Commit Graph

147 Commits (f559c7d8fc455d39d81578f16a0f9540b6556a27)

Author SHA1 Message Date
Kevin Chung 1f768dbfaf
Fix for hidden teams being visible on the team listing page and score… (#880)
* Fix for hidden teams being visible on the team listing page and scoreboard endpoints
2019-02-10 01:55:27 -05:00
Kevin Chung 2f49477465
Fix creating users from the admin panel while name changes disabled (#862)
* Fix creating users from the admin panel while name changes are disabled; clean up user & team schema validators
* Closes #832
* Coerce /api/v1/teams/<team_id> to /api/v1/teams/<int:team_id>
2019-01-31 01:18:46 -05:00
Kevin Chung 2935a76722
Fix showing incorrect 'CTF has ended' error if view_after_ctf is set (#859)
* Fix showing incorrect 'CTF has ended' error if view_after_ctf is set
2019-01-30 19:46:31 -05:00
Kevin Chung 3af036b4b2
Block new user registration if registering via MLC (#840)
* Block new user registration if registering via MLC
* Allow login with MLC while registration is disabled
2019-01-19 16:00:29 -05:00
Kevin Chung a181c0a1e2
Consider account configs when user patches their own account (#836)
* Consider account configs when user patches their own account
* Add test for name changing
* Add test to ensure that users changing emails are marked unconfirmed
* Only allow users to change to emails in whitelisted domains
* Simplify assertion for error check
2019-01-17 22:54:42 -05:00
Kevin Chung 6e8c7aaa50
Require CSRF-Token header on state changing API requests, require CSRF nonces on more than just POSTs, replace usage of fetch() with custom CTFd.fetch() implementation (#827)
* Require CSRF-Token header on state changing API requests
* Require CSRF nonces on more than just POSTs, 
* Replace usage of `fetch()` with custom `CTFd.fetch()` implementation
2019-01-10 22:38:37 -05:00
Kevin Chung 9ee743de7e
Simplify url_for calls in themes, rework CTFd.js, fix flaky test (#826)
* Simplify url_for calls in themes, rework CTFd.js, fix flaky test
2019-01-10 01:58:39 -05:00
Kevin Chung 83e294057e
Default SameSite session cookie setting to Lax (#824) 2019-01-08 02:52:51 -05:00
FaultyMach1ine 08c39c01a3 Fix wrong user mode in challenge_solves_box (#812)
* Fix incorrect user/team link in the challenge solves tab
* Change /api/v1/<challenge_id>/solves to also return account_url
2019-01-02 02:22:58 -05:00
Kevin Chung 324f8859a1
Fix subdirectory deployments in a generic manner (#802)
* Fix subdirectory deployments in a generic manner by modifying`request.path` to combine both `request.script_root` and `request.path` and also creating a request preprocessor to redirect users into the true CTFd app. Without this sessions will be invalid because sessions will be set to a subdirectory. 
* Add a test for testing subdirectory deployments and the customized CTFdRequest object.
* Fix `TestingConfig.SAFE_MODE` getting stuck in between tests. 
* Order AWS keys properly in travis.yml
* Redirect to `request.full_path` instead of just `request.path`
2018-12-16 13:18:08 -05:00
Kevin Chung f4f4bd5333
Adds plugin functions to register javascript and CSS in the admin panel. Move global plugin script/stylesheet lists into application factory specific lists. Closes #804 (#805)
* Adds plugin functions to register javascript and CSS in the admin panel
* Move global plugin script/stylesheet lists into application factory specific lists
* Closes #804
2018-12-15 13:48:21 -05:00
Kevin Chung 367110969e
Update admin notification UI and allow for deleting notifications (#803)
* Show notification titles on the notification list page
* Allow for deleting notifications
* Update notification UI in admin panel
* Make /api/v1/notifications/<id> accessible to all
* Default `login_as_user()` and `register_user()` to fail on invalid credentials
2018-12-14 23:23:02 -05:00
Kevin Chung 087443467f
Allow unauthed users to attempt challenges if visibility is public but get redirected (Closes #797) (#798) 2018-12-10 22:58:23 -05:00
Kevin Chung 234d9ec57d
Fix email confirmations and password resets (#795)
* Fix email confirmations and improve test.
* Breaks confirm.html page because of change from team to user
* Clean up admin mail settings to use new label/small structure
* Fix password resets from double hashing passwords
2018-12-09 14:47:40 -05:00
Peter b331bb3e0e Fix divison-by-zero when adding requirement to dynamic challenge (#782)
* Fixing a bug where prerequisites could not be set for dynamic challenges due to a division by zero error where defaults were being set unnecessarily. 
