aljaz/CTFd
1
0
Fork 0
mirror of https://github.com/aljazceru/CTFd.git synced 2025-12-17 22:14:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix creating users from the admin panel while name changes disabled (#862)

Browse Source 
* Fix creating users from the admin panel while name changes are disabled; clean up user & team schema validators
* Closes #832
* Coerce /api/v1/teams/<team_id> to /api/v1/teams/<int:team_id>
This commit is contained in:
Kevin Chung
2019-01-31 01:18:46 -05:00
committed by GitHub
parent 2935a76722
commit 2f49477465
7 changed files with 178 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

96
tests/api/v1/test_users.py
View File

@@ -118,6 +118,102 @@ def test_api_users_post_admin_with_attributes():
destroy_ctfd(app)
def test_api_users_post_admin_duplicate_information():
"""Can an admin create a user with duplicate information"""
app = create_ctfd()
with app.app_context():
register_user(app)
with login_as_user(app, 'admin') as client:
# Duplicate email
r = client.post('/api/v1/users', json={
"name": "user2",
"email": "user@ctfd.io",
"password": "password"
})
resp = r.get_json()
assert r.status_code == 400
assert resp['errors']['email']
assert resp['success'] is False
assert Users.query.count() == 2
# Duplicate user
r = client.post('/api/v1/users', json={
"name": "user",
"email": "user2@ctfd.io",
"password": "password"
})
resp = r.get_json()
assert r.status_code == 400
assert resp['errors']['name']
assert resp['success'] is False
assert Users.query.count() == 2
destroy_ctfd(app)
def test_api_users_patch_admin_duplicate_information():
"""Can an admin modify a user with duplicate information"""
app = create_ctfd()
with app.app_context():
register_user(app, name="user1", email="user1@ctfd.io", password="password")
register_user(app, name="user2", email="user2@ctfd.io", password="password")
with login_as_user(app, 'admin') as client:
# Duplicate name
r = client.patch('/api/v1/users/1', json={
"name": "user2",
"email": "user@ctfd.io",
"password": "password"
})
resp = r.get_json()
assert r.status_code == 400
assert resp['errors']['name']
assert resp['success'] is False
# Duplicate email
r = client.patch('/api/v1/users/1', json={
"name": "user",
"email": "user2@ctfd.io",
"password": "password"
})
resp = r.get_json()
assert r.status_code == 400
assert resp['errors']['email']
assert resp['success'] is False
assert Users.query.count() == 3
destroy_ctfd(app)
def test_api_users_patch_duplicate_information():
"""Can a user modify their information to another user's"""
app = create_ctfd()
with app.app_context():
register_user(app, name="user1", email="user1@ctfd.io", password="password")
register_user(app, name="user2", email="user2@ctfd.io", password="password")
with login_as_user(app, 'user1') as client:
# Duplicate email
r = client.patch('/api/v1/users/me', json={
"name": "user2",
"email": "user@ctfd.io",
"password": "password"
})
resp = r.get_json()
assert r.status_code == 400
assert resp['errors']['name']
assert resp['success'] is False
# Duplicate user
r = client.patch('/api/v1/users/me', json={
"name": "user",
"email": "user2@ctfd.io",
"password": "password"
})
resp = r.get_json()
assert r.status_code == 400
assert resp['errors']['email']
assert resp['success'] is False
assert Users.query.count() == 3
destroy_ctfd(app)
def test_api_team_get_public():
"""Can a user get /api/v1/team/<user_id> if users are public"""
app = create_ctfd()