Commit Graph

598 Commits (49b48a9e5319297baff84b32c3c814fe722b5bf1)

Author SHA1 Message Date
Kevin Chung 6e8c7aaa50
Require CSRF-Token header on state changing API requests, require CSRF nonces on more than just POSTs, replace usage of fetch() with custom CTFd.fetch() implementation (#827)
* Require CSRF-Token header on state changing API requests
* Require CSRF nonces on more than just POSTs, 
* Replace usage of `fetch()` with custom `CTFd.fetch()` implementation
2019-01-10 22:38:37 -05:00
Kevin Chung 9ee743de7e
Simplify url_for calls in themes, rework CTFd.js, fix flaky test (#826)
* Simplify url_for calls in themes, rework CTFd.js, fix flaky test
2019-01-10 01:58:39 -05:00
Kevin Chung 83e294057e
Default SameSite session cookie setting to Lax (#824) 2019-01-08 02:52:51 -05:00
Kevin Chung 9f7dc0543c
Fix insecure link to MLC (#822) 2019-01-05 19:25:29 -05:00
Kevin Chung f1d0221ee2
Mark 2.0.2 (#819)
* Mark 2.0.2
* [ci-skip] Fix grammar issues
2019-01-04 02:14:04 -05:00
Kevin Chung 3093aa7d00
Fix 500s from invalid page args (#818)
* Fix some 500s generated by invalid non-int page arguments
2019-01-03 02:38:48 -05:00
Kevin Chung 747fa432c0
Pin normality version (#817)
Closes #816
Pin version of normality to work around pudo/normality#6.
2019-01-02 22:04:32 -05:00
FaultyMach1ine 08c39c01a3 Fix wrong user mode in challenge_solves_box (#812)
* Fix incorrect user/team link in the challenge solves tab
* Change /api/v1/<challenge_id>/solves to also return account_url
2019-01-02 02:22:58 -05:00
FaultyMach1ine ae092652c6 Update dynamic_challenges plugin ui to disable modification of current_value items (#811)
* Disable the `value` input on dynamic challenges because it is unused
* Fix some lint issues in templates
2019-01-01 19:11:45 -05:00
Kevin Chung 324f8859a1
Fix subdirectory deployments in a generic manner (#802)
* Fix subdirectory deployments in a generic manner by modifying`request.path` to combine both `request.script_root` and `request.path` and also creating a request preprocessor to redirect users into the true CTFd app. Without this sessions will be invalid because sessions will be set to a subdirectory. 
* Add a test for testing subdirectory deployments and the customized CTFdRequest object.
* Fix `TestingConfig.SAFE_MODE` getting stuck in between tests. 
* Order AWS keys properly in travis.yml
* Redirect to `request.full_path` instead of just `request.path`
2018-12-16 13:18:08 -05:00
Kevin Chung f4f4bd5333
Adds plugin functions to register javascript and CSS in the admin panel. Move global plugin script/stylesheet lists into application factory specific lists. Closes #804 (#805)
* Adds plugin functions to register javascript and CSS in the admin panel
* Move global plugin script/stylesheet lists into application factory specific lists
* Closes #804
2018-12-15 13:48:21 -05:00
Kevin Chung 367110969e
Update admin notification UI and allow for deleting notifications (#803)
* Show notification titles on the notification list page
* Allow for deleting notifications
* Update notification UI in admin panel
* Make /api/v1/notifications/<id> accessible to all
* Default `login_as_user()` and `register_user()` to fail on invalid credentials
2018-12-14 23:23:02 -05:00
Kevin Chung 0c14f6ff0f
Disable user mode switching client side (Closes #799) (#800)
* Disable user mode switching on client side (Closes #799)
* It's ill advised to switch user modes after a CTF is setup. The simplest thing to do here is to require CTF resetting in order to switch modes. If it makes sense this can be re-enabled and re-evaluated.
2018-12-11 20:49:27 -05:00
Kevin Chung 087443467f
Allow unauthed users to attempt challenges if visibility is public but get redirected (Closes #797) (#798) 2018-12-10 22:58:23 -05:00
Kevin Chung f3a97f7344
Mark 2.0.1 release (#796) 2018-12-09 15:47:56 -05:00
Kevin Chung 234d9ec57d
Fix email confirmations and password resets (#795)
* Fix email confirmations and improve test.
