JohnHammond
/
CTFd
mirror of https://github.com/JohnHammond/CTFd.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merging local changes

selenium-screenshot-testing
CodeKevin 2015-01-24 00:51:32 -05:00
parent 7642aeb1e5 8ec79d9337
commit 6b81ac4577
8 changed files with 121 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
CTFd/admin.py
View File

@ -54,10 +54,10 @@ def init_admin(app):
try:
view_challenges_unregistered = bool(request.form.get('view_challenges_unregistered', None))
prevent_registration = bool(request.form.get('prevent_registration', None))
except (ValueError, TypeError):
view_challenges_unregistered = None
print repr(start), repr(end), repr(view_challenges_unregistered)
prevent_registration = None
db_start = Config.query.filter_by(key='start').first()
db_start.value = start
@ -68,16 +68,50 @@ def init_admin(app):
db_view_challenges_unregistered = Config.query.filter_by(key='view_challenges_unregistered').first()
db_view_challenges_unregistered.value = view_challenges_unregistered
db_prevent_registration = Config.query.filter_by(key='prevent_registration').first()
db_prevent_registration.value = prevent_registration
db.session.add(db_start)
db.session.add(db_end)
db.session.add(db_view_challenges_unregistered)
db.session.add(db_prevent_registration)
db.session.commit()
return redirect('/admin/config')
start = Config.query.filter_by(key="start").first().value
end = Config.query.filter_by(key="end").first().value
view_challenges_unregistered = (Config.query.filter_by(key='view_challenges_unregistered').first().value == '1')
return render_template('admin/config.html', start=start, end=end, view_challenges_unregistered=view_challenges_unregistered)
start = Config.query.filter_by(key="start").first()
if start:
start = start.value
else:
start = Config('start', None)
db.session.add(start)
end = Config.query.filter_by(key="end").first()
if end:
end = end.value
else:
end = Config('end', None)
db.session.add(end)
view_challenges_unregistered = Config.query.filter_by(key='view_challenges_unregistered').first()
if view_challenges_unregistered:
view_challenges_unregistered = (view_challenges_unregistered.value == '1')
else:
view_challenges_unregistered = Config('view_challenges_unregistered', None)
db.session.add(view_challenges_unregistered)
prevent_registration = Config.query.filter_by(key='prevent_registration').first()
if prevent_registration:
prevent_registration = (prevent_registration.value == '1')
else:
prevent_registration = Config('prevent_registration', None)
db.session.add(prevent_registration)
db.session.commit()
db.session.close()
return render_template('admin/config.html', start=start, end=end, view_challenges_unregistered=view_challenges_unregistered,
prevent_registration=prevent_registration)
@app.route('/admin/pages', defaults={'route': None}, methods=['GET', 'POST'])
@app.route('/admin/pages/<route>', methods=['GET', 'POST'])
@ -291,6 +325,14 @@ def init_admin(app):
db.session.commit()
return redirect('/scoreboard')
@app.route('/admin/team/<teamid>/delete', methods=['POST'])
@admins_only
def delete_team(teamid):
user = Teams.query.filter_by(id=teamid).first()
db.session.delete(user)
db.session.commit()
return '1'
@app.route('/admin/graphs/<graph_type>')
@admins_only
@ -348,7 +390,6 @@ def init_admin(app):
db.session.commit()
teams_registered = db.session.query(db.func.count(Teams.id)).first()[0]
site_hits = db.session.query(db.func.count(Tracking.id)).first()[0]
wrong_count = db.session.query(db.func.count(WrongKeys.id)).first()[0]
solve_count = db.session.query(db.func.count(Solves.id)).first()[0]
challenge_count = db.session.query(db.func.count(Challenges.id)).first()[0]
@ -358,7 +399,6 @@ def init_admin(app):
db.session.close()
return render_template('admin/statistics.html', team_count=teams_registered,
hit_count=site_hits,
wrong_count=wrong_count,
solve_count=solve_count,
challenge_count=challenge_count,

4
CTFd/auth.py
View File

@ -1,5 +1,5 @@
from flask import render_template, request, redirect, abort, jsonify, url_for, session
from CTFd.utils import sha512, is_safe_url, authed, mailserver, sendmail
from CTFd.utils import sha512, is_safe_url, authed, mailserver, sendmail, can_register
from CTFd.models import db, Teams
from itsdangerous import TimedSerializer, BadTimeSignature
@ -56,6 +56,8 @@ Did you initiate a password reset?
@app.route('/register', methods=['POST', 'GET'])
def register():
if not can_register():
return redirect('/login')
if request.method == 'POST':
errors = []
name_len = len(request.form['name']) == 0

