files, flags, hints ... (#723) * Added tests for challenges, awards, files, flags, hints, notifications, pages, submissions, tags * Fix user data validation functions, Fix hidden challenges and include test * Add a locked state to attempt * OAuth teams get verified, use logging functions in redirect route * Removing extra print call * Update requirements.txt * Fix possible AttributeError * Start work on #716 * Closes #717 * Fix issue patching teams * Rename .j2 to .html, implement preview for challenges if admin * Move admin/challenge.html to admin/challenges/challenge.html * Remove old modals * Add Reset CTF button (#639) * Add Reset link to config.html * Delete Tracking * files handler should return a 404 on files it cant find * Denote official teams (#729), make scoregraph fill to zero * Remove old javascript files, make some challenge elements refresh by reloading * Fix team editting modals to work more reliably * Fix rendering of CTF paused * Remove hide_scores funtion and roll it into scores visibility * Log to stdout/stderr by default (#719) * Fix user searching * Remove searching for users/teams by country * Add badges to admin team and user pages, implement user banning (#643) * Remove shell.py, clean up admin team.html, add tests for banned users, teams * Start cleaning up dynamic_challenges to meet new challenge type plugin format * Remove POST method from teams.public * Add credentials: 'same-origin' to all fetch calls (#734) * Add challenge preview, add challenge deletion, fix file deletions when deleting challenges * Fix imports UI (#735) * Show prerequisites before adding a blank one (#738), Refresh all challenges after a submission (#739) * Admins can see hidden challenges * Fix some UI elements, fix loading location hash, set version to be 2.0.0 * Clean up some challenge plugin pages * Add default for flag type * Fix Python3 bytes/str issues * Add in MLC urls and support user mode for oauth * Fix seeing user graphs when scores are hidden, clean up setup.html, add links to MLC oauth * Add state parameter support * Use URLSafeTimedSerializer wrapper for sending token based emails * setting APPLICATION_ROOT from env var (#732) * Rearrange config.py and update README * Updating README
2018-11-20 04:16:14 +00:00
r = client.get('/challenges')
assert r.location == "http://localhost/confirm" # We got redirected to /confirm
r = client.get(
'http://localhost/confirm/' + serialize('user@user.com')
)
assert r.location == 'http://localhost/challenges'
# The team is now verified
user = Users.query.filter_by(email='user@user.com').first()
assert user.verified is True
r = client.get('http://localhost/confirm')
assert r.location == "http://localhost/settings"
2.0.0 (#741) * Fix user and admin panel user/team graphs * Closes #682 * Unify login and logout under specific functions * Closes #659 * Rename Challenges.hidden to Challenges.state * Start to clean up API and front end integration starting with profile updating * Slightly cleaner code * Clean API to respond with success, data, and status codes * Simpler COUNTRIES_LIST and update profile to use COUNTRIES_LIST * Lookup country code in users page. Update front end calls to get API data properly * Fix some API endpoints and fix JS to process new responses * Update config.py to support new values * Closes #635 * Update some code to handle user types, add email domain whitelisting * Write a logging wrapper * Use logging wrapper for submissions * Close #656 * Break up config.html to make it easier to maintain * Fix logging, domain_whitelist, and config * Improving views.py, starting to add Announcements * Starting announcements front end * Make it easier to see large images, clean up some more REST API differences * Closes #668 * Update Proxyfix config to REVERSE_PROXY * Add announcements front end * Move creation/edit modals into seperate files. Start moving user updating into their admin profile pages. * Update font-awesome to 5.4.1 * Switch to user-edit icon * Update the update_check function to send up more anonymous data for statistics purposes. * Start work on #640 * Add the user action modals and update API to fix responses * Fix admin teams page * Add challenge requirements * Implement anonymous locked challenges * Team editting from admin panel * Switch from simple cache to filesystem cache * Implements a Cache backed server side session (#658) and fixes Users editting endpoint * Add our messaging for docs * Closes #700 * Remove invalid import * Move challenge enditting around a whole lot and probably break a bunch of things * Show challenge names in prerequisites instead of challenge IDs * Closes #661 * Change user templates to use url_for * Remove extra function * Rewrite admin panel to use url_for * Fix events to work under subdirectories * Start cleaning up config panel * Fix filesystem uploader; deprecate