diff --git a/.codecov.yml b/.codecov.yml new file mode 100644 index 0000000..35dff8b --- /dev/null +++ b/.codecov.yml @@ -0,0 +1,9 @@ +coverage: + status: + project: + default: + # Fail the status if coverage drops by >= 1% + threshold: 1 + patch: + default: + threshold: 1 diff --git a/CTFd/schemas/users.py b/CTFd/schemas/users.py index bddaf1f..8a22eb5 100644 --- a/CTFd/schemas/users.py +++ b/CTFd/schemas/users.py @@ -152,7 +152,8 @@ class UserSchema(ma.ModelSchema): 'id', 'oauth_id', 'password', - 'type' + 'type', + 'verified' ] } diff --git a/tests/api/v1/test_users.py b/tests/api/v1/test_users.py index 1691b89..b17cfde 100644 --- a/tests/api/v1/test_users.py +++ b/tests/api/v1/test_users.py @@ -92,6 +92,32 @@ def test_api_users_post_admin(): destroy_ctfd(app) +def test_api_users_post_admin_with_attributes(): + """Can a user post /api/v1/users with user settings""" + app = create_ctfd() + with app.app_context(): + with login_as_user(app, 'admin') as client: + # Create user + r = client.post('/api/v1/users', json={ + "name": "user", + "email": "user@user.com", + "password": "password", + "banned": True, + "hidden": True, + "verified": True + }) + assert r.status_code == 200 + + # Make sure password was hashed properly + user = Users.query.filter_by(email='user@user.com').first() + assert user + assert verify_password('password', user.password) + assert user.banned + assert user.hidden + assert user.verified + destroy_ctfd(app) + + def test_api_team_get_public(): """Can a user get /api/v1/team/ if users are public""" app = create_ctfd() @@ -168,10 +194,13 @@ def test_api_user_patch_admin(): "name": "user", "email": "user@ctfd.io", "password": "password", - "country": "US" + "country": "US", + "verified": True }) assert r.status_code == 200 - assert r.get_json()['data'][0]['country'] == 'US' + user_data = r.get_json()['data'][0] + assert user_data['country'] == 'US' + assert user_data['verified'] is True destroy_ctfd(app)