mirror of https://github.com/JohnHammond/CTFd.git
Replacing hardcoded redirects with url_for()
CodeKevin
parent
23d9a57809
commit
ac6e5b8c4f
|
|
@ -34,10 +34,10 @@ def admin_view():
|
|||
session['admin'] = True
|
||||
session['nonce'] = sha512(os.urandom(10))
|
||||
db.session.close()
|
||||
return redirect('/admin/graphs')
|
||||
return redirect(url_for('admin.admin_graphs'))
|
||||
|
||||
if is_admin():
|
||||
return redirect('/admin/graphs')
|
||||
return redirect(url_for('admin.admin_graphs'))
|
||||
|
||||
return render_template('admin/login.html')
|
||||
|
||||
|
|
@ -90,7 +90,7 @@ def admin_config():
|
|||
db.session.add(db_end)
|
||||
|
||||
db.session.commit()
|
||||
return redirect('/admin/config')
|
||||
return redirect(url_for('admin.admin_config'))
|
||||
|
||||
ctf_name = get_config('ctf_name')
|
||||
if not ctf_name:
|
||||
|
|
@ -173,11 +173,11 @@ def admin_pages(route):
|
|||
page.route = route
|
||||
page.html = html
|
||||
db.session.commit()
|
||||
return redirect('/admin/pages')
|
||||
return redirect(url_for('admin.admin_pages'))
|
||||
page = Pages(route, html)
|
||||
db.session.add(page)
|
||||
db.session.commit()
|
||||
return redirect('/admin/pages')
|
||||
return redirect(url_for('admin.admin_pages'))
|
||||
pages = Pages.query.all()
|
||||
return render_template('admin/pages.html', routes=pages, css=get_config('css'))
|
||||
|
||||
|
|
@ -305,7 +305,7 @@ def admin_files(chalid):
|
|||
|
||||
db.session.commit()
|
||||
db.session.close()
|
||||
return redirect('/admin/chals')
|
||||
return redirect(url_for('admin.admin_chals'))
|
||||
|
||||
|
||||
@admin.route('/admin/teams', defaults={'page':'1'})
|
||||
|
|
@ -395,7 +395,7 @@ def ban(teamid):
|
|||
user = Teams.query.filter_by(id=teamid).first()
|
||||
user.banned = 1
|
||||
db.session.commit()
|
||||
return redirect('/admin/scoreboard')
|
||||
return redirect(url_for('admin.admin_scoreboard'))
|
||||
|
||||
|
||||
@admin.route('/admin/team/<teamid>/unban', methods=['POST'])
|
||||
|
|
@ -404,7 +404,7 @@ def unban(teamid):
|
|||
user = Teams.query.filter_by(id=teamid).first()
|
||||
user.banned = None
|
||||
db.session.commit()
|
||||
return redirect('/admin/scoreboard')
|
||||
return redirect(url_for('admin.admin_scoreboard'))
|
||||
|
||||
|
||||
@admin.route('/admin/team/<teamid>/delete', methods=['POST'])
|
||||
|
|
@ -591,7 +591,7 @@ def admin_create_chal():
|
|||
|
||||
db.session.commit()
|
||||
db.session.close()
|
||||
return redirect('/admin/chals')
|
||||
return redirect(url_for('admin.admin_chals'))
|
||||
|
||||
|
||||
@admin.route('/admin/chal/delete', methods=['POST'])
|
||||
|
|
@ -625,4 +625,4 @@ def admin_update_chal():
|
|||
db.session.add(challenge)
|
||||
db.session.commit()
|
||||
db.session.close()
|
||||
return redirect('/admin/chals')
|
||||
return redirect(url_for('admin.admin_chals'))
|
||||
|
|
|
|||
19
CTFd/auth.py
19
CTFd/auth.py
|
|
@ -29,7 +29,7 @@ def reset_password(data=None):
|
|||
team.password = bcrypt_sha256.encrypt(request.form['password'].strip())
|
||||
db.session.commit()
|
||||
db.session.close()
|
||||
return redirect('/login')
|
||||
return redirect(url_for('auth.login'))
|
||||
|
||||
if request.method == 'POST':
|
||||
email = request.form['email'].strip()
|
||||
|
|
@ -54,7 +54,7 @@ Did you initiate a password reset?
