* Starts work on #929
* Adds Enum classes that can be accessed from JS, Jinja, and Python code. This allows for the sharing of constant values between the three major codebases in CTFd.
* Fix a potential issue where config.py SMTP settings might not have been overrideable from the Admin Panel
* Closes#1306 by using `email.message.EmailMessage` in Python 3. Python 2 will use the old `sendmail` behavior.
* Deprecates storing session["type"] as a means of referring to the user's current level. Instead you should refer to the database.
* Adds `CTFd.utils.user.get_current_user_type()` to get the current user's type or return None if the user is unauthed.
* Closes#1279
2.3.3 / 2020-04-12
==================
**General**
* Re-enable the Jinja LRU Cache for **significant speedups** when returning HTML content
**API**
* `POST /api/v1/unlocks` will no longer allow duplicate unlocks to happen
**Admin Panel**
* Makes `Account Visibility` subtext clearer by explaining the `Private` setting in Config Panel
**Themes**
* Fixes an issue with using a theme with a purely numeric name
* Fixes issue where the scoreboard graph always said Teams regardless of mode
**Miscellaneous**
* Bump max log file size to 10 MB and fix log rotation
* Docker image dependencies (apk & pip) are no longer cached reducing the image size slightly
2.3.2 / 2020-03-15
==================
**General**
* Fix awards not being properly assigned to teams in `TEAMS_MODE`
**API**
* Set `/api/v1/statistics/users` route to be admins_only
* When POST'ing to `/api/v1/awards`, CTFd will look up a user's team ID if `team_id` is not specified
**Admin Panel**
* Adds a setting to registration visibility to allow for MLC registration while registration is disabled
* Fix setting theme color during the setup flow and from the Admin Panel
**Themes**
* Fixes users/admins being able to remove profile settings.
* Previously a bug prevented users from removing some profile settings. Now the `core` theme stores the initial value of inputs as a `data` attribute and checks for changes when updating data. This should be a temporary hack until a proper front-end framework is in place.
* Fix `ezToast()` issue that was keeping toast messages visible indefinitely
* Fix `modal-body` parameters in ezq.js for `ezAlert` and `ezQuery` and fix the progress bar for certain cases in `ezProgressBar`
* Use `authed()` function to check if user is authed in `base.html`. This fixes an issue where a page could look as if the user was logged in.
**Miscellaneous**
* Fix behavior for `REVERSE_PROXY` config setting when set to a boolean instead of a string
* Improve `Dockerfile` to run fewer commands and re-use the build cache
* Add `make coverage` to generate an HTML coverage report
* Update `coverage` and `pytest-cov` development dependencies
* Improve `Dockerfile` to run fewer commands and re-use the build cache
Co-authored-by: Joe Atzberger <atz@corelight.com>
Co-authored-by: Kevin Chung <kchung@nyu.edu>
* Fix `modal-body` parameters in ezq.js for `ezAlert` and `ezQuery` and fix the progress bar for certain cases in `ezProgressBar`
* Mostly copied from #1275
2.3.0 / 2020-02-17
==================
**General**
* During setup, admins can register their email address with the CTFd LLC newsletter for news and updates
* Fix editting hints from the admin panel
* Allow admins to insert HTML code directly into the header and footer (end of body tag) of pages. This replaces and supercedes the custom CSS feature.
* The `views.custom_css` route has been removed.
* Admins can now customize the content of outgoing emails and inject certain variables into email content.
* The `manage.py` script can now manipulate the CTFd Configs table via the `get_config` and `set_config` commands. (e.g. `python manage.py get_config ctf_theme` and `python manage.py set_config ctf_theme core`)
**Themes**
* Themes should now reference the `theme_header` and `theme_footer` configs instead of the `views.custom_css` endpoint to allow for user customizations. See the `base.html` file of the core theme.
**Plugins**
* Make `ezq` functions available to `CTFd.js` under `CTFd.ui.ezq`
**Miscellaneous**
* Python imports sorted with `isort` and import order enforced
* Black formatter running on a majority of Python code
2.2.3 / 2020-01-21
==================
### This release includes a critical security fix for CTFd versions >= 2.0.0
All CTFd administrators are recommended to take the following steps:
1. Upgrade their installations to the latest version
2. Rotate the `SECRET_KEY` value
3. Reset the passwords for all administrator users
**Security**
* This release includes a fix for a vulnerability allowing an arbitrary user to take over other accounts given their username and a CTFd instance with emails enabled
**General**
* Users will receive an email notification when their passwords are reset
* Fixed an error when users provided incorrect team join information
* Usernames are now properly stripped before being used in registration checks
* Reset password function now uses email addresses instead of user names for tokens
* Prevent MLC users from resetting their password
2.2.2 / 2020-01-09
==================
**General**
* Add jQuery, Moment, nunjucks, and Howl to window globals to make it easier for plugins to access JS modules
* Fix issue with timezone loading in config page which was preventing display of CTF times
Kevin Chung
Kevin Chung
Dave
HuiFeng Tang
淡水
Alan
Joe Atzberger
Zander Work