Commit Graph

572 Commits (fadb8271d211e5afb46e95e77e89c8298a829501)

Author SHA1 Message Date
Kevin Chung fadb8271d2
Dont calculate hidden users in place (#918)
* Fix for hidden users bumping a user's place in their profile 
* Don't calculate hidden users in a user's place
2019-03-22 04:07:53 -04:00
s-nirali 37dcfdc568 Read smtp server configuration from config.py (#914)
* Read smtp server configuration from config.py

The CTFd/utils/email/smtp.py file has a provision to read SMTP
configuration for all fields from either the UI or CTFd/config.py file.
Two fields, `MAIL_SERVER` and `MAIL_PORT`, were not being read from the
config.py file. This commit fixes this issue.

* Update simple SMTP server tests
2019-03-21 22:10:08 -04:00
Grant Hernandez 1eb687a065 Fix email confirmation log line (#913) 2019-03-21 20:23:16 -04:00
Kevin Chung 4f7c4687d7
Reimplement admin send mail to users (#903)
* Reimplement admin send mail to users as `/api/v1/users/<user_id>/email`
* Update form and related Javascript
* Write test for controller
* Closes #897
2019-03-17 18:54:44 -07:00
Kevin Chung 42fa8fe555
Fix order by clause in Teams.get_solves (#901)
* Fix order_by clause in Teams.get_solves
2019-03-17 15:49:36 -07:00
Kevin Chung 39ef6509ff
Fix incorrect UserSchema view (#902)
* Fix UserSchema to be controlled by the user's type
2019-03-17 12:26:11 -07:00
David Chan da98bc9314 Assign solves.filter query (#896)
Closes #895
2019-03-17 10:12:57 -07:00
Kevin Chung 79b7b1dd5c
Fix removing profile details (Closes #894) (#899)
* Fix removing profile details (Closes #894)
* Update tests to properly check setting and removing profile values
2019-03-17 09:08:52 -07:00
Kevin Chung bf799fb220
Closes #861 (#889)
* Move plugin table creation before insertion and ignore errors during Postgres
2019-03-01 15:37:02 -08:00
Kevin Chung 2f252f5240
Fix for overflowing content preventing edit and deletion in admin panel (#891)
* Closes #876
* Fixes overflowing admin panel content by adding the `.text-break` CSS class.
    * This is .text-break cloned from Bootstrap 4.3 with a fix for browsers not supporting break-word. It will be removed from the main CTFd classes when Bootstrap is upgraded internally.
2019-02-28 20:04:21 -08:00
Kevin Chung 1f768dbfaf
Fix for hidden teams being visible on the team listing page and score… (#880)
* Fix for hidden teams being visible on the team listing page and scoreboard endpoints
2019-02-10 01:55:27 -05:00
Kevin Chung b4da3b464b
Replace temfile.SpooledTemporaryFile with tempfile.NamedTemporaryFile (#870)
* Replace `tempfile.SpooledTemporaryFile` with `tempfile.NamedTemporaryFile` in exports code
* Closes #869
2019-02-04 23:19:07 -05:00
Kevin Chung 7502ace50e
Closes #866 (#868)
* Adds `linux-headers` package to Dockerfile
* Closes #866
2019-02-03 18:46:01 -05:00
Kevin Chung 385d128d73
Mark 2.0.4 (#863) 2019-01-31 02:09:48 -05:00
Kevin Chung 2f49477465
Fix creating users from the admin panel while name changes disabled (#862)
* Fix creating users from the admin panel while name changes are disabled; clean up user & team schema validators
* Closes #832
* Coerce /api/v1/teams/<team_id> to /api/v1/teams/<int:team_id>
2019-01-31 01:18:46 -05:00
Kevin Chung 2935a76722
Fix showing incorrect 'CTF has ended' error if view_after_ctf is set (#859)
* Fix showing incorrect 'CTF has ended' error if view_after_ctf is set
2019-01-30 19:46:31 -05:00
Kevin Chung ae8ce0b430
Install gevent-websocket and use it by default until we have a better solution (#850)
* Install `gevent-websocket` and use it by default until we have a better solution
* May help with #849
2019-01-24 02:47:50 -05:00
Kevin Chung 06f0715369
Allow custom MySQL ports in docker entrypoint (#848)
* Allow DATABASE_URL to contain custom MySQL ports for docker-entrypoint.sh