* Creating unit test for adding requirement to dynamic challenges
2018-12-08 00:36:29 -05:00
Kevin Chung e4fd1c47dd
Fix downloading files as an anonymous user. (#792)
* Fix downloading files as an anonymous user. 
* Fix viewing challenges anonymously if they have empty requirements. Closes #789
* Allow anonymous users to see see challenges with empty requirements or anonymized challenges
2018-12-07 23:37:30 -05:00
Kevin Chung 5cedcb7372
Fix hint loading for admins with /api/v1/hints/<id>?preview=true (#786)
* Fix hint loading for admins by adding /api/v1/hints/<id>?preview=true for use by admins
* Add tests for admin Hint preview
2018-12-06 21:46:47 -05:00
Kevin Chung afdfaa15da
Fix CTF resets in mysql (#785)
* Extend test for CTFd resets and fix issue in MySQL
* Expand reset test and fix helper for fails and tracking
2018-12-06 20:43:14 -05:00
Kevin Chung 547fe61870
Fix syncing down an empty S3 bucket (#783)
* Fix syncing down an empty S3 bucket
* Add test for S3 uploader
* Remove boto.cfg because of https://github.com/travis-ci/travis-ci/issues/7940#issuecomment-310759657
* Specify dummy AWS creds in travis.yml
* Fix S3Uploader in Python 3 and fix test
2018-12-06 01:39:39 -05:00
Kevin Chung 473acdbdc3
Fix smtp sendmail (#781)
* Fix setting mail_username, mail_password; Fix setting auth for get_smtp
* Add MAIL_USEAUTH to config.py
* Add more mail documentation to config.py
* Prevent overriding smtp attributes on config update; update email tests to use mail_userauth
2018-12-05 00:18:11 -05:00
Raihan Ramadistra 64b96d9c1a Fix admin cannot modify verified status in Edit User (#777)
* Grant admin write access to verified field in UserSchema.
* Add test admin can view and modify verified status
* Add test for creating users with settings
* Add codecov threshold for test failures
2018-12-04 00:35:51 -05:00
Kevin Chung 5a14cc2040
Re add view after ctf (#774)
* Re-add view_after_ctf configuration
* Add test for view_after_ctf functionality
2018-12-01 20:24:39 -05:00
Kevin Chung e2ff705494
Resolve issues with pages and caching (#771)
* Update base.html to move custom_css precedence
* Fix Page creation & caching
* Add Page loading test
* Fix creating Page with an invalid route
* Don't call cache.clear() unless it's absolutely needed
* Fix showing uploaded files after uploading to media library
* Fix previewing challenges from the admin panel if it has requirements
* Hardcode CACHE_THRESHOLD to 0 in FileSystemCache to prevent random sessions getting deleted (Closes #772)
2018-12-01 16:25:39 -05:00
Kevin Chung 4233d683b8
Fix creating users, teams from the API (#768)
* Fix creating users, teams from the API, hash password in models vs in schemas, stop caching CSS at the decorator level, fix tests
* Fix whitelisted emails and add test
* Set proper defaults in accounts config
2018-11-30 20:12:48 -05:00
Kevin Chung c342ca85b4
Use tempfile.SpooledTemporaryFile() instead of raw BytesIO (#767)
* Use tempfile.SpooledTemporaryFile() instead of raw BytesIO
* Fix test to call .read() instead of .getvalue()
2018-11-29 23:45:23 -05:00
Kevin Chung 469b640203
Fix issue loading update view in Python 3. Thanks to @mayoneko (#766)
* Fix `update.html` in Python 3
2018-11-29 19:22:50 -05:00
Kevin Chung e79f32a5c1
Fix dynamic challenges to work in user mode and team mode (#760)
* Fix dynamic challenges to work in user mode and team mode (Closes #759)
* Add test for solving dynamic challenges and challenge de-valuation
* Add missing oauth_login link to team_enrollment.html
2018-11-27 03:04:51 -05:00
Kevin Chung 2bd310b5d9
Mark 2.0.0 (#757)
* Update CHANGELOG
* Update README
* Upgrade migration script to port visibility settings
* Add message about visibility settings and port over visibility settings
* Close #758
* Add tests for dynamic value challenges
2018-11-26 20:32:04 -05:00
Kevin Chung 821c5552c1
Fix challenge requirement visibility; add challenge requirements test; mark solves after loading chals (#755)
* Fix challenge requirement visibility
* Add challenge requirements test
* Mark solves after loading chals
2018-11-25 22:23:05 -05:00
Kevin Chung ae90537a59 Properly check SAFE_MODE and allow plugins to be loaded from tests optionally 2018-11-25 13:51:33 -05:00
Kevin Chung bf241eb1a5
Auth Improvments (#746)
* Create generic get_errors, get_infos; add MLC OAuth settings in config
* Use new get_errors function
2018-11-22 18:33:08 -05:00
Kevin Chung c8031b38c2
2.0.0 (#741)
* Fix user and admin panel user/team graphs
* Closes #682
* Unify login and logout under specific functions
* Closes #659
