JohnHammond
/
CTFd
mirror of https://github.com/JohnHammond/CTFd.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Closes #7 

Stack trace only applies in debug mode which shouldn't be used in
production but password length bug is valid
selenium-screenshot-testing
CodeKevin 2015-01-05 20:32:34 -05:00
parent 7cf762a6c4
commit 7c7632301f
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
CTFd/auth.py
View File

@ -61,7 +61,8 @@ Did you initiate a password reset?
name_len = len(request.form['name']) == 0 name_len = len(request.form['name']) == 0
names = Teams.query.add_columns('name', 'id').filter_by(name=request.form['name']).first() names = Teams.query.add_columns('name', 'id').filter_by(name=request.form['name']).first()
emails = Teams.query.add_columns('email', 'id').filter_by(email=request.form['email']).first() emails = Teams.query.add_columns('email', 'id').filter_by(email=request.form['email']).first()
pass_len = len(request.form['password']) == 0 pass_short = len(request.form['password']) == 0
pass_long = len(request.form['password']) > 128
valid_email = re.match("[^@]+@[^@]+\.[^@]+", request.form['email']) valid_email = re.match("[^@]+@[^@]+\.[^@]+", request.form['email'])
if not valid_email: if not valid_email:
@ -70,12 +71,16 @@ Did you initiate a password reset?
errors.append('That team name is already taken') errors.append('That team name is already taken')
if emails: if emails:
errors.append('That email has already been used') errors.append('That email has already been used')
if pass_len: if pass_short:
errors.append('Pick a longer password') errors.append('Pick a longer password')
if pass_long:
errors.append('Pick a shorter password')
if name_len: if name_len:
errors.append('Pick a longer team name') errors.append('Pick a longer team name')
if not errors: if len(errors) > 0:
return render_template('register.html', errors=errors, name=request.form['name'], email=request.form['email'], password=request.form['password'])
else:
with app.app_context(): with app.app_context():
team = Teams(request.form['name'], request.form['email'], request.form['password']) team = Teams(request.form['name'], request.form['email'], request.form['password'])
db.session.add(team) db.session.add(team)
@ -84,8 +89,6 @@ Did you initiate a password reset?
sendmail(request.form['email'], "You've successfully registered for the CTF") sendmail(request.form['email'], "You've successfully registered for the CTF")
db.session.close() db.session.close()
if len(errors) > 0:
return render_template('register.html', errors=errors, name=request.form['name'], email=request.form['email'], password=request.form['password'])
logger = logging.getLogger('regs') logger = logging.getLogger('regs')
logger.warn("[{0}] {1} registered with {2}".format(time.strftime("%m/%d/%Y %X"), request.form['name'], request.form['email'])) logger.warn("[{0}] {1} registered with {2}".format(time.strftime("%m/%d/%Y %X"), request.form['name'], request.form['email']))