mirror of
https://github.com/aljazceru/CTFd.git
synced 2025-12-17 05:54:19 +01:00
Fixing email confirmation and adding more base64 tests (#344)
* Fixing email confirmation and adding more base64 tests
This commit is contained in:
Kevin Chung
15
CTFd/auth.py
15
CTFd/auth.py
@@ -20,7 +20,7 @@ def confirm_user(data=None):
|
||||
# If the CTF doesn't care about confirming email addresses then redierct to challenges
|
||||
return redirect(url_for('challenges.challenges_view'))
|
||||
|
||||
logger = logging.getLogger('logins')
|
||||
logger = logging.getLogger('regs')
|
||||
# User is confirming email account
|
||||
if data and request.method == "GET":
|
||||
try:
|
||||
@@ -30,18 +30,16 @@ def confirm_user(data=None):
|
||||
return render_template('confirm.html', errors=['Your confirmation link has expired'])
|
||||
except BadSignature:
|
||||
return render_template('confirm.html', errors=['Your confirmation link seems wrong'])
|
||||
except:
|
||||
return render_template('confirm.html', errors=['Your link appears broken, please try again.'])
|
||||
team = Teams.query.filter_by(email=email).first_or_404()
|
||||
team.verified = True
|
||||
db.session.commit()
|
||||
db.session.close()
|
||||
logger.warn("[{date}] {ip} - {username} confirmed their account".format(
|
||||
date=time.strftime("%m/%d/%Y %X"),
|
||||
ip=utils.get_ip(),
|
||||
username=team.name.encode('utf-8'),
|
||||
email=team.email.encode('utf-8')
|
||||
))
|
||||
db.session.close()
|
||||
if utils.authed():
|
||||
return redirect(url_for('challenges.challenges_view'))
|
||||
return redirect(url_for('auth.login'))
|
||||
@@ -91,12 +89,12 @@ def reset_password(data=None):
|
||||
team = Teams.query.filter_by(name=name).first_or_404()
|
||||
team.password = bcrypt_sha256.encrypt(request.form['password'].strip())
|
||||
db.session.commit()
|
||||
db.session.close()
|
||||
logger.warn("[{date}] {ip} - successful password reset for {username}".format(
|
||||
date=time.strftime("%m/%d/%Y %X"),
|
||||
ip=utils.get_ip(),
|
||||
username=team.name.encode('utf-8')
|
||||
))
|
||||
db.session.close()
|
||||
return redirect(url_for('auth.login'))
|
||||
|
||||
if request.method == 'POST':
|
||||
@@ -165,7 +163,6 @@ def register():
|
||||
session['nonce'] = utils.sha512(os.urandom(10))
|
||||
|
||||
if utils.can_send_mail() and utils.get_config('verify_emails'): # Confirming users is enabled and we can send email.
|
||||
db.session.close()
|
||||
logger = logging.getLogger('regs')
|
||||
logger.warn("[{date}] {ip} - {username} registered (UNCONFIRMED) with {email}".format(
|
||||
date=time.strftime("%m/%d/%Y %X"),
|
||||
@@ -173,22 +170,20 @@ def register():
|
||||
username=request.form['name'].encode('utf-8'),
|
||||
email=request.form['email'].encode('utf-8')
|
||||
))
|
||||
|
||||
utils.verify_email(team.email)
|
||||
|
||||
db.session.close()
|
||||
return redirect(url_for('auth.confirm_user'))
|
||||
else: # Don't care about confirming users
|
||||
if utils.can_send_mail(): # We want to notify the user that they have registered.
|
||||
utils.sendmail(request.form['email'], "You've successfully registered for {}".format(utils.get_config('ctf_name')))
|
||||
|
||||
db.session.close()
|
||||
|
||||
logger.warn("[{date}] {ip} - {username} registered with {email}".format(
|
||||
date=time.strftime("%m/%d/%Y %X"),
|
||||
ip=utils.get_ip(),
|
||||
username=request.form['name'].encode('utf-8'),
|
||||
email=request.form['email'].encode('utf-8')
|
||||
))
|
||||
db.session.close()
|
||||
return redirect(url_for('challenges.challenges_view'))
|
||||
else:
|
||||
return render_template('register.html')
|
||||
|
||||
@@ -35,6 +35,7 @@
|
||||
aria-hidden="true">×</span></button>
|
||||
</div>
|
||||
{% endfor %}
|
||||
{% if team %}
|
||||
<h3 class="text-center">
|
||||
We've sent a confirmation email to {{ team.email }}
|
||||
</h3>
|
||||
@@ -44,8 +45,9 @@
|
||||
<h4 class="text-center">
|
||||
Please click the link in that email to confirm your account.
|
||||
</h4>
|
||||
{% endif %}
|
||||
|
||||
|
||||
{% if username %}
|
||||
<form method="POST">
|
||||
<h4 class="text-center">
|
||||
Need to resend the confirmation email?