* Breaks confirm.html page because of change from team to user
* Clean up admin mail settings to use new label/small structure
* Fix password resets from double hashing passwords
2018-12-09 14:47:40 -05:00
Peter b331bb3e0e Fix divison-by-zero when adding requirement to dynamic challenge (#782)
* Fixing a bug where prerequisites could not be set for dynamic challenges due to a division by zero error where defaults were being set unnecessarily. 
* Creating unit test for adding requirement to dynamic challenges
2018-12-08 00:36:29 -05:00
Kevin Chung e4fd1c47dd
Fix downloading files as an anonymous user. (#792)
* Fix downloading files as an anonymous user. 
* Fix viewing challenges anonymously if they have empty requirements. Closes #789
* Allow anonymous users to see see challenges with empty requirements or anonymized challenges
2018-12-07 23:37:30 -05:00
Kevin Chung 760a8add03
Fix S3 sync function to only sync down full files (#788)
* Fix S3 sync function to only pull down files
2018-12-07 03:08:16 -05:00
Kevin Chung ecd630c64a
Disable jinja cache properly by setting cache_size to 0 (#662) (#787)
* Disable jinja cache properly by setting cache_size to 0 (#662)
* Without disabling the cache you get some difficult to debug rendering errors. Regression from 1.2.0.
2018-12-06 22:36:34 -05:00
Kevin Chung 5cedcb7372
Fix hint loading for admins with /api/v1/hints/<id>?preview=true (#786)
* Fix hint loading for admins by adding /api/v1/hints/<id>?preview=true for use by admins
* Add tests for admin Hint preview
2018-12-06 21:46:47 -05:00
Kevin Chung afdfaa15da
Fix CTF resets in mysql (#785)
* Extend test for CTFd resets and fix issue in MySQL
* Expand reset test and fix helper for fails and tracking
2018-12-06 20:43:14 -05:00
Kevin Chung 547fe61870
Fix syncing down an empty S3 bucket (#783)
* Fix syncing down an empty S3 bucket
* Add test for S3 uploader
* Remove boto.cfg because of https://github.com/travis-ci/travis-ci/issues/7940#issuecomment-310759657
* Specify dummy AWS creds in travis.yml
* Fix S3Uploader in Python 3 and fix test
2018-12-06 01:39:39 -05:00
Kevin Chung 473acdbdc3
Fix smtp sendmail (#781)
* Fix setting mail_username, mail_password; Fix setting auth for get_smtp
* Add MAIL_USEAUTH to config.py
* Add more mail documentation to config.py
* Prevent overriding smtp attributes on config update; update email tests to use mail_userauth
2018-12-05 00:18:11 -05:00
Raihan Ramadistra 64b96d9c1a Fix admin cannot modify verified status in Edit User (#777)
* Grant admin write access to verified field in UserSchema.
* Add test admin can view and modify verified status
* Add test for creating users with settings
* Add codecov threshold for test failures
2018-12-04 00:35:51 -05:00
Kevin Chung 809e4df471
Update CHANGELOG (#775) 2018-12-02 11:54:48 -05:00
Kevin Chung 5a14cc2040
Re add view after ctf (#774)
* Re-add view_after_ctf configuration
* Add test for view_after_ctf functionality
2018-12-01 20:24:39 -05:00
Kevin Chung 66c749fce6
Allow setting SocketIO async mode from envvar or config.py (#773)
* Allow setting SocketIO async mode from envvar or config.py
2018-12-01 19:20:36 -05:00
Kevin Chung e2ff705494
Resolve issues with pages and caching (#771)
* Update base.html to move custom_css precedence
* Fix Page creation & caching
* Add Page loading test
* Fix creating Page with an invalid route
* Don't call cache.clear() unless it's absolutely needed
* Fix showing uploaded files after uploading to media library
* Fix previewing challenges from the admin panel if it has requirements
* Hardcode CACHE_THRESHOLD to 0 in FileSystemCache to prevent random sessions getting deleted (Closes #772)
2018-12-01 16:25:39 -05:00
Kevin Chung fb0d8877cb
Update CHANGELOG (#770) 2018-11-30 22:41:19 -05:00
Kevin Chung 56178840fe
Only call load_user_solves if authed (#769)
* Only call load_user_solves if authed
