From 454845a2344f848c49734081f6c21ebca36c75a1 Mon Sep 17 00:00:00 2001 From: Kevin Chung Date: Wed, 3 Jun 2020 12:41:28 -0400 Subject: [PATCH] Fix some tests --- CTFd/utils/initialization/__init__.py | 1 + CTFd/utils/user/__init__.py | 6 +++++- tests/challenges/test_dynamic.py | 7 +++++-- tests/test_plugin_utils.py | 4 ++-- tests/users/test_auth.py | 2 +- 5 files changed, 14 insertions(+), 6 deletions(-) diff --git a/CTFd/utils/initialization/__init__.py b/CTFd/utils/initialization/__init__.py index 84edcf61..3cfc1393 100644 --- a/CTFd/utils/initialization/__init__.py +++ b/CTFd/utils/initialization/__init__.py @@ -60,6 +60,7 @@ def init_template_globals(app): from CTFd.constants.config import Configs from CTFd.constants.plugins import Plugins from CTFd.constants.sessions import Session + app.jinja_env.globals.update(config=config) app.jinja_env.globals.update(get_pages=get_pages) app.jinja_env.globals.update(can_send_mail=can_send_mail) diff --git a/CTFd/utils/user/__init__.py b/CTFd/utils/user/__init__.py index c8b526c6..6746fcd3 100644 --- a/CTFd/utils/user/__init__.py +++ b/CTFd/utils/user/__init__.py @@ -23,7 +23,11 @@ def get_current_user(): if session_hash: if session_hash != hmac(user.password): logout_user() - abort(redirect(url_for("auth.login", next=request.full_path))) + if request.content_type == "application/json": + error = 403 + else: + error = redirect(url_for("auth.login", next=request.full_path)) + abort(error) return user else: diff --git a/tests/challenges/test_dynamic.py b/tests/challenges/test_dynamic.py index 6168f9cb..315f4733 100644 --- a/tests/challenges/test_dynamic.py +++ b/tests/challenges/test_dynamic.py @@ -3,6 +3,7 @@ from CTFd.models import Challenges from CTFd.plugins.dynamic_challenges import DynamicChallenge, DynamicValueChallenge +from CTFd.utils.security.signing import hmac from tests.helpers import ( FakeRequest, create_ctfd, @@ -298,17 +299,19 @@ def test_dynamic_challenge_value_isnt_affected_by_hidden_users(): user = gen_user(app.db, name=name, email=email) user.hidden = True app.db.session.commit() + user_id = user.id with app.test_client() as client: # We need to bypass rate-limiting so creating a fake user instead of logging in with client.session_transaction() as sess: - sess["id"] = team_id + sess["id"] = user_id sess["nonce"] = "fake-nonce" - sess["hash"] = "fake-hash" + sess["hash"] = hmac(user.password) data = {"submission": "flag", "challenge_id": 1} r = client.post("/api/v1/challenges/attempt", json=data) + assert r.status_code == 200 resp = r.get_json()["data"] assert resp["status"] == "correct" diff --git a/tests/test_plugin_utils.py b/tests/test_plugin_utils.py index b22fefba..643dbe5d 100644 --- a/tests/test_plugin_utils.py +++ b/tests/test_plugin_utils.py @@ -148,7 +148,7 @@ def test_register_admin_plugin_menu_bar(): menu_item = get_admin_plugin_menu_bar()[0] assert menu_item.title == "test_admin_plugin_name" - assert menu_item.route == "/test_plugin" + assert menu_item.route == "http://localhost/test_plugin" destroy_ctfd(app) @@ -172,7 +172,7 @@ def test_register_user_page_menu_bar(): menu_item = get_user_page_menu_bar()[0] assert menu_item.title == "test_user_menu_link" - assert menu_item.route == "/test_user_href" + assert menu_item.route == "http://localhost/test_user_href" destroy_ctfd(app) diff --git a/tests/users/test_auth.py b/tests/users/test_auth.py index febb81fa..6860f947 100644 --- a/tests/users/test_auth.py +++ b/tests/users/test_auth.py @@ -311,7 +311,7 @@ def test_user_can_confirm_email(mock_smtp): with client.session_transaction() as sess: data = {"nonce": sess.get("nonce")} r = client.post("http://localhost/confirm", data=data) - assert "confirmation email has been resent" in r.get_data(as_text=True) + assert "Confirmation email sent to" in r.get_data(as_text=True) r = client.get("/challenges") assert (