* Rename Challenges.hidden to Challenges.state
* Start to clean up API and front end integration starting with profile updating
* Slightly cleaner code
* Clean API to respond with success, data, and status codes
* Simpler COUNTRIES_LIST and update profile to use COUNTRIES_LIST
* Lookup country code in users page. Update front end calls to get API data properly
* Fix some API endpoints and fix JS to process new responses
* Update config.py to support new values
* Closes #635
* Update some code to handle user types, add email domain whitelisting
* Write a logging wrapper
* Use logging wrapper for submissions
* Close #656
* Break up config.html to make it easier to maintain
* Fix logging, domain_whitelist, and config
* Improving views.py, starting to add Announcements
* Starting announcements front end
* Make it easier to see large images, clean up some more REST API differences
* Closes #668
* Update Proxyfix config to REVERSE_PROXY
* Add announcements front end
* Move creation/edit modals into seperate files. Start moving user updating into their admin profile pages.
* Update font-awesome to 5.4.1
* Switch to user-edit icon
* Update the update_check function to send up more anonymous data for statistics purposes.
* Start work on #640
* Add the user action modals and update API to fix responses
* Fix admin teams page
* Add challenge requirements
* Implement anonymous locked challenges
* Team editting from admin panel
* Switch from simple cache to filesystem cache
* Implements a Cache backed server side session (#658) and fixes Users editting endpoint
* Add our messaging for docs
* Closes #700
* Remove invalid import
* Move challenge enditting around a whole lot and probably break a bunch of things
* Show challenge names in prerequisites instead of challenge IDs
* Closes #661
* Change user templates to use url_for
* Remove extra function
* Rewrite admin panel to use url_for
* Fix events to work under subdirectories
* Start cleaning up config panel
* Fix filesystem uploader; deprecate view_challenges_unregistered, view_scoreboard_if_authed, prevent_registration, view_after_ctf; implement new visibility decorators
* Remove workshop mode, fix some glitches with the new visibility settings
* Fix ctf_logo on core theme
* Fix setup errors
* Removing default from get_config b/c of memoization issues and getting some tests working
* Relax email regex validation rule (#693)
* Update to pycodestyle and fix new lint errors
* Add a ctf_id to update_check
* Change challenge plugin layout. Rename mailgun configs to be more descriptive (Closes #702)
* Detect if people try to set routes with '/' to simplify #690
* Closes #690
* Clean up some code
* Clean up challenge submit to rate limit
* Fix js version compatability issue
* Close some TODOs
* Hide challenges if not authenticated
* Make set_config reset the cache for those config values
* Return 404 on empty challenges for /api/v1/<challenge_id>/solves
* Fix setting boolean configs
* Properly change account config settings
* Move datetimes to isoformat (Closes #703)
* Remove all .isoformat() calls because it isn't UTC aware (ends in Z). Switch to isoformat function & filter
* Make /v1/submissions endpoint work for admin submission creation
* Make oauth_id unique for Users and Teams
* Move challenge submission endpoint and implement mark solved. Fix some isoformat issues.
* Only show team's missing challenges if in team mode
* Adding support for Hints & Unlocks
* Update challenge submission url
* Fix encoding functions in Python3
* Fix hexencode in Python3
* Added functional tests for challenges API for non-admin users (#705)
* Set hint default type to be standard
* Fix some JS issues. Closes #704
* Implement session.regenerate on top of the CachingSessionInterface
* Challenge challenge attempt responses from numbers to strings
* Fix password updating for UserSchema
* Remove leftover challenge submission code
* Remove old migrations :(, resolve challenge requirements not loading correctly, move migration functions
*  Added functional tests for challenges/hints/admin API (#710)
* Fix helpers and re-add JSONLite
* Install MySQL 5.7
* Try more mysql
* Update password for mysql
* Fixing issuse in Users.get_solves
* Add new import/export code
* Switch to CTFdSerializer for Python 3
* Re-implement import exports and add a very flaky test
* Redesign submissions API response
* Get export to roundtrip in tests
* Int score b/c Decimal is not JSON serializeable
* Remove unused route methods
* Fix POST /api/v1/configs and start adding admin tests
