Commit Graph

18 Commits (ddfa337ef3d187c7bacadae52d5ab062688382de)

Author SHA1 Message Date
Kevin Chung b8d0f80d01
2.2.0 (#1188)
2.2.0 / 2019-12-22
==================

## Notice
2.2.0 focuses on updating the front end of CTFd to use more modern programming practices and changes some aspects of core CTFd design. If your current installation is using a custom theme or custom plugin with ***any*** kind of JavaScript, it is likely that you will need to upgrade that theme/plugin to be useable with v2.2.0. 

**General**
* Team size limits can now be enforced from the configuration panel
* Access tokens functionality for API usage
* Admins can now choose how to deliver their notifications
    * Toast (new default)
    * Alert
    * Background
    * Sound On / Sound Off
* There is now a notification counter showing how many unread notifications were received
* Setup has been redesigned to have multiple steps
    * Added Description
    * Added Start time and End time,
    * Added MajorLeagueCyber integration
    * Added Theme and color selection
* Fixes issue where updating dynamic challenges could change the value to an incorrect value
* Properly use a less restrictive regex to validate email addresses
* Bump Python dependencies to latest working versions
* Admins can now give awards to team members from the team's admin panel page

**API**
* Team member removals (`DELETE /api/v1/teams/[team_id]/members`) from the admin panel will now delete the removed members's Submissions, Awards, Unlocks

**Admin Panel**
* Admins can now user a color input box to specify a theme color which is injected as part of the CSS configuration. Theme developers can use this CSS value to change colors and styles accordingly.
* Challenge updates will now alert you if the challenge doesn't have a flag
* Challenge entry now allows you to upload files and enter simple flags from the initial challenge creation page

**Themes**
* Significant JavaScript and CSS rewrite to use ES6, Webpack, yarn, and babel
* Theme asset specially generated URLs
    * Static theme assets are now loaded with either .dev.extension or .min.extension depending on production or development (i.e. debug server)
    * Static theme assets are also given a `d` GET parameter that changes per server start. Used to bust browser caches.
* Use `defer` for script tags to not block page rendering
* Only show the MajorLeagueCyber button if configured in configuration
* The admin panel now links to https://help.ctfd.io/ in the top right
* Create an `ezToast()` function to use [Bootstrap's toasts](https://getbootstrap.com/docs/4.3/components/toasts/)
* The user-facing navbar now features icons
* Awards shown on a user's profile can now have award icons
* The default MarkdownIt render created by CTFd will now open links in new tabs
* Country flags can now be shown on the user pages

**Deployment**
* Switch `Dockerfile` from `python:2.7-alpine` to `python:3.7-alpine`
* Add `SERVER_SENT_EVENTS` config value to control whether Notifications are enabled
* Challenge ID is now recorded in the submission log

**Plugins**
* Add an endpoint parameter to `register_plugin_assets_directory()` and `register_plugin_asset()` to control what endpoint Flask uses for the added route

