aljaz/CTFd
1
0
Fork 0
mirror of https://github.com/aljazceru/CTFd.git synced 2025-12-17 22:14:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Format all the things (#991)

Browse Source 
* Format Javascript and CSS files with `prettier`: `prettier --write 'CTFd/themes/**/*'`
* Format Python with `black`: `black CTFd` & `black tests`
* Travis now uses xenial instead of trusty.
This commit is contained in:
Kevin Chung
2019-05-11 21:09:37 -04:00
committed by GitHub
parent 3d23ece370
commit 6833378c36
201 changed files with 9561 additions and 9107 deletions
Download Patch File Download Diff File Expand all files Collapse all files

429
tests/api/v1/test_challenges.py
View File

@@ -15,7 +15,7 @@ from tests.helpers import (
gen_user,
gen_team,
gen_solve,
gen_fail
gen_fail,
)
from freezegun import freeze_time
@@ -24,12 +24,12 @@ def test_api_challenges_get_visibility_public():
"""Can a public user get /api/v1/challenges if challenge_visibility is private/public"""
app = create_ctfd()
with app.app_context():
set_config('challenge_visibility', 'public')
set_config("challenge_visibility", "public")
with app.test_client() as client:
r = client.get('/api/v1/challenges')
r = client.get("/api/v1/challenges")
assert r.status_code == 200
set_config('challenge_visibility', 'private')
r = client.get('/api/v1/challenges', json="")
set_config("challenge_visibility", "private")
r = client.get("/api/v1/challenges", json="")
assert r.status_code == 403
destroy_ctfd(app)
@@ -38,13 +38,17 @@ def test_api_challenges_get_ctftime_public():
"""Can a public user get /api/v1/challenges if ctftime is over"""
app = create_ctfd()
with app.app_context(), freeze_time("2017-10-7"):
set_config('challenge_visibility', 'public')
set_config("challenge_visibility", "public")
with app.test_client() as client:
r = client.get('/api/v1/challenges')
r = client.get("/api/v1/challenges")
assert r.status_code == 200
set_config('start', '1507089600') # Wednesday, October 4, 2017 12:00:00 AM GMT-04:00 DST
set_config('end', '1507262400') # Friday, October 6, 2017 12:00:00 AM GMT-04:00 DST
r = client.get('/api/v1/challenges')
set_config(
"start", "1507089600"
) # Wednesday, October 4, 2017 12:00:00 AM GMT-04:00 DST
set_config(
"end", "1507262400"
) # Friday, October 6, 2017 12:00:00 AM GMT-04:00 DST
r = client.get("/api/v1/challenges")
assert r.status_code == 403
destroy_ctfd(app)
@@ -55,10 +59,10 @@ def test_api_challenges_get_visibility_private():
with app.app_context():
register_user(app)
client = login_as_user(app)
r = client.get('/api/v1/challenges')
r = client.get("/api/v1/challenges")
assert r.status_code == 200
set_config('challenge_visibility', 'public')
r = client.get('/api/v1/challenges')
set_config("challenge_visibility", "public")
r = client.get("/api/v1/challenges")
assert r.status_code == 200
destroy_ctfd(app)
@@ -69,11 +73,15 @@ def test_api_challenges_get_ctftime_private():
with app.app_context(), freeze_time("2017-10-7"):
register_user(app)
client = login_as_user(app)
r = client.get('/api/v1/challenges')
r = client.get("/api/v1/challenges")
assert r.status_code == 200
set_config('start', '1507089600') # Wednesday, October 4, 2017 12:00:00 AM GMT-04:00 DST
set_config('end', '1507262400') # Friday, October 6, 2017 12:00:00 AM GMT-04:00 DST
r = client.get('/api/v1/challenges')
set_config(
"start", "1507089600"
) # Wednesday, October 4, 2017 12:00:00 AM GMT-04:00 DST
set_config(
"end", "1507262400"
) # Friday, October 6, 2017 12:00:00 AM GMT-04:00 DST
r = client.get("/api/v1/challenges")
assert r.status_code == 403
destroy_ctfd(app)
@@ -82,14 +90,20 @@ def test_api_challenges_get_verified_emails():
"""Can a verified email user get /api/v1/challenges"""
app = create_ctfd()
with app.app_context():
set_config('verify_emails', True)
