aljaz/CTFd
1
0
Fork 0
mirror of https://github.com/aljazceru/CTFd.git synced 2025-12-18 06:24:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

Format all the things (#991)

Browse Source 
* Format Javascript and CSS files with `prettier`: `prettier --write 'CTFd/themes/**/*'`
* Format Python with `black`: `black CTFd` & `black tests`
* Travis now uses xenial instead of trusty.
This commit is contained in:
Kevin Chung
2019-05-11 21:09:37 -04:00
committed by GitHub
parent 3d23ece370
commit 6833378c36
201 changed files with 9561 additions and 9107 deletions
Download Patch File Download Diff File Expand all files Collapse all files

343
tests/api/v1/test_teams.py
View File

@@ -16,7 +16,7 @@ from tests.helpers import (
gen_solve,
gen_award,
gen_fail,
simulate_user_activity
simulate_user_activity,
)
from freezegun import freeze_time
@@ -26,14 +26,14 @@ def test_api_teams_get_public():
app = create_ctfd(user_mode="teams")
with app.app_context():
with app.test_client() as client:
set_config('account_visibility', 'public')
r = client.get('/api/v1/teams')
set_config("account_visibility", "public")
r = client.get("/api/v1/teams")
assert r.status_code == 200
set_config('account_visibility', 'private')
r = client.get('/api/v1/teams')
set_config("account_visibility", "private")
r = client.get("/api/v1/teams")
assert r.status_code == 302
set_config('account_visibility', 'admins')
r = client.get('/api/v1/teams')
set_config("account_visibility", "admins")
r = client.get("/api/v1/teams")
assert r.status_code == 404
destroy_ctfd(app)
@@ -44,14 +44,14 @@ def test_api_teams_get_private():
with app.app_context():
register_user(app)
with login_as_user(app) as client:
set_config('account_visibility', 'public')
r = client.get('/api/v1/teams')
set_config("account_visibility", "public")
r = client.get("/api/v1/teams")
assert r.status_code == 200
set_config('account_visibility', 'private')
r = client.get('/api/v1/teams')
set_config("account_visibility", "private")
r = client.get("/api/v1/teams")
assert r.status_code == 200
set_config('account_visibility', 'admins')
r = client.get('/api/v1/teams')
set_config("account_visibility", "admins")
r = client.get("/api/v1/teams")
assert r.status_code == 404
destroy_ctfd(app)
@@ -60,15 +60,15 @@ def test_api_teams_get_admin():
"""Can a user get /api/v1/teams if teams are viewed by admins only"""
app = create_ctfd(user_mode="teams")
with app.app_context():
with login_as_user(app, 'admin') as client:
set_config('account_visibility', 'public')
r = client.get('/api/v1/teams')
with login_as_user(app, "admin") as client:
set_config("account_visibility", "public")
r = client.get("/api/v1/teams")
assert r.status_code == 200
set_config('account_visibility', 'private')
r = client.get('/api/v1/teams')
set_config("account_visibility", "private")
r = client.get("/api/v1/teams")
assert r.status_code == 200
set_config('account_visibility', 'admins')
r = client.get('/api/v1/teams')
set_config("account_visibility", "admins")
r = client.get("/api/v1/teams")
assert r.status_code == 200
destroy_ctfd(app)
@@ -78,7 +78,7 @@ def test_api_teams_post_non_admin():
app = create_ctfd(user_mode="teams")
with app.app_context():
with app.test_client() as client:
r = client.post('/api/v1/teams', json="")
r = client.post("/api/v1/teams", json="")
assert r.status_code == 403
destroy_ctfd(app)
@@ -87,25 +87,25 @@ def test_api_teams_post_admin():
"""Can a user post /api/v1/teams if admin"""
app = create_ctfd(user_mode="teams")
with app.app_context():
with login_as_user(app, 'admin') as client:
with login_as_user(app, "admin") as client:
# Create team
r = client.post(
'/api/v1/teams',
"/api/v1/teams",
json={
"website": "http://www.team.com",
"name": "team",
"country": "TW",
"email": "team@team.com",
"affiliation": "team",
"password": "password"
}
"password": "password",
},
)
assert r.status_code == 200
# Make sure password was hashed properly
team = Teams.query.filter_by(email='team@team.com').first()