* Drop WORKERS count to 1 to avoid dealing with Flask-SocketIO sticky sessions
2019-01-21 22:40:23 -05:00
Kevin Chung 92e7be224b
Revert 762 log envvar (#845)
* Stop gunicorn from logging to `LOG_FOLDER` in docker without explicit opt-in
* Re-add the `LOG_FOLDER` envvar to docker-compose so we don't try to write to the read-only host
* Add `ACCESS_LOG` and `ERROR_LOG` envvars to docker to specify where gunicorn will log to
2019-01-21 12:17:59 -05:00
Kevin Chung 3af036b4b2
Block new user registration if registering via MLC (#840)
* Block new user registration if registering via MLC
* Allow login with MLC while registration is disabled
2019-01-19 16:00:29 -05:00
Kevin Chung f8607c3d5c
Call init_logs() function to add logging handlers. Move init_logs() into initialization vs logging. (#841)
* Closes #835 
* Move `utils.logging.init_logs()` into `utils.initialization`
2019-01-19 13:43:29 -05:00
Kevin Chung a181c0a1e2
Consider account configs when user patches their own account (#836)
* Consider account configs when user patches their own account
* Add test for name changing
* Add test to ensure that users changing emails are marked unconfirmed
* Only allow users to change to emails in whitelisted domains
* Simplify assertion for error check
2019-01-17 22:54:42 -05:00
Kevin Chung e70c985d73
Fix update_check() logic (#830)
* Fix update_check() logic so that we don't accidentally remove the link to updates
* Update CHANGELOG
2019-01-12 14:04:51 -05:00
Kevin Chung fed0366ac0
Mark 2.0.3 (#828)
* Mark 2.0.3
2019-01-12 10:53:25 -05:00
Kevin Chung 6e8c7aaa50
Require CSRF-Token header on state changing API requests, require CSRF nonces on more than just POSTs, replace usage of fetch() with custom CTFd.fetch() implementation (#827)
* Require CSRF-Token header on state changing API requests
* Require CSRF nonces on more than just POSTs, 
* Replace usage of `fetch()` with custom `CTFd.fetch()` implementation
2019-01-10 22:38:37 -05:00
Kevin Chung 9ee743de7e
Simplify url_for calls in themes, rework CTFd.js, fix flaky test (#826)
* Simplify url_for calls in themes, rework CTFd.js, fix flaky test
2019-01-10 01:58:39 -05:00
Kevin Chung 83e294057e
Default SameSite session cookie setting to Lax (#824) 2019-01-08 02:52:51 -05:00
Kevin Chung 9f7dc0543c
Fix insecure link to MLC (#822) 2019-01-05 19:25:29 -05:00
Kevin Chung f1d0221ee2
Mark 2.0.2 (#819)
* Mark 2.0.2
* [ci-skip] Fix grammar issues
2019-01-04 02:14:04 -05:00
Kevin Chung 3093aa7d00
Fix 500s from invalid page args (#818)
* Fix some 500s generated by invalid non-int page arguments
2019-01-03 02:38:48 -05:00
Kevin Chung 747fa432c0
Pin normality version (#817)
Closes #816
Pin version of normality to work around pudo/normality#6.
2019-01-02 22:04:32 -05:00
FaultyMach1ine 08c39c01a3 Fix wrong user mode in challenge_solves_box (#812)
* Fix incorrect user/team link in the challenge solves tab
* Change /api/v1/<challenge_id>/solves to also return account_url
2019-01-02 02:22:58 -05:00
FaultyMach1ine ae092652c6 Update dynamic_challenges plugin ui to disable modification of current_value items (#811)
* Disable the `value` input on dynamic challenges because it is unused
* Fix some lint issues in templates
2019-01-01 19:11:45 -05:00
Kevin Chung 324f8859a1
Fix subdirectory deployments in a generic manner (#802)
* Fix subdirectory deployments in a generic manner by modifying`request.path` to combine both `request.script_root` and `request.path` and also creating a request preprocessor to redirect users into the true CTFd app. Without this sessions will be invalid because sessions will be set to a subdirectory. 
* Add a test for testing subdirectory deployments and the customized CTFdRequest object.
* Fix `TestingConfig.SAFE_MODE` getting stuck in between tests. 