* Add user_id and team_id to top/10
* Fix admin creating Teams
* Fix Team website validation
* Change admins_only to reply with a 403 if the request is JSON
* Organize admin tests and fix authed_only to return 403 on unauthed
* Adding check_account_visibility, check_score_visibility for /api/v1/teams/<team_id>/(solves|awards|fails)
* Fix teams/me endpoints again
* Fix users/me endpoints to return 403 if unauthed
* Fix Python 3 config API
* Add fetch and promise polyfills. (#712)
* Add exec to docker-entrypoint.sh (#713)
* Display import_ctf Exceptions via repr (#651)
- Wraps exceptions on `/admin/import` returned to users in a `repr()`, making debugging easier.
* Add error messages to the admin panel, fix schemas for users, start working on UI for imports/exports
* Make unauthed challenge submission attempt return 403 instead of 302, Fix user deletion, fix associated tests, remove TODOs
* Remove old means of creating solves
* Remove most of the content from teams.js and users.js
* Remove extra code from /challenges.js
* Fix POST'ing & PATCH'ing pages
* Make (users|teams)/fails return only count to users. Fix public score graphs to factor in awards
* Fix admin side scoregraphs. Fix Awardschemas for admins
* Add requirements to db migration
* Adding some team decorators
* Fix require_team_mode decorator
* Make verified emails decorator return 403 on JSON requests
* Redo initial revision
* Add SQLiteJSON back
* Adding ratelimit to /redirect and removing POST from /oauth
* Fix PATCH tags
* Actually fix PATCH tags
* Simplify 500.html
* Added tests for challenges, awards, files, flags, hints ... (#723)
* Added tests for challenges, awards, files, flags, hints, notifications, pages, submissions, tags
* Fix user data validation functions, Fix hidden challenges and include test
* Add a locked state to attempt
* OAuth teams get verified, use logging functions in redirect route
* Removing extra print call
* Update requirements.txt
* Fix possible AttributeError
* Start work on #716
* Closes #717
* Fix issue patching teams
* Rename .j2 to .html, implement preview for challenges if admin
* Move admin/challenge.html to admin/challenges/challenge.html
* Remove old modals
* Add Reset CTF button (#639)
* Add Reset link to config.html
* Delete Tracking
* files handler should return a 404 on files it cant find
* Denote official teams (#729), make scoregraph fill to zero
* Remove old javascript files, make some challenge elements refresh by reloading
* Fix team editting modals to work more reliably
* Fix rendering of CTF paused
* Remove hide_scores funtion and roll it into scores visibility
* Log to stdout/stderr by default (#719)
* Fix user searching
* Remove searching for users/teams by country
* Add badges to admin team and user pages, implement user banning (#643)
* Remove shell.py, clean up admin team.html, add tests for banned users, teams
* Start cleaning up dynamic_challenges to meet new challenge type plugin format
* Remove POST method from teams.public
* Add credentials: 'same-origin' to all fetch calls (#734)
* Add challenge preview, add challenge deletion, fix file deletions when deleting challenges
* Fix imports UI (#735)
* Show prerequisites before adding a blank one (#738), Refresh all challenges after a submission (#739)
* Admins can see hidden challenges
* Fix some UI elements, fix loading location hash, set version to be 2.0.0
* Clean up some challenge plugin pages
* Add default for flag type
* Fix Python3 bytes/str issues
* Add in MLC urls and support user mode for oauth
* Fix seeing user graphs when scores are hidden, clean up setup.html, add links to MLC oauth
* Add state parameter support
* Use URLSafeTimedSerializer wrapper for sending token based emails
* setting APPLICATION_ROOT from env var (#732)
* Rearrange config.py and update README
* Updating README
2018-11-19 23:16:14 -05:00
Kevin Chung 4d6bf811ed
Fix banned users not being able to see their own solves (#633)
* Fix banned users not being able to see their own solves
2018-05-19 19:18:35 -04:00
Kevin Chung 9cedf456b5
Marking 1.2.0 (#628)
* Mark 1.2.0.
* Update CHANGELOG.
* Add `window.challenge.data` object. 
* Don't raise a 500 when an endpoint can't be found but was POST'ed too. Mostly from scanners...
    * Add test for not found endpoints.
* Fixing issue with clearing logo on config update.
* Truncate scoreboard team name to 50 characters.
2018-05-04 17:24:02 -04:00
Kevin Chung 36c83b59bc
1.2.0 (#627)
* Changing to a new plugin oriented challenge type plugin and fixing extra width on admin chal description