**Miscellaneous**
* `CTFd.utils.email.sendmail()` now allows the caller to specify subject as an argument
    * The subject allows for injecting custom variable via the new `CTFd.utils.formatters.safe_format()` function
* Admin user information is now error checked during setup
* Added yarn to the toolchain and the yarn dev, yarn build, yarn verify, and yarn clean scripts
* Prevent old CTFd imports from being imported
2019-12-22 23:17:34 -05:00
Dave 97f5dcaf8c Strip password before length check (#1155)
* Strip password before length check
* Pin black to an older version
2019-11-05 23:25:39 -05:00
Kevin Chung 6833378c36
Format all the things (#991)
* Format Javascript and CSS files with `prettier`: `prettier --write 'CTFd/themes/**/*'`
* Format Python with `black`: `black CTFd` & `black tests`
* Travis now uses xenial instead of trusty.
2019-05-11 21:09:37 -04:00
Kevin Chung b6d54b9ee9
2.1.0 (#957)
https://github.com/CTFd/CTFd/milestone/6
2019-04-17 01:36:30 -04:00
Kevin Chung 324f8859a1
Fix subdirectory deployments in a generic manner (#802)
* Fix subdirectory deployments in a generic manner by modifying`request.path` to combine both `request.script_root` and `request.path` and also creating a request preprocessor to redirect users into the true CTFd app. Without this sessions will be invalid because sessions will be set to a subdirectory. 
* Add a test for testing subdirectory deployments and the customized CTFdRequest object.
* Fix `TestingConfig.SAFE_MODE` getting stuck in between tests. 
* Order AWS keys properly in travis.yml
* Redirect to `request.full_path` instead of just `request.path`
2018-12-16 13:18:08 -05:00
Kevin Chung 547fe61870
Fix syncing down an empty S3 bucket (#783)
* Fix syncing down an empty S3 bucket
* Add test for S3 uploader
* Remove boto.cfg because of https://github.com/travis-ci/travis-ci/issues/7940#issuecomment-310759657
* Specify dummy AWS creds in travis.yml
* Fix S3Uploader in Python 3 and fix test
2018-12-06 01:39:39 -05:00
Kevin Chung 49ed27cfd6
Fix Uploaders to work with imports/exports (#749)
* Refactor Uploaders to work better with imports/exports
* Get S3 uploader working properly with imports/exports
* cache pip in travis
2018-11-23 06:10:33 -05:00
Kevin Chung c8031b38c2
2.0.0 (#741)
* Fix user and admin panel user/team graphs
* Closes #682
* Unify login and logout under specific functions
* Closes #659
* Rename Challenges.hidden to Challenges.state
* Start to clean up API and front end integration starting with profile updating
* Slightly cleaner code
* Clean API to respond with success, data, and status codes
* Simpler COUNTRIES_LIST and update profile to use COUNTRIES_LIST
* Lookup country code in users page. Update front end calls to get API data properly
* Fix some API endpoints and fix JS to process new responses
* Update config.py to support new values
* Closes #635
* Update some code to handle user types, add email domain whitelisting
* Write a logging wrapper
* Use logging wrapper for submissions
* Close #656
* Break up config.html to make it easier to maintain
* Fix logging, domain_whitelist, and config
* Improving views.py, starting to add Announcements
* Starting announcements front end
* Make it easier to see large images, clean up some more REST API differences
* Closes #668
* Update Proxyfix config to REVERSE_PROXY
* Add announcements front end
* Move creation/edit modals into seperate files. Start moving user updating into their admin profile pages.
* Update font-awesome to 5.4.1
* Switch to user-edit icon
* Update the update_check function to send up more anonymous data for statistics purposes.
* Start work on #640
* Add the user action modals and update API to fix responses
* Fix admin teams page
* Add challenge requirements
* Implement anonymous locked challenges
* Team editting from admin panel
* Switch from simple cache to filesystem cache
* Implements a Cache backed server side session (#658) and fixes Users editting endpoint
* Add our messaging for docs
* Closes #700
* Remove invalid import
* Move challenge enditting around a whole lot and probably break a bunch of things
* Show challenge names in prerequisites instead of challenge IDs
* Closes #661
* Change user templates to use url_for
* Remove extra function
* Rewrite admin panel to use url_for
* Fix events to work under subdirectories
* Start cleaning up config panel
* Fix filesystem uploader; deprecate view_challenges_unregistered, view_scoreboard_if_authed, prevent_registration, view_after_ctf; implement new visibility decorators
* Remove workshop mode, fix some glitches with the new visibility settings
* Fix ctf_logo on core theme
* Fix setup errors
* Removing default from get_config b/c of memoization issues and getting some tests working
* Relax email regex validation rule (#693)
* Update to pycodestyle and fix new lint errors
* Add a ctf_id to update_check
* Change challenge plugin layout. Rename mailgun configs to be more descriptive (Closes #702)
* Detect if people try to set routes with '/' to simplify #690
* Closes #690
* Clean up some code
* Clean up challenge submit to rate limit
* Fix js version compatability issue
* Close some TODOs
* Hide challenges if not authenticated
* Make set_config reset the cache for those config values
* Return 404 on empty challenges for /api/v1/<challenge_id>/solves
* Fix setting boolean configs
* Properly change account config settings
* Move datetimes to isoformat (Closes #703)