* Order AWS keys properly in travis.yml
* Redirect to `request.full_path` instead of just `request.path`
2018-12-16 13:18:08 -05:00
Kevin Chung f4f4bd5333
Adds plugin functions to register javascript and CSS in the admin panel. Move global plugin script/stylesheet lists into application factory specific lists. Closes #804 (#805)
* Adds plugin functions to register javascript and CSS in the admin panel
* Move global plugin script/stylesheet lists into application factory specific lists
* Closes #804
2018-12-15 13:48:21 -05:00
Kevin Chung 367110969e
Update admin notification UI and allow for deleting notifications (#803)
* Show notification titles on the notification list page
* Allow for deleting notifications
* Update notification UI in admin panel
* Make /api/v1/notifications/<id> accessible to all
* Default `login_as_user()` and `register_user()` to fail on invalid credentials
2018-12-14 23:23:02 -05:00
Kevin Chung 0c14f6ff0f
Disable user mode switching client side (Closes #799) (#800)
* Disable user mode switching on client side (Closes #799)
* It's ill advised to switch user modes after a CTF is setup. The simplest thing to do here is to require CTF resetting in order to switch modes. If it makes sense this can be re-enabled and re-evaluated.
2018-12-11 20:49:27 -05:00
Kevin Chung 087443467f
Allow unauthed users to attempt challenges if visibility is public but get redirected (Closes #797) (#798) 2018-12-10 22:58:23 -05:00
Kevin Chung f3a97f7344
Mark 2.0.1 release (#796) 2018-12-09 15:47:56 -05:00
Kevin Chung 234d9ec57d
Fix email confirmations and password resets (#795)
* Fix email confirmations and improve test.
* Breaks confirm.html page because of change from team to user
* Clean up admin mail settings to use new label/small structure
* Fix password resets from double hashing passwords
2018-12-09 14:47:40 -05:00
Peter b331bb3e0e Fix divison-by-zero when adding requirement to dynamic challenge (#782)
* Fixing a bug where prerequisites could not be set for dynamic challenges due to a division by zero error where defaults were being set unnecessarily. 
* Creating unit test for adding requirement to dynamic challenges
2018-12-08 00:36:29 -05:00
Kevin Chung e4fd1c47dd
Fix downloading files as an anonymous user. (#792)
* Fix downloading files as an anonymous user. 
* Fix viewing challenges anonymously if they have empty requirements. Closes #789
* Allow anonymous users to see see challenges with empty requirements or anonymized challenges
2018-12-07 23:37:30 -05:00
Kevin Chung 760a8add03
Fix S3 sync function to only sync down full files (#788)
* Fix S3 sync function to only pull down files
2018-12-07 03:08:16 -05:00
Kevin Chung ecd630c64a
Disable jinja cache properly by setting cache_size to 0 (#662) (#787)
* Disable jinja cache properly by setting cache_size to 0 (#662)
* Without disabling the cache you get some difficult to debug rendering errors. Regression from 1.2.0.
2018-12-06 22:36:34 -05:00
Kevin Chung 5cedcb7372
Fix hint loading for admins with /api/v1/hints/<id>?preview=true (#786)
* Fix hint loading for admins by adding /api/v1/hints/<id>?preview=true for use by admins
* Add tests for admin Hint preview
2018-12-06 21:46:47 -05:00
Kevin Chung afdfaa15da
Fix CTF resets in mysql (#785)
* Extend test for CTFd resets and fix issue in MySQL
* Expand reset test and fix helper for fails and tracking
2018-12-06 20:43:14 -05:00
Kevin Chung 547fe61870
Fix syncing down an empty S3 bucket (#783)
* Fix syncing down an empty S3 bucket
* Add test for S3 uploader
* Remove boto.cfg because of https://github.com/travis-ci/travis-ci/issues/7940#issuecomment-310759657
* Specify dummy AWS creds in travis.yml
* Fix S3Uploader in Python 3 and fix test
2018-12-06 01:39:39 -05:00
Kevin Chung 473acdbdc3
Fix smtp sendmail (#781)
* Fix setting mail_username, mail_password; Fix setting auth for get_smtp
* Add MAIL_USEAUTH to config.py
* Add more mail documentation to config.py
* Prevent overriding smtp attributes on config update; update email tests to use mail_userauth
2018-12-05 00:18:11 -05:00
Raihan Ramadistra 64b96d9c1a Fix admin cannot modify verified status in Edit User (#777)
* Grant admin write access to verified field in UserSchema.
* Add test admin can view and modify verified status
* Add test for creating users with settings
* Add codecov threshold for test failures
2018-12-04 00:35:51 -05:00
Kevin Chung 809e4df471
Update CHANGELOG (#775) 2018-12-02 11:54:48 -05:00