CTFd/tests/oauth/test_redirect.py

#!/usr/bin/env python
# -*- coding: utf-8 -*-

from CTFd.models import Teams, Users
from CTFd.utils import set_config
from tests.helpers import (
    create_ctfd,
    destroy_ctfd,
    login_as_user,
    login_with_mlc,
    register_user,
)


def test_oauth_not_configured():
    """Test that OAuth redirection fails if OAuth settings aren't configured"""
    app = create_ctfd()
    with app.app_context():
        with app.test_client() as client:
            r = client.get("/oauth", follow_redirects=False)
            assert r.location == "http://localhost/login"
            r = client.get(r.location)
            resp = r.get_data(as_text=True)
            assert "OAuth Settings not configured" in resp
    destroy_ctfd(app)


def test_oauth_configured_flow():
    """Test that MLC integration works properly but does not allow registration (account creation) if disabled"""
    app = create_ctfd(user_mode="teams")
    app.config.update(
        {
            "OAUTH_CLIENT_ID": "ctfd_testing_client_id",
            "OAUTH_CLIENT_SECRET": "ctfd_testing_client_secret",
            "OAUTH_AUTHORIZATION_ENDPOINT": "http://auth.localhost/oauth/authorize",
            "OAUTH_TOKEN_ENDPOINT": "http://auth.localhost/oauth/token",
            "OAUTH_API_ENDPOINT": "http://api.localhost/user",
        }
    )
    with app.app_context():
        set_config("registration_visibility", "private")
        assert Users.query.count() == 1
        assert Teams.query.count() == 0

        client = login_with_mlc(app, raise_for_error=False)

        assert Users.query.count() == 1

        # Users shouldn't be able to register because registration is disabled
        resp = client.get("http://localhost/login").get_data(as_text=True)
        assert "Public registration is disabled" in resp

        set_config("registration_visibility", "public")
        client = login_with_mlc(app)

        # Users should be able to register now
        assert Users.query.count() == 2
        user = Users.query.filter_by(email="user@ctfd.io").first()
        assert user.oauth_id == 1337
        assert user.team_id == 1

        # Teams should be created
        assert Teams.query.count() == 1
        team = Teams.query.filter_by(id=1).first()
        assert team.oauth_id == 1234

        client.get("/logout")

        # Users should still be able to login if registration is disabled
        set_config("registration_visibility", "private")
        client = login_with_mlc(app)
        with client.session_transaction() as sess:
            assert sess["id"]
            assert sess["name"]
            assert sess["email"]
            assert sess["nonce"]
    destroy_ctfd(app)


def test_oauth_login_upgrade():
    """Test that users who use MLC after having registered will be associated with their MLC account"""
    app = create_ctfd(user_mode="teams")
    app.config.update(
        {
            "OAUTH_CLIENT_ID": "ctfd_testing_client_id",
            "OAUTH_CLIENT_SECRET": "ctfd_testing_client_secret",
            "OAUTH_AUTHORIZATION_ENDPOINT": "http://auth.localhost/oauth/authorize",
            "OAUTH_TOKEN_ENDPOINT": "http://auth.localhost/oauth/token",
            "OAUTH_API_ENDPOINT": "http://api.localhost/user",
        }
    )
    with app.app_context():
        register_user(app)
        assert Users.query.count() == 2
        set_config("registration_visibility", "private")

        # Users should still be able to login
        client = login_as_user(app)
        client.get("/logout")

        user = Users.query.filter_by(id=2).first()
        assert user.oauth_id is None
        assert user.team_id is None

        login_with_mlc(app)

        assert Users.query.count() == 2

        # Logging in with MLC should insert an OAuth ID and team ID
        user = Users.query.filter_by(id=2).first()
        assert user.oauth_id
        assert user.verified
        assert user.team_id
    destroy_ctfd(app)
Block new user registration if registering via MLC (#840) * Block new user registration if registering via MLC * Allow login with MLC while registration is disabled 2019-01-19 21:00:29 +00:00			`#!/usr/bin/env python`
			`# -- coding: utf-8 --`

