mirror of https://github.com/JohnHammond/CTFd.git
82 lines
2.2 KiB
Python
82 lines
2.2 KiB
Python
#!/usr/bin/env python
|
|
# -*- coding: utf-8 -*-
|
|
|
|
from tests.helpers import (
|
|
create_ctfd,
|
|
destroy_ctfd,
|
|
register_user,
|
|
login_as_user,
|
|
gen_page,
|
|
gen_challenge,
|
|
gen_team,
|
|
)
|
|
from flask import Flask
|
|
|
|
|
|
def get_bp_urls(blueprint):
|
|
temp_app = Flask(__name__)
|
|
temp_app.register_blueprint(blueprint)
|
|
return [str(p) for p in temp_app.url_map.iter_rules()]
|
|
|
|
|
|
def test_admin_access():
|
|
"""Can a user access admin pages?"""
|
|
app = create_ctfd()
|
|
with app.app_context():
|
|
gen_page(app.db, title="title", route="/route", content="content")
|
|
gen_challenge(app.db)
|
|
gen_team(app.db)
|
|
routes = [
|
|
"/admin/challenges/new",
|
|
"/admin/export/csv",
|
|
# '/admin/pages/preview',
|
|
"/admin/pages/new",
|
|
"/admin/teams/new",
|
|
"/admin/users/new",
|
|
"/admin/notifications",
|
|
"/admin/challenges",
|
|
"/admin/scoreboard",
|
|
"/admin/statistics",
|
|
"/admin/export",
|
|
"/admin/config",
|
|
"/admin/pages",
|
|
"/admin/teams",
|
|
"/admin/users",
|
|
"/admin",
|
|
"/admin/submissions/correct",
|
|
"/admin/submissions/incorrect",
|
|
"/admin/submissions",
|
|
"/admin/challenges/1",
|
|
# '/admin/plugins/<plugin>',
|
|
"/admin/pages/1",
|
|
"/admin/teams/1",
|
|
"/admin/users/1",
|
|
]
|
|
register_user(app)
|
|
client = login_as_user(app)
|
|
|
|
for route in routes:
|
|
r = client.get(route)
|
|
assert r.status_code == 302
|
|
assert r.location.startswith("http://localhost/login")
|
|
|
|
admin = login_as_user(app, name="admin")
|
|
routes.remove("/admin")
|
|
routes.remove("/admin/export/csv")
|
|
routes.remove("/admin/export")
|
|
for route in routes:
|
|
r = admin.get(route)
|
|
assert r.status_code == 200
|
|
destroy_ctfd(app)
|
|
|
|
|
|
def test_get_admin_as_user():
|
|
app = create_ctfd()
|
|
with app.app_context():
|
|
register_user(app)
|
|
client = login_as_user(app)
|
|
r = client.get("/admin")
|
|
assert r.status_code == 302
|
|
assert r.location.startswith("http://localhost/login")
|
|
destroy_ctfd(app)
|