mirror of https://github.com/JohnHammond/CTFd.git
Allow unauthed users to attempt challenges if visibility is public but get redirected (Closes #797) (#798)
parent
f3a97f7344
commit
087443467f
|
@ -266,8 +266,15 @@ class Challenge(Resource):
|
|||
class ChallengeAttempt(Resource):
|
||||
@during_ctf_time_only
|
||||
@require_verified_emails
|
||||
@authed_only
|
||||
def post(self):
|
||||
if authed() is False:
|
||||
return {
|
||||
'success': True,
|
||||
'data': {
|
||||
'status': "authentication_required",
|
||||
}
|
||||
}, 403
|
||||
|
||||
if request.content_type != 'application/json':
|
||||
request_data = request.form
|
||||
else:
|
||||
|
|
|
@ -317,13 +317,6 @@ def test_that_view_challenges_unregistered_works():
|
|||
r = client.get('/api/v1/challenges')
|
||||
assert r.get_json()['data']
|
||||
|
||||
# r = client.get('/chals/solves')
|
||||
# data = r.get_data(as_text=True)
|
||||
# assert json.loads(data) == json.loads('''{
|
||||
# "1": 0
|
||||
# }
|
||||
# ''')
|
||||
|
||||
r = client.get('/api/v1/challenges/1/solves')
|
||||
assert r.get_json().get('data') is not None
|
||||
|
||||
|
@ -333,7 +326,8 @@ def test_that_view_challenges_unregistered_works():
|
|||
}
|
||||
r = client.post('/api/v1/challenges/attempt'.format(chal_id), json=data)
|
||||
assert r.status_code == 403
|
||||
resp = r.get_json().get('data') is None
|
||||
assert r.get_json().get('data').get('status') == "authentication_required"
|
||||
assert r.get_json().get('data').get('message') is None
|
||||
destroy_ctfd(app)
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue