Version 1.1 CTFd (#514)

* Bootstrap v4 (#490) * Upgrading original theme to use Bootstrap v4 and overall improve use of utility classes * Fixing graph issues. Colors per team & cleaner hover * The solves tab now shows relative time instead of absolute time * Redesign admin theme * Updating modals and changing form name from desc to description * Moving CSS config from Pages to Config page * Adding IP address count to statistics * Move control of certain modals (files, flags, tags, hints) to challenges page * Expanding size of config page * Combining statistics and graphs pages * Moving percentage solved to the statistics page instead of the admin challenges page * Rename Keys.key_type to Keys.type (#459) (#478) * Rename keys.key_type to keys.type (#459) * Fixing previous migration to not be worried about key_type v type * Fixing loading of challenge type plugins * Switching from Handlebars to Nunjucks (#491) * Switching from Handlebars to Nunjucks * Allow admins to unlock hints before CTF begins and test that this is not allowed for regular users * Authed only (#492) * Adding authed_only decorator and adding next to url_for * Adding a basic preview to hints (#494) * Hints have a preview now for creating and updating hints. HTML and markdown are still allowed. * Ezq (#495) * Adding ezq as a simple wrapper around bootstrap modals * Use tabs not spaces and remove gray background on inputs * Adding title & draft to Pages. Making page preview open a new tab (#497) * Adding title & draft to Pages. * Making page preview open a new tab instead of render in the existing tab * Draft pages cannot be seen without a preview * Update check (#499) * Add update_check function * Notify user that a CTFd update is available in the admin panel * Adding update_check tests * Ratelimit (#500) * Implementing a ratelimit function * Fix error page formatting * Add rate limiting tests * Rate limit authentication functions and rate limit admin send email function * Load user solves before we load challenges to avoid unstyled buttons (#502) * Add a challenge preview (#503) * Adding a challenge preview to the admin panel * Change /admin/chals/<int:chalid> to /admin/chal/<int:chalid> * Adding codecov (#504) * Test coverage at https://codecov.io/gh/CTFd/CTFd * Sendmail improvements (#505) * Add get_smtp timeout, add sendmail error messages * Adding more error handling to sendmail * Adding Flask-Script (#507) * Pause ctf (#508) * Implement CTF pausing * Test CTF pausing * Fix loading challenges for users (#510) * Fix loading challenges for users * Temporarily switch themes in test * Pause help text (#509) * Adding pause help text * Pages authed (#511) * Adding authentication options to pages * Adding tests for accessing pages while draft & auth_required * Merging master into 1.1 (#513) * Name the core theme and remove the original theme
2025-12-17 22:14:25 +01:00 · 2017-12-11 06:42:07 -05:00
parent 4c0ae9f3b5
commit 3af98b17d5
230 changed files with 5829 additions and 4242 deletions
--- a/tests/user/test_challenges.py
+++ b/tests/user/test_challenges.py
@@ -354,6 +354,33 @@ def test_unlocking_hints_with_cost_during_ctf_without_points():
    destroy_ctfd(app)


+def test_unlocking_hints_with_cost_before_ctf():
+    """Test that hints without a cost are not unlocked if the CTF hasn't begun"""
+    app = create_ctfd()
+    with app.app_context():
+        register_user(app)
+        chal = gen_challenge(app.db)
+        chal_id = chal.id
+        hint = gen_hint(app.db, chal_id)
+        gen_award(app.db, teamid=2)
+
+        set_config('start', '1507089600')  # Wednesday, October 4, 2017 12:00:00 AM GMT-04:00 DST
+        set_config('end', '1507262400')  # Friday, October 6, 2017 12:00:00 AM GMT-04:00 DST
+
+        with freeze_time("2017-10-1"):
+            client = login_as_user(app)
+            with client.session_transaction() as sess:
+                data = {
+                    "nonce": sess.get('nonce')
+                }
+            r = client.post('/hints/1', data=data)
+            assert r.status_code == 403
+            user = Teams.query.filter_by(id=2).first()
+            assert user.score() == 100
+            assert Unlocks.query.count() == 0
+    destroy_ctfd(app)
+
+
 def test_unlocking_hints_with_cost_during_ended_ctf():
    """Test that hints with a cost are not unlocked if the CTF has ended"""
    app = create_ctfd()
@@ -494,3 +521,44 @@ def test_hidden_challenge_is_unsolveable():
        wrong_keys = WrongKeys.query.all()
        assert len(wrong_keys) == 0
    destroy_ctfd(app)
+
+
+def test_challenges_cannot_be_solved_while_paused():
+    """Test that challenges cannot be solved when the CTF is paused"""
+    app = create_ctfd()
+    with app.app_context():
+        set_config('paused', True)
+
+        register_user(app)
+        client = login_as_user(app)
+
+        r = client.get('/challenges')
+        assert r.status_code == 200
+
+        # Assert that there is a paused message
+        data = r.get_data(as_text=True)
+        assert 'paused' in data
+
+        chal = gen_challenge(app.db, hidden=True)
+        flag = gen_flag(app.db, chal=chal.id, flag='flag')
+        with client.session_transaction() as sess:
+            data = {
+                "key": 'flag',
+                "nonce": sess.get('nonce')
+            }
+        r = client.post('/chal/{}'.format(chal.id), data=data)
+
+        # Assert that the JSON message is correct
+        data = r.get_data(as_text=True)
+        data = json.loads(data)
+        assert data['status'] == 3
+        assert data['message'] == 'CTFd is paused'
+
+        # There are no solves saved
+        solves = Solves.query.all()
+        assert len(solves) == 0
+
+        # There are no wrong keys saved
+        wrong_keys = WrongKeys.query.all()
+        assert len(wrong_keys) == 0
+    destroy_ctfd(app)