* Add window.challenge.submit, renderSubmissionResponse, and csrf_nonce

* Update admin side renderer calls

* Updating to Flask 1.0 and adding files for flask run

* Adding a preliminary case-insensitive key

* Adding case insensitive keys

* Adding CTF Logo

* Reducing the amount of team information shown on the main page

* Add better base64 helpers

* Switch from button to badge

* Rudimentary solve checking from admin panel

* Refine admin chals solves view & fix PEP8

* Compare base64 encoded data with bytestring

* Removing need to urlencode/urldecode in base64 wrappers

* Adding decorator documentation

* Randomly order tests & add test for case_insensitive flags

* Add regex flag case_insensitive test

* Add tests for /admin/chal/1/solves and ctf_logo
2018-05-03 18:04:39 -04:00
Kevin Chung 51d098080f
Merge Dev into Master (#591)
* Chals endpoint seperation (#572)

* Separate the logic of ctftime and email confirmations and admin checking into decorators
* Separate the chals endpoint into /chals and /chals/:id. Closes #552, #435.
* Challenges are now loaded directly from the server before being displayed to the user. 
* Challenge modals now use `{{ description }}` instead of `{{ desc }}`.
* 403 is now a more common status code and can indicate that a CTF has not begun or that you are not logged in. This is in addition to CSRF failures. 
* Update tests to new behavior

* Fixing glitch if an entry chal or team id isn't defined

* Markdown it (#574)

* Replace Marked with Markdown-It

* Update modal change (#576)

* Switch update modals to use nunjucks instead of JS to load in data. 
* Fix previewing challenges after hitting the challenge update button.
* Fix edit-files issue with an unnecessary request.

* Fix solves button

* Closes #592
2018-04-16 00:24:04 -04:00
Kevin Chung f8674f40ec
Fix deleting chals when they have a hint (#601) 2018-04-02 11:06:11 -04:00
Kevin Chung aedd753f4e
Bypass csrf plugins (#597)
* Add bypass_csrf_protection decorator
* Add beta notice
* Add test_bypass_csrf_protection
2018-03-24 22:54:12 -04:00
Nick Gonella 6eebd5d220 Don't display team rank in workshop mode (#590)
* Don't display team rank in workshop mode
2018-03-20 00:48:14 -04:00
krzys_h 62f6e6ff84 Fix scoreboard tie resolving with 0-point chals (#577) (#578)
* Fix scoreboard tie resolving with 0-point chals
* Closes #577
2018-02-19 20:26:06 -05:00
Kevin Chung fe4ea56e92
Bootstrap beta 3, Regression fixes, bugfixes (#543)
* Upgrade to Bootstrap v4 beta 3

* Fix incorrect FontAwesome5 icon

* Fixing regressions & code quality issues. Files, Tags & Hints now appear in the admin challenge preview. Fixed color issues with file buttons and badges. Pass script_root into challenge type plugin.

* Fixing incorrect FontAwesome5 icon

* Fix test for /admin/chals/<chalid>

* Expand test to include tags, hints, files
2018-01-07 20:50:01 -05:00
Kevin Chung fa9cb2498b
Guarantee ctf version (#538)
* Make sure ctf_version is set correctly
2017-12-22 16:22:31 -05:00
Kevin Chung 25698a7b6c
Sandbox themes (#534)
* Use the Jinja sandbox to render themes
* Prevent get_config from accessing config.py values
* Add get_app_config
* Add tests for sandbox
2017-12-20 00:11:42 -05:00
Kevin Chung 4772c63a8e
Use mailserver before mailgun & test mailgun behavior (#532) 2017-12-19 03:51:00 -05:00
Kevin Chung 18d6fa26d2
Adding an error message for invalid confirm/reset links (#525)
* Adding an error message for invalid confirm/reset links 
* Add tests for expired/invalid links
* Avoid non-unicode crash in base64 utilities
* Centering confirm email button
2017-12-13 22:34:53 -05:00
Kevin Chung a571cf1baf
Improve imports/exports to reduce the likelihood of a conflict (#523)
* Improve imports/exports to reduce the likelihood of a conflict
* To allow previous version imports of keys to work - fill in key `type` from `key_type`. (#520)
* Adding an import_ctf test
2017-12-12 05:43:27 -05:00
Kevin Chung 3af98b17d5
Version 1.1 CTFd (#514)
* Bootstrap v4 (#490)
* Upgrading original theme to use Bootstrap v4 and overall improve use of utility classes
* Fixing graph issues. Colors per team & cleaner hover
* The solves tab now shows relative time instead of absolute time
* Redesign admin theme
* Updating modals and changing form name from desc to description
* Moving CSS config from Pages to Config page
* Adding IP address count to statistics
* Move control of certain modals (files, flags, tags, hints) to challenges page
* Expanding size of config page
* Combining statistics and graphs pages
* Moving percentage solved to the statistics page instead of the admin challenges page