set_config("verify_emails", True)
register_user(app)
client = login_as_user(app)
r = client.get('/api/v1/challenges', json="")
r = client.get("/api/v1/challenges", json="")
assert r.status_code == 403
gen_user(app.db, name='user_name', email='verified_user@ctfd.io', password='password', verified=True)
registered_client = login_as_user(app, 'user_name', 'password')
r = registered_client.get('/api/v1/challenges')
gen_user(
app.db,
name="user_name",
email="verified_user@ctfd.io",
password="password",
verified=True,
)
registered_client = login_as_user(app, "user_name", "password")
r = registered_client.get("/api/v1/challenges")
assert r.status_code == 200
destroy_ctfd(app)
@@ -99,7 +113,7 @@ def test_api_challenges_post_non_admin():
app = create_ctfd()
with app.app_context():
with app.test_client() as client:
r = client.post('/api/v1/challenges', json="")
r = client.post("/api/v1/challenges", json="")
assert r.status_code == 403
destroy_ctfd(app)
@@ -112,10 +126,10 @@ def test_api_challenges_get_admin():
# Admin does not have a team but should still be able to see challenges
user = Users.query.filter_by(id=1).first()
assert user.team_id is None
with login_as_user(app, 'admin') as admin:
r = admin.get('/api/v1/challenges', json="")
with login_as_user(app, "admin") as admin:
r = admin.get("/api/v1/challenges", json="")
assert r.status_code == 200
r = admin.get('/api/v1/challenges/1', json="")
r = admin.get("/api/v1/challenges/1", json="")
assert r.status_code == 200
destroy_ctfd(app)
@@ -124,14 +138,18 @@ def test_api_challenges_post_admin():
"""Can a user post /api/v1/challenges if admin"""
app = create_ctfd()
with app.app_context():
with login_as_user(app, 'admin') as client:
r = client.post('/api/v1/challenges', json={
"name": "chal",
"category": "cate",
"description": "desc",
"value": "100",
"state": "hidden",
"type": "standard"})
with login_as_user(app, "admin") as client:
r = client.post(
"/api/v1/challenges",
json={
"name": "chal",
"category": "cate",
"description": "desc",
"value": "100",
"state": "hidden",
"type": "standard",
},
)
assert r.status_code == 200
destroy_ctfd(app)
@@ -141,7 +159,7 @@ def test_api_challenge_types_post_non_admin():
app = create_ctfd()
with app.app_context():
with app.test_client() as client:
r = client.get('/api/v1/challenges/types', json="")
r = client.get("/api/v1/challenges/types", json="")
assert r.status_code == 403
destroy_ctfd(app)
@@ -150,8 +168,8 @@ def test_api_challenge_types_post_admin():
"""Can an admin get /api/v1/challenges/types if admin"""
app = create_ctfd()
with app.app_context():
with login_as_user(app, 'admin') as client:
r = client.get('/api/v1/challenges/types', json="")
with login_as_user(app, "admin") as client:
r = client.get("/api/v1/challenges/types", json="")
assert r.status_code == 200
destroy_ctfd(app)
@@ -160,13 +178,13 @@ def test_api_challenge_get_visibility_public():
"""Can a public user get /api/v1/challenges/<challenge_id> if challenge_visibility is private/public"""
app = create_ctfd()
with app.app_context():
set_config('challenge_visibility', 'public')
set_config("challenge_visibility", "public")
with app.test_client() as client:
gen_challenge(app.db)
r = client.get('/api/v1/challenges/1')
r = client.get("/api/v1/challenges/1")
assert r.status_code == 200
set_config('challenge_visibility', 'private')
r = client.get('/api/v1/challenges/1', json="")
set_config("challenge_visibility", "private")
r = client.get("/api/v1/challenges/1", json="")
assert r.status_code == 403
destroy_ctfd(app)
@@ -175,14 +193,18 @@ def test_api_challenge_get_ctftime_public():
"""Can a public user get /api/v1/challenges/<challenge_id> if ctftime is over"""
app = create_ctfd()
with app.app_context(), freeze_time("2017-10-7"):
set_config('challenge_visibility', 'public')