|
||||
@@ -55,6 +57,7 @@
|
||||
</div>
|
||||
<input type="hidden" name="nonce" value="{{ nonce }}">
|
||||
</form>
|
||||
{% endif %}
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
@@ -529,6 +529,10 @@ def sha512(string):
|
||||
def base64encode(s, urlencode=False):
|
||||
if six.PY3 and isinstance(s, six.string_types):
|
||||
s = s.encode('utf-8')
|
||||
else:
|
||||
# Python 2 support because the base64 module doesnt like unicode
|
||||
s = str(s)
|
||||
|
||||
encoded = base64.urlsafe_b64encode(s)
|
||||
if six.PY3:
|
||||
encoded = encoded.decode('utf-8')
|
||||
@@ -540,8 +544,13 @@ def base64encode(s, urlencode=False):
|
||||
def base64decode(s, urldecode=False):
|
||||
if urldecode:
|
||||
s = unquote(s)
|
||||
|
||||
if six.PY3 and isinstance(s, six.string_types):
|
||||
s = s.encode('utf-8')
|
||||
else:
|
||||
# Python 2 support because the base64 module doesnt like unicode
|
||||
s = str(s)
|
||||
|
||||
decoded = base64.urlsafe_b64decode(s)
|
||||
if six.PY3:
|
||||
decoded = decoded.decode('utf-8')
|
||||
|
||||
@@ -7,6 +7,7 @@ from CTFd.utils import get_config, set_config, override_template, sendmail, veri
|
||||
from CTFd.utils import base64encode, base64decode
|
||||
from mock import patch
|
||||
import json
|
||||
import six
|
||||
|
||||
|
||||
def test_get_config_and_set_config():
|
||||
@@ -44,14 +45,32 @@ def test_long2ip_ipv6():
|
||||
|
||||
def test_base64encode():
|
||||
"""The base64encode wrapper works properly"""
|
||||
if six.PY2:
|
||||
assert base64encode('abc123') == 'YWJjMTIz'
|
||||
assert base64encode(unicode('abc123')) == 'YWJjMTIz'
|
||||
assert base64encode(unicode('"test@mailinator.com".DGxeoA.lCssU3M2QuBfohO-FtdgDQLKbU4'), urlencode=True) == 'InRlc3RAbWFpbGluYXRvci5jb20iLkRHeGVvQS5sQ3NzVTNNMlF1QmZvaE8tRnRkZ0RRTEtiVTQ%3D'
|
||||
assert base64encode('😆') == '8J-Yhg=='
|
||||
assert base64encode('😆', urlencode=True) == '8J-Yhg%3D%3D'
|
||||
else:
|
||||
assert base64encode('abc123') == 'YWJjMTIz'
|
||||
assert base64encode('abc123') == 'YWJjMTIz'
|
||||
assert base64encode('"test@mailinator.com".DGxeoA.lCssU3M2QuBfohO-FtdgDQLKbU4', urlencode=True) == 'InRlc3RAbWFpbGluYXRvci5jb20iLkRHeGVvQS5sQ3NzVTNNMlF1QmZvaE8tRnRkZ0RRTEtiVTQ%3D'
|
||||
assert base64encode('😆') == '8J-Yhg=='
|
||||
assert base64encode('😆', urlencode=True) == '8J-Yhg%3D%3D'
|
||||
|
||||
|
||||
def test_base64decode():
|
||||
"""The base64decode wrapper works properly"""
|
||||
if six.PY2:
|
||||
assert base64decode('YWJjMTIz') == 'abc123'
|
||||
assert base64decode(unicode('YWJjMTIz')) == 'abc123'
|
||||
assert base64decode(unicode('InRlc3RAbWFpbGluYXRvci5jb20iLkRHeGVvQS5sQ3NzVTNNMlF1QmZvaE8tRnRkZ0RRTEtiVTQ%3D'), urldecode=True) == '"test@mailinator.com".DGxeoA.lCssU3M2QuBfohO-FtdgDQLKbU4'
|
||||
assert base64decode('8J-Yhg==') == '😆'
|
||||
assert base64decode('8J-Yhg%3D%3D', urldecode=True) == '😆'
|
||||
else:
|
||||
assert base64decode('YWJjMTIz') == 'abc123'
|
||||
assert base64decode('YWJjMTIz') == 'abc123'
|
||||
assert base64decode('InRlc3RAbWFpbGluYXRvci5jb20iLkRHeGVvQS5sQ3NzVTNNMlF1QmZvaE8tRnRkZ0RRTEtiVTQ%3D', urldecode=True) == '"test@mailinator.com".DGxeoA.lCssU3M2QuBfohO-FtdgDQLKbU4'
|
||||
assert base64decode('8J-Yhg==') == '😆'
|
||||
assert base64decode('8J-Yhg%3D%3D', urldecode=True) == '😆'
|
||||
|
||||
|
||||
Reference in New Issue
Block a user