Commit Graph

868 Commits (snyk-fix-600e51cd85ee2219525f18f7935f1860)

Author SHA1 Message Date
snyk-bot 17390f8a4c
fix: Dockerfile to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-ALPINE315-EXPAT-2342160
- https://snyk.io/vuln/SNYK-ALPINE315-EXPAT-2342162
- https://snyk.io/vuln/SNYK-ALPINE315-EXPAT-2342163
- https://snyk.io/vuln/SNYK-ALPINE315-EXPAT-2342164
- https://snyk.io/vuln/SNYK-ALPINE315-EXPAT-2342165
2022-01-19 23:45:04 +00:00
John Hammond c47d6161be Made get_configurable_plugins work nicely with config.jsons that include multiple plugin entries as a list 2020-05-06 20:28:00 -04:00
John Hammond d29f5aaf44 Made prepare.sh install requirements from loaded plugins 2020-05-06 20:26:24 -04:00
Kevin Chung 818a4568a3
Merge pull request #1385 from CTFd/mark-2.4.1
2.4.1 / 2020-05-06
==================

**Admin Panel**
* Fix issue where admins couldn't update the "Account Creation" email
* Fix issue where the Submissions page in the Admin Panel could not be paginated correctly

**Miscellaneous**
* Add `SQLALCHEMY_ENGINE_OPTIONS` to `config.py` with a slightly higher default `max_overflow` setting for `SQLALCHEMY_MAX_OVERFLOW`. This can be overridden with the `SQLALCHEMY_MAX_OVERFLOW` envvar
* Add `node_modules/` to `.dockerignore`
2020-05-06 01:00:23 -04:00
Kevin Chung 1d28016424 Mark v2.4.1 2020-05-05 23:33:06 -04:00
Kevin Chung 2cfc89d4c2
Merge pull request #1384 from ilanarbi/admin-theme-successful-email-fix
* Fix issue where admins couldn't update the Account Confirmation email
2020-05-05 23:26:44 -04:00
ilanarbi 77afae2a4a
Merge branch 'master' into admin-theme-successful-email-fix 2020-05-06 05:22:35 +03:00
Kevin Chung 6a785f1095
Merge pull request #1383 from CTFd/fix-invalid-session-situation
* Fix an issue where session id no longer exists but the server thinks the user is still authed
2020-05-05 22:18:31 -04:00
Ilan 2c563a7b84 admin theme successful confirmation email fix 2020-05-06 04:46:48 +03:00
Kevin Chung ecec8592dc
Merge branch 'master' into fix-invalid-session-situation 2020-05-05 21:20:03 -04:00
Kevin Chung 05da93b4f6
Merge pull request #1380 from CTFd/add-sqlalchemy-engine-options
* Add `SQLALCHEMY_ENGINE_OPTIONS` to `config.py` to specify a slightly higher default `max_overflow`
2020-05-05 21:19:46 -04:00
Kevin Chung 97a221aa24 Fix an issue where session id no longer exists 2020-05-05 19:41:45 -04:00
Kevin Chung 2f6ee65f33 Only add SQLALCHEMY_ENGINE_OPTIONS under production databases 2020-05-05 19:39:36 -04:00
Kevin Chung 4b54789c14
Merge branch 'master' into add-sqlalchemy-engine-options 2020-05-05 19:28:02 -04:00
Kevin Chung 287cb2f263
Merge pull request #1382 from CTFd/node-modules-docker-ignore
* Add `node_modules/` to `.dockerignore`
2020-05-05 19:14:43 -04:00
Kevin Chung 9e158749f0
Merge branch 'master' into node-modules-docker-ignore 2020-05-05 18:31:07 -04:00
Kevin Chung 55d96b1c1d
Merge pull request #1381 from CTFd/fix-submission-type-pagination
* Fix `url_for` call for Admin Panel submission pagination
2020-05-05 17:44:25 -04:00
Kevin Chung f1008a812e Add node_modules/ to .dockerignore 2020-05-05 16:46:16 -04:00
Kevin Chung 565b218ebc Run format 2020-05-05 16:45:22 -04:00
Kevin Chung 197cfc3cf2 Run formatter 2020-05-05 16:44:31 -04:00
Kevin Chung 73e387524a Fix url_for for admin panel submission pagination 2020-05-05 15:52:45 -04:00
Kevin Chung ca65d01f1a Add SQLALCHEMY_ENGINE_OPTIONS with a slightly higher default max_overflow 2020-05-05 15:42:59 -04:00
Kevin Chung dcfa02877d
Merge pull request #1378 from CTFd/bulk-clear-sessions
* Add function to mass clear the cached user/team attributes for all users/teams
2020-05-04 12:02:19 -04:00
Kevin Chung 8b2c75761b
Merge branch 'master' into bulk-clear-sessions 2020-05-04 10:53:33 -04:00
Kevin Chung 5dc7fc6434
Merge pull request #1376 from CTFd/dependabot/npm_and_yarn/lodash-4.17.15
Bump lodash from 4.17.11 to 4.17.15
2020-05-04 10:53:18 -04:00
Kevin Chung 83f3f5d28a
Merge branch 'master' into dependabot/npm_and_yarn/lodash-4.17.15 2020-05-04 09:50:41 -04:00
Kevin Chung 66109629a3
Merge pull request #1377 from CTFd/dependabot/npm_and_yarn/eslint-utils-1.4.3
Bump eslint-utils from 1.3.1 to 1.4.3
2020-05-04 09:50:28 -04:00
Kevin Chung f0921f42f5 Run format 2020-05-04 09:49:31 -04:00
Kevin Chung 49816c730b
Merge branch 'master' into dependabot/npm_and_yarn/eslint-utils-1.4.3 2020-05-04 04:08:51 -04:00
Kevin Chung 7646707b8a
Merge branch 'master' into bulk-clear-sessions 2020-05-04 04:06:43 -04:00
Kevin Chung 672798ece6 Add a test for clear_all_user_sessions 2020-05-04 04:06:29 -04:00
Kevin Chung 056ba7e189
Merge branch 'master' into dependabot/npm_and_yarn/lodash-4.17.15 2020-05-04 03:53:50 -04:00
Kevin Chung 8e53db1617
Merge pull request #1375 from CTFd/dependabot/npm_and_yarn/acorn-5.7.4
Bump acorn from 5.7.3 to 5.7.4
2020-05-04 03:53:33 -04:00
Kevin Chung e65d60bed1 Add function mass clear user/team sessions 2020-05-04 03:44:02 -04:00
dependabot[bot] 2b958c3a82
Bump eslint-utils from 1.3.1 to 1.4.3
Bumps [eslint-utils](https://github.com/mysticatea/eslint-utils) from 1.3.1 to 1.4.3.
- [Release notes](https://github.com/mysticatea/eslint-utils/releases)
- [Commits](https://github.com/mysticatea/eslint-utils/compare/v1.3.1...v1.4.3)

Signed-off-by: dependabot[bot] <support@github.com>
2020-05-04 06:26:13 +00:00
dependabot[bot] 02f0f28365
Bump lodash from 4.17.11 to 4.17.15
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.11 to 4.17.15.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.11...4.17.15)

Signed-off-by: dependabot[bot] <support@github.com>
2020-05-04 06:26:13 +00:00
dependabot[bot] ddfa337ef3
Bump acorn from 5.7.3 to 5.7.4
Bumps [acorn](https://github.com/acornjs/acorn) from 5.7.3 to 5.7.4.
- [Release notes](https://github.com/acornjs/acorn/releases)
- [Commits](https://github.com/acornjs/acorn/compare/5.7.3...5.7.4)

Signed-off-by: dependabot[bot] <support@github.com>
2020-05-04 06:26:13 +00:00
Kevin Chung bd4900b896
Merge pull request #1361 from CTFd/2.4.0-dev
2.4.0 / 2020-05-04
==================

