diff --git a/CTFd/auth.py b/CTFd/auth.py index 0012098a..ce01324f 100644 --- a/CTFd/auth.py +++ b/CTFd/auth.py @@ -197,7 +197,7 @@ def register(): website = request.form.get("website") affiliation = request.form.get("affiliation") country = request.form.get("country") - registration_code = request.form.get("registration_code", "") + registration_code = str(request.form.get("registration_code", "")) name_len = len(name) == 0 names = Users.query.add_columns("name", "id").filter_by(name=name).first() @@ -214,7 +214,7 @@ def register(): if get_config("registration_code"): if ( registration_code.lower() - != get_config("registration_code", default="").lower() + != str(get_config("registration_code", default="")).lower() ): errors.append("The registration code you entered was incorrect") diff --git a/tests/users/test_auth.py b/tests/users/test_auth.py index 3d36c537..890666ac 100644 --- a/tests/users/test_auth.py +++ b/tests/users/test_auth.py @@ -464,3 +464,33 @@ def test_registration_code_required(): assert r.status_code == 302 assert r.location.startswith("http://localhost/challenges") destroy_ctfd(app) + + +def test_registration_code_allows_numeric(): + """ + Test that registration code is allowed to be all numeric + """ + app = create_ctfd() + with app.app_context(): + # Set a registration code + set_config("registration_code", "1234567890") + + with app.test_client() as client: + # Load CSRF nonce + r = client.get("/register") + resp = r.get_data(as_text=True) + assert "Registration Code" in resp + with client.session_transaction() as sess: + data = { + "name": "user", + "email": "user1@examplectf.com", + "password": "password", + "nonce": sess.get("nonce"), + } + + # Attempt registration with numeric registration code + data["registration_code"] = "1234567890" + r = client.post("/register", data=data) + assert r.status_code == 302 + assert r.location.startswith("http://localhost/challenges") + destroy_ctfd(app)