Version 1.1 CTFd (#514)

* Bootstrap v4 (#490) * Upgrading original theme to use Bootstrap v4 and overall improve use of utility classes * Fixing graph issues. Colors per team & cleaner hover * The solves tab now shows relative time instead of absolute time * Redesign admin theme * Updating modals and changing form name from desc to description * Moving CSS config from Pages to Config page * Adding IP address count to statistics * Move control of certain modals (files, flags, tags, hints) to challenges page * Expanding size of config page * Combining statistics and graphs pages * Moving percentage solved to the statistics page instead of the admin challenges page * Rename Keys.key_type to Keys.type (#459) (#478) * Rename keys.key_type to keys.type (#459) * Fixing previous migration to not be worried about key_type v type * Fixing loading of challenge type plugins * Switching from Handlebars to Nunjucks (#491) * Switching from Handlebars to Nunjucks * Allow admins to unlock hints before CTF begins and test that this is not allowed for regular users * Authed only (#492) * Adding authed_only decorator and adding next to url_for * Adding a basic preview to hints (#494) * Hints have a preview now for creating and updating hints. HTML and markdown are still allowed. * Ezq (#495) * Adding ezq as a simple wrapper around bootstrap modals * Use tabs not spaces and remove gray background on inputs * Adding title & draft to Pages. Making page preview open a new tab (#497) * Adding title & draft to Pages. * Making page preview open a new tab instead of render in the existing tab * Draft pages cannot be seen without a preview * Update check (#499) * Add update_check function * Notify user that a CTFd update is available in the admin panel * Adding update_check tests * Ratelimit (#500) * Implementing a ratelimit function * Fix error page formatting * Add rate limiting tests * Rate limit authentication functions and rate limit admin send email function * Load user solves before we load challenges to avoid unstyled buttons (#502) * Add a challenge preview (#503) * Adding a challenge preview to the admin panel * Change /admin/chals/<int:chalid> to /admin/chal/<int:chalid> * Adding codecov (#504) * Test coverage at https://codecov.io/gh/CTFd/CTFd * Sendmail improvements (#505) * Add get_smtp timeout, add sendmail error messages * Adding more error handling to sendmail * Adding Flask-Script (#507) * Pause ctf (#508) * Implement CTF pausing * Test CTF pausing * Fix loading challenges for users (#510) * Fix loading challenges for users * Temporarily switch themes in test * Pause help text (#509) * Adding pause help text * Pages authed (#511) * Adding authentication options to pages * Adding tests for accessing pages while draft & auth_required * Merging master into 1.1 (#513) * Name the core theme and remove the original theme
2025-12-18 06:24:23 +01:00 · 2017-12-11 06:42:07 -05:00
parent 4c0ae9f3b5
commit 3af98b17d5
230 changed files with 5829 additions and 4242 deletions
--- a/tests/user/test_user_facing.py
+++ b/tests/user/test_user_facing.py
@@ -20,6 +20,54 @@ def test_index():
    destroy_ctfd(app)


+def test_page():
+    """Test that users can access pages that are created in the database"""
+    app = create_ctfd()
+    with app.app_context():
+
+        gen_page(app.db, title="Title", route="this-is-a-route", html="This is some HTML")
+
+        with app.test_client() as client:
+            r = client.get('/this-is-a-route')
+            assert r.status_code == 200
+    destroy_ctfd(app)
+
+
+def test_draft_pages():
+    """Test that draft pages can't be seen"""
+    app = create_ctfd()
+    with app.app_context():
+        gen_page(app.db, title="Title", route="this-is-a-route", html="This is some HTML", draft=True)
+
+        with app.test_client() as client:
+            r = client.get('/this-is-a-route')
+            assert r.status_code == 404
+
+        register_user(app)
+        client = login_as_user(app)
+        r = client.get('/this-is-a-route')
+        assert r.status_code == 404
+    destroy_ctfd(app)
+
+
+def test_page_requiring_auth():
+    """Test that pages properly require authentication"""
+    app = create_ctfd()
+    with app.app_context():
+        gen_page(app.db, title="Title", route="this-is-a-route", html="This is some HTML", auth_required=True)
+
+        with app.test_client() as client:
+            r = client.get('/this-is-a-route')
+            assert r.status_code == 302
+            assert r.location == 'http://localhost/login?next=%2Fthis-is-a-route'
+
+        register_user(app)
+        client = login_as_user(app)
+        r = client.get('/this-is-a-route')
+        assert r.status_code == 200
+    destroy_ctfd(app)
+
+
 def test_register_user():
    """Can a user be registered"""
    app = create_ctfd()
@@ -113,9 +161,9 @@ def test_user_isnt_admin():
    with app.app_context():
        register_user(app)
        client = login_as_user(app)
-        for page in ['graphs', 'pages', 'teams', 'scoreboard', 'chals', 'statistics', 'config']:
+        for page in ['pages', 'teams', 'scoreboard', 'chals', 'statistics', 'config']:
            r = client.get('/admin/{}'.format(page))
-            assert r.location == "http://localhost/login"
+            assert r.location.startswith("http://localhost/login?next=")
            assert r.status_code == 302
    destroy_ctfd(app)

@@ -385,7 +433,8 @@ def test_pages_routing_and_rendering():
    with app.app_context():
        html = '''##The quick brown fox jumped over the lazy dog'''
        route = 'test'
-        page = gen_page(app.db, route, html)
+        title = 'Test'
+        page = gen_page(app.db, title, route, html)

        with app.test_client() as client:
            r = client.get('/test')
@@ -399,17 +448,17 @@ def test_themes_handler():
    app = create_ctfd()
    with app.app_context():
        with app.test_client() as client:
-            r = client.get('/themes/original/static/css/style.css')
+            r = client.get('/themes/core/static/css/style.css')
            assert r.status_code == 200
-            r = client.get('/themes/original/static/css/404_NOT_FOUND')
+            r = client.get('/themes/core/static/css/404_NOT_FOUND')
            assert r.status_code == 404
-            r = client.get('/themes/original/static/%2e%2e/%2e%2e/%2e%2e/utils.py')
+            r = client.get('/themes/core/static/%2e%2e/%2e%2e/%2e%2e/utils.py')
            assert r.status_code == 404
-            r = client.get('/themes/original/static/%2e%2e%2f%2e%2e%2f%2e%2e%2futils.py')
+            r = client.get('/themes/core/static/%2e%2e%2f%2e%2e%2f%2e%2e%2futils.py')
            assert r.status_code == 404
-            r = client.get('/themes/original/static/..%2f..%2f..%2futils.py')
+            r = client.get('/themes/core/static/..%2f..%2f..%2futils.py')
            assert r.status_code == 404
-            r = client.get('/themes/original/static/../../../utils.py')
+            r = client.get('/themes/core/static/../../../utils.py')
            assert r.status_code == 404
    destroy_ctfd(app)

@@ -424,7 +473,7 @@ def test_ctfd_setup_redirect():
            assert r.location == "http://localhost/setup"

            # Files in /themes load properly
-            r = client.get('/themes/original/static/css/style.css')
+            r = client.get('/themes/core/static/css/style.css')
            assert r.status_code == 200
    destroy_ctfd(app)

@@ -561,8 +610,7 @@ def test_user_can_reset_password(mock_smtp):
            to_addr = 'user@user.com'

            # Build the email
-            msg = """
-Did you initiate a password reset?
+            msg = """Did you initiate a password reset? Click the following link to reset your password:

 http://localhost/reset_password/InVzZXIxIi5BZktHUGcuTVhkTmZtOWU2U2xwSXZ1MlFwTjdwa3F5V3hR