view_challenges_unregistered, view_scoreboard_if_authed, prevent_registration, view_after_ctf; implement new visibility decorators * Remove workshop mode, fix some glitches with the new visibility settings * Fix ctf_logo on core theme * Fix setup errors * Removing default from get_config b/c of memoization issues and getting some tests working * Relax email regex validation rule (#693) * Update to pycodestyle and fix new lint errors * Add a ctf_id to update_check * Change challenge plugin layout. Rename mailgun configs to be more descriptive (Closes #702) * Detect if people try to set routes with '/' to simplify #690 * Closes #690 * Clean up some code * Clean up challenge submit to rate limit * Fix js version compatability issue * Close some TODOs * Hide challenges if not authenticated * Make set_config reset the cache for those config values * Return 404 on empty challenges for /api/v1/<challenge_id>/solves * Fix setting boolean configs * Properly change account config settings * Move datetimes to isoformat (Closes #703) * Remove all .isoformat() calls because it isn't UTC aware (ends in Z). Switch to isoformat function & filter * Make /v1/submissions endpoint work for admin submission creation * Make oauth_id unique for Users and Teams * Move challenge submission endpoint and implement mark solved. Fix some isoformat issues. * Only show team's missing challenges if in team mode * Adding support for Hints & Unlocks * Update challenge submission url * Fix encoding functions in Python3 * Fix hexencode in Python3 * Added functional tests for challenges API for non-admin users (#705) * Set hint default type to be standard * Fix some JS issues. Closes #704 * Implement session.regenerate on top of the CachingSessionInterface * Challenge challenge attempt responses from numbers to strings * Fix password updating for UserSchema * Remove leftover challenge submission code * Remove old migrations :(, resolve challenge requirements not loading correctly, move migration functions * Added functional tests for challenges/hints/admin API (#710) * Fix helpers and re-add JSONLite * Install MySQL 5.7 * Try more mysql * Update password for mysql * Fixing issuse in Users.get_solves * Add new import/export code * Switch to CTFdSerializer for Python 3 * Re-implement import exports and add a very flaky test * Redesign submissions API response * Get export to roundtrip in tests * Int score b/c Decimal is not JSON serializeable * Remove unused route methods * Fix POST /api/v1/configs and start adding admin tests * Add user_id and team_id to top/10 * Fix admin creating Teams * Fix Team website validation * Change admins_only to reply with a 403 if the request is JSON * Organize admin tests and fix authed_only to return 403 on unauthed * Adding check_account_visibility, check_score_visibility for /api/v1/teams/<team_id>/(solves|awards|fails) * Fix teams/me endpoints again * Fix users/me endpoints to return 403 if unauthed * Fix Python 3 config API * Add fetch and promise polyfills. (#712) * Add exec to docker-entrypoint.sh (#713) * Display import_ctf Exceptions via repr (#651) - Wraps exceptions on `/admin/import` returned to users in a `repr()`, making debugging easier. * Add error messages to the admin panel, fix schemas for users, start working on UI for imports/exports * Make unauthed challenge submission attempt return 403 instead of 302, Fix user deletion, fix associated tests, remove TODOs * Remove old means of creating solves * Remove most of the content from teams.js and users.js * Remove extra code from /challenges.js * Fix POST'ing & PATCH'ing pages * Make (users|teams)/fails return only count to users. Fix public score graphs to factor in awards * Fix admin side scoregraphs. Fix Awardschemas for admins * Add requirements to db migration * Adding some team decorators * Fix require_team_mode decorator * Make verified emails decorator return 403 on JSON requests * Redo initial revision * Add SQLiteJSON back * Adding ratelimit to /redirect and removing POST from /oauth * Fix PATCH tags * Actually fix PATCH tags * Simplify 500.html * Added tests for challenges, awards, files, flags, hints ... (#723) * Added tests for challenges, awards, files, flags, hints, notifications, pages, submissions, tags * Fix user data validation functions, Fix hidden challenges and include test * Add a locked state to attempt * OAuth teams get verified, use logging functions in redirect route * Removing extra print call * Update requirements.txt * Fix possible AttributeError * Start work on #716 * Closes #717 * Fix issue patching teams * Rename .j2 to .html, implement preview for challenges if admin * Move admin/challenge.html to admin/challenges/challenge.html * Remove old modals * Add Reset CTF button (#639) * Add Reset link to config.html * Delete Tracking * files handler should return a 404 on files it cant find * Denote official teams (#729), make scoregraph fill to zero * Remove old javascript