Fix creating users, teams from the API (#768)

* Fix creating users, teams from the API, hash password in models vs in schemas, stop caching CSS at the decorator level, fix tests * Fix whitelisted emails and add test * Set proper defaults in accounts config
2026-02-19 13:14:22 +01:00 · 2018-11-30 20:12:48 -05:00
parent c342ca85b4
commit 4233d683b8
10 changed files with 139 additions and 55 deletions
--- a/CTFd/models/init.py
+++ b/CTFd/models/init.py
@@ -1,12 +1,10 @@
 from flask_sqlalchemy import SQLAlchemy
 from flask_marshmallow import Marshmallow
-from passlib.hash import bcrypt_sha256
 from sqlalchemy import TypeDecorator, String, func, types, CheckConstraint, and_
 from sqlalchemy.sql.expression import union_all
 from sqlalchemy.types import JSON, NullType
 from sqlalchemy.orm import validates, column_property
 from sqlalchemy.ext.hybrid import hybrid_property, hybrid_method
-from sqlalchemy.sql import or_, and_, any_
 from CTFd.utils.crypto import hash_password
 from CTFd.cache import cache
 import datetime
@@ -301,8 +299,10 @@ class Users(db.Model):

    def __init__(self, **kwargs):
        super(Users, self).__init__(**kwargs)
-        if kwargs.get('password'):
-            self.password = hash_password(str(kwargs['password']))
+
+    @validates('password')
+    def validate_password(self, key, plaintext):
+        return hash_password(str(plaintext))

    @hybrid_property
    def account_id(self):
@@ -491,8 +491,10 @@ class Teams(db.Model):

    def __init__(self, **kwargs):
        super(Teams, self).__init__(**kwargs)
-        if kwargs.get('password'):
-            self.password = hash_password(str(kwargs['password']))
+
+    @validates('password')
+    def validate_password(self, key, plaintext):
+        return hash_password(str(plaintext))

    @property
    def solves(self):