set_config("challenge_visibility", "public")
gen_challenge(app.db)
with app.test_client() as client:
r = client.get('/api/v1/challenges/1')
r = client.get("/api/v1/challenges/1")
assert r.status_code == 200
set_config('start', '1507089600') # Wednesday, October 4, 2017 12:00:00 AM GMT-04:00 DST
set_config('end', '1507262400') # Friday, October 6, 2017 12:00:00 AM GMT-04:00 DST
r = client.get('/api/v1/challenges/1')
set_config(
"start", "1507089600"
) # Wednesday, October 4, 2017 12:00:00 AM GMT-04:00 DST
set_config(
"end", "1507262400"
) # Friday, October 6, 2017 12:00:00 AM GMT-04:00 DST
r = client.get("/api/v1/challenges/1")
assert r.status_code == 403
destroy_ctfd(app)
@@ -194,10 +216,10 @@ def test_api_challenge_get_visibility_private():
gen_challenge(app.db)
register_user(app)
client = login_as_user(app)
r = client.get('/api/v1/challenges/1')
r = client.get("/api/v1/challenges/1")
assert r.status_code == 200
set_config('challenge_visibility', 'public')
r = client.get('/api/v1/challenges/1')
set_config("challenge_visibility", "public")
r = client.get("/api/v1/challenges/1")
assert r.status_code == 200
destroy_ctfd(app)
@@ -209,11 +231,15 @@ def test_api_challenge_get_ctftime_private():
gen_challenge(app.db)
register_user(app)
client = login_as_user(app)
r = client.get('/api/v1/challenges/1')
r = client.get("/api/v1/challenges/1")
assert r.status_code == 200
set_config('start', '1507089600') # Wednesday, October 4, 2017 12:00:00 AM GMT-04:00 DST
set_config('end', '1507262400') # Friday, October 6, 2017 12:00:00 AM GMT-04:00 DST
r = client.get('/api/v1/challenges/1')
set_config(
"start", "1507089600"
) # Wednesday, October 4, 2017 12:00:00 AM GMT-04:00 DST
set_config(
"end", "1507262400"
) # Friday, October 6, 2017 12:00:00 AM GMT-04:00 DST
r = client.get("/api/v1/challenges/1")
assert r.status_code == 403
destroy_ctfd(app)
@@ -222,17 +248,27 @@ def test_api_challenge_get_verified_emails():
"""Can a verified email load /api/v1/challenges/<challenge_id>"""
app = create_ctfd()
with app.app_context(), freeze_time("2017-10-5"):
set_config('start', '1507089600') # Wednesday, October 4, 2017 12:00:00 AM GMT-04:00 DST
set_config('end', '1507262400') # Friday, October 6, 2017 12:00:00 AM GMT-04:00 DST
set_config('verify_emails', True)
set_config(
"start", "1507089600"
) # Wednesday, October 4, 2017 12:00:00 AM GMT-04:00 DST
set_config(
"end", "1507262400"
) # Friday, October 6, 2017 12:00:00 AM GMT-04:00 DST
set_config("verify_emails", True)
gen_challenge(app.db)
gen_user(app.db, name='user_name', email='verified_user@ctfd.io', password='password', verified=True)
gen_user(
app.db,
name="user_name",
email="verified_user@ctfd.io",
password="password",
verified=True,
)
register_user(app)
client = login_as_user(app)
registered_client = login_as_user(app, 'user_name', 'password')
r = client.get('/api/v1/challenges/1', json="")
registered_client = login_as_user(app, "user_name", "password")
r = client.get("/api/v1/challenges/1", json="")
assert r.status_code == 403
r = registered_client.get('/api/v1/challenges/1')
r = registered_client.get("/api/v1/challenges/1")
assert r.status_code == 200
destroy_ctfd(app)
@@ -241,11 +277,15 @@ def test_api_challenge_get_non_existing():
"""Will a bad <challenge_id> at /api/v1/challenges/<challenge_id> 404"""
app = create_ctfd()
with app.app_context(), freeze_time("2017-10-5"):
set_config('start', '1507089600') # Wednesday, October 4, 2017 12:00:00 AM GMT-04:00 DST
set_config('end', '1507262400') # Friday, October 6, 2017 12:00:00 AM GMT-04:00 DST
set_config(
"start", "1507089600"
) # Wednesday, October 4, 2017 12:00:00 AM GMT-04:00 DST
set_config(
"end", "1507262400"
) # Friday, October 6, 2017 12:00:00 AM GMT-04:00 DST
register_user(app)
client = login_as_user(app)