* Remove all .isoformat() calls because it isn't UTC aware (ends in Z). Switch to isoformat function & filter
* Make /v1/submissions endpoint work for admin submission creation
* Make oauth_id unique for Users and Teams
* Move challenge submission endpoint and implement mark solved. Fix some isoformat issues.
* Only show team's missing challenges if in team mode
* Adding support for Hints & Unlocks
* Update challenge submission url
* Fix encoding functions in Python3
* Fix hexencode in Python3
* Added functional tests for challenges API for non-admin users (#705)
* Set hint default type to be standard
* Fix some JS issues. Closes #704
* Implement session.regenerate on top of the CachingSessionInterface
* Challenge challenge attempt responses from numbers to strings
* Fix password updating for UserSchema
* Remove leftover challenge submission code
* Remove old migrations :(, resolve challenge requirements not loading correctly, move migration functions
*  Added functional tests for challenges/hints/admin API (#710)
* Fix helpers and re-add JSONLite
* Install MySQL 5.7
* Try more mysql
* Update password for mysql
* Fixing issuse in Users.get_solves
* Add new import/export code
* Switch to CTFdSerializer for Python 3
* Re-implement import exports and add a very flaky test
* Redesign submissions API response
* Get export to roundtrip in tests
* Int score b/c Decimal is not JSON serializeable
* Remove unused route methods
* Fix POST /api/v1/configs and start adding admin tests
* Add user_id and team_id to top/10
* Fix admin creating Teams
* Fix Team website validation
* Change admins_only to reply with a 403 if the request is JSON
* Organize admin tests and fix authed_only to return 403 on unauthed
* Adding check_account_visibility, check_score_visibility for /api/v1/teams/<team_id>/(solves|awards|fails)
* Fix teams/me endpoints again
* Fix users/me endpoints to return 403 if unauthed
* Fix Python 3 config API
* Add fetch and promise polyfills. (#712)
* Add exec to docker-entrypoint.sh (#713)
* Display import_ctf Exceptions via repr (#651)
- Wraps exceptions on `/admin/import` returned to users in a `repr()`, making debugging easier.
* Add error messages to the admin panel, fix schemas for users, start working on UI for imports/exports
* Make unauthed challenge submission attempt return 403 instead of 302, Fix user deletion, fix associated tests, remove TODOs
* Remove old means of creating solves
* Remove most of the content from teams.js and users.js
* Remove extra code from /challenges.js
* Fix POST'ing & PATCH'ing pages
* Make (users|teams)/fails return only count to users. Fix public score graphs to factor in awards
* Fix admin side scoregraphs. Fix Awardschemas for admins
* Add requirements to db migration
* Adding some team decorators
* Fix require_team_mode decorator
* Make verified emails decorator return 403 on JSON requests
* Redo initial revision
* Add SQLiteJSON back
* Adding ratelimit to /redirect and removing POST from /oauth
* Fix PATCH tags
* Actually fix PATCH tags
* Simplify 500.html
* Added tests for challenges, awards, files, flags, hints ... (#723)
* Added tests for challenges, awards, files, flags, hints, notifications, pages, submissions, tags
* Fix user data validation functions, Fix hidden challenges and include test
* Add a locked state to attempt
* OAuth teams get verified, use logging functions in redirect route
* Removing extra print call
* Update requirements.txt
* Fix possible AttributeError
* Start work on #716
* Closes #717
* Fix issue patching teams
* Rename .j2 to .html, implement preview for challenges if admin
* Move admin/challenge.html to admin/challenges/challenge.html
* Remove old modals
* Add Reset CTF button (#639)
* Add Reset link to config.html
* Delete Tracking
* files handler should return a 404 on files it cant find
* Denote official teams (#729), make scoregraph fill to zero
* Remove old javascript files, make some challenge elements refresh by reloading
* Fix team editting modals to work more reliably
* Fix rendering of CTF paused
* Remove hide_scores funtion and roll it into scores visibility
* Log to stdout/stderr by default (#719)
* Fix user searching
* Remove searching for users/teams by country
* Add badges to admin team and user pages, implement user banning (#643)
* Remove shell.py, clean up admin team.html, add tests for banned users, teams
* Start cleaning up dynamic_challenges to meet new challenge type plugin format
* Remove POST method from teams.public
* Add credentials: 'same-origin' to all fetch calls (#734)
* Add challenge preview, add challenge deletion, fix file deletions when deleting challenges
* Fix imports UI (#735)
* Show prerequisites before adding a blank one (#738), Refresh all challenges after a submission (#739)
* Admins can see hidden challenges
* Fix some UI elements, fix loading location hash, set version to be 2.0.0
* Clean up some challenge plugin pages
* Add default for flag type
* Fix Python3 bytes/str issues
* Add in MLC urls and support user mode for oauth
* Fix seeing user graphs when scores are hidden, clean up setup.html, add links to MLC oauth
* Add state parameter support
* Use URLSafeTimedSerializer wrapper for sending token based emails
* setting APPLICATION_ROOT from env var (#732)
* Rearrange config.py and update README
* Updating README
2018-11-19 23:16:14 -05:00
Kevin Chung 36c83b59bc
1.2.0 (#627)
* Changing to a new plugin oriented challenge type plugin and fixing extra width on admin chal description

