Add team creation disable configuration (#1802)

* Add ability for admins to disable public team creation
* Closes #1364

CTFd/forms/config.py

@@ -33,8 +33,15 @@ class AccountSettingsForm(BaseForm):
         "Account Email Whitelist",
         description="Comma-seperated email domains which users can register under (e.g. ctfd.io, gmail.com, yahoo.com)",
     )
+    team_creation = SelectField(
+        "Team Creation",
+        description="Control whether users can create their own teams (Teams mode only)",
+        choices=[("true", "Enabled"), ("false", "Disabled")],
+        default="true",
+    )
     team_size = IntegerField(
-        widget=NumberInput(min=0), description="Amount of users per team"
+        widget=NumberInput(min=0),
+        description="Amount of users per team (Teams mode only)",
     )
     verify_emails = SelectField(
         "Verify Emails",

CTFd/teams.py

@@ -191,6 +191,12 @@ def new():
     infos = get_infos()
     errors = get_errors()
 
+    if bool(get_config("team_creation", default=True)) is False:
+        abort(
+            403,
+            description="Team creation is currently disabled. Please join an existing team.",
+        )
+
     user = get_current_user_attrs()
     if user.team_id:
         errors.append("You are already in a team. You cannot join another.")

CTFd/themes/admin/templates/configs/accounts.html

@@ -2,7 +2,8 @@
 
 	{% set verify_emails = "true" if verify_emails == True else "false" %}
 	{% set name_changes = "true" if name_changes == True else "false" %}
-	{% with form = Forms.config.AccountSettingsForm(verify_emails=verify_emails, name_changes=name_changes, team_disbanding=team_disbanding) %}
+	{% set team_creation = "true" if team_creation == True else "false" %}
+	{% with form = Forms.config.AccountSettingsForm(verify_emails=verify_emails, name_changes=name_changes, team_disbanding=team_disbanding, team_creation=team_creation) %}
 	<form method="POST" autocomplete="off" class="w-100">
 
 		<div class="form-group">
@@ -21,6 +22,14 @@
 			</small>
 		</div>
 
+		<div class="form-group">
+			{{ form.team_creation.label }}
+			{{ form.team_creation(class="form-control", value=team_creation) }}
+			<small class="form-text text-muted">
+				{{ form.team_creation.description }}
+			</small>
+		</div>
+
 		<div class="form-group">
 			{{ form.team_size.label }}
 			{{ form.team_size(class="form-control", value=team_size) }}

tests/teams/test_teams.py

@@ -179,3 +179,31 @@ def test_team_size_limit():
             resp = r.get_data(as_text=True)
             assert len(Teams.query.filter_by(id=team_id).first().members) == 2
     destroy_ctfd(app)
+
+
+def test_team_creation_disable():
+    app = create_ctfd(user_mode="teams")
+    with app.app_context():
+        register_user(app)
+        with login_as_user(app) as client:
+            # Team creation page should be available
+            r = client.get("/teams/new")
+            assert r.status_code == 200
+
+            # Disable team creation in config
+            set_config("team_creation", False)
+
+            # Can't access the public team creation page
+            r = client.get("/teams/new")
+            assert r.status_code == 403
+
+            # User should be blocked from creating teams as well
+            with client.session_transaction() as sess:
+                data = {
+                    "name": "team_name",
+                    "password": "password",
+                    "nonce": sess.get("nonce"),
+                }
+            r = client.post("/teams/new", data=data)
+            assert r.status_code == 403
+    destroy_ctfd(app)