From 39b9dc594579f05853987f550c17a62949f39b95 Mon Sep 17 00:00:00 2001
From: Kevin Chung <kchung@nyu.edu>
Date: Mon, 16 Oct 2017 13:57:40 -0400
Subject: [PATCH] Create a private team endpoint (#413)

* Adding private /team endpoint
---
 CTFd/themes/original/static/js/team.js   |  3 +--
 CTFd/themes/original/templates/team.html |  2 +-
 CTFd/views.py                            | 27 ++++++++++++++++++++++++
 tests/user/test_user_facing.py           | 11 ++++++++++
 4 files changed, 40 insertions(+), 3 deletions(-)

diff --git a/CTFd/themes/original/static/js/team.js b/CTFd/themes/original/static/js/team.js
index 0087bd70..5e531ef6 100644
--- a/CTFd/themes/original/static/js/team.js
+++ b/CTFd/themes/original/static/js/team.js
@@ -1,6 +1,5 @@
 function teamid (){
-    loc = window.location.pathname
-    return loc.substring(loc.lastIndexOf('/')+1, loc.length);
+    return $('#team-id').attr('team-id');
 }
 
 function colorhash (x) {
diff --git a/CTFd/themes/original/templates/team.html b/CTFd/themes/original/templates/team.html
index 92f3da4a..28d278a4 100644
--- a/CTFd/themes/original/templates/team.html
+++ b/CTFd/themes/original/templates/team.html
@@ -6,7 +6,7 @@
 {% block content %}
 <div class="jumbotron home">
 	<div class="container">
-		<h1 id="team-id">{{ team.name }}</h1>
+		<h1 id="team-id" team-id="{{ team.id }}">{{ team.name }}</h1>
 	</div>
 </div>
 <div class="container main-container">
diff --git a/CTFd/views.py b/CTFd/views.py
index 915dc728..5f8bb91c 100644
--- a/CTFd/views.py
+++ b/CTFd/views.py
@@ -135,6 +135,33 @@ def teams(page):
     return render_template('teams.html', teams=teams, team_pages=pages, curr_page=page)
 
 
+@views.route('/team', methods=['GET'])
+def private_team():
+    if utils.authed():
+        teamid = session['id']
+
+        freeze = utils.get_config('freeze')
+        user = Teams.query.filter_by(id=teamid).first_or_404()
+        solves = Solves.query.filter_by(teamid=teamid)
+        awards = Awards.query.filter_by(teamid=teamid)
+
+        place = user.place()
+        score = user.score()
+
+        if freeze:
+            freeze = utils.unix_time_to_utc(freeze)
+            if teamid != session.get('id'):
+                solves = solves.filter(Solves.date < freeze)
+                awards = awards.filter(Awards.date < freeze)
+
+        solves = solves.all()
+        awards = awards.all()
+
+        return render_template('team.html', solves=solves, awards=awards, team=user, score=score, place=place, score_frozen=utils.is_scoreboard_frozen())
+    else:
+        return redirect(url_for('auth.login'))
+
+
 @views.route('/team/<int:teamid>', methods=['GET', 'POST'])
 def team(teamid):
     if utils.get_config('view_scoreboard_if_utils.authed') and not utils.authed():
diff --git a/tests/user/test_user_facing.py b/tests/user/test_user_facing.py
index f352e00b..3fc9171d 100644
--- a/tests/user/test_user_facing.py
+++ b/tests/user/test_user_facing.py
@@ -174,6 +174,17 @@ def test_user_get_team_page():
     destroy_ctfd(app)
 
 
+def test_user_get_private_team_page():
+    """Can a registered user load their private team page (/team)"""
+    app = create_ctfd()
+    with app.app_context():
+        register_user(app)
+        client = login_as_user(app)
+        r = client.get('/team')
+        assert r.status_code == 200
+    destroy_ctfd(app)
+
+
 def test_user_get_profile():
     """Can a registered user load their private profile (/profile)"""
     app = create_ctfd()