files, make some challenge elements refresh by reloading * Fix team editting modals to work more reliably * Fix rendering of CTF paused * Remove hide_scores funtion and roll it into scores visibility * Log to stdout/stderr by default (#719) * Fix user searching * Remove searching for users/teams by country * Add badges to admin team and user pages, implement user banning (#643) * Remove shell.py, clean up admin team.html, add tests for banned users, teams * Start cleaning up dynamic_challenges to meet new challenge type plugin format * Remove POST method from teams.public * Add credentials: 'same-origin' to all fetch calls (#734) * Add challenge preview, add challenge deletion, fix file deletions when deleting challenges * Fix imports UI (#735) * Show prerequisites before adding a blank one (#738), Refresh all challenges after a submission (#739) * Admins can see hidden challenges * Fix some UI elements, fix loading location hash, set version to be 2.0.0 * Clean up some challenge plugin pages * Add default for flag type * Fix Python3 bytes/str issues * Add in MLC urls and support user mode for oauth * Fix seeing user graphs when scores are hidden, clean up setup.html, add links to MLC oauth * Add state parameter support * Use URLSafeTimedSerializer wrapper for sending token based emails * setting APPLICATION_ROOT from env var (#732) * Rearrange config.py and update README * Updating README
2018-11-20 04:16:14 +00:00
destroy_ctfd(app)
@patch('smtplib.SMTP')
def test_user_can_reset_password(mock_smtp):
"""Test that a user is capable of resetting their password"""
from email.mime.text import MIMEText
app = create_ctfd()
with app.app_context(), freeze_time("2012-01-14 03:21:34"):
2.0.0 (#741) * Fix user and admin panel user/team graphs * Closes #682 * Unify login and logout under specific functions * Closes #659 * Rename Challenges.hidden to Challenges.state * Start to clean up API and front end integration starting with profile updating * Slightly cleaner code * Clean API to respond with success, data, and status codes * Simpler COUNTRIES_LIST and update profile to use COUNTRIES_LIST * Lookup country code in users page. Update front end calls to get API data properly * Fix some API endpoints and fix JS to process new responses * Update config.py to support new values * Closes #635 * Update some code to handle user types, add email domain whitelisting * Write a logging wrapper * Use logging wrapper for submissions * Close #656 * Break up config.html to make it easier to maintain * Fix logging, domain_whitelist, and config * Improving views.py, starting to add Announcements * Starting announcements front end * Make it easier to see large images, clean up some more REST API differences * Closes #668 * Update Proxyfix config to REVERSE_PROXY * Add announcements front end * Move creation/edit modals into seperate files. Start moving user updating into their admin profile pages. * Update font-awesome to 5.4.1 * Switch to user-edit icon * Update the update_check function to send up more anonymous data for statistics purposes. * Start work on #640 * Add the user action modals and update API to fix responses * Fix admin teams page * Add challenge requirements * Implement anonymous locked challenges * Team editting from admin panel * Switch from simple cache to filesystem cache * Implements a Cache backed server side session (#658) and fixes Users editting endpoint * Add our messaging for docs * Closes #700 * Remove invalid import * Move challenge enditting around a whole lot and probably break a bunch of things * Show challenge names in prerequisites instead of challenge IDs * Closes #661 * Change user templates to use url_for * Remove extra function * Rewrite admin panel to use url_for * Fix events to work under subdirectories * Start cleaning up config panel * Fix filesystem uploader; deprecate view_challenges_unregistered, view_scoreboard_if_authed, prevent_registration, view_after_ctf; implement new visibility decorators * Remove workshop mode, fix some glitches with the new visibility settings * Fix ctf_logo on core theme * Fix setup errors * Removing default from get_config b/c of memoization issues and getting some tests working * Relax email regex validation rule (#693) * Update to pycodestyle and fix new lint errors * Add a ctf_id to update_check * Change challenge plugin layout. Rename mailgun configs to be more descriptive (Closes #702) * Detect if people try to set routes with '/' to simplify #690 * Closes #690 * Clean up some code * Clean up challenge submit to rate limit * Fix js version compatability issue * Close some TODOs * Hide challenges if not authenticated * Make set_config reset the cache for those config values * Return 404 on empty challenges for /api/v1/<challenge_id>/solves * Fix setting boolean configs * Properly change account config settings * Move datetimes to isoformat (Closes #703) * Remove all .isoformat() calls because it isn't UTC aware (ends in Z). Switch to isoformat function & filter * Make /v1/submissions endpoint work for admin submission creation * Make oauth_id unique for Users and Teams * Move challenge submission endpoint and implement mark solved. Fix some isoformat issues. * Only show team's missing challenges if in team mode * Adding support for Hints & Unlocks * Update challenge submission url * Fix encoding functions in Python3 * Fix hexencode in Python3 * Added functional tests for challenges API for non-admin users (#705) * Set hint default type to be standard * Fix some JS issues. Closes #704 * Implement session.regenerate on top of the CachingSessionInterface * Challenge challenge attempt responses from numbers to strings * Fix password updating for UserSchema * Remove leftover challenge submission code * Remove old migrations :(, resolve challenge requirements not loading correctly, move migration functions * Added functional tests for challenges/hints/admin API (#710) * Fix helpers and re-add JSONLite * Install MySQL 5.7 * Try more mysql * Update password for mysql * Fixing issuse in Users.get_solves * Add new import/export code * Switch to CTFdSerializer for Python 3 * Re-implement import exports and add a very flaky test * Redesign submissions API response * Get export to roundtrip in tests * Int score b/c Decimal is not JSON serializeable * Remove unused route methods * Fix POST /api/v1/configs and start adding admin tests * Add user_id and team_id to top/10 * Fix admin creating Teams * Fix Team website validation * Change admins_only to reply with a 403 if the request is JSON * Organize admin tests and fix authed_only to return 403 on unauthed * Adding check_account_visibility, check_score_visibility for /api/v1/teams/<team_id>/(solves|awards|fails) * Fix teams/me endpoints again * Fix users/me endpoints to return 403 if unauthed * Fix Python 3 config API * Add fetch and promise polyfills. (#712) * Add exec to docker-entrypoint.sh (#713) * Display import_ctf Exceptions via repr (#651) - Wraps exceptions on `/admin/import` returned to users in a `repr()`, making debugging easier. * Add error messages to the admin panel, fix schemas for users, start working on UI for imports/exports * Make unauthed challenge submission attempt return 403 instead of 302, Fix user deletion, fix associated tests, remove TODOs * Remove old means of creating solves * Remove most of the content from teams.js and users.js * Remove extra code from /challenges.js * Fix POST'ing & PATCH'ing pages * Make (users|teams)/fails return only count to users. Fix public score graphs to factor in awards * Fix admin side scoregraphs. Fix Awardschemas for admins * Add requirements to db migration * Adding some team decorators * Fix require_team_mode decorator * Make verified emails decorator return 403 on JSON requests * Redo initial revision * Add SQLiteJSON back * Adding ratelimit to /redirect and removing POST from /oauth * Fix PATCH tags * Actually fix PATCH tags * Simplify 500.html * Added tests for challenges, awards, files, flags, hints ... (#723) * Added tests for challenges, awards, files, flags, hints, notifications, pages, submissions, tags * Fix user data validation functions, Fix hidden challenges and include test * Add a locked state to attempt * OAuth teams get verified, use logging functions in redirect route * Removing extra print call * Update requirements.txt * Fix possible AttributeError * Start work on #716 * Closes #717 * Fix issue patching teams * Rename .j2 to .html, implement preview for challenges if admin * Move admin/challenge.html to admin/challenges/challenge.html * Remove old modals * Add Reset CTF button (#639) * Add Reset link to config.html * Delete Tracking * files handler should return a 404 on files it cant find * Denote official teams (#729), make scoregraph fill to zero * Remove old javascript files, make some challenge elements refresh by reloading * Fix team editting modals to work more reliably * Fix rendering of CTF paused * Remove hide_scores funtion and roll it into scores visibility * Log to stdout/stderr by default (#719) * Fix user searching * Remove searching for users/teams by country * Add badges to admin team and user pages, implement user banning (#643) * Remove shell.py, clean up admin team.html, add tests for banned users, teams * Start cleaning up dynamic_challenges to meet new challenge type plugin format * Remove POST method from teams.public * Add credentials: 'same-origin' to all fetch calls (#734) * Add challenge preview, add challenge deletion, fix file deletions when deleting challenges * Fix imports UI (#735) * Show prerequisites before adding a blank one (#738), Refresh all challenges after a submission (#739) * Admins can see hidden challenges * Fix some UI elements, fix loading location hash, set version to be 2.0.0 * Clean up some challenge plugin pages * Add default for flag type * Fix Python3 bytes/str issues * Add in MLC urls and support user mode for oauth * Fix seeing user graphs when scores are hidden, clean up setup.html, add links to MLC oauth * Add state parameter support * Use URLSafeTimedSerializer wrapper for sending token based emails * setting APPLICATION_ROOT from env var (#732) * Rearrange config.py and update README * Updating README
