Fix some tests

CTFd/utils/initialization/__init__.py

@@ -60,6 +60,7 @@ def init_template_globals(app):
     from CTFd.constants.config import Configs
     from CTFd.constants.plugins import Plugins
     from CTFd.constants.sessions import Session
+
     app.jinja_env.globals.update(config=config)
     app.jinja_env.globals.update(get_pages=get_pages)
     app.jinja_env.globals.update(can_send_mail=can_send_mail)

CTFd/utils/user/__init__.py

@@ -23,7 +23,11 @@ def get_current_user():
         if session_hash:
             if session_hash != hmac(user.password):
                 logout_user()
-                abort(redirect(url_for("auth.login", next=request.full_path)))
+                if request.content_type == "application/json":
+                    error = 403
+                else:
+                    error = redirect(url_for("auth.login", next=request.full_path))
+                abort(error)
 
         return user
     else:

tests/challenges/test_dynamic.py

@@ -3,6 +3,7 @@
 
 from CTFd.models import Challenges
 from CTFd.plugins.dynamic_challenges import DynamicChallenge, DynamicValueChallenge
+from CTFd.utils.security.signing import hmac
 from tests.helpers import (
     FakeRequest,
     create_ctfd,
@@ -298,17 +299,19 @@ def test_dynamic_challenge_value_isnt_affected_by_hidden_users():
             user = gen_user(app.db, name=name, email=email)
             user.hidden = True
             app.db.session.commit()
+            user_id = user.id
 
             with app.test_client() as client:
                 # We need to bypass rate-limiting so creating a fake user instead of logging in
                 with client.session_transaction() as sess:
-                    sess["id"] = team_id
+                    sess["id"] = user_id
                     sess["nonce"] = "fake-nonce"
-                    sess["hash"] = "fake-hash"
+                    sess["hash"] = hmac(user.password)
 
                 data = {"submission": "flag", "challenge_id": 1}
 
                 r = client.post("/api/v1/challenges/attempt", json=data)
+                assert r.status_code == 200
                 resp = r.get_json()["data"]
                 assert resp["status"] == "correct"
 

tests/test_plugin_utils.py

@@ -148,7 +148,7 @@ def test_register_admin_plugin_menu_bar():
 
         menu_item = get_admin_plugin_menu_bar()[0]
         assert menu_item.title == "test_admin_plugin_name"
-        assert menu_item.route == "/test_plugin"
+        assert menu_item.route == "http://localhost/test_plugin"
     destroy_ctfd(app)
 
 
@@ -172,7 +172,7 @@ def test_register_user_page_menu_bar():
 
         menu_item = get_user_page_menu_bar()[0]
         assert menu_item.title == "test_user_menu_link"
-        assert menu_item.route == "/test_user_href"
+        assert menu_item.route == "http://localhost/test_user_href"
     destroy_ctfd(app)
 
 

tests/users/test_auth.py

@@ -311,7 +311,7 @@ def test_user_can_confirm_email(mock_smtp):
         with client.session_transaction() as sess:
             data = {"nonce": sess.get("nonce")}
             r = client.post("http://localhost/confirm", data=data)
-            assert "confirmation email has been resent" in r.get_data(as_text=True)
+            assert "Confirmation email sent to" in r.get_data(as_text=True)
 
             r = client.get("/challenges")
             assert (