2.3.0 (#1248) 2.3.0 / 2020-02-17 ================== General * During setup, admins can register their email address with the CTFd LLC newsletter for news and updates * Fix editting hints from the admin panel * Allow admins to insert HTML code directly into the header and footer (end of body tag) of pages. This replaces and supercedes the custom CSS feature. * The `views.custom_css` route has been removed. * Admins can now customize the content of outgoing emails and inject certain variables into email content. * The `manage.py` script can now manipulate the CTFd Configs table via the `get_config` and `set_config` commands. (e.g. `python manage.py get_config ctf_theme` and `python manage.py set_config ctf_theme core`) Themes * Themes should now reference the `theme_header` and `theme_footer` configs instead of the `views.custom_css` endpoint to allow for user customizations. See the `base.html` file of the core theme. Plugins * Make `ezq` functions available to `CTFd.js` under `CTFd.ui.ezq` Miscellaneous * Python imports sorted with `isort` and import order enforced * Black formatter running on a majority of Python code 2020-02-17 07:17:25 +00:00			`from CTFd.models import Teams, Users`
			`from CTFd.utils import set_config`
Format all the things (#991) * Format Javascript and CSS files with `prettier`: `prettier --write 'CTFd/themes/*/'` * Format Python with `black`: `black CTFd` & `black tests` * Travis now uses xenial instead of trusty. 2019-05-12 01:09:37 +00:00			`from tests.helpers import (`
			`create_ctfd,`
			`destroy_ctfd,`
			`login_as_user,`
			`login_with_mlc,`
2.3.0 (#1248) 2.3.0 / 2020-02-17 ================== General * During setup, admins can register their email address with the CTFd LLC newsletter for news and updates * Fix editting hints from the admin panel * Allow admins to insert HTML code directly into the header and footer (end of body tag) of pages. This replaces and supercedes the custom CSS feature. * The `views.custom_css` route has been removed. * Admins can now customize the content of outgoing emails and inject certain variables into email content. * The `manage.py` script can now manipulate the CTFd Configs table via the `get_config` and `set_config` commands. (e.g. `python manage.py get_config ctf_theme` and `python manage.py set_config ctf_theme core`) Themes * Themes should now reference the `theme_header` and `theme_footer` configs instead of the `views.custom_css` endpoint to allow for user customizations. See the `base.html` file of the core theme. Plugins * Make `ezq` functions available to `CTFd.js` under `CTFd.ui.ezq` Miscellaneous * Python imports sorted with `isort` and import order enforced * Black formatter running on a majority of Python code 2020-02-17 07:17:25 +00:00			`register_user,`
Format all the things (#991) * Format Javascript and CSS files with `prettier`: `prettier --write 'CTFd/themes/*/'` * Format Python with `black`: `black CTFd` & `black tests` * Travis now uses xenial instead of trusty. 2019-05-12 01:09:37 +00:00			`)`
Block new user registration if registering via MLC (#840) * Block new user registration if registering via MLC * Allow login with MLC while registration is disabled 2019-01-19 21:00:29 +00:00

			`def test_oauth_not_configured():`
			`"""Test that OAuth redirection fails if OAuth settings aren't configured"""`
			`app = create_ctfd()`
			`with app.app_context():`
			`with app.test_client() as client:`
Format all the things (#991) * Format Javascript and CSS files with `prettier`: `prettier --write 'CTFd/themes/*/'` * Format Python with `black`: `black CTFd` & `black tests` * Travis now uses xenial instead of trusty. 2019-05-12 01:09:37 +00:00			`r = client.get("/oauth", follow_redirects=False)`
			`assert r.location == "http://localhost/login"`
Block new user registration if registering via MLC (#840) * Block new user registration if registering via MLC * Allow login with MLC while registration is disabled 2019-01-19 21:00:29 +00:00			`r = client.get(r.location)`
			`resp = r.get_data(as_text=True)`
			`assert "OAuth Settings not configured" in resp`
			`destroy_ctfd(app)`


