aljaz/CTFd
1
0
Fork 0
mirror of https://github.com/aljazceru/CTFd.git synced 2025-12-17 05:54:19 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add test for user limit registration behavior

Browse Source
This commit is contained in:
Kevin Chung
2023-06-13 20:02:15 -04:00
parent 5e8ff5d892
commit 5d055f60f6
2 changed files with 50 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
CTFd/auth.py
View File

@@ -189,6 +189,14 @@ def register():
if current_user.authed(): if current_user.authed():
return redirect(url_for("challenges.listing")) return redirect(url_for("challenges.listing"))
num_users_limit = int(get_config("num_users", default=0))
num_users = Users.query.filter_by(banned=False, hidden=False).count()
if num_users_limit and num_users >= num_users_limit:
abort(
403,
description=f"Reached the maximum number of users ({num_users_limit}).",
)
if request.method == "POST": if request.method == "POST":
name = request.form.get("name", "").strip() name = request.form.get("name", "").strip()
email_address = request.form.get("email", "").strip().lower() email_address = request.form.get("email", "").strip().lower()
@@ -211,14 +219,6 @@ def register():
valid_email = validators.validate_email(email_address) valid_email = validators.validate_email(email_address)
team_name_email_check = validators.validate_email(name) team_name_email_check = validators.validate_email(name)
num_users_limit = int(get_config("num_users", default=0))
num_users = Users.query.filter_by(banned=False, hidden=False).count()
if num_users_limit and num_users >= num_users_limit:
abort(
403,
description=f"Reached the maximum number of users ({num_users_limit}).",
)
if get_config("registration_code"): if get_config("registration_code"):
if ( if (
registration_code.lower() registration_code.lower()

42
tests/users/test_users.py
View File

@@ -2,6 +2,7 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
from CTFd.models import Users from CTFd.models import Users
from CTFd.utils import set_config
from tests.helpers import ( from tests.helpers import (
create_ctfd, create_ctfd,
destroy_ctfd, destroy_ctfd,
@@ -107,3 +108,44 @@ def test_hidden_user_visibility():
response = r.get_data(as_text=True) response = r.get_data(as_text=True)
assert user_name in response assert user_name in response
destroy_ctfd(app) destroy_ctfd(app)
def test_num_users_limit():
"""Only num_users users can be created"""
app = create_ctfd()
with app.app_context():
set_config("num_users", 1)
register_user(app)
with app.test_client() as client:
r = client.get("/register")
assert r.status_code == 403
# team should be blocked from creation
with client.session_transaction() as sess:
data = {
"name": "user",
"email": "user@examplectf.com",
"password": "password",
"nonce": sess.get("nonce"),
}
r = client.post("/register", data=data)
resp = r.get_data(as_text=True)
# This number is 2 to account for the admin and the registered user
assert Users.query.count() == 2
assert "Reached the maximum number of users" in resp
# Can the team be created after the num has been bumped
set_config("num_users", 2)
with client.session_transaction() as sess:
data = {
"name": "user1",
"email": "user1@examplectf.com",
"password": "password",
"nonce": sess.get("nonce"),
}
r = client.post("/register", data=data)
resp = r.get_data(as_text=True)
assert r.status_code == 302
assert Users.query.count() == 3
destroy_ctfd(app)