2018-11-20 04:16:14 +00:00
# Set CTFd to send emails
set_config('mail_server', 'localhost')
set_config('mail_port', 25)
set_config('mail_useauth', True)
2.0.0 (#741) * Fix user and admin panel user/team graphs * Closes #682 * Unify login and logout under specific functions * Closes #659 * Rename Challenges.hidden to Challenges.state * Start to clean up API and front end integration starting with profile updating * Slightly cleaner code * Clean API to respond with success, data, and status codes * Simpler COUNTRIES_LIST and update profile to use COUNTRIES_LIST * Lookup country code in users page. Update front end calls to get API data properly * Fix some API endpoints and fix JS to process new responses * Update config.py to support new values * Closes #635 * Update some code to handle user types, add email domain whitelisting * Write a logging wrapper * Use logging wrapper for submissions * Close #656 * Break up config.html to make it easier to maintain * Fix logging, domain_whitelist, and config * Improving views.py, starting to add Announcements * Starting announcements front end * Make it easier to see large images, clean up some more REST API differences * Closes #668 * Update Proxyfix config to REVERSE_PROXY * Add announcements front end * Move creation/edit modals into seperate files. Start moving user updating into their admin profile pages. * Update font-awesome to 5.4.1 * Switch to user-edit icon * Update the update_check function to send up more anonymous data for statistics purposes. * Start work on #640 * Add the user action modals and update API to fix responses * Fix admin teams page * Add challenge requirements * Implement anonymous locked challenges * Team editting from admin panel * Switch from simple cache to filesystem cache * Implements a Cache backed server side session (#658) and fixes Users editting endpoint * Add our messaging for docs * Closes #700 * Remove invalid import * Move challenge enditting around a whole lot and probably break a bunch of things * Show challenge names in prerequisites instead of challenge IDs * Closes #661 * Change user templates to use url_for * Remove extra function * Rewrite admin panel to use url_for * Fix events to work under subdirectories * Start cleaning up config panel * Fix filesystem uploader; deprecate view_challenges_unregistered, view_scoreboard_if_authed, prevent_registration, view_after_ctf; implement new visibility decorators * Remove workshop mode, fix some glitches with the new visibility settings * Fix ctf_logo on core theme * Fix setup errors * Removing default from get_config b/c of memoization issues and getting some tests working * Relax email regex validation rule (#693) * Update to pycodestyle and fix new lint errors * Add a ctf_id to update_check * Change challenge plugin layout. Rename mailgun configs to be more descriptive (Closes #702) * Detect if people try to set routes with '/' to simplify #690 * Closes #690 * Clean up some code * Clean up challenge submit to rate limit * Fix js version compatability issue * Close some TODOs * Hide challenges if not authenticated * Make set_config reset the cache for those config values * Return 404 on empty challenges for /api/v1/<challenge_id>/solves * Fix setting boolean configs * Properly change account config settings * Move datetimes to isoformat (Closes #703) * Remove all .isoformat() calls because it isn't UTC aware (ends in Z). Switch to isoformat function & filter * Make /v1/submissions endpoint work for admin submission creation * Make oauth_id unique for Users and Teams * Move challenge submission endpoint and implement mark solved. Fix some isoformat issues. * Only show team's missing challenges if in team mode * Adding support for Hints & Unlocks * Update challenge submission url * Fix encoding functions in Python3 * Fix hexencode in Python3 * Added functional tests for challenges API for non-admin users (#705) * Set hint default type to be standard * Fix some JS issues. Closes #704 * Implement session.regenerate on top of the CachingSessionInterface * Challenge challenge attempt responses from numbers to strings * Fix password updating for UserSchema * Remove leftover challenge submission code * Remove old migrations :(, resolve challenge requirements not loading correctly, move migration functions * Added functional tests for challenges/hints/admin API (#710) * Fix helpers and re-add JSONLite * Install MySQL 5.7 * Try more mysql * Update password for mysql * Fixing issuse in Users.get_solves * Add new import/export code * Switch to CTFdSerializer for Python 3 * Re-implement import exports and add a very flaky test * Redesign submissions API response * Get export to roundtrip in tests * Int score b/c Decimal is not JSON serializeable * Remove unused route methods * Fix POST /api/v1/configs and start adding admin tests * Add user_id and team_id to top/10 * Fix admin creating Teams * Fix Team website validation * Change admins_only to reply with a 403 if the request is JSON * Organize admin tests and fix authed_only to return 403 on unauthed * Adding check_account_visibility, check_score_visibility for /api/v1/teams/<team_id>/(solves|awards|fails) * Fix teams/me endpoints again * Fix users/me endpoints to return 403 if unauthed * Fix Python 3 config API * Add fetch and promise polyfills. (#712) * Add exec to docker-entrypoint.sh (#713) * Display import_ctf Exceptions via repr (#651) - Wraps exceptions on `/admin/import` returned to users in a `repr()`, making debugging easier. * Add error messages to the admin panel, fix schemas for users, start working on UI for imports/exports * Make unauthed challenge submission attempt return 403 instead of 302, Fix user deletion, fix associated tests, remove TODOs * Remove old means of creating solves * Remove most of the content from teams.js and users.js * Remove extra code from /challenges.js * Fix POST'ing & PATCH'ing pages * Make (users|teams)/fails return only count to users. Fix public score graphs to factor in awards * Fix admin side scoregraphs. Fix Awardschemas for admins * Add requirements to db migration * Adding some team decorators * Fix require_team_mode decorator * Make verified emails decorator return 403 on JSON requests * Redo initial revision * Add SQLiteJSON back * Adding ratelimit to /redirect and removing POST from /oauth * Fix PATCH tags * Actually fix PATCH tags * Simplify 500.html * Added tests for challenges, awards, files, flags, hints ... (#723) * Added tests for challenges, awards, files, flags, hints, notifications, pages, submissions, tags * Fix user data validation functions, Fix hidden challenges and include test * Add a locked state to attempt * OAuth teams get verified, use logging functions in redirect route * Removing extra print call * Update requirements.txt * Fix possible AttributeError * Start work on #716 * Closes #717 * Fix issue patching teams * Rename .j2 to .html, implement preview for challenges if admin * Move admin/challenge.html to admin/challenges/challenge.html * Remove old modals * Add Reset CTF button (#639) * Add Reset link to config.html * Delete Tracking * files handler should return a 404 on files it cant find * Denote official teams (#729), make scoregraph fill to zero * Remove old javascript files, make some challenge elements refresh by reloading * Fix team editting modals to work more reliably * Fix rendering of CTF paused * Remove hide_scores funtion and roll it into scores visibility * Log to stdout/stderr by default (#719) * Fix user searching * Remove searching for users/teams by country * Add badges to admin team and user pages, implement user banning (#643) * Remove shell.py, clean up admin team.html, add tests for banned users, teams * Start cleaning up dynamic_challenges to meet new challenge type plugin format * Remove POST method from teams.public * Add credentials: 'same-origin' to all fetch calls (#734) * Add challenge preview, add challenge deletion, fix file deletions when deleting challenges * Fix imports UI (#735) * Show prerequisites before adding a blank one (#738), Refresh all challenges after a submission (#739) * Admins can see hidden challenges * Fix some UI elements, fix loading location hash, set version to be 2.0.0 * Clean up some challenge plugin pages * Add default for flag type * Fix Python3 bytes/str issues * Add in MLC urls and support user mode for oauth * Fix seeing user graphs when scores are hidden, clean up setup.html, add links to MLC oauth * Add state parameter support * Use URLSafeTimedSerializer wrapper for sending token based emails * setting APPLICATION_ROOT from env var (#732) * Rearrange config.py and update README * Updating README
2018-11-20 04:16:14 +00:00
set_config('mail_username', 'username')
set_config('mail_password', 'password')
# Create a user
register_user(app, name="user1", email="user@user.com")
with app.test_client() as client:
r = client.get('/reset_password')
# Build reset password data
with client.session_transaction() as sess:
data = {
'nonce': sess.get('nonce'),
'email': 'user@user.com'
}
# Issue the password reset request
r = client.post('/reset_password', data=data)
from_addr = get_config('mailfrom_addr') or app.config.get('MAILFROM_ADDR')
to_addr = 'user@user.com'
# Build the email
msg = ("""Did you initiate a password reset? Click the following link to reset """
"""your password:\n\nhttp://localhost/reset_password/InVzZXIxIg.TxD0vg.-gvVg-KVy0RWkiclAE6JViv1I0M\n\n""")