* Rename Keys.key_type to Keys.type (#459) (#478)

* Rename keys.key_type to keys.type (#459)
* Fixing previous migration to not be worried about key_type v type

* Fixing loading of challenge type plugins

* Switching from Handlebars to Nunjucks (#491)

* Switching from Handlebars to Nunjucks
* Allow admins to unlock hints before CTF begins and test that this is not allowed for regular users

* Authed only (#492)

* Adding authed_only decorator and adding next to url_for

* Adding a basic preview to hints (#494)

* Hints have a preview now for creating and updating hints. HTML and markdown are still allowed.

* Ezq (#495)

* Adding ezq as a simple wrapper around bootstrap modals

* Use tabs not spaces and remove gray background on inputs

* Adding title & draft to Pages. Making page preview open a new tab (#497)

* Adding title & draft to Pages.
* Making page preview open a new tab instead of render in the existing tab
* Draft pages cannot be seen without a preview

* Update check (#499)

* Add update_check function
* Notify user that a CTFd update is available in the admin panel
* Adding update_check tests

* Ratelimit (#500)

* Implementing a ratelimit function 
* Fix error page formatting
* Add rate limiting tests
* Rate limit authentication functions and rate limit admin send email function

* Load user solves before we load challenges to avoid unstyled buttons (#502)

* Add a challenge preview (#503)

* Adding a challenge preview to the admin panel
* Change /admin/chals/<int:chalid> to /admin/chal/<int:chalid>

* Adding codecov (#504)

* Test coverage at https://codecov.io/gh/CTFd/CTFd

* Sendmail improvements (#505)

* Add get_smtp timeout, add sendmail error messages
* Adding more error handling to sendmail

* Adding Flask-Script (#507)

* Pause ctf (#508)

* Implement CTF pausing
* Test CTF pausing

* Fix loading challenges for users (#510)

* Fix loading challenges for users
* Temporarily switch themes in test

* Pause help text (#509)

* Adding pause help text

* Pages authed (#511)

* Adding authentication options to pages
* Adding tests for accessing pages while draft & auth_required

* Merging master into 1.1 (#513)