			`def test_oauth_configured_flow():`
			`"""Test that MLC integration works properly but does not allow registration (account creation) if disabled"""`
			`app = create_ctfd(user_mode="teams")`
Format all the things (#991) * Format Javascript and CSS files with `prettier`: `prettier --write 'CTFd/themes/*/'` * Format Python with `black`: `black CTFd` & `black tests` * Travis now uses xenial instead of trusty. 2019-05-12 01:09:37 +00:00			`app.config.update(`
			`{`
			`"OAUTH_CLIENT_ID": "ctfd_testing_client_id",`
			`"OAUTH_CLIENT_SECRET": "ctfd_testing_client_secret",`
			`"OAUTH_AUTHORIZATION_ENDPOINT": "http://auth.localhost/oauth/authorize",`
			`"OAUTH_TOKEN_ENDPOINT": "http://auth.localhost/oauth/token",`
			`"OAUTH_API_ENDPOINT": "http://api.localhost/user",`
			`}`
			`)`
Block new user registration if registering via MLC (#840) * Block new user registration if registering via MLC * Allow login with MLC while registration is disabled 2019-01-19 21:00:29 +00:00			`with app.app_context():`
Format all the things (#991) * Format Javascript and CSS files with `prettier`: `prettier --write 'CTFd/themes/*/'` * Format Python with `black`: `black CTFd` & `black tests` * Travis now uses xenial instead of trusty. 2019-05-12 01:09:37 +00:00			`set_config("registration_visibility", "private")`
Block new user registration if registering via MLC (#840) * Block new user registration if registering via MLC * Allow login with MLC while registration is disabled 2019-01-19 21:00:29 +00:00			`assert Users.query.count() == 1`
			`assert Teams.query.count() == 0`

			`client = login_with_mlc(app, raise_for_error=False)`

			`assert Users.query.count() == 1`

			`# Users shouldn't be able to register because registration is disabled`
Format all the things (#991) * Format Javascript and CSS files with `prettier`: `prettier --write 'CTFd/themes/*/'` * Format Python with `black`: `black CTFd` & `black tests` * Travis now uses xenial instead of trusty. 2019-05-12 01:09:37 +00:00			`resp = client.get("http://localhost/login").get_data(as_text=True)`
			`assert "Public registration is disabled" in resp`
Block new user registration if registering via MLC (#840) * Block new user registration if registering via MLC * Allow login with MLC while registration is disabled 2019-01-19 21:00:29 +00:00
Format all the things (#991) * Format Javascript and CSS files with `prettier`: `prettier --write 'CTFd/themes/*/'` * Format Python with `black`: `black CTFd` & `black tests` * Travis now uses xenial instead of trusty. 2019-05-12 01:09:37 +00:00			`set_config("registration_visibility", "public")`
Block new user registration if registering via MLC (#840) * Block new user registration if registering via MLC * Allow login with MLC while registration is disabled 2019-01-19 21:00:29 +00:00			`client = login_with_mlc(app)`

			`# Users should be able to register now`
			`assert Users.query.count() == 2`
Format all the things (#991) * Format Javascript and CSS files with `prettier`: `prettier --write 'CTFd/themes/*/'` * Format Python with `black`: `black CTFd` & `black tests` * Travis now uses xenial instead of trusty. 2019-05-12 01:09:37 +00:00			`user = Users.query.filter_by(email="user@ctfd.io").first()`
Block new user registration if registering via MLC (#840) * Block new user registration if registering via MLC * Allow login with MLC while registration is disabled 2019-01-19 21:00:29 +00:00			`assert user.oauth_id == 1337`
			`assert user.team_id == 1`

			`# Teams should be created`
			`assert Teams.query.count() == 1`
			`team = Teams.query.filter_by(id=1).first()`
			`assert team.oauth_id == 1234`

