From 5c9b3e7070593ce7a242b61d406ab8f03ef9c377 Mon Sep 17 00:00:00 2001 From: Kevin Chung Date: Fri, 12 Feb 2021 18:26:03 -0500 Subject: [PATCH] Add team creation disable configuration (#1802) * Add ability for admins to disable public team creation * Closes #1364 --- CTFd/forms/config.py | 9 +++++- CTFd/teams.py | 6 ++++ .../admin/templates/configs/accounts.html | 11 +++++++- tests/teams/test_teams.py | 28 +++++++++++++++++++ 4 files changed, 52 insertions(+), 2 deletions(-) diff --git a/CTFd/forms/config.py b/CTFd/forms/config.py index aee30b12..51ba3d56 100644 --- a/CTFd/forms/config.py +++ b/CTFd/forms/config.py @@ -33,8 +33,15 @@ class AccountSettingsForm(BaseForm): "Account Email Whitelist", description="Comma-seperated email domains which users can register under (e.g. ctfd.io, gmail.com, yahoo.com)", ) + team_creation = SelectField( + "Team Creation", + description="Control whether users can create their own teams (Teams mode only)", + choices=[("true", "Enabled"), ("false", "Disabled")], + default="true", + ) team_size = IntegerField( - widget=NumberInput(min=0), description="Amount of users per team" + widget=NumberInput(min=0), + description="Amount of users per team (Teams mode only)", ) verify_emails = SelectField( "Verify Emails", diff --git a/CTFd/teams.py b/CTFd/teams.py index 1d0a2e0d..1b99d6af 100644 --- a/CTFd/teams.py +++ b/CTFd/teams.py @@ -191,6 +191,12 @@ def new(): infos = get_infos() errors = get_errors() + if bool(get_config("team_creation", default=True)) is False: + abort( + 403, + description="Team creation is currently disabled. Please join an existing team.", + ) + user = get_current_user_attrs() if user.team_id: errors.append("You are already in a team. You cannot join another.") diff --git a/CTFd/themes/admin/templates/configs/accounts.html b/CTFd/themes/admin/templates/configs/accounts.html index dc518087..32ebdde5 100644 --- a/CTFd/themes/admin/templates/configs/accounts.html +++ b/CTFd/themes/admin/templates/configs/accounts.html @@ -2,7 +2,8 @@ {% set verify_emails = "true" if verify_emails == True else "false" %} {% set name_changes = "true" if name_changes == True else "false" %} - {% with form = Forms.config.AccountSettingsForm(verify_emails=verify_emails, name_changes=name_changes, team_disbanding=team_disbanding) %} + {% set team_creation = "true" if team_creation == True else "false" %} + {% with form = Forms.config.AccountSettingsForm(verify_emails=verify_emails, name_changes=name_changes, team_disbanding=team_disbanding, team_creation=team_creation) %}
@@ -21,6 +22,14 @@
+
+ {{ form.team_creation.label }} + {{ form.team_creation(class="form-control", value=team_creation) }} + + {{ form.team_creation.description }} + +
+
{{ form.team_size.label }} {{ form.team_size(class="form-control", value=team_size) }} diff --git a/tests/teams/test_teams.py b/tests/teams/test_teams.py index eb09e762..333c2e05 100644 --- a/tests/teams/test_teams.py +++ b/tests/teams/test_teams.py @@ -179,3 +179,31 @@ def test_team_size_limit(): resp = r.get_data(as_text=True) assert len(Teams.query.filter_by(id=team_id).first().members) == 2 destroy_ctfd(app) + + +def test_team_creation_disable(): + app = create_ctfd(user_mode="teams") + with app.app_context(): + register_user(app) + with login_as_user(app) as client: + # Team creation page should be available + r = client.get("/teams/new") + assert r.status_code == 200 + + # Disable team creation in config + set_config("team_creation", False) + + # Can't access the public team creation page + r = client.get("/teams/new") + assert r.status_code == 403 + + # User should be blocked from creating teams as well + with client.session_transaction() as sess: + data = { + "name": "team_name", + "password": "password", + "nonce": sess.get("nonce"), + } + r = client.post("/teams/new", data=data) + assert r.status_code == 403 + destroy_ctfd(app)