* Name the core theme and remove the original theme
2017-12-11 06:42:07 -05:00
Kevin Chung db2e3b5684
Profile insertion check (#484)
* Test setting profile
* Fix issue with app_context altering database connections/state
2017-11-26 04:22:15 -05:00
Kevin Chung 18dd715276
Workshop mode (#477)
* Implementing workshop mode
* Fixing a bug in /chals/solves where challenges with 0 solves weren't hidden.
* Spinner errors are now 20vh down instead of 210px down
* Users now use their private team endpoint at /team instead of /team/<id>
2017-11-22 03:33:48 -05:00
Kevin Chung 7348515e6c
34 reduce auth restrictions (#474)
* Disallow email-address team names & allow login with team name or email address
* Don't show password reset form if server isn't configured
* Add a message to contact admins instead of submit password reset form
* Add utils.check_email_format()
2017-11-21 22:20:31 -05:00
Jared Deckard e10c8b103b Admin Team List - New Team (#470)
* Allow admins to create teams manually
* Test an admin creating a team
2017-11-18 21:30:09 -05:00
Kevin Chung 0b0305f969
Adding tests for verify_emails and user_can_view_challenges are set (#462)
* Fixing verify_emails + user_can_view_challenges logic
* Adding tests for verify_emails and user_can_view_challenges
2017-11-15 03:33:50 -05:00
Kevin Chung 647d8e0b2d
Fixing challenge creation test (#460) 2017-11-14 23:12:28 -05:00
Kevin Chung 6fbef4f32e
Allowing pages to have slashes in them but removing leading slashes (#457)
* Allowing pages to have slashes in them but removing leading slashes
* Add tests for pages
2017-11-14 22:31:59 -05:00
Kevin Chung 117b43e3c5
Preventing Hints from being unlocked after the end of a CTF (#439)
* Preventing Hints from being unlocked after the end of a CTF unless challenges can be viewed
2017-11-08 02:13:07 -05:00
Kevin Chung 6f4a520241
Hidden challenges now return 404 and can't be solved (#432)
* Hidden challenges now return 404 and can't be solved
2017-10-28 13:31:34 -04:00
Kevin Chung b5a383a2e1 Navbar links (#427)
* Adding config.json concept in lieu of config.html
* Add links to the admin menubar from a plugin
* Add links to the user navigation menubar from plugin
* Add tests for navbar links
* Closes #423
2017-10-25 00:05:27 -04:00
Kevin Chung 710ce6d500 Custom challenge tables (#425)
* Allows Challenges to have custom tables which allow them to have custom behavior 
* Adding create, update, delete staticmethods giving Challenge Types a static interface to implement
2017-10-24 21:06:56 -04:00
Kevin Chung 39b9dc5945 Create a private team endpoint (#413)
* Adding private /team endpoint
2017-10-16 13:57:40 -04:00
Kevin Chung 066fbedd8b Pass all failure attempts to the challenge plugin (#411)
* Pass all failure attempts to the challenge plugin
2017-10-14 18:04:22 -04:00
Kevin Chung 4e80b514f4 Add plugin wrappers for plugin related utils functions (#410) 2017-10-14 17:17:06 -04:00
Kevin Chung 6117699260 Use strings for key type (#409)
* Store key_type as string in the database
* Give keys plugin the ability to know where the modals are stored and pass this information to the client
2017-10-14 16:37:41 -04:00
Kevin Chung b4bdef966c Update requirements (#406)
* Updating to use dataset and datafreeze
     * Use a new datafreeze serializer to get around Python 3 issues. 
* Update requirements.txt
* Add simple test for export_ctf()
2017-10-07 21:29:03 -04:00
Kevin Chung 608d4f43d9 Adopting a challenge type layout from deckar01 (#399)
* Adopting a challenge type layout from deckar01
* Move standard challenge modals into the plugin
* Migration to change challenge type id to a string
* Travis testing now builds with MySQL, SQLite, and Postgres
* Rework get_standings to use the row ID instead of the saved time because of differences in database time precision
2017-10-05 21:39:28 -04:00
Kevin Chung faa84ff1e5 Adding functions to register plugin assets (#397)
* Adds functions to register plugin assets
2017-09-29 21:22:10 -04:00
Kevin Chung a20e7eae63 Improve Challenge type plugin staticmethods (#394)
This passes more logic into the challenge classes so that it can be accessed by plugins
2017-09-27 17:01:58 -04:00
Kevin Chung c97e7c6edc Fixing issues with loading /chals when unregistered (#388) 2017-09-13 12:01:09 -04:00
Kevin Chung d49f37eac4 Fixing unlocking hints for challenges with unicode names (#383)
* Fixing unlocking hints for challenges with unicode names
* Add tests for unlocking hints with no cost
2017-09-09 00:17:48 -04:00
Kevin Chung 888b830488 Cleaning some challenge endpoints (#382)
* Cleaning some challenge endpoints
* Adding test for /chals/solves
2017-09-08 02:07:06 -04:00
Kevin Chung 2facb0ca8c Top ten endpoint honors users with the same name (#379)
* Make the /top/10 endpoint honor users with the same name
2017-09-07 23:29:41 -04:00
Kevin Chung 08f3496174 Plugins can register css files (#375)
* Adding functions to register CSS files
* Adding tests for script and stylesheet registering
2017-09-04 05:58:32 -04:00
Kevin Chung 6f60ddd2f5 Admins can bypass ctftime (#374)
* Admins can see/solve challenges regardless of ctftime
* Adding tests for ctftime based functionality
2017-09-04 05:03:06 -04:00
Kevin Chung 00c68dd239 Adding test for encoding emails with plus signs (#363) 2017-08-26 13:07:02 -04:00
Kevin Chung 732e343aea Pushing new tests and freezegun (#360) 2017-08-22 23:49:48 -04:00
Kevin Chung 2e41886591 Refactor Containers into a plugin (#348)
* Removing Containers code
* Closes #301
2017-08-20 19:40:46 -04:00
Kevin Chung 0aa0e9c5c1 Fixing email confirmation and adding more base64 tests (#344)
* Fixing email confirmation and adding more base64 tests
2017-08-09 05:31:00 -04:00
Kevin Chung 1a077f72ed Using a Python 3 compatible base64 encoder and fixing verify_emails in Python 3 (#336) 2017-08-09 04:17:10 -04:00
Kevin Chung 7aa6204116 Users should always be able to get their score, even if banned (#333)
* Users should always be able to get their score, even if banned
* Fixing scoring logic when users haven't solved problems
* Hide None descriptions for awards
2017-08-06 19:33:02 -04:00
Kevin Chung d84cd305f8 Fixing scoring logic (#320)
* fix inconsistent scoring: take awards into account in user.place() (#319)
* Adding tests
2017-07-17 22:18:23 -04:00
Kevin Chung b900d1cb68 Fixes #315 (#316)
CTFd creates the database instead of the docker-compose files which allows us to control encoding. Also adds a test for registering with a unicode team name.
2017-07-16 02:50:32 -04:00
Kevin Chung 92f130d5de Fixing large ip solves (#307)
* Switching to using strings to store IP addresses because of the issues with storing them properly, Fixes #302, Fixes $306
* Only runs migrations when using a real database because SQlite is too inflexible to support migrations properly
* Removes calls to the ip helper functions but they can remain in case someone needs them in a plugin.
2017-07-08 17:53:14 -04:00
Kevin Chung 7d5537e1df Adding SMTP sendmail unit test (#299) 2017-07-01 12:36:02 -04:00
Kevin Chung 95245d2ab5 Send confirmation emails on register and add button to resend email (#298)
* Fixes #293
* Adding get_config/set_config test
2017-07-01 01:37:08 -04:00
Kevin Chung f1e339c3dc Adding override_template function (#297)
Purely for use by plugins to replace templates in an existing theme
2017-06-27 21:09:38 -04:00
Kevin Chung b6ce783cfd Fixes unstyled Setup UI (#291)
* Changing /static to /themes
* Adding test to make sure setup behavior works
2017-06-18 18:54:20 -04:00
Kevin Chung 1bbd7feb23 Moving themes into a themes folder (#287)
* Moving themes into a themes folder

