Fix some tests

2025-12-17 22:14:25 +01:00 · 2020-06-03 12:41:28 -04:00
parent a162f295d1
commit 454845a234
5 changed files with 14 additions and 6 deletions
--- a/CTFd/utils/initialization/init.py
+++ b/CTFd/utils/initialization/init.py
@@ -60,6 +60,7 @@ def init_template_globals(app):
    from CTFd.constants.config import Configs
    from CTFd.constants.plugins import Plugins
    from CTFd.constants.sessions import Session
+
    app.jinja_env.globals.update(config=config)
    app.jinja_env.globals.update(get_pages=get_pages)
    app.jinja_env.globals.update(can_send_mail=can_send_mail)
--- a/CTFd/utils/user/init.py
+++ b/CTFd/utils/user/init.py
@@ -23,7 +23,11 @@ def get_current_user():
        if session_hash:
            if session_hash != hmac(user.password):
                logout_user()
-                abort(redirect(url_for("auth.login", next=request.full_path)))
+                if request.content_type == "application/json":
+                    error = 403
+                else:
+                    error = redirect(url_for("auth.login", next=request.full_path))
+                abort(error)

        return user
    else:
--- a/tests/challenges/test_dynamic.py
+++ b/tests/challenges/test_dynamic.py
@@ -3,6 +3,7 @@

 from CTFd.models import Challenges
 from CTFd.plugins.dynamic_challenges import DynamicChallenge, DynamicValueChallenge
+from CTFd.utils.security.signing import hmac
 from tests.helpers import (
    FakeRequest,
    create_ctfd,
@@ -298,17 +299,19 @@ def test_dynamic_challenge_value_isnt_affected_by_hidden_users():
            user = gen_user(app.db, name=name, email=email)
            user.hidden = True
            app.db.session.commit()
+            user_id = user.id

            with app.test_client() as client:
                # We need to bypass rate-limiting so creating a fake user instead of logging in
                with client.session_transaction() as sess:
-                    sess["id"] = team_id
+                    sess["id"] = user_id
                    sess["nonce"] = "fake-nonce"
-                    sess["hash"] = "fake-hash"
+                    sess["hash"] = hmac(user.password)

                data = {"submission": "flag", "challenge_id": 1}

                r = client.post("/api/v1/challenges/attempt", json=data)
+                assert r.status_code == 200
                resp = r.get_json()["data"]
                assert resp["status"] == "correct"

--- a/tests/test_plugin_utils.py
+++ b/tests/test_plugin_utils.py
@@ -148,7 +148,7 @@ def test_register_admin_plugin_menu_bar():

        menu_item = get_admin_plugin_menu_bar()[0]
        assert menu_item.title == "test_admin_plugin_name"
-        assert menu_item.route == "/test_plugin"
+        assert menu_item.route == "http://localhost/test_plugin"
    destroy_ctfd(app)


@@ -172,7 +172,7 @@ def test_register_user_page_menu_bar():

        menu_item = get_user_page_menu_bar()[0]
        assert menu_item.title == "test_user_menu_link"
-        assert menu_item.route == "/test_user_href"
+        assert menu_item.route == "http://localhost/test_user_href"
    destroy_ctfd(app)


--- a/tests/users/test_auth.py
+++ b/tests/users/test_auth.py
@@ -311,7 +311,7 @@ def test_user_can_confirm_email(mock_smtp):
        with client.session_transaction() as sess:
            data = {"nonce": sess.get("nonce")}
            r = client.post("http://localhost/confirm", data=data)
-            assert "confirmation email has been resent" in r.get_data(as_text=True)
+            assert "Confirmation email sent to" in r.get_data(as_text=True)

            r = client.get("/challenges")
            assert (