mirror of
https://github.com/aljazceru/CTFd.git
synced 2025-12-20 07:14:24 +01:00
Version 1.1 CTFd (#514)
* Bootstrap v4 (#490) * Upgrading original theme to use Bootstrap v4 and overall improve use of utility classes * Fixing graph issues. Colors per team & cleaner hover * The solves tab now shows relative time instead of absolute time * Redesign admin theme * Updating modals and changing form name from desc to description * Moving CSS config from Pages to Config page * Adding IP address count to statistics * Move control of certain modals (files, flags, tags, hints) to challenges page * Expanding size of config page * Combining statistics and graphs pages * Moving percentage solved to the statistics page instead of the admin challenges page * Rename Keys.key_type to Keys.type (#459) (#478) * Rename keys.key_type to keys.type (#459) * Fixing previous migration to not be worried about key_type v type * Fixing loading of challenge type plugins * Switching from Handlebars to Nunjucks (#491) * Switching from Handlebars to Nunjucks * Allow admins to unlock hints before CTF begins and test that this is not allowed for regular users * Authed only (#492) * Adding authed_only decorator and adding next to url_for * Adding a basic preview to hints (#494) * Hints have a preview now for creating and updating hints. HTML and markdown are still allowed. * Ezq (#495) * Adding ezq as a simple wrapper around bootstrap modals * Use tabs not spaces and remove gray background on inputs * Adding title & draft to Pages. Making page preview open a new tab (#497) * Adding title & draft to Pages. * Making page preview open a new tab instead of render in the existing tab * Draft pages cannot be seen without a preview * Update check (#499) * Add update_check function * Notify user that a CTFd update is available in the admin panel * Adding update_check tests * Ratelimit (#500) * Implementing a ratelimit function * Fix error page formatting * Add rate limiting tests * Rate limit authentication functions and rate limit admin send email function * Load user solves before we load challenges to avoid unstyled buttons (#502) * Add a challenge preview (#503) * Adding a challenge preview to the admin panel * Change /admin/chals/<int:chalid> to /admin/chal/<int:chalid> * Adding codecov (#504) * Test coverage at https://codecov.io/gh/CTFd/CTFd * Sendmail improvements (#505) * Add get_smtp timeout, add sendmail error messages * Adding more error handling to sendmail * Adding Flask-Script (#507) * Pause ctf (#508) * Implement CTF pausing * Test CTF pausing * Fix loading challenges for users (#510) * Fix loading challenges for users * Temporarily switch themes in test * Pause help text (#509) * Adding pause help text * Pages authed (#511) * Adding authentication options to pages * Adding tests for accessing pages while draft & auth_required * Merging master into 1.1 (#513) * Name the core theme and remove the original theme
This commit is contained in:
Kevin Chung
15
CTFd/auth.py
15
CTFd/auth.py
@@ -9,12 +9,14 @@ from passlib.hash import bcrypt_sha256
|
||||
|
||||
from CTFd.models import db, Teams
|
||||
from CTFd import utils
|
||||
from CTFd.utils import ratelimit
|
||||
|
||||
auth = Blueprint('auth', __name__)
|
||||
|
||||
|
||||
@auth.route('/confirm', methods=['POST', 'GET'])
|
||||
@auth.route('/confirm/<data>', methods=['GET'])
|
||||
@ratelimit(method="POST", limit=10, interval=60)
|
||||
def confirm_user(data=None):
|
||||
if not utils.get_config('verify_emails'):
|
||||
# If the CTF doesn't care about confirming email addresses then redierct to challenges
|
||||
@@ -75,6 +77,7 @@ def confirm_user(data=None):
|
||||
|
||||
@auth.route('/reset_password', methods=['POST', 'GET'])
|
||||
@auth.route('/reset_password/<data>', methods=['POST', 'GET'])
|
||||
@ratelimit(method="POST", limit=10, interval=60)
|
||||
def reset_password(data=None):
|
||||
logger = logging.getLogger('logins')
|
||||
if data is not None and request.method == "GET":
|
||||
@@ -115,16 +118,8 @@ def reset_password(data=None):
|
||||
'reset_password.html',
|
||||
errors=['If that account exists you will receive an email, please check your inbox']
|
||||
)
|
||||
s = TimedSerializer(app.config['SECRET_KEY'])
|
||||
token = s.dumps(team.name)
|
||||
text = """
|
||||
Did you initiate a password reset?
|
||||
|
||||
{0}/{1}
|
||||
|
||||
""".format(url_for('auth.reset_password', _external=True), utils.base64encode(token, urlencode=True))
|
||||
|
||||
utils.sendmail(email, text)
|
||||
utils.forgot_password(email, team.name)
|
||||
|
||||
return render_template(
|
||||
'reset_password.html',
|
||||
@@ -134,6 +129,7 @@ Did you initiate a password reset?
|
||||
|
||||
|
||||
@auth.route('/register', methods=['POST', 'GET'])
|
||||
@ratelimit(method="POST", limit=10, interval=5)
|
||||
def register():
|
||||
logger = logging.getLogger('regs')
|
||||
if not utils.can_register():
|
||||
@@ -209,6 +205,7 @@ def register():
|
||||
|
||||
|
||||
@auth.route('/login', methods=['POST', 'GET'])
|
||||
@ratelimit(method="POST", limit=10, interval=5)
|
||||
def login():
|
||||
logger = logging.getLogger('logins')
|
||||
if request.method == 'POST':
|
||||
|
||||
Reference in New Issue
Block a user