From 449e0d89397553f79ecea1c0a07267d9df3a1d65 Mon Sep 17 00:00:00 2001
From: Kevin Chung <kchung@nyu.edu>
Date: Fri, 24 Apr 2020 15:35:00 -0400
Subject: [PATCH 1/4] Add basic challenge searching functionality

---
 CTFd/admin/challenges.py                      | 27 +++++++++++++++--
 .../templates/challenges/challenges.html      | 30 +++++++++++++++++++
 2 files changed, 54 insertions(+), 3 deletions(-)

diff --git a/CTFd/admin/challenges.py b/CTFd/admin/challenges.py
index b391b67f..c14d76ae 100644
--- a/CTFd/admin/challenges.py
+++ b/CTFd/admin/challenges.py
@@ -2,20 +2,41 @@ import os
 
 import six
 from flask import current_app as app
-from flask import render_template, render_template_string, url_for
+from flask import render_template, render_template_string, request, url_for
 
 from CTFd.admin import admin
 from CTFd.models import Challenges, Flags, Solves
 from CTFd.plugins.challenges import get_chal_class
 from CTFd.utils import binary_type
 from CTFd.utils.decorators import admins_only
+from CTFd.utils.helpers import get_errors
 
 
 @admin.route("/admin/challenges")
 @admins_only
 def challenges_listing():
-    challenges = Challenges.query.all()
-    return render_template("admin/challenges/challenges.html", challenges=challenges)
+    q = request.args.get("q")
+    if q:
+        field = request.args.get("field")
+        challenges = []
+        if Challenges.__mapper__.has_property(
+            field
+        ):  # The field exists as an exposed column
+            challenges = (
+                Challenges.query.filter(
+                    getattr(Challenges, field).like("%{}%".format(q))
+                )
+                .order_by(Challenges.id.asc())
+                .all()
+            )
+        return render_template(
+            "admin/challenges/challenges.html", challenges=challenges, q=q, field=field
+        )
+    else:
+        challenges = Challenges.query.all()
+        return render_template(
+            "admin/challenges/challenges.html", challenges=challenges
+        )
 
 
 @admin.route("/admin/challenges/<int:challenge_id>")
diff --git a/CTFd/themes/admin/templates/challenges/challenges.html b/CTFd/themes/admin/templates/challenges/challenges.html
index 1fa73c9b..022173ff 100644
--- a/CTFd/themes/admin/templates/challenges/challenges.html
+++ b/CTFd/themes/admin/templates/challenges/challenges.html
@@ -18,6 +18,36 @@
 	</div>
 </div>
 <div class="container">
+	<div class="row">
+		<div class="col-md-12">
+			{% if q and field %}
+			<h4 class="text-center">Searching for challenges with {{field}} matching {{q}}</h4>
+			{% endif %}
+
+			<form method="GET" class="form-inline">
+				<div class="form-group col-md-2">
+					<label for="sel1" class="sr-only" >Search Field</label>
+					<select class="form-control custom-select w-100" id="sel1" name="field">
+						<option value="name" {% if field == 'name' %}selected{% endif %}>Name</option>
+						<option value="id" {% if field == 'id' %}selected{% endif %}>ID</option>
+						<option value="category" {% if field == 'category' %}selected{% endif %}>Category</option>
+						<option value="type" {% if field == 'type' %}selected{% endif %}>Type</option>
+					</select>
+				</div>
+				<div class="form-group col-md-8">
+					<label for="team-name-search" class="sr-only">Parameter</label>
+					<input type="text" class="form-control w-100" id="team-name-search" name="q" placeholder="Search for matching challenge" {% if q %}value="{{q}}"{% endif %}>
+				</div>
+				<div class="form-group col-md-2">
+					<label for="team-name-search" class="sr-only">Search</label>
+					<button type="submit" class="btn btn-primary w-100"><i class="fas fa-search" aria-hidden="true"></i></button>
+				</div>
+			</form>
+		</div>
+	</div>
+
+	<hr>
+
 	<div class="row">
 		<div class="col-md-12">
 			<div class="float-right pb-3">

From 7fbcf9793b2afeebd55838a2f0e9b2e226a84b93 Mon Sep 17 00:00:00 2001
From: Kevin Chung <kchung@nyu.edu>
Date: Fri, 24 Apr 2020 15:45:42 -0400
Subject: [PATCH 2/4] Remove unused import

---
 CTFd/admin/challenges.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/CTFd/admin/challenges.py b/CTFd/admin/challenges.py
index c14d76ae..b3cd447d 100644
--- a/CTFd/admin/challenges.py
+++ b/CTFd/admin/challenges.py
@@ -9,7 +9,6 @@ from CTFd.models import Challenges, Flags, Solves
 from CTFd.plugins.challenges import get_chal_class
 from CTFd.utils import binary_type
 from CTFd.utils.decorators import admins_only
-from CTFd.utils.helpers import get_errors
 
 
 @admin.route("/admin/challenges")

From 58246bad1880ffb9a7ca711f36945725a037c509 Mon Sep 17 00:00:00 2001
From: Kevin Chung <kchung@nyu.edu>
Date: Sat, 25 Apr 2020 02:19:02 -0400
Subject: [PATCH 3/4] Pin banal verison to a working version for Python 2

---
 requirements.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/requirements.txt b/requirements.txt
index d778de5e..a4d82294 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -13,6 +13,7 @@ itsdangerous==1.1.0
 requests>=2.20.0
 PyMySQL==0.9.3
 gunicorn==19.9.0
+banal==0.4.2
 normality==2.0.0
 dataset==1.1.2
 mistune==0.8.4

From dbb07b5beba1fd01d381b52c65beac80a1392c63 Mon Sep 17 00:00:00 2001
From: Kevin Chung <kchung@nyu.edu>
Date: Sat, 25 Apr 2020 02:55:22 -0400
Subject: [PATCH 4/4] Clean code a bit

---
 CTFd/admin/challenges.py | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/CTFd/admin/challenges.py b/CTFd/admin/challenges.py
index b3cd447d..ac132e4f 100644
--- a/CTFd/admin/challenges.py
+++ b/CTFd/admin/challenges.py
@@ -15,8 +15,8 @@ from CTFd.utils.decorators import admins_only
 @admins_only
 def challenges_listing():
     q = request.args.get("q")
+    field = request.args.get("field")
     if q:
-        field = request.args.get("field")
         challenges = []
         if Challenges.__mapper__.has_property(
             field
@@ -28,14 +28,11 @@ def challenges_listing():
                 .order_by(Challenges.id.asc())
                 .all()
             )
-        return render_template(
-            "admin/challenges/challenges.html", challenges=challenges, q=q, field=field
-        )
     else:
         challenges = Challenges.query.all()
-        return render_template(
-            "admin/challenges/challenges.html", challenges=challenges
-        )
+    return render_template(
+        "admin/challenges/challenges.html", challenges=challenges, q=q, field=field
+    )
 
 
 @admin.route("/admin/challenges/<int:challenge_id>")