team = Teams.query.filter_by(email="team@team.com").first()
assert team
assert verify_password('password', team.password)
assert verify_password("password", team.password)
# Make sure team can actually be joined
register_user(app)
@@ -115,9 +115,9 @@ def test_api_teams_post_admin():
data = {
"name": "team",
"password": "password",
"nonce": sess.get('nonce')
"nonce": sess.get("nonce"),
}
r = client.post('/teams/join', data=data)
r = client.post("/teams/join", data=data)
user = Users.query.filter_by(id=2).first()
assert user.team_id == 1
destroy_ctfd(app)
@@ -127,42 +127,42 @@ def test_api_teams_post_admin_duplicate():
"""Test that admins can only create teams with unique information"""
app = create_ctfd(user_mode="teams")
with app.app_context():
gen_team(app.db, name='team1')
with login_as_user(app, 'admin') as client:
gen_team(app.db, name="team1")
with login_as_user(app, "admin") as client:
# Duplicate name
r = client.post(
'/api/v1/teams',
"/api/v1/teams",
json={
"website": "https://ctfd.io",
"name": "team1",
"country": "TW",
"email": "team1@ctfd.io",
"affiliation": "team",
"password": "password"
}
"password": "password",
},
)
resp = r.get_json()
assert r.status_code == 400
assert resp['errors']['name']
assert resp['success'] is False
assert resp["errors"]["name"]
assert resp["success"] is False
assert Teams.query.count() == 1
# Duplicate email
r = client.post(
'/api/v1/teams',
"/api/v1/teams",
json={
"website": "https://ctfd.io",
"name": "new_team",
"country": "TW",
"email": "team@ctfd.io",
"affiliation": "team",
"password": "password"
}
"password": "password",
},
)
resp = r.get_json()
assert r.status_code == 400
assert resp['errors']['email']
assert resp['success'] is False
assert resp["errors"]["email"]
assert resp["success"] is False
assert Teams.query.count() == 1
destroy_ctfd(app)
@@ -172,15 +172,15 @@ def test_api_team_get_public():
app = create_ctfd(user_mode="teams")
with app.app_context():
with app.test_client() as client:
set_config('account_visibility', 'public')
set_config("account_visibility", "public")
gen_team(app.db)
r = client.get('/api/v1/teams/1')
r = client.get("/api/v1/teams/1")
assert r.status_code == 200
set_config('account_visibility', 'private')
r = client.get('/api/v1/teams/1')
set_config("account_visibility", "private")
r = client.get("/api/v1/teams/1")
assert r.status_code == 302
set_config('account_visibility', 'admins')
r = client.get('/api/v1/teams/1')
set_config("account_visibility", "admins")
r = client.get("/api/v1/teams/1")
assert r.status_code == 404
destroy_ctfd(app)
@@ -191,15 +191,15 @@ def test_api_team_get_private():
with app.app_context():
register_user(app)
with login_as_user(app) as client:
set_config('account_visibility', 'public')
set_config("account_visibility", "public")
gen_team(app.db)
r = client.get('/api/v1/teams/1')
r = client.get("/api/v1/teams/1")
assert r.status_code == 200
set_config('account_visibility', 'private')
r = client.get('/api/v1/teams/1')
set_config("account_visibility", "private")
r = client.get("/api/v1/teams/1")
assert r.status_code == 200
set_config('account_visibility', 'admins')
r = client.get('/api/v1/teams/1')
set_config("account_visibility", "admins")
r = client.get("/api/v1/teams/1")
assert r.status_code == 404
destroy_ctfd(app)
@@ -208,16 +208,16 @@ def test_api_team_get_admin():
"""Can a user get /api/v1/teams/<team_id> if teams are viewed by admins only"""
app = create_ctfd(user_mode="teams")
with app.app_context():
with login_as_user(app, 'admin') as client:
with login_as_user(app, "admin") as client:
gen_team(app.db)
set_config('account_visibility', 'public')
r = client.get('/api/v1/teams/1')
set_config("account_visibility", "public")
r = client.get("/api/v1/teams/1")
assert r.status_code == 200
set_config('account_visibility', 'private')
r = client.get('/api/v1/teams/1')
set_config("account_visibility", "private")
r = client.get("/api/v1/teams/1")
assert r.status_code == 200
set_config('account_visibility', 'admins')
