Preventing team name changes

CTFd/admin.py

@@ -58,9 +58,15 @@ def init_admin(app):
             try:
                 view_challenges_unregistered = bool(request.form.get('view_challenges_unregistered', None))
                 prevent_registration = bool(request.form.get('prevent_registration', None))
+                prevent_name_change = bool(request.form.get('prevent_name_change', None))
             except (ValueError, TypeError):
                 view_challenges_unregistered = None
                 prevent_registration = None
+                prevent_name_change = None
+            finally:
+                view_challenges_unregistered = set_config('view_challenges_unregistered', view_challenges_unregistered)
+                prevent_registration = set_config('prevent_registration', prevent_registration)
+                prevent_name_change = set_config('prevent_name_change', prevent_name_change)
 
             ctf_name = set_config("ctf_name", request.form.get('ctf_name', None))
             mg_api_key = set_config("mg_api_key", request.form.get('mg_api_key', None))
@@ -72,16 +78,8 @@ def init_admin(app):
             db_end = Config.query.filter_by(key='end').first()
             db_end.value = end
 
-            db_view_challenges_unregistered = Config.query.filter_by(key='view_challenges_unregistered').first()
-            db_view_challenges_unregistered.value = view_challenges_unregistered
-
-            db_prevent_registration = Config.query.filter_by(key='prevent_registration').first()
-            db_prevent_registration.value = prevent_registration
-
             db.session.add(db_start)
             db.session.add(db_end)
-            db.session.add(db_view_challenges_unregistered)
-            db.session.add(db_prevent_registration)
 
             db.session.commit()
             return redirect('/admin/config')
@@ -114,12 +112,17 @@ def init_admin(app):
         if not prevent_registration:
             set_config('prevent_registration', None)
 
+        prevent_name_change = get_config('prevent_name_change') == '1'
+        if not prevent_name_change:
+            set_config('prevent_name_change', None)
+
         db.session.commit()
         db.session.close()
 
         return render_template('admin/config.html', ctf_name=ctf_name, start=start, end=end,
                                view_challenges_unregistered=view_challenges_unregistered,
-                               prevent_registration=prevent_registration, do_api_key=do_api_key, mg_api_key=mg_api_key)
+                               prevent_registration=prevent_registration, do_api_key=do_api_key, mg_api_key=mg_api_key,
+                               prevent_name_change=prevent_name_change)
 
     @app.route('/admin/pages', defaults={'route': None}, methods=['GET', 'POST'])
     @app.route('/admin/pages/<route>', methods=['GET', 'POST'])

CTFd/views.py

@@ -1,5 +1,5 @@
 from flask import current_app as app, render_template, render_template_string, request, redirect, abort, jsonify, json as json_mod, url_for, session
-from CTFd.utils import authed, ip2long, long2ip, is_setup, validate_url
+from CTFd.utils import authed, ip2long, long2ip, is_setup, validate_url, get_config
 from CTFd.models import db, Teams, Solves, Challenges, WrongKeys, Keys, Tags, Files, Tracking, Pages, Config
 
 from jinja2.exceptions import TemplateNotFound
@@ -158,10 +158,12 @@ def init_views(app):
                     errors.append("That doesn't look like a valid URL")
 
                 if len(errors) > 0:
-                    return render_template('profile.html', name=name, email=email, website=website, affiliation=affiliation, country=country, errors=errors)
+                    return render_template('profile.html', name=name, email=email, website=website,
+                                           affiliation=affiliation, country=country, errors=errors)
                 else:
                     team = Teams.query.filter_by(id=session['id']).first()
-                    team.name = name
+                    if not get_config('prevent_name_change'):
+                        team.name = name
                     team.email = email
                     session['username'] = name
 
@@ -180,6 +182,8 @@ def init_views(app):
                 website = user.website
                 affiliation = user.affiliation
                 country = user.country
-                return render_template('profile.html', name=name, email=email, website=website, affiliation=affiliation, country=country)
+                prevent_name_change = get_config('prevent_name_change')
+                return render_template('profile.html', name=name, email=email, website=website, affiliation=affiliation,
+                                       country=country, prevent_name_change=prevent_name_change)
         else:
             return redirect('/login')

templates/admin/config.html

@@ -42,6 +42,11 @@
             <label for="prevent_registration">Prevent public registration</label>
         </div>
 
+        <div class="row">
+            <input id="prevent_name_change" name="prevent_name_change" type="checkbox" {% if prevent_name_change %}checked{% endif %}>
+            <label for="prevent_name_change">Prevent Team Name Changes</label>
+        </div>
+
         <button class="radius" type='submit'>Update</button>
     </form>
 </div>

templates/profile.html

@@ -10,7 +10,7 @@
     {% endfor %}
     <form method="POST">
         <span>Team Name</span>
-            <input class="radius" type="text" name="name" placeholder="Team Name" value="{{name}}">
+            <input class="radius" type="text" name="name" placeholder="Team Name" value="{{name}}" {% if prevent_name_change %}disabled{% endif %}>
 
         <span>Email Address</span>
             <input class="radius" type="text" name="email" placeholder="Email Address" value="{{email}}">