Closes #107 and helps with #103

Now shows UTC timestamp

CTFd/admin.py

@@ -49,6 +49,7 @@ def admin_config():
 
         try:
             view_challenges_unregistered = bool(request.form.get('view_challenges_unregistered', None))
+            view_scoreboard_if_authed = bool(request.form.get('view_scoreboard_if_authed', None))
             prevent_registration = bool(request.form.get('prevent_registration', None))
             prevent_name_change = bool(request.form.get('prevent_name_change', None))
             view_after_ctf = bool(request.form.get('view_after_ctf', None))
@@ -57,6 +58,7 @@ def admin_config():
             mail_ssl = bool(request.form.get('mail_ssl', None))
         except (ValueError, TypeError):
             view_challenges_unregistered = None
+            view_scoreboard_if_authed = None
             prevent_registration = None
             prevent_name_change = None
             view_after_ctf = None
@@ -65,6 +67,7 @@ def admin_config():
             mail_ssl = None
         finally:
             view_challenges_unregistered = set_config('view_challenges_unregistered', view_challenges_unregistered)
+            view_scoreboard_if_authed = set_config('view_scoreboard_if_authed', view_scoreboard_if_authed)
             prevent_registration = set_config('prevent_registration', prevent_registration)
             prevent_name_change = set_config('prevent_name_change', prevent_name_change)
             view_after_ctf = set_config('view_after_ctf', view_after_ctf)
@@ -119,6 +122,7 @@ def admin_config():
     mail_ssl = get_config('mail_ssl')
 
     view_challenges_unregistered = get_config('view_challenges_unregistered')
+    view_scoreboard_if_authed = get_config('view_scoreboard_if_authed')
     prevent_registration = get_config('prevent_registration')
     prevent_name_change = get_config('prevent_name_change')
     verify_emails = get_config('verify_emails')
@@ -155,6 +159,7 @@ def admin_config():
                            mail_tls=mail_tls,
                            mail_ssl=mail_ssl,
                            view_challenges_unregistered=view_challenges_unregistered,
+                           view_scoreboard_if_authed=view_scoreboard_if_authed,
                            prevent_registration=prevent_registration,
                            mg_base_url=mg_base_url,
                            mg_api_key=mg_api_key,

CTFd/scoreboard.py

@@ -1,5 +1,5 @@
-from flask import current_app as app, session, render_template, jsonify, Blueprint
-from CTFd.utils import unix_time
+from flask import current_app as app, session, render_template, jsonify, Blueprint, redirect, url_for, request
+from CTFd.utils import unix_time, authed, get_config
 from CTFd.models import db, Teams, Solves, Challenges
 
 scoreboard = Blueprint('scoreboard', __name__)
@@ -7,6 +7,8 @@ scoreboard = Blueprint('scoreboard', __name__)
 
 @scoreboard.route('/scoreboard')
 def scoreboard_view():
+    if get_config('view_scoreboard_if_authed') and not authed():
+        return redirect(url_for('auth.login', next=request.path))
     score = db.func.sum(Challenges.value).label('score')
     quickest = db.func.max(Solves.date).label('quickest')
     teams = db.session.query(Solves.teamid, Teams.name, score)\
@@ -20,6 +22,8 @@ def scoreboard_view():
 
 @scoreboard.route('/scores')
 def scores():
+    if get_config('view_scoreboard_if_authed') and not authed():
+        return redirect(url_for('auth.login', next=request.path))
     score = db.func.sum(Challenges.value).label('score')
     quickest = db.func.max(Solves.date).label('quickest')
     teams = db.session.query(Solves.teamid, Teams.name, score)\
@@ -36,6 +40,8 @@ def scores():
 
 @scoreboard.route('/top/<count>')
 def topteams(count):
+    if get_config('view_scoreboard_if_authed') and not authed():
+        return redirect(url_for('auth.login', next=request.path))
     try:
         count = int(count)
     except:

CTFd/templates/admin/config.html

@@ -110,6 +110,7 @@
                 <li role="presentation">
                     <a href="#end-date" aria-controls="end-date" role="tab" data-toggle="tab">End Time</a>
                 </li>
+                <sub style="float:right;">* All time fields required</sub>
             </ul>
 
             <div class="tab-content">
@@ -163,9 +164,12 @@
                                 {% endfor %}
                             </select>
                         </div>
-                        <input class="form-control" id='start' name='start' type='hidden'
+                        <div class="form-group col-xs-12">
+                            <label for="start">UTC Timestamp:</label>
+                            <input class="form-control" id='start' name='start' type='text'
                                placeholder="Start Date (UTC timestamp)"
-                               {% if start is defined and start != None %}value="{{ start }}"{% endif %}>
+                               {% if start is defined and start != None %}value="{{ start }}"{% endif %} readonly>
+                        </div>
                     </div>
                 </div>
                 <div role="tabpanel" class="tab-pane" id="end-date">
@@ -219,9 +223,12 @@
                                 {% endfor %}
                             </select>
                         </div>
-                        <input class="form-control" id='end' name='end' type='hidden'
+                        <div class="form-group col-xs-12">
+                            <label for="end">UTC Timestamp:</label>
+                            <input class="form-control" id='end' name='end' type='text'
                                placeholder="End Date (UTC timestamp)"
-                               {% if end is defined and end != None %}value="{{ end }}"{% endif %}>
+                               {% if end is defined and end != None %}value="{{ end }}"{% endif %} readonly>
+                        </div>
                     </div>
                 </div>
             </div>
@@ -247,6 +254,14 @@
                 </label>
             </div>
 
+            <div class="checkbox">
+                <label>
+                    <input id="view_scoreboard_if_authed" name="view_scoreboard_if_authed" type="checkbox"
+                           {% if view_scoreboard_if_authed %}checked{% endif %}>
+                    Scoreboard can only be viewed by logged in users
+                </label>
+            </div>
+
             <div class="checkbox">
                 <label>
                     <input id="prevent_registration" name="prevent_registration" type="checkbox" {% if prevent_registration %}checked{% endif %}>
@@ -285,6 +300,7 @@
         };
         function load_date_values(place){
             if (place == 'start'){
+                $('#start').parent().hide();
                 console.log('Loading start')
                 var month = $('#start-month').val();
                 var day = $('#start-day').val();
@@ -297,8 +313,10 @@
                     var utc = convert_date_to_moment(month, day, year, hour, minute);
                     console.log(utc.unix());
                     $('#start').val(utc.unix());
+                    $('#start').parent().show();
                 }
             } else {
+                $('#end').parent().hide();
                 var month = $('#end-month').val();
                 var day = $('#end-day').val();
                 var year = $('#end-year').val();
@@ -309,6 +327,7 @@
                 } else {
                     var utc = convert_date_to_moment(month, day, year, hour, minute);
                     $('#end').val(utc.unix());
+                    $('#end').parent().show();
                 }
             }
         }

CTFd/views.py

@@ -133,6 +133,8 @@ def teams(page):
 
 @views.route('/team/<teamid>', methods=['GET', 'POST'])
 def team(teamid):
+    if get_config('view_scoreboard_if_authed') and not authed():
+        return redirect(url_for('auth.login', next=request.path))
     user = Teams.query.filter_by(id=teamid).first()
     solves = Solves.query.filter_by(teamid=teamid).all()
     score = user.score()