r = client.get('/api/v1/challenges/1')
r = client.get("/api/v1/challenges/1")
assert r.status_code == 404
destroy_ctfd(app)
@@ -256,7 +296,7 @@ def test_api_challenge_patch_non_admin():
with app.app_context():
gen_challenge(app.db)
with app.test_client() as client:
r = client.patch('/api/v1/challenges/1', json="")
r = client.patch("/api/v1/challenges/1", json="")
assert r.status_code == 403
destroy_ctfd(app)
@@ -266,12 +306,12 @@ def test_api_challenge_patch_admin():
app = create_ctfd()
with app.app_context():
gen_challenge(app.db)
with login_as_user(app, 'admin') as client:
r = client.patch('/api/v1/challenges/1', json={
"name": "chal_name",
"value": "200"})
with login_as_user(app, "admin") as client:
r = client.patch(
"/api/v1/challenges/1", json={"name": "chal_name", "value": "200"}
)
assert r.status_code == 200
assert r.get_json()['data']['value'] == 200
assert r.get_json()["data"]["value"] == 200
destroy_ctfd(app)
@@ -281,7 +321,7 @@ def test_api_challenge_delete_non_admin():
with app.app_context():
gen_challenge(app.db)
with app.test_client() as client:
r = client.delete('/api/v1/challenges/1', json="")
r = client.delete("/api/v1/challenges/1", json="")
assert r.status_code == 403
destroy_ctfd(app)
@@ -291,10 +331,10 @@ def test_api_challenge_delete_admin():
app = create_ctfd()
with app.app_context():
gen_challenge(app.db)
with login_as_user(app, 'admin') as client:
r = client.delete('/api/v1/challenges/1', json="")
with login_as_user(app, "admin") as client:
r = client.delete("/api/v1/challenges/1", json="")
assert r.status_code == 200
assert r.get_json().get('data') is None
assert r.get_json().get("data") is None
destroy_ctfd(app)
@@ -312,10 +352,10 @@ def test_api_challenge_with_properties_delete_admin():
assert len(challenge.tags) == 1
assert len(challenge.flags) == 1
with login_as_user(app, 'admin') as client:
r = client.delete('/api/v1/challenges/1', json="")
with login_as_user(app, "admin") as client:
r = client.delete("/api/v1/challenges/1", json="")
assert r.status_code == 200
assert r.get_json().get('data') is None
assert r.get_json().get("data") is None
assert Tags.query.count() == 0
assert Hints.query.count() == 0
@@ -330,7 +370,7 @@ def test_api_challenge_attempt_post_public():
with app.app_context():
gen_challenge(app.db)
with app.test_client() as client:
r = client.post('/api/v1/challenges/attempt', json="")
r = client.post("/api/v1/challenges/attempt", json="")
assert r.status_code == 403
destroy_ctfd(app)
@@ -343,23 +383,35 @@ def test_api_challenge_attempt_post_private():
gen_flag(app.db, challenge_id)
register_user(app)
with login_as_user(app) as client:
r = client.post('/api/v1/challenges/attempt', json={"challenge_id": challenge_id, "submission": "wrong_flag"})
r = client.post(
"/api/v1/challenges/attempt",
json={"challenge_id": challenge_id, "submission": "wrong_flag"},
)
assert r.status_code == 200
assert r.get_json()['data']['status'] == 'incorrect'
r = client.post('/api/v1/challenges/attempt', json={"challenge_id": challenge_id, "submission": "flag"})
assert r.get_json()["data"]["status"] == "incorrect"
r = client.post(
"/api/v1/challenges/attempt",
json={"challenge_id": challenge_id, "submission": "flag"},
)
assert r.status_code == 200
assert r.get_json()['data']['status'] == 'correct'
r = client.post('/api/v1/challenges/attempt', json={"challenge_id": challenge_id, "submission": "flag"})
assert r.get_json()["data"]["status"] == "correct"
r = client.post(
"/api/v1/challenges/attempt",
json={"challenge_id": challenge_id, "submission": "flag"},
)
assert r.status_code == 200
assert r.get_json()['data']['status'] == 'already_solved'
assert r.get_json()["data"]["status"] == "already_solved"
challenge_id = gen_challenge(app.db).id
gen_flag(app.db, challenge_id)
with login_as_user(app) as client:
for i in range(10):
gen_fail(app.db, user_id=2, challenge_id=challenge_id)
r = client.post('/api/v1/challenges/attempt', json={"challenge_id": challenge_id, "submission": "flag"})
r = client.post(
"/api/v1/challenges/attempt",
json={"challenge_id": challenge_id, "submission": "flag"},
)
assert r.status_code == 429
assert r.get_json()['data']['status'] == 'ratelimited'
assert r.get_json()["data"]["status"] == "ratelimited"
destroy_ctfd(app)
app = create_ctfd(user_mode="teams")
@@ -372,23 +424,35 @@ def test_api_challenge_attempt_post_private():
user.team_id = team_id
app.db.session.commit()
with login_as_user(app) as client:
r = client.post('/api/v1/challenges/attempt', json={"challenge_id": challenge_id, "submission": "wrong_flag"})
r = client.post(
"/api/v1/challenges/attempt",
json={"challenge_id": challenge_id, "submission": "wrong_flag"},
)
assert r.status_code == 200
assert r.get_json()['data']['status'] == 'incorrect'
r = client.post('/api/v1/challenges/attempt', json={"challenge_id": challenge_id, "submission": "flag"})
assert r.get_json()["data"]["status"] == "incorrect"
r = client.post(
"/api/v1/challenges/attempt",
json={"challenge_id": challenge_id, "submission": "flag"},
)
assert r.status_code == 200
assert r.get_json()['data']['status'] == 'correct'
r = client.post('/api/v1/challenges/attempt', json={"challenge_id": challenge_id, "submission": "flag"})
assert r.get_json()["data"]["status"] == "correct"
r = client.post(
"/api/v1/challenges/attempt",
json={"challenge_id": challenge_id, "submission": "flag"},
)
assert r.status_code == 200
assert r.get_json()['data']['status'] == 'already_solved'
assert r.get_json()["data"]["status"] == "already_solved"
challenge_id = gen_challenge(app.db).id
gen_flag(app.db, challenge_id)
with login_as_user(app) as client:
for i in range(10):
gen_fail(app.db, user_id=2, team_id=team_id, challenge_id=challenge_id)
r = client.post('/api/v1/challenges/attempt', json={"challenge_id": challenge_id, "submission": "flag"})
r = client.post(
"/api/v1/challenges/attempt",
json={"challenge_id": challenge_id, "submission": "flag"},
)
assert r.status_code == 429
assert r.get_json()['data']['status'] == 'ratelimited'
assert r.get_json()["data"]["status"] == "ratelimited"
destroy_ctfd(app)
@@ -398,16 +462,25 @@ def test_api_challenge_attempt_post_admin():
with app.app_context():
gen_challenge(app.db)
gen_flag(app.db, 1)
with login_as_user(app, 'admin') as client:
r = client.post('/api/v1/challenges/attempt', json={"challenge_id": 1, "submission": "wrong_flag"})
with login_as_user(app, "admin") as client:
r = client.post(
"/api/v1/challenges/attempt",
json={"challenge_id": 1, "submission": "wrong_flag"},
)
assert r.status_code == 200
assert r.get_json()['data']['status'] == 'incorrect'
r = client.post('/api/v1/challenges/attempt', json={"challenge_id": 1, "submission": "flag"})
assert r.get_json()["data"]["status"] == "incorrect"
r = client.post(
"/api/v1/challenges/attempt",
json={"challenge_id": 1, "submission": "flag"},
)
assert r.status_code == 200
assert r.get_json()['data']['status'] == 'correct'
r = client.post('/api/v1/challenges/attempt', json={"challenge_id": 1, "submission": "flag"})
assert r.get_json()["data"]["status"] == "correct"
r = client.post(
"/api/v1/challenges/attempt",
json={"challenge_id": 1, "submission": "flag"},
)
assert r.status_code == 200
assert r.get_json()['data']['status'] == 'already_solved'
assert r.get_json()["data"]["status"] == "already_solved"
destroy_ctfd(app)
@@ -417,11 +490,11 @@ def test_api_challenge_get_solves_visibility_public():
with app.app_context():
gen_challenge(app.db)
with app.test_client() as client:
set_config('challenge_visibility', 'public')
r = client.get('/api/v1/challenges/1/solves', json="")
set_config("challenge_visibility", "public")