**General**
* Cache user and team attributes and use those perform certain page operations intead of going to the database for data
    * After modifying the user/team attributes you should call the appropriate cache clearing function (clear_user_session/clear_team_session)
* Cache user IPs for the last hour to avoid hitting the database on every authenticated page view
    * Update the user IP's last seen value at least every hour or on every non-GET request
* Replace `flask_restplus` with `flask_restx`
* Remove `datafreeze`, `normality`, and `banal` dependencies in favor of in-repo solutions to exporting database

**Admin Panel**
* Add bulk selection and deletion for Users, Teams, Scoreboard, Challenges, Submissions
* Make some Admin tables sortable by table headers
* Create a score distribution graph in the statistics page
* Make instance reset more granular to allow for choosing to reset Accounts, Submissions, Challenges, Pages, and/or Notificatoins
* Properly update challenge visibility after updating challenge
* Show total possible points in Statistics page
* Add searching for Users, Teams, Challenges, Submissions
* Move User IP addresses into a modal
* Move Team IP addresses into a modal
* Show User website in a user page button
* Show Team website in a team page button
* Make the Pages editor use proper HTML syntax highlighting
* Theme header and footer editors now use CodeMirror
* Make default CodeMirror font-size 12px
* Stop storing last action via location hash and switch to using sessionStorage

**Themes**
* Make page selection a select and option instead of having a lot of page links
* Add the JSEnum class to create constants that can be accessed from webpack. Generate constants with `python manage.py build jsenums`
* Add the JinjaEnum class to inject constants into the Jinja environment to access from themes
* Update jQuery to 3.5.0 to resolve potential security issue
* Add some new CSS utilities (`.min-vh-*` and `.opacity-*`)
* Change some rows to have a minimum height so they don't render oddly without data
* Deprecate `.spinner-error` CSS class
* Deprecate accessing the type variable to check user role. Instead you should use `is_admin()`

**Miscellaneous**
* Enable foreign key enforcement for SQLite. Only really matters for the debug server.
* Remove the duplicated `get_config` from `CTFd.models`
* Fix possible email sending issues in Python 3 by using `EmailMessage`
* Dont set User type in the user side session. Instead it should be set in the new user attributes
* Fix flask-profiler and bump dependency to 1.8.1
* Switch to using the `Faker` library for `populate.py` instead of hardcoded data
* Add a `yarn lint` command to run eslint on JS files
* Always insert the current CTFd version at the end of the import process
* Fix issue where files could not be downloaded on Windows
2020-05-04 02:25:26 -04:00
Kevin Chung fb6b30ab1b Fix lint 2020-05-04 01:29:28 -04:00
Kevin Chung 2c4259c999 Bump release date 2020-05-04 01:04:37 -04:00
Kevin Chung 625c17db30 Invalidate any previously cached attributes on user login 2020-05-03 20:47:25 -04:00
Kevin Chung 7779175eea Set date 2020-05-03 03:22:43 -04:00
Kevin Chung f559c7d8fc
Merge pull request #1373 from CTFd/bulk-table-profile-actions
* Convert Admin Panel User/Team submission actions to be bulk actions
* Add "Mark Missing" feature for Teams
2020-05-03 01:10:35 -04:00
Kevin Chung 1befbedee0 Fix lints 2020-05-02 23:57:54 -04:00
Kevin Chung ba4fce4736 Update changelog 2020-05-02 23:18:54 -04:00
Kevin Chung 0ff9d142f7 Use sessionStorage to store most recently used tabs instead of the location hash 2020-05-02 23:04:58 -04:00
Kevin Chung 494052fb44 Bump min-vh 2020-05-02 20:38:15 -04:00
Kevin Chung 0d904d0628 Run yarn build 2020-05-02 19:37:26 -04:00
Kevin Chung a2e5aa4b9e Add team mark missing 2020-05-02 15:04:04 -04:00
Kevin Chung 76bd626c36 Make bulk mark correct work for users 2020-05-02 14:35:47 -04:00