This unifies themes under a themes folder which makes it easier to develop themes and install them.
2017-06-18 02:13:50 -04:00
Kevin Chung 202e8493b1 Give ip2long and long2ip ipv6 support (#271)
Improved ipv6 support in the `ip2long` and `long2ip` helper functions
2017-06-05 02:42:11 -04:00
Kevin Chung 6d9d03e35e Pages functionality improved (#267)
* Pages now support Markdown
* Pages now have a preview tab
* Adding a media library to Pages
2017-06-03 14:25:31 -04:00
Kevin Chung 59afacce69 Fixes #261 and generally supports Unicode better in Python 2 (#263)
* Fixing #261 and improving Unicode in Python2
* Fixing PEP8 issues
2017-05-21 12:43:31 -04:00
Kevin Chung e16d3a0b6e General fixes and PEP8 enforcement (#258)
* Fixing index page links when you deploy on a subdirectory

* Updating travis for pep8

* autopep8 with just formatting changes
2017-05-12 00:34:20 -04:00
Kevin Chung f48a0cdacd Hints (#232)
* Switching to Flask-Migrate to create tables/database. Adding Hints & Unlocks.
* Adding db.create_all call for sqlite db's (sqlite is not properly handled with alembic yet)
* Python 3 testing works properly with 3.5
* Adding admin side of hints
* Hints are viewable for users
2017-03-28 21:17:56 -04:00
Kevin Chung a3a7d75ae8 Plugins enhanced utils (#231)
* Updating utils functions to be monkey patchable

* Also fixing a team email update issue

* Adding more tests
2017-03-22 20:00:45 -04:00
Kevin Chung 06d0e00cf5 Fixes Python 3 compatibility for testing (#230)
* Testing 3.6

* Fixing Python 3 testing

* Fixing both kinds of tests :)

* PEP8 lint project and add linting checks to build process (#229)

* Revert "PEP8 lint project and add linting checks to build process (#229)"

This reverts commit 15d89d2b66030cdc2a6276b0a73acaa4912c06ab.
2017-03-12 19:53:26 -04:00
Kevin Chung 935027c55d Marking 1.0.0 (#196)
* Use <int:xxx> in routes to prevent some errors 500 (#192)

* Use first_or_404() to prevent some errors 500 (#193)

* Add a populating script for awards. (#191)

* Creating upload_file util

* Marking 1.0.0 in __init__ and starting database migrations

* Upgrading some more HTML

* Adding CHANGELOG.md
2017-01-24 23:06:16 -05:00
Kevin Chung fa788fe3d0 Latest set of changes (#190)
* PEP 8 compliance (#183)

* Group imports: standard library, third party, local
* Remove unnecessary spaces
* Comments should start with a # and a single space

* Adding tests for GETs on user facing pages

* Adding more user facing tests

51% test coverage

* Fixes #182

* Cleaning up Pages

Fixes a bug with CSS updating
2017-01-10 03:35:48 -05:00
Kevin Chung 397eb95dd7 Adding test_user_login 2017-01-07 11:48:10 -05:00
Kevin Chung 28d8a02ec6 Starting to write tests
test_index
test_register_user
test_user_isnt_admin
2017-01-07 02:44:31 -05:00