r = client.get("/api/v1/challenges/1/solves", json="")
assert r.status_code == 200
set_config('challenge_visibility', 'private')
r = client.get('/api/v1/challenges/1/solves', json="")
set_config("challenge_visibility", "private")
r = client.get("/api/v1/challenges/1/solves", json="")
assert r.status_code == 403
destroy_ctfd(app)
@@ -430,14 +503,18 @@ def test_api_challenge_get_solves_ctftime_public():
"""Can a public user get /api/v1/challenges/<challenge_id>/solves if ctftime is over"""
app = create_ctfd()
with app.app_context(), freeze_time("2017-10-7"):
set_config('challenge_visibility', 'public')
set_config("challenge_visibility", "public")
gen_challenge(app.db)
with app.test_client() as client:
r = client.get('/api/v1/challenges/1/solves')
r = client.get("/api/v1/challenges/1/solves")
assert r.status_code == 200
set_config('start', '1507089600') # Wednesday, October 4, 2017 12:00:00 AM GMT-04:00 DST
set_config('end', '1507262400') # Friday, October 6, 2017 12:00:00 AM GMT-04:00 DST
r = client.get('/api/v1/challenges/1/solves', json="")
set_config(
"start", "1507089600"
) # Wednesday, October 4, 2017 12:00:00 AM GMT-04:00 DST
set_config(
"end", "1507262400"
) # Friday, October 6, 2017 12:00:00 AM GMT-04:00 DST
r = client.get("/api/v1/challenges/1/solves", json="")
assert r.status_code == 403
destroy_ctfd(app)
@@ -450,7 +527,7 @@ def test_api_challenge_get_solves_ctf_frozen():
register_user(app, name="user2", email="user2@ctfd.io")
# Friday, October 6, 2017 12:00:00 AM GMT-04:00 DST
set_config('freeze', '1507262400')
set_config("freeze", "1507262400")
with freeze_time("2017-10-4"):
chal = gen_challenge(app.db)
chal_id = chal.id
@@ -467,24 +544,24 @@ def test_api_challenge_get_solves_ctf_frozen():
client = login_as_user(app, name="user2")
# Challenge 1 should have one solve
r = client.get('/api/v1/challenges/1/solves')
data = r.get_json()['data']
r = client.get("/api/v1/challenges/1/solves")
data = r.get_json()["data"]
assert len(data) == 1
# Challenge 2 should have a solve shouldn't be shown to the user
r = client.get('/api/v1/challenges/2/solves')
data = r.get_json()['data']
r = client.get("/api/v1/challenges/2/solves")
data = r.get_json()["data"]
assert len(data) == 0
# Admins should see data as an admin with no modifications
admin = login_as_user(app, name="admin")
r = admin.get('/api/v1/challenges/2/solves')
data = r.get_json()['data']
r = admin.get("/api/v1/challenges/2/solves")
data = r.get_json()["data"]
assert len(data) == 1
# But should see as a user if the preview param is passed
r = admin.get('/api/v1/challenges/2/solves?preview=true')
data = r.get_json()['data']
r = admin.get("/api/v1/challenges/2/solves?preview=true")
data = r.get_json()["data"]
assert len(data) == 0
destroy_ctfd(app)
@@ -497,10 +574,10 @@ def test_api_challenge_get_solves_visibility_private():
gen_challenge(app.db)
register_user(app)
client = login_as_user(app)
r = client.get('/api/v1/challenges/1/solves')
r = client.get("/api/v1/challenges/1/solves")
assert r.status_code == 200
set_config('challenge_visibility', 'public')
r = client.get('/api/v1/challenges/1/solves')
set_config("challenge_visibility", "public")
r = client.get("/api/v1/challenges/1/solves")
assert r.status_code == 200
destroy_ctfd(app)
@@ -512,11 +589,15 @@ def test_api_challenge_get_solves_ctftime_private():
gen_challenge(app.db)
register_user(app)
client = login_as_user(app)
r = client.get('/api/v1/challenges/1/solves')
r = client.get("/api/v1/challenges/1/solves")
assert r.status_code == 200
set_config('start', '1507089600') # Wednesday, October 4, 2017 12:00:00 AM GMT-04:00 DST
set_config('end', '1507262400') # Friday, October 6, 2017 12:00:00 AM GMT-04:00 DST
r = client.get('/api/v1/challenges/1/solves')
set_config(
"start", "1507089600"
