From 087443467f92a1d4500829058ca5302c4710575e Mon Sep 17 00:00:00 2001 From: Kevin Chung Date: Mon, 10 Dec 2018 22:58:23 -0500 Subject: [PATCH] Allow unauthed users to attempt challenges if visibility is public but get redirected (Closes #797) (#798) --- CTFd/api/v1/challenges.py | 9 ++++++++- tests/users/test_challenges.py | 10 ++-------- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/CTFd/api/v1/challenges.py b/CTFd/api/v1/challenges.py index 0a6f534..521f83f 100644 --- a/CTFd/api/v1/challenges.py +++ b/CTFd/api/v1/challenges.py @@ -266,8 +266,15 @@ class Challenge(Resource): class ChallengeAttempt(Resource): @during_ctf_time_only @require_verified_emails - @authed_only def post(self): + if authed() is False: + return { + 'success': True, + 'data': { + 'status': "authentication_required", + } + }, 403 + if request.content_type != 'application/json': request_data = request.form else: diff --git a/tests/users/test_challenges.py b/tests/users/test_challenges.py index d107a06..d6f8335 100644 --- a/tests/users/test_challenges.py +++ b/tests/users/test_challenges.py @@ -317,13 +317,6 @@ def test_that_view_challenges_unregistered_works(): r = client.get('/api/v1/challenges') assert r.get_json()['data'] - # r = client.get('/chals/solves') - # data = r.get_data(as_text=True) - # assert json.loads(data) == json.loads('''{ - # "1": 0 - # } - # ''') - r = client.get('/api/v1/challenges/1/solves') assert r.get_json().get('data') is not None @@ -333,7 +326,8 @@ def test_that_view_challenges_unregistered_works(): } r = client.post('/api/v1/challenges/attempt'.format(chal_id), json=data) assert r.status_code == 403 - resp = r.get_json().get('data') is None + assert r.get_json().get('data').get('status') == "authentication_required" + assert r.get_json().get('data').get('message') is None destroy_ctfd(app)