email_msg = MIMEText(msg)
email_msg['Subject'] = "Message from CTFd"
email_msg['From'] = from_addr
email_msg['To'] = to_addr
# Make sure that the reset password email is sent
mock_smtp.return_value.sendmail.assert_called_with(from_addr, [to_addr], email_msg.as_string())
# Get user's original password
user = Users.query.filter_by(email="user@user.com").first()
user_password_saved = user.password
# Build the POST data
with client.session_transaction() as sess:
data = {
'nonce': sess.get('nonce'),
'password': 'passwordtwo'
}
# Do the password reset
r = client.get('/reset_password/InVzZXIxIg.TxD0vg.-gvVg-KVy0RWkiclAE6JViv1I0M')
r = client.post('/reset_password/InVzZXIxIg.TxD0vg.-gvVg-KVy0RWkiclAE6JViv1I0M', data=data)
# Make sure that the user's password changed
user = Users.query.filter_by(email="user@user.com").first()
assert check_password('passwordtwo', user.password)
2.0.0 (#741) * Fix user and admin panel user/team graphs * Closes #682 * Unify login and logout under specific functions * Closes #659 * Rename Challenges.hidden to Challenges.state * Start to clean up API and front end integration starting with profile updating * Slightly cleaner code * Clean API to respond with success, data, and status codes * Simpler COUNTRIES_LIST and update profile to use COUNTRIES_LIST * Lookup country code in users page. Update front end calls to get API data properly * Fix some API endpoints and fix JS to process new responses * Update config.py to support new values * Closes #635 * Update some code to handle user types, add email domain whitelisting * Write a logging wrapper * Use logging wrapper for submissions * Close #656 * Break up config.html to make it easier to maintain * Fix logging, domain_whitelist, and config * Improving views.py, starting to add Announcements * Starting announcements front end * Make it easier to see large images, clean up some more REST API differences * Closes #668 * Update Proxyfix config to REVERSE_PROXY * Add announcements front end * Move creation/edit modals into seperate files. Start moving user updating into their admin profile pages. * Update font-awesome to 5.4.1 * Switch to user-edit icon * Update the update_check function to send up more anonymous data for statistics purposes. * Start work on #640 * Add the user action modals and update API to fix responses * Fix admin teams page * Add challenge requirements * Implement anonymous locked challenges * Team editting from admin panel * Switch from simple cache to filesystem cache * Implements a Cache backed server side session (#658) and fixes Users editting endpoint * Add our messaging for docs * Closes #700 * Remove invalid import * Move challenge enditting around a whole lot and probably break a bunch of things * Show challenge names in prerequisites instead of challenge IDs * Closes #661 * Change user templates to use url_for * Remove extra function * Rewrite admin panel to use url_for * Fix events to work under subdirectories * Start cleaning up config panel * Fix filesystem uploader; deprecate view_challenges_unregistered, view_scoreboard_if_authed, prevent_registration, view_after_ctf; implement new visibility decorators * Remove workshop mode, fix some glitches with the new visibility settings * Fix ctf_logo on core theme * Fix setup errors * Removing default from get_config b/c of memoization issues and getting some tests working * Relax email regex validation rule (#693) * Update to pycodestyle and fix new lint errors * Add a ctf_id to update_check * Change challenge plugin layout. Rename mailgun configs to be more descriptive (Closes #702) * Detect if people try to set routes with '/' to simplify #690 * Closes #690 * Clean up some code * Clean up challenge submit to rate limit * Fix js version compatability issue * Close some TODOs * Hide challenges if not authenticated * Make set_config reset the cache for those config values * Return 404 on empty challenges for /api/v1/<challenge_id>/solves * Fix setting boolean configs * Properly change account config settings * Move datetimes to isoformat (Closes #703) * Remove all .isoformat() calls because it isn't UTC aware (ends in Z). Switch to isoformat function & filter * Make /v1/submissions endpoint work for admin submission creation * Make oauth_id unique for Users and Teams * Move challenge submission endpoint and implement mark solved. Fix some isoformat issues. * Only show team's missing challenges if in team mode * Adding support for Hints & Unlocks * Update challenge submission url * Fix encoding functions in Python3 * Fix hexencode in Python3 * Added functional tests for challenges API for non-admin users (#705) * Set hint default type to be standard * Fix some JS issues. Closes #704 * Implement session.regenerate on top of the CachingSessionInterface * Challenge challenge attempt responses from numbers to strings * Fix password updating