) # Wednesday, October 4, 2017 12:00:00 AM GMT-04:00 DST
set_config(
"end", "1507262400"
) # Friday, October 6, 2017 12:00:00 AM GMT-04:00 DST
r = client.get("/api/v1/challenges/1/solves")
assert r.status_code == 403
destroy_ctfd(app)
@@ -525,15 +606,21 @@ def test_api_challenge_get_solves_verified_emails():
"""Can a verified email get /api/v1/challenges/<challenge_id>/solves"""
app = create_ctfd()
with app.app_context():
set_config('verify_emails', True)
set_config("verify_emails", True)
gen_challenge(app.db)
gen_user(app.db, name='user_name', email='verified_user@ctfd.io', password='password', verified=True)
gen_user(
app.db,
name="user_name",
email="verified_user@ctfd.io",
password="password",
verified=True,
)
register_user(app)
client = login_as_user(app)
registered_client = login_as_user(app, 'user_name', 'password')
r = client.get('/api/v1/challenges/1/solves', json="")
registered_client = login_as_user(app, "user_name", "password")
r = client.get("/api/v1/challenges/1/solves", json="")
assert r.status_code == 403
r = registered_client.get('/api/v1/challenges/1/solves')
r = registered_client.get("/api/v1/challenges/1/solves")
assert r.status_code == 200
destroy_ctfd(app)
@@ -542,21 +629,21 @@ def test_api_challenges_get_solves_score_visibility():
"""Can a user get /api/v1/challenges/<challenge_id>/solves if score_visibility is public/private/admin"""
app = create_ctfd()
with app.app_context():
set_config('challenge_visibility', 'public')
set_config('score_visibility', 'public')
set_config("challenge_visibility", "public")
set_config("score_visibility", "public")
gen_challenge(app.db)
with app.test_client() as client:
r = client.get('/api/v1/challenges/1/solves')
r = client.get("/api/v1/challenges/1/solves")
assert r.status_code == 200
set_config('challenge_visibility', 'private')
set_config('score_visibility', 'private')
set_config("challenge_visibility", "private")
set_config("score_visibility", "private")
register_user(app)
private_client = login_as_user(app)
r = private_client.get('/api/v1/challenges/1/solves')
r = private_client.get("/api/v1/challenges/1/solves")
assert r.status_code == 200
set_config('score_visibility', 'admin')
admin = login_as_user(app, 'admin', 'password')
r = admin.get('/api/v1/challenges/1/solves')
set_config("score_visibility", "admin")
admin = login_as_user(app, "admin", "password")
r = admin.get("/api/v1/challenges/1/solves")
assert r.status_code == 200
destroy_ctfd(app)
@@ -567,7 +654,7 @@ def test_api_challenge_get_solves_404():
with app.app_context():
register_user(app)
client = login_as_user(app)
r = client.get('/api/v1/challenges/1/solves')
r = client.get("/api/v1/challenges/1/solves")
assert r.status_code == 404
destroy_ctfd(app)
@@ -580,14 +667,14 @@ def test_api_challenge_solves_returns_correct_data():
client = login_as_user(app)
chal = gen_challenge(app.db)
gen_solve(app.db, user_id=2, challenge_id=chal.id)
r = client.get('/api/v1/challenges/1/solves')
resp = r.get_json()['data']
r = client.get("/api/v1/challenges/1/solves")
resp = r.get_json()["data"]
solve = resp[0]
assert r.status_code == 200
assert solve.get('account_id') == 2
assert solve.get('name') == 'user'
assert solve.get('date') is not None
assert solve.get('account_url') == '/users/2'
assert solve.get("account_id") == 2
assert solve.get("name") == "user"
assert solve.get("date") is not None
assert solve.get("account_url") == "/users/2"
destroy_ctfd(app)
app = create_ctfd(user_mode="teams")
@@ -600,30 +687,30 @@ def test_api_challenge_solves_returns_correct_data():
app.db.session.commit()
chal = gen_challenge(app.db)
gen_solve(app.db, user_id=2, team_id=1, challenge_id=chal.id)
r = client.get('/api/v1/challenges/1/solves')
resp = r.get_json()['data']
r = client.get("/api/v1/challenges/1/solves")
