From 13e36f89475a959c8c96908f44336fe0cb4eee6b Mon Sep 17 00:00:00 2001
From: Kevin Chung <kchung@ctfd.io>
Date: Sat, 17 Jul 2021 17:00:47 -0400
Subject: [PATCH] Only allow team members to be promoted to captain (#1943)

* Only allow team members to be promoted to captain
---
 CTFd/schemas/teams.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/CTFd/schemas/teams.py b/CTFd/schemas/teams.py
index 5925ac82..017a7d54 100644
--- a/CTFd/schemas/teams.py
+++ b/CTFd/schemas/teams.py
@@ -186,7 +186,14 @@ class TeamSchema(ma.ModelSchema):
             current_team = get_current_team()
             current_user = get_current_user()
             if current_team.captain_id == current_user.id:
-                return
+                captain = Users.query.filter_by(id=captain_id).first()
+                if captain in current_team.members:
+                    return
+                else:
+                    raise ValidationError(
+                        "Only team members can be promoted to captain",
+                        field_names=["captain_id"],
+                    )
             else:
                 raise ValidationError(
                     "Only the captain can change team captain",