21
CTFd/utils.py
View File

@ -18,18 +18,14 @@ def init_utils(app):
app.jinja_env.filters['unix_time_millis'] = unix_time_millis
app.jinja_env.filters['long2ip'] = long2ip
app.jinja_env.globals.update(pages=pages)
app.jinja_env.globals.update(can_register=can_register)
def pages():
pages = Pages.query.filter(Pages.route!="index").all()
return pages
def authed():
try:
if session['id']:
return True
except KeyError:
pass
return False
return bool(session.get('id', False))
def is_setup():
setup = Config.query.filter_by(key='setup').first()
@ -44,6 +40,13 @@ def is_admin():
else:
return False
def can_register():
config = Config.query.filter_by(key='prevent_registration').first()
if config:
return config.value != '1'
else:
return True
def admins_only(f):
@wraps(f)
def decorated_function(*args, **kwargs):
@ -84,7 +87,11 @@ def ctftime():
return False
def can_view_challenges():
return authed() or (Config.query.filter_by(key="view_challenges_unregistered").first().value == '1');
config = Config.query.filter_by(key="view_challenges_unregistered").first()
if config:
return authed() or config.value == '1'
else:
return authed()
def unix_time(dt):
epoch = datetime.datetime.utcfromtimestamp(0)

4
CTFd/views.py
View File

@ -66,6 +66,9 @@ def init_views(app):
## Challenges cannot be viewed by unregistered users
view_challenges_unregistered = Config('view_challenges_unregistered', None)
## Allow/Disallow registration
prevent_registration = Config('prevent_registration', None)
setup = Config('setup', True)
db.session.add(admin)
@ -73,6 +76,7 @@ def init_views(app):
db.session.add(start)
db.session.add(end)
db.session.add(view_challenges_unregistered)
db.session.add(prevent_registration)
db.session.add(setup)
db.session.commit()
app.setup = False

7
templates/admin/config.html
View File

@ -27,7 +27,12 @@
<label for="view_challenges_unregistered">Unregistered users can view challenges</label>
</div>
<button class="radius" type='submit'>Submit</button>
<div class="row">
<input id="prevent_registration" name="prevent_registration" type="checkbox" {% if prevent_registration %}checked{% endif %}>
<label for="prevent_registration">Prevent public registration</label>
</div>
<button class="radius" type='submit'>Update</button>
</form>
</div>
{% endblock %}

1
templates/admin/statistics.html
View File

@ -6,7 +6,6 @@
<h1>Statistics</h1>
<h3><b>{{ team_count }}</b> teams registered</h3>
<h3><b>{{ hit_count}}</b> hits</h3>
<h3><b>{{ wrong_count }}</b> wrong keys submitted</h3>
<h3><b>{{ solve_count }}</b> right keys submitted</h3>
<h3><b>{{ challenge_count }}</b> challenges</h3>

48
templates/admin/teams.html
View File

@ -5,8 +5,20 @@
<div class="row">
<br>
<div id="confirm" class="reveal-modal" data-reveal>
<h2 class="text-center">Delete User</h2>
<form method="POST">
<input type="hidden" name="id">
<input type="hidden" name="nonce" value="{{ nonce }}">
<div class="small-6 small-centered text-center columns">
<p>Are you sure you want to delete <strong id="confirm-team-name"></strong>?</p>
<button type="button" class="button alert radius" onclick="$('#confirm').foundation('reveal', 'close');">No</button>
<button type="button" id="delete-user" class="button success radius">Yes</button>
</div>
</form>
</div>
<div id="user" class="reveal-modal" data-reveal>
<h2>Edit User</h2>
<h2 class="text-center">Edit User</h2>
<form method="POST" action="/admin/teams/">
<div class="row">
<input type="hidden" name="nonce" value="{{ nonce }}">
@ -97,7 +109,7 @@
{% block scripts %}
<script>
function load_modal(id, name, email, website, affiliation, country){
function load_update_modal(id, name, email, website, affiliation, country){
var modal_form = $('#user form');
modal_form.find('input[name=name]').val(name)
@ -132,7 +144,19 @@ $('#update-user').click(function(e){
}
};
})
})
});
$('#delete-user').click(function(e){
e.preventDefault();
var id = $('#confirm input[name="id"]').val()
var user_data = $('#confirm form').serializeArray()
$.post($('#confirm form').attr('action'), $('#confirm form').serialize(), function(data){
var data = $.parseJSON(JSON.stringify(data))
if (data == "1"){
location.reload()
}
})
});
$('.fa-pencil-square-o').click(function(){
var elem = $(this).parent().parent().parent();
@ -143,7 +167,23 @@ $('.fa-pencil-square-o').click(function(){
var affiliation = elem.find('.team-affiliation').text().trim();
var country = elem.find('.team-country').text().trim();
load_modal(id, name, email, website, affiliation, country);
load_update_modal(id, name, email, website, affiliation, country);
})
function load_confirm_modal(id, name){
var modal = $('#confirm')
modal.find('input[name=id]').val(id)
modal.find('#confirm-team-name').text(name)
$('#confirm form').attr('action', '/admin/team/'+id+'/delete');
$('#confirm').foundation('reveal', 'open');
}
$('.fa-times').click(function(){
var elem = $(this).parent().parent().parent();
var id = elem.find('.team-id').text().trim();
var name = elem.find('.team-name').text().trim();
load_confirm_modal(id, name)
})
</script>
{% endblock %}

3
templates/base.html
View File

@ -37,6 +37,7 @@
</li>
{%else %}
<li class="has-form">
{% if can_register() %}
<li class="has-dropdown">
<a href="/register">Register</a>
<ul class="dropdown">
@ -48,7 +49,7 @@
</form>
</ul>
</li>
{% endif %}
<li class="has-dropdown">
<a href="/login">Login</a>
<ul class="dropdown">