resp = r.get_json()["data"]
solve = resp[0]
assert r.status_code == 200
assert solve.get('account_id') == 1
assert solve.get('name') == 'team_name'
assert solve.get('date') is not None
assert solve.get('account_url') == '/teams/1'
assert solve.get("account_id") == 1
assert solve.get("name") == "team_name"
assert solve.get("date") is not None
assert solve.get("account_url") == "/teams/1"
destroy_ctfd(app)
app = create_ctfd(application_root='/ctf')
app = create_ctfd(application_root="/ctf")
with app.app_context():
register_user(app)
client = login_as_user(app)
chal = gen_challenge(app.db)
gen_solve(app.db, user_id=2, challenge_id=chal.id)
r = client.get('/api/v1/challenges/1/solves')
resp = r.get_json()['data']
r = client.get("/api/v1/challenges/1/solves")
resp = r.get_json()["data"]
solve = resp[0]
assert r.status_code == 200
assert solve.get('account_id') == 2
assert solve.get('name') == 'user'
assert solve.get('date') is not None
assert solve.get('account_url') == '/ctf/users/2'
assert solve.get("account_id") == 2
assert solve.get("name") == "user"
assert solve.get("date") is not None
assert solve.get("account_url") == "/ctf/users/2"
destroy_ctfd(app)
@@ -633,7 +720,7 @@ def test_api_challenge_get_files_non_admin():
with app.app_context():
gen_challenge(app.db)
with app.test_client() as client:
r = client.get('/api/v1/challenges/1/files', json="")
r = client.get("/api/v1/challenges/1/files", json="")
assert r.status_code == 403
destroy_ctfd(app)
@@ -643,8 +730,8 @@ def test_api_challenge_get_files_admin():
app = create_ctfd()
with app.app_context():
gen_challenge(app.db)
with login_as_user(app, 'admin') as client:
r = client.get('/api/v1/challenges/1/files')
with login_as_user(app, "admin") as client:
r = client.get("/api/v1/challenges/1/files")
assert r.status_code == 200
destroy_ctfd(app)
@@ -655,7 +742,7 @@ def test_api_challenge_get_tags_non_admin():
with app.app_context():
gen_challenge(app.db)
with app.test_client() as client:
r = client.get('/api/v1/challenges/1/tags', json="")
r = client.get("/api/v1/challenges/1/tags", json="")
assert r.status_code == 403
destroy_ctfd(app)
@@ -665,8 +752,8 @@ def test_api_challenge_get_tags_admin():
app = create_ctfd()
with app.app_context():
gen_challenge(app.db)
with login_as_user(app, 'admin') as client:
r = client.get('/api/v1/challenges/1/tags')
with login_as_user(app, "admin") as client:
r = client.get("/api/v1/challenges/1/tags")
assert r.status_code == 200
destroy_ctfd(app)
@@ -677,7 +764,7 @@ def test_api_challenge_get_hints_non_admin():
with app.app_context():
gen_challenge(app.db)
with app.test_client() as client:
r = client.get('/api/v1/challenges/1/hints', json="")
r = client.get("/api/v1/challenges/1/hints", json="")
assert r.status_code == 403
destroy_ctfd(app)
@@ -687,8 +774,8 @@ def test_api_challenge_get_hints_admin():
app = create_ctfd()
with app.app_context():
gen_challenge(app.db)
with login_as_user(app, 'admin') as client:
r = client.get('/api/v1/challenges/1/hints')
with login_as_user(app, "admin") as client:
r = client.get("/api/v1/challenges/1/hints")
assert r.status_code == 200
destroy_ctfd(app)
@@ -699,7 +786,7 @@ def test_api_challenge_get_flags_non_admin():
with app.app_context():
gen_challenge(app.db)
with app.test_client() as client:
r = client.get('/api/v1/challenges/1/flags', json="")
r = client.get("/api/v1/challenges/1/flags", json="")
assert r.status_code == 403
destroy_ctfd(app)
@@ -709,7 +796,7 @@ def test_api_challenge_get_flags_admin():
app = create_ctfd()
with app.app_context():
gen_challenge(app.db)
with login_as_user(app, 'admin') as client:
r = client.get('/api/v1/challenges/1/flags')
with login_as_user(app, "admin") as client:
r = client.get("/api/v1/challenges/1/flags")
assert r.status_code == 200
destroy_ctfd(app)