for UserSchema * Remove leftover challenge submission code * Remove old migrations :(, resolve challenge requirements not loading correctly, move migration functions * Added functional tests for challenges/hints/admin API (#710) * Fix helpers and re-add JSONLite * Install MySQL 5.7 * Try more mysql * Update password for mysql * Fixing issuse in Users.get_solves * Add new import/export code * Switch to CTFdSerializer for Python 3 * Re-implement import exports and add a very flaky test * Redesign submissions API response * Get export to roundtrip in tests * Int score b/c Decimal is not JSON serializeable * Remove unused route methods * Fix POST /api/v1/configs and start adding admin tests * Add user_id and team_id to top/10 * Fix admin creating Teams * Fix Team website validation * Change admins_only to reply with a 403 if the request is JSON * Organize admin tests and fix authed_only to return 403 on unauthed * Adding check_account_visibility, check_score_visibility for /api/v1/teams/<team_id>/(solves|awards|fails) * Fix teams/me endpoints again * Fix users/me endpoints to return 403 if unauthed * Fix Python 3 config API * Add fetch and promise polyfills. (#712) * Add exec to docker-entrypoint.sh (#713) * Display import_ctf Exceptions via repr (#651) - Wraps exceptions on `/admin/import` returned to users in a `repr()`, making debugging easier. * Add error messages to the admin panel, fix schemas for users, start working on UI for imports/exports * Make unauthed challenge submission attempt return 403 instead of 302, Fix user deletion, fix associated tests, remove TODOs * Remove old means of creating solves * Remove most of the content from teams.js and users.js * Remove extra code from /challenges.js * Fix POST'ing & PATCH'ing pages * Make (users|teams)/fails return only count to users. Fix public score graphs to factor in awards * Fix admin side scoregraphs. Fix Awardschemas for admins * Add requirements to db migration * Adding some team decorators * Fix require_team_mode decorator * Make verified emails decorator return 403 on JSON requests * Redo initial revision * Add SQLiteJSON back * Adding ratelimit to /redirect and removing POST from /oauth * Fix PATCH tags * Actually fix PATCH tags * Simplify 500.html * Added tests for challenges, awards, files, flags, hints ... (#723) * Added tests for challenges, awards, files, flags, hints, notifications, pages, submissions, tags * Fix user data validation functions, Fix hidden challenges and include test * Add a locked state to attempt * OAuth teams get verified, use logging functions in redirect route * Removing extra print call * Update requirements.txt * Fix possible AttributeError * Start work on #716 * Closes #717 * Fix issue patching teams * Rename .j2 to .html, implement preview for challenges if admin * Move admin/challenge.html to admin/challenges/challenge.html * Remove old modals * Add Reset CTF button (#639) * Add Reset link to config.html * Delete Tracking * files handler should return a 404 on files it cant find * Denote official teams (#729), make scoregraph fill to zero * Remove old javascript files, make some challenge elements refresh by reloading * Fix team editting modals to work more reliably * Fix rendering of CTF paused * Remove hide_scores funtion and roll it into scores visibility * Log to stdout/stderr by default (#719) * Fix user searching * Remove searching for users/teams by country * Add badges to admin team and user pages, implement user banning (#643) * Remove shell.py, clean up admin team.html, add tests for banned users, teams * Start cleaning up dynamic_challenges to meet new challenge type plugin format * Remove POST method from teams.public * Add credentials: 'same-origin' to all fetch calls (#734) * Add challenge preview, add challenge deletion, fix file deletions when deleting challenges * Fix imports UI (#735) * Show prerequisites before adding a blank one (#738), Refresh all challenges after a submission (#739) * Admins can see hidden challenges * Fix some UI elements, fix loading location hash, set version to be 2.0.0 * Clean up some challenge plugin pages * Add default for flag type * Fix Python3 bytes/str issues * Add in MLC urls and support user mode for oauth * Fix seeing user graphs when scores are hidden, clean up setup.html, add links to MLC oauth * Add state parameter support * Use URLSafeTimedSerializer wrapper for sending token based emails * setting APPLICATION_ROOT from env var (#732) * Rearrange config.py and update README * Updating README
2018-11-20 04:16:14 +00:00
destroy_ctfd(app)
def test_banned_user():
app = create_ctfd()
with app.app_context():
register_user(app)
client = login_as_user(app)
user = Users.query.filter_by(id=2).first()
user.banned = True
db.session.commit()
routes = ['/', '/challenges', '/api/v1/challenges']
for route in routes:
r = client.get(route)
assert r.status_code == 403
destroy_ctfd(app)