diff --git a/CTFd/schemas/teams.py b/CTFd/schemas/teams.py index 8a6d94d..c506475 100644 --- a/CTFd/schemas/teams.py +++ b/CTFd/schemas/teams.py @@ -19,6 +19,7 @@ class TeamSchema(ma.ModelSchema): Teams, "name", required=True, + allow_none=False, validate=[ validate.Length(min=1, max=128, error="Team names must not be empty") ], @@ -26,6 +27,7 @@ class TeamSchema(ma.ModelSchema): email = field_for( Teams, "email", + allow_none=False, validate=validate.Email("Emails must be a properly formatted email address"), ) website = field_for( diff --git a/CTFd/schemas/users.py b/CTFd/schemas/users.py index 73ed057..d253911 100644 --- a/CTFd/schemas/users.py +++ b/CTFd/schemas/users.py @@ -20,6 +20,7 @@ class UserSchema(ma.ModelSchema): Users, "name", required=True, + allow_none=False, validate=[ validate.Length(min=1, max=128, error="User names must not be empty") ], @@ -27,6 +28,7 @@ class UserSchema(ma.ModelSchema): email = field_for( Users, "email", + allow_none=False, validate=[ validate.Email("Emails must be a properly formatted email address"), validate.Length(min=1, max=128, error="Emails must not be empty"), diff --git a/tests/api/v1/test_teams.py b/tests/api/v1/test_teams.py index b4fcf17..f21d45e 100644 --- a/tests/api/v1/test_teams.py +++ b/tests/api/v1/test_teams.py @@ -379,6 +379,14 @@ def test_api_team_patch_me_logged_in_admin_captain(): app.db.session.commit() with login_as_user(app, name="admin") as client: + # Users can't null out their team name + r = client.patch( + "/api/v1/teams/me", json={"name": None} + ) + resp = r.get_json() + assert r.status_code == 400 + assert resp["errors"]["name"] == ["Field may not be null."] + r = client.patch( "/api/v1/teams/me", json={"name": "team_name", "affiliation": "changed"} ) diff --git a/tests/api/v1/test_users.py b/tests/api/v1/test_users.py index 89e9b97..686fb59 100644 --- a/tests/api/v1/test_users.py +++ b/tests/api/v1/test_users.py @@ -427,6 +427,13 @@ def test_api_user_change_name(): assert resp["data"]["name"] == "user2" assert resp["success"] is True + r = client.patch("/api/v1/users/me", json={"name": None}) + resp = r.get_json() + print(resp) + assert r.status_code == 400 + assert resp["errors"]["name"] == ["Field may not be null."] + assert resp["success"] is False + set_config("name_changes", False) r = client.patch("/api/v1/users/me", json={"name": "new_name"}) @@ -444,6 +451,32 @@ def test_api_user_change_name(): destroy_ctfd(app) +def test_api_user_change_email(): + """Test that users can change their email via the API""" + app = create_ctfd() + with app.app_context(): + register_user(app) + user = Users.query.filter_by(id=2).first() + app.db.session.commit() + with login_as_user(app) as client: + # Test users can't submit null + r = client.patch("/api/v1/users/me", json={"email": None, "confirm": "password"}) + resp = r.get_json() + print(resp) + assert r.status_code == 400 + assert resp["errors"]["email"] == ["Field may not be null."] + + # Test users can exercise the API + r = client.patch("/api/v1/users/me", json={"email": "new_email@email.com", "confirm": "password"}) + assert r.status_code == 200 + resp = r.get_json() + assert resp["data"]["email"] == "new_email@email.com" + assert resp["success"] is True + user = Users.query.filter_by(id=2).first() + assert user.email == "new_email@email.com" + destroy_ctfd(app) + + def test_api_user_change_verify_email(): """Test that users are marked unconfirmed if they change their email and verify_emails is turned on""" app = create_ctfd()