* Add window.challenge.submit, renderSubmissionResponse, and csrf_nonce

* Update admin side renderer calls

* Updating to Flask 1.0 and adding files for flask run

* Adding a preliminary case-insensitive key

* Adding case insensitive keys

* Adding CTF Logo

* Reducing the amount of team information shown on the main page

* Add better base64 helpers

* Switch from button to badge

* Rudimentary solve checking from admin panel

* Refine admin chals solves view & fix PEP8

* Compare base64 encoded data with bytestring

* Removing need to urlencode/urldecode in base64 wrappers

* Adding decorator documentation

* Randomly order tests & add test for case_insensitive flags

* Add regex flag case_insensitive test

* Add tests for /admin/chal/1/solves and ctf_logo
2018-05-03 18:04:39 -04:00
Kevin Chung 3af98b17d5
Version 1.1 CTFd (#514)
* Bootstrap v4 (#490)
* Upgrading original theme to use Bootstrap v4 and overall improve use of utility classes
* Fixing graph issues. Colors per team & cleaner hover
* The solves tab now shows relative time instead of absolute time
* Redesign admin theme
* Updating modals and changing form name from desc to description
* Moving CSS config from Pages to Config page
* Adding IP address count to statistics
* Move control of certain modals (files, flags, tags, hints) to challenges page
* Expanding size of config page
* Combining statistics and graphs pages
* Moving percentage solved to the statistics page instead of the admin challenges page

* Rename Keys.key_type to Keys.type (#459) (#478)

* Rename keys.key_type to keys.type (#459)
* Fixing previous migration to not be worried about key_type v type

* Fixing loading of challenge type plugins

* Switching from Handlebars to Nunjucks (#491)

* Switching from Handlebars to Nunjucks
* Allow admins to unlock hints before CTF begins and test that this is not allowed for regular users

* Authed only (#492)

* Adding authed_only decorator and adding next to url_for

* Adding a basic preview to hints (#494)

* Hints have a preview now for creating and updating hints. HTML and markdown are still allowed.

