Fix wrong user mode in challenge_solves_box (#812)

* Fix incorrect user/team link in the challenge solves tab * Change /api/v1/<challenge_id>/solves to also return account_url
2025-12-17 05:54:19 +01:00 · 2019-01-02 15:22:58 +08:00
parent ae092652c6
commit 08c39c01a3
3 changed files with 70 additions and 5 deletions
--- a/CTFd/api/v1/challenges.py
+++ b/CTFd/api/v1/challenges.py
@@ -1,4 +1,4 @@
-from flask import session, request, abort
+from flask import session, request, abort, url_for
 from flask_restplus import Namespace, Resource
 from CTFd.models import (
    db,
@@ -29,11 +29,11 @@ from CTFd.cache import cache, clear_standings
 from CTFd.utils.scores import get_standings
 from CTFd.utils.config.visibility import scores_visible, accounts_visible, challenges_visible
 from CTFd.utils.user import get_current_user, is_admin, authed
-from CTFd.utils.modes import get_model
+from CTFd.utils.modes import get_model, USERS_MODE, TEAMS_MODE
 from CTFd.schemas.tags import TagSchema
 from CTFd.schemas.hints import HintSchema
 from CTFd.schemas.flags import FlagSchema
-from CTFd.utils import config
+from CTFd.utils import config, get_config
 from CTFd.utils import user as current_user
 from CTFd.utils.user import get_current_team
 from CTFd.utils.user import get_current_user
@@ -490,11 +490,20 @@ class ChallengeSolves(Resource):
            .filter(Solves.challenge_id == challenge_id, Model.banned == False, Model.hidden == False)\
            .order_by(Solves.date.asc())

+        endpoint = None
+        if get_config('user_mode') == TEAMS_MODE:
+            endpoint = 'teams.public'
+            arg = 'team_id'
+        elif get_config('user_mode') == USERS_MODE:
+            endpoint = 'users.public'
+            arg = 'user_id'
+
        for solve in solves:
            response.append({
                'account_id': solve.account_id,
                'name': solve.account.name,
-                'date': isoformat(solve.date)
+                'date': isoformat(solve.date),
+                'account_url': url_for(endpoint, **{arg: solve.account_id})
            })

        return {
--- a/CTFd/themes/core/static/js/challenges.js
+++ b/CTFd/themes/core/static/js/challenges.js
@@ -220,7 +220,8 @@ function getsolves(id) {
            var id = data[i].account_id;
            var name = data[i].name;
            var date = moment(data[i].date).local().fromNow();
-            box.append('<tr><td><a href="teams/{0}">{1}</td><td>{2}</td></tr>'.format(id, htmlentities(name), date));
+            var account_url = data[i].account_url
+            box.append('<tr><td><a href="{0}">{2}</td><td>{3}</td></tr>'.format(account_url, id, htmlentities(name), date));
        }
    });
 }
--- a/tests/api/v1/test_challenges.py
+++ b/tests/api/v1/test_challenges.py
@@ -431,6 +431,61 @@ def test_api_challenge_get_solves_404():
    destroy_ctfd(app)


+def test_api_challenge_solves_returns_correct_data():
+    """Test that /api/v1/<challenge_id>/solves returns expected data"""
+    app = create_ctfd()
+    with app.app_context():
+        register_user(app)
+        client = login_as_user(app)
+        chal = gen_challenge(app.db)
+        gen_solve(app.db, user_id=2, challenge_id=chal.id)
+        r = client.get('/api/v1/challenges/1/solves')
+        resp = r.get_json()['data']
+        solve = resp[0]
+        assert r.status_code == 200
+        assert solve.get('account_id') == 2
+        assert solve.get('name') == 'user'
+        assert solve.get('date') is not None
+        assert solve.get('account_url') == '/users/2'
+    destroy_ctfd(app)
+
+    app = create_ctfd(user_mode="teams")
+    with app.app_context():
+        register_user(app)
+        client = login_as_user(app)
+        team = gen_team(app.db)
+        user = Users.query.filter_by(id=2).first()
+        user.team_id = team.id
+        app.db.session.commit()
+        chal = gen_challenge(app.db)
+        gen_solve(app.db, user_id=2, team_id=1, challenge_id=chal.id)
+        r = client.get('/api/v1/challenges/1/solves')
+        resp = r.get_json()['data']
+        solve = resp[0]
+        assert r.status_code == 200
+        assert solve.get('account_id') == 1
+        assert solve.get('name') == 'team_name'
+        assert solve.get('date') is not None
+        assert solve.get('account_url') == '/teams/1'
+    destroy_ctfd(app)
+
+    app = create_ctfd(application_root='/ctf')
+    with app.app_context():
+        register_user(app)
+        client = login_as_user(app)
+        chal = gen_challenge(app.db)
+        gen_solve(app.db, user_id=2, challenge_id=chal.id)
+        r = client.get('/api/v1/challenges/1/solves')
+        resp = r.get_json()['data']
+        solve = resp[0]
+        assert r.status_code == 200
+        assert solve.get('account_id') == 2
+        assert solve.get('name') == 'user'
+        assert solve.get('date') is not None
+        assert solve.get('account_url') == '/ctf/users/2'
+    destroy_ctfd(app)
+
+
 def test_api_challenge_get_files_non_admin():
    """Can a user get /api/v1/challenges/<challenge_id>/files if not admin"""
    app = create_ctfd()