* Fix user.html page links
2018-11-30 21:52:10 -05:00
Kevin Chung 4233d683b8
Fix creating users, teams from the API (#768)
* Fix creating users, teams from the API, hash password in models vs in schemas, stop caching CSS at the decorator level, fix tests
* Fix whitelisted emails and add test
* Set proper defaults in accounts config
2018-11-30 20:12:48 -05:00
Kevin Chung c342ca85b4
Use tempfile.SpooledTemporaryFile() instead of raw BytesIO (#767)
* Use tempfile.SpooledTemporaryFile() instead of raw BytesIO
* Fix test to call .read() instead of .getvalue()
2018-11-29 23:45:23 -05:00
Kevin Chung f03c304286
Fix wrong column name in upgrade script (#764)
* Fix wrong column name in upgrade script
* Properly grab configs as booleans
2018-11-29 20:05:33 -05:00
Kevin Chung 469b640203
Fix issue loading update view in Python 3. Thanks to @mayoneko (#766)
* Fix `update.html` in Python 3
2018-11-29 19:22:50 -05:00
Kevin Chung 825190ba3a
Release 2.0.0 (#763)
* Update CHANGELOG
2018-11-28 22:30:32 -05:00
Kevin Chung 614243d8c0
Update mariadb to 10.4 based on #726 (#762)
* Update mariadb to 10.4
* Remove LOG_FOLDER from docker-compose.yml
2018-11-28 00:57:54 -05:00
Kevin Chung a8184ed424
Fix user.html when running in user mode without a team (#761)
* Fix /user page for users without teams (e.g. user mode)
2018-11-27 21:58:23 -05:00
Kevin Chung e79f32a5c1
Fix dynamic challenges to work in user mode and team mode (#760)
* Fix dynamic challenges to work in user mode and team mode (Closes #759)
* Add test for solving dynamic challenges and challenge de-valuation
* Add missing oauth_login link to team_enrollment.html
2018-11-27 03:04:51 -05:00
Kevin Chung 2bd310b5d9
Mark 2.0.0 (#757)
* Update CHANGELOG
* Update README
* Upgrade migration script to port visibility settings
* Add message about visibility settings and port over visibility settings
* Close #758
* Add tests for dynamic value challenges
2018-11-26 20:32:04 -05:00
Kevin Chung 821c5552c1
Fix challenge requirement visibility; add challenge requirements test; mark solves after loading chals (#755)
* Fix challenge requirement visibility
* Add challenge requirements test
* Mark solves after loading chals
2018-11-25 22:23:05 -05:00
Kevin Chung ae90537a59 Properly check SAFE_MODE and allow plugins to be loaded from tests optionally 2018-11-25 13:51:33 -05:00
Kevin Chung 3e8f13dfd1
Add SAFE_MODE concept to let tests run without plugins (#753)
* Adds a `SAFE_MODE` config to disable the loading of plugins.
2018-11-25 13:11:31 -05:00
Kevin Chung 3b1872499a
Fix update.html loading from custom folder in update view (#752)
* Rename flag files to simplify naming
* Fix update.html loading from custom folder in update view
2018-11-25 02:24:03 -05:00
Kevin Chung d3621a4f3e
Finalize 2.0.0 (#751)
* Fix Font-Awesome running offline and use minified Font-Awesome
* Rename chal-* classes/ids to challenge-*
* Fix admins changing their password
2018-11-24 13:51:32 -05:00
Kevin Chung 49ed27cfd6
Fix Uploaders to work with imports/exports (#749)
* Refactor Uploaders to work better with imports/exports
* Get S3 uploader working properly with imports/exports
* cache pip in travis
2018-11-23 06:10:33 -05:00
Kevin Chung 310475d739
Finalize 2.0.0 (#747)
* Update CHANGELOG
* Default config.py values to load from envvars
2018-11-23 01:36:21 -05:00
Kevin Chung bf241eb1a5
Auth Improvments (#746)
* Create generic get_errors, get_infos; add MLC OAuth settings in config
* Use new get_errors function
2018-11-22 18:33:08 -05:00
Kevin Chung a3bc7b3917
1.2.0 -> 2.0.0 migration script (#745)
* Upgrade 1.2.0 migration script to properly import plugin tables
2018-11-22 15:24:34 -05:00
Kevin Chung 4fde0368db
2.0.0 Supplementary Changes (#744)
* Clean up models a little
* Add 1.2.0 migration script
* Add 2.0.0 CHANGELOG
* Fix S3 uploader
* Update config.py to grab S3 settings from envvars
2018-11-22 11:05:47 -05:00