From 0c6e28315c35dde8c29e3d67e6032ea160ebe290 Mon Sep 17 00:00:00 2001
From: Kevin Chung <kchung@ctfd.io>
Date: Fri, 8 Apr 2022 15:14:57 -0400
Subject: [PATCH] Add userName and userEmail to init objects in base.html
 (#2082)

* Add `userName` and `userEmail` to the CTFd init object in `base.html`
* Closes #2066
---
 CTFd/themes/admin/templates/base.html |  2 ++
 CTFd/themes/core/templates/base.html  |  2 ++
 tests/users/test_users.py             | 12 ++++++++++++
 3 files changed, 16 insertions(+)

diff --git a/CTFd/themes/admin/templates/base.html b/CTFd/themes/admin/templates/base.html
index 1821bdfc..ea457509 100644
--- a/CTFd/themes/admin/templates/base.html
+++ b/CTFd/themes/admin/templates/base.html
@@ -17,6 +17,8 @@
 			'csrfNonce': "{{ Session.nonce }}",
 			'userMode': "{{ get_config('user_mode') }}",
 			'userId': {{ id if (id is defined) else 0 }},
+			'userName': "{{ User.name }}",
+			'userEmail': "{{ User.email }}",
 			'start': {{ get_config("start") | tojson }},
 			'end': {{ get_config("end") | tojson }},
 		}
diff --git a/CTFd/themes/core/templates/base.html b/CTFd/themes/core/templates/base.html
index 2cdd9f9b..2b9ff83d 100644
--- a/CTFd/themes/core/templates/base.html
+++ b/CTFd/themes/core/templates/base.html
@@ -18,6 +18,8 @@
 			'csrfNonce': "{{ Session.nonce }}",
 			'userMode': "{{ Configs.user_mode }}",
 			'userId': {{ Session.id }},
+			'userName': "{{ User.name }}",
+			'userEmail': "{{ User.email }}",
 			'start': {{ Configs.start | tojson }},
 			'end': {{ Configs.end | tojson }},
 			'theme_settings': {{ Configs.theme_settings | tojson }}
diff --git a/tests/users/test_users.py b/tests/users/test_users.py
index 8615a224..3419843b 100644
--- a/tests/users/test_users.py
+++ b/tests/users/test_users.py
@@ -61,6 +61,10 @@ def test_hidden_user_visibility():
 
             r = client.get("/users")
             response = r.get_data(as_text=True)
+            # Only search in body content
+            body_start = response.find("<body>")
+            body_end = response.find("</body>")
+            response = response[body_start:body_end]
             assert user_name not in response
 
             r = client.get("/api/v1/users")
@@ -71,6 +75,10 @@ def test_hidden_user_visibility():
 
             r = client.get("/scoreboard")
             response = r.get_data(as_text=True)
+            # Only search in body content
+            body_start = response.find("<body>")
+            body_end = response.find("</body>")
+            response = response[body_start:body_end]
             assert user_name not in response
 
             r = client.get("/api/v1/scoreboard")
@@ -85,6 +93,10 @@ def test_hidden_user_visibility():
 
             r = client.get("/users")
             response = r.get_data(as_text=True)
+            # Only search in body content
+            body_start = response.find("<body>")
+            body_end = response.find("</body>")
+            response = response[body_start:body_end]
             assert user_name in response
 
             r = client.get("/api/v1/users")