#2003 - All numeric registration codes (#2004)

* fix: cast registration_code to string during register * test: add test to confirm numeric registration codes
2026-02-01 04:14:25 +01:00 · 2021-10-11 00:33:06 -04:00
parent 514ab2c8bd
commit 3e6f635b7b
2 changed files with 32 additions and 2 deletions
--- a/CTFd/auth.py
+++ b/CTFd/auth.py
@@ -197,7 +197,7 @@ def register():
        website = request.form.get("website")
        affiliation = request.form.get("affiliation")
        country = request.form.get("country")
-        registration_code = request.form.get("registration_code", "")
+        registration_code = str(request.form.get("registration_code", ""))

        name_len = len(name) == 0
        names = Users.query.add_columns("name", "id").filter_by(name=name).first()
@@ -214,7 +214,7 @@ def register():
        if get_config("registration_code"):
            if (
                registration_code.lower()
-                != get_config("registration_code", default="").lower()
+                != str(get_config("registration_code", default="")).lower()
            ):
                errors.append("The registration code you entered was incorrect")

--- a/tests/users/test_auth.py
+++ b/tests/users/test_auth.py
@@ -464,3 +464,33 @@ def test_registration_code_required():
            assert r.status_code == 302
            assert r.location.startswith("http://localhost/challenges")
    destroy_ctfd(app)
+
+
+def test_registration_code_allows_numeric():
+    """
+    Test that registration code is allowed to be all numeric
+    """
+    app = create_ctfd()
+    with app.app_context():
+        # Set a registration code
+        set_config("registration_code", "1234567890")
+
+        with app.test_client() as client:
+            # Load CSRF nonce
+            r = client.get("/register")
+            resp = r.get_data(as_text=True)
+            assert "Registration Code" in resp
+            with client.session_transaction() as sess:
+                data = {
+                    "name": "user",
+                    "email": "user1@examplectf.com",
+                    "password": "password",
+                    "nonce": sess.get("nonce"),
+                }
+
+            # Attempt registration with numeric registration code
+            data["registration_code"] = "1234567890"
+            r = client.post("/register", data=data)
+            assert r.status_code == 302
+            assert r.location.startswith("http://localhost/challenges")
+    destroy_ctfd(app)