* Ezq (#495)

* Adding ezq as a simple wrapper around bootstrap modals

* Use tabs not spaces and remove gray background on inputs

* Adding title & draft to Pages. Making page preview open a new tab (#497)

* Adding title & draft to Pages.
* Making page preview open a new tab instead of render in the existing tab
* Draft pages cannot be seen without a preview

* Update check (#499)

* Add update_check function
* Notify user that a CTFd update is available in the admin panel
* Adding update_check tests

* Ratelimit (#500)

* Implementing a ratelimit function 
* Fix error page formatting
* Add rate limiting tests
* Rate limit authentication functions and rate limit admin send email function

* Load user solves before we load challenges to avoid unstyled buttons (#502)

* Add a challenge preview (#503)

* Adding a challenge preview to the admin panel
* Change /admin/chals/<int:chalid> to /admin/chal/<int:chalid>

* Adding codecov (#504)

* Test coverage at https://codecov.io/gh/CTFd/CTFd

* Sendmail improvements (#505)

* Add get_smtp timeout, add sendmail error messages
* Adding more error handling to sendmail

* Adding Flask-Script (#507)

* Pause ctf (#508)

* Implement CTF pausing
* Test CTF pausing

* Fix loading challenges for users (#510)

* Fix loading challenges for users
* Temporarily switch themes in test

* Pause help text (#509)

* Adding pause help text

* Pages authed (#511)

* Adding authentication options to pages
* Adding tests for accessing pages while draft & auth_required

* Merging master into 1.1 (#513)

* Name the core theme and remove the original theme
2017-12-11 06:42:07 -05:00
Kevin Chung 18dd715276
Workshop mode (#477)
* Implementing workshop mode
* Fixing a bug in /chals/solves where challenges with 0 solves weren't hidden.
* Spinner errors are now 20vh down instead of 210px down
* Users now use their private team endpoint at /team instead of /team/<id>
2017-11-22 03:33:48 -05:00
Kevin Chung 608d4f43d9 Adopting a challenge type layout from deckar01 (#399)
* Adopting a challenge type layout from deckar01
* Move standard challenge modals into the plugin
* Migration to change challenge type id to a string
* Travis testing now builds with MySQL, SQLite, and Postgres
* Rework get_standings to use the row ID instead of the saved time because of differences in database time precision
2017-10-05 21:39:28 -04:00
Kevin Chung 59afacce69 Fixes #261 and generally supports Unicode better in Python 2 (#263)
* Fixing #261 and improving Unicode in Python2
* Fixing PEP8 issues
2017-05-21 12:43:31 -04:00
Kevin Chung e16d3a0b6e General fixes and PEP8 enforcement (#258)
* Fixing index page links when you deploy on a subdirectory

* Updating travis for pep8

* autopep8 with just formatting changes
2017-05-12 00:34:20 -04:00
Kevin Chung f48a0cdacd Hints (#232)
* Switching to Flask-Migrate to create tables/database. Adding Hints & Unlocks.
* Adding db.create_all call for sqlite db's (sqlite is not properly handled with alembic yet)
* Python 3 testing works properly with 3.5
* Adding admin side of hints
* Hints are viewable for users
2017-03-28 21:17:56 -04:00
Kevin Chung 06d0e00cf5 Fixes Python 3 compatibility for testing (#230)
* Testing 3.6

* Fixing Python 3 testing

* Fixing both kinds of tests :)

* PEP8 lint project and add linting checks to build process (#229)

* Revert "PEP8 lint project and add linting checks to build process (#229)"

This reverts commit 15d89d2b66030cdc2a6276b0a73acaa4912c06ab.
2017-03-12 19:53:26 -04:00
Kevin Chung 967129a009 Closes #225
Also removes unnecessary pip install from travis config
2017-03-10 01:17:17 -05:00
mschwager 92c7f2e293 Added CI integration with Travis-CI (#226)
Next steps:

* Go to https://travis-ci.org/
* Click "Sign in with GitHub"
* Click your user icon and click "Accounts"
* Enable for CTFd
2017-03-09 22:00:01 -05:00