Format all the things (#991) * Format Javascript and CSS files with `prettier`: `prettier --write 'CTFd/themes/*/'` * Format Python with `black`: `black CTFd` & `black tests` * Travis now uses xenial instead of trusty. 2019-05-12 01:09:37 +00:00			`client.get("/logout")`
Block new user registration if registering via MLC (#840) * Block new user registration if registering via MLC * Allow login with MLC while registration is disabled 2019-01-19 21:00:29 +00:00
			`# Users should still be able to login if registration is disabled`
Format all the things (#991) * Format Javascript and CSS files with `prettier`: `prettier --write 'CTFd/themes/*/'` * Format Python with `black`: `black CTFd` & `black tests` * Travis now uses xenial instead of trusty. 2019-05-12 01:09:37 +00:00			`set_config("registration_visibility", "private")`
Block new user registration if registering via MLC (#840) * Block new user registration if registering via MLC * Allow login with MLC while registration is disabled 2019-01-19 21:00:29 +00:00			`client = login_with_mlc(app)`
			`with client.session_transaction() as sess:`
Format all the things (#991) * Format Javascript and CSS files with `prettier`: `prettier --write 'CTFd/themes/*/'` * Format Python with `black`: `black CTFd` & `black tests` * Travis now uses xenial instead of trusty. 2019-05-12 01:09:37 +00:00			`assert sess["id"]`
			`assert sess["name"]`
			`assert sess["email"]`
			`assert sess["nonce"]`
Block new user registration if registering via MLC (#840) * Block new user registration if registering via MLC * Allow login with MLC while registration is disabled 2019-01-19 21:00:29 +00:00			`destroy_ctfd(app)`


			`def test_oauth_login_upgrade():`
			`"""Test that users who use MLC after having registered will be associated with their MLC account"""`
			`app = create_ctfd(user_mode="teams")`
Format all the things (#991) * Format Javascript and CSS files with `prettier`: `prettier --write 'CTFd/themes/*/'` * Format Python with `black`: `black CTFd` & `black tests` * Travis now uses xenial instead of trusty. 2019-05-12 01:09:37 +00:00			`app.config.update(`
			`{`
			`"OAUTH_CLIENT_ID": "ctfd_testing_client_id",`
			`"OAUTH_CLIENT_SECRET": "ctfd_testing_client_secret",`
			`"OAUTH_AUTHORIZATION_ENDPOINT": "http://auth.localhost/oauth/authorize",`
			`"OAUTH_TOKEN_ENDPOINT": "http://auth.localhost/oauth/token",`
			`"OAUTH_API_ENDPOINT": "http://api.localhost/user",`
			`}`
			`)`
Block new user registration if registering via MLC (#840) * Block new user registration if registering via MLC * Allow login with MLC while registration is disabled 2019-01-19 21:00:29 +00:00			`with app.app_context():`
			`register_user(app)`
			`assert Users.query.count() == 2`
Format all the things (#991) * Format Javascript and CSS files with `prettier`: `prettier --write 'CTFd/themes/*/'` * Format Python with `black`: `black CTFd` & `black tests` * Travis now uses xenial instead of trusty. 2019-05-12 01:09:37 +00:00			`set_config("registration_visibility", "private")`
Block new user registration if registering via MLC (#840) * Block new user registration if registering via MLC * Allow login with MLC while registration is disabled 2019-01-19 21:00:29 +00:00
			`# Users should still be able to login`
			`client = login_as_user(app)`
Format all the things (#991) * Format Javascript and CSS files with `prettier`: `prettier --write 'CTFd/themes/*/'` * Format Python with `black`: `black CTFd` & `black tests` * Travis now uses xenial instead of trusty. 2019-05-12 01:09:37 +00:00			`client.get("/logout")`
Block new user registration if registering via MLC (#840) * Block new user registration if registering via MLC * Allow login with MLC while registration is disabled 2019-01-19 21:00:29 +00:00
			`user = Users.query.filter_by(id=2).first()`
			`assert user.oauth_id is None`
			`assert user.team_id is None`

			`login_with_mlc(app)`

			`assert Users.query.count() == 2`

			`# Logging in with MLC should insert an OAuth ID and team ID`
			`user = Users.query.filter_by(id=2).first()`
			`assert user.oauth_id`
			`assert user.verified`
			`assert user.team_id`
			`destroy_ctfd(app)`