|
|||
@auth.route('/register', methods=['POST', 'GET'])
|
||||
def register():
|
||||
if not can_register():
|
||||
return redirect('/login')
|
||||
return redirect(url_for('auth.login'))
|
||||
if request.method == 'POST':
|
||||
errors = []
|
||||
name = request.form['name']
|
||||
|
|
@ -88,6 +88,13 @@ def register():
|
|||
team = Teams(name, email, password)
|
||||
db.session.add(team)
|
||||
db.session.commit()
|
||||
db.session.flush()
|
||||
|
||||
session['username'] = team.name
|
||||
session['id'] = team.id
|
||||
session['admin'] = team.admin
|
||||
session['nonce'] = sha512(os.urandom(10))
|
||||
|
||||
if mailserver():
|
||||
sendmail(request.form['email'], "You've successfully registered for the CTF")
|
||||
|
||||
|
|
@ -95,7 +102,7 @@ def register():
|
|||
|
||||
logger = logging.getLogger('regs')
|
||||
logger.warn("[{0}] {1} registered with {2}".format(time.strftime("%m/%d/%Y %X"), request.form['name'].encode('utf-8'), request.form['email'].encode('utf-8')))
|
||||
return redirect('/login')
|
||||
return redirect(url_for('challenges.challenges_view'))
|
||||
else:
|
||||
return render_template('register.html')
|
||||
|
||||
|
|
@ -120,9 +127,9 @@ def login():
|
|||
logger = logging.getLogger('logins')
|
||||
logger.warn("[{0}] {1} logged in".format(time.strftime("%m/%d/%Y %X"), session['username'].encode('utf-8')))
|
||||
|
||||
# if request.args.get('next') and is_safe_url(request.args.get('next')):
|
||||
# return redirect(request.args.get('next'))
|
||||
return redirect('/team/{0}'.format(team.id))
|
||||
if request.args.get('next') and is_safe_url(request.args.get('next')):
|
||||
return redirect(request.args.get('next'))
|
||||
return redirect(url_for('challenges.challenges_view'))
|
||||
else:
|
||||
errors.append("That account doesn't seem to exist")
|
||||
db.session.close()
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ def challenges_view():
|
|||
if can_view_challenges():
|
||||
return render_template('chals.html', ctftime=ctftime())
|
||||
else:
|
||||
return redirect('/login')
|
||||
return redirect(url_for('auth.login', next='challenges'))
|
||||
|
||||
|
||||
@challenges.route('/chals', methods=['GET'])
|
||||
|
|
@ -45,7 +45,7 @@ def chals():
|
|||
return jsonify(json)
|
||||
else:
|
||||
db.session.close()
|
||||
return redirect('/login')
|
||||
return redirect(url_for('auth.login', next='chals'))
|
||||
|
||||
|
||||
@challenges.route('/chals/solves')
|
||||
|
|
@ -56,7 +56,7 @@ def chals_per_solves():
|
|||
for chal, count in solves:
|
||||
json[chal.chal.name] = count
|
||||
return jsonify(json)
|
||||
return redirect('/login')
|
||||
return redirect(url_for('auth.login', next='chals/solves'))
|
||||
|
||||
|
||||
@challenges.route('/solves')
|
||||
|
|
@ -108,7 +108,7 @@ def who_solved(chalid):
|
|||
@challenges.route('/chal/<chalid>', methods=['POST'])
|
||||
def chal(chalid):
|
||||
if not ctftime():
|
||||
return redirect('/challenges')
|
||||
return redirect(url_for('challenges.challenges_view'))
|
||||
if authed():
|
||||
fails = WrongKeys.query.filter_by(team=session['id'], chalid=chalid).count()
|
||||
logger = logging.getLogger('keys')
|
||||
|
|
|
|||
|
|
@ -96,7 +96,7 @@ def init_utils(app):
|
|||
if request.path == '/setup' or request.path.startswith('/static'):
|
||||
return
|
||||
if not is_setup():
|
||||
return redirect('/setup')
|
||||
return redirect(url_for('views.setup'))
|
||||
|
||||
|
||||
def ctf_name():
|
||||
|
|
@ -140,7 +140,7 @@ def admins_only(f):
|
|||
@wraps(f)
|
||||
def decorated_function(*args, **kwargs):
|
||||
if session.get('admin', None) is None:
|
||||
return redirect('/login')
|
||||
return redirect(url_for('auth.login'))
|
||||
return f(*args, **kwargs)
|
||||
return decorated_function
|
||||
|
||||
|
|
|
|||
|
|
@ -40,7 +40,7 @@ def redirect_setup():
|
|||
if request.path == "/static/css/style.css":
|
||||
return
|
||||
if not is_setup() and request.path != "/setup":
|
||||
return redirect('/setup')
|
||||
return redirect(url_for('views.setup'))
|
||||
|
||||
|
||||
@views.route('/setup', methods=['GET', 'POST'])
|
||||
|
|
@ -207,7 +207,7 @@ def profile():
|
|||
team.country = country
|
||||
db.session.commit()
|
||||
db.session.close()
|
||||
return redirect('/profile')
|
||||
return redirect(url_for('views.profile'))
|
||||
else:
|
||||
user = Teams.query.filter_by(id=session['id']).first()
|
||||
name = user.name
|
||||
|
|
@ -219,4 +219,4 @@ def profile():
|
|||
return render_template('profile.html', name=name, email=email, website=website, affiliation=affiliation,
|
||||
country=country, prevent_name_change=prevent_name_change)
|
||||
else:
|
||||
return redirect('/login')
|
||||
return redirect(url_for('auth.login'))
|
||||
|
|
|
|||
Loading…
Reference in New Issue