r = client.get('/api/v1/teams/1')
set_config("account_visibility", "admins")
r = client.get("/api/v1/teams/1")
assert r.status_code == 200
destroy_ctfd(app)
@@ -228,7 +228,7 @@ def test_api_team_patch_non_admin():
with app.app_context():
gen_team(app.db)
with app.test_client() as client:
r = client.patch('/api/v1/teams/1', json="")
r = client.patch("/api/v1/teams/1", json="")
assert r.status_code == 403
destroy_ctfd(app)
@@ -238,17 +238,20 @@ def test_api_team_patch_admin():
app = create_ctfd(user_mode="teams")
with app.app_context():
gen_team(app.db)
with login_as_user(app, 'admin') as client:
r = client.patch('/api/v1/teams/1', json={
"name": "team_name",
"email": "team@ctfd.io",
"password": "password",
"affiliation": "changed"
})
with login_as_user(app, "admin") as client:
r = client.patch(
"/api/v1/teams/1",
json={
"name": "team_name",
"email": "team@ctfd.io",
"password": "password",
"affiliation": "changed",
},
)
team = Teams.query.filter_by(id=1).first()
assert r.status_code == 200
assert r.get_json()['data']['affiliation'] == 'changed'
assert verify_password('password', team.password)
assert r.get_json()["data"]["affiliation"] == "changed"
assert verify_password("password", team.password)
destroy_ctfd(app)
@@ -258,7 +261,7 @@ def test_api_team_delete_non_admin():
with app.app_context():
gen_team(app.db)
with app.test_client() as client:
r = client.delete('/api/v1/teams/1', json="")
r = client.delete("/api/v1/teams/1", json="")
assert r.status_code == 403
destroy_ctfd(app)
@@ -275,10 +278,10 @@ def test_api_team_delete_admin():
for user in members:
simulate_user_activity(app.db, user=user)
with login_as_user(app, 'admin') as client:
r = client.delete('/api/v1/teams/1', json="")
with login_as_user(app, "admin") as client:
r = client.delete("/api/v1/teams/1", json="")
assert r.status_code == 200
assert r.get_json().get('data') is None
assert r.get_json().get("data") is None
for user in Users.query.all():
assert user.team_id is None
@@ -290,7 +293,7 @@ def test_api_team_get_me_not_logged_in():
app = create_ctfd(user_mode="teams")
with app.app_context():
with app.test_client() as client:
r = client.get('/api/v1/teams/me')
r = client.get("/api/v1/teams/me")
assert r.status_code == 302
destroy_ctfd(app)
@@ -305,7 +308,7 @@ def test_api_team_get_me_logged_in():
user.team_id = team.id
app.db.session.commit()
with login_as_user(app, name="user_name") as client:
r = client.get('/api/v1/teams/me')
r = client.get("/api/v1/teams/me")
assert r.status_code == 200
destroy_ctfd(app)
@@ -315,7 +318,7 @@ def test_api_team_patch_me_not_logged_in():
app = create_ctfd(user_mode="teams")
with app.app_context():
with app.test_client() as client:
r = client.patch('/api/v1/teams/me', json="")
r = client.patch("/api/v1/teams/me", json="")
assert r.status_code == 403
destroy_ctfd(app)
@@ -333,10 +336,9 @@ def test_api_team_patch_me_logged_in_user():
user2.team_id = team.id
app.db.session.commit()
with login_as_user(app, name="user2") as client:
r = client.patch('/api/v1/teams/me', json={
"name": "team_name",
"affiliation": "changed"
})
r = client.patch(
"/api/v1/teams/me", json={"name": "team_name", "affiliation": "changed"}
)
assert r.status_code == 400
destroy_ctfd(app)
@@ -352,10 +354,9 @@ def test_api_team_patch_me_logged_in_captain():
user.team_id = team.id
app.db.session.commit()
with login_as_user(app, name="user_name") as client:
r = client.patch('/api/v1/teams/me', json={
"name": "team_name",
"affiliation": "changed"
})
r = client.patch(
"/api/v1/teams/me", json={"name": "team_name", "affiliation": "changed"}
)
assert r.status_code == 200
destroy_ctfd(app)
@@ -378,10 +379,9 @@ def test_api_team_patch_me_logged_in_admin_captain():
app.db.session.commit()
with login_as_user(app, name="admin") as client:
r = client.patch('/api/v1/teams/me', json={
"name": "team_name",
"affiliation": "changed"
})
r = client.patch(
"/api/v1/teams/me", json={"name": "team_name", "affiliation": "changed"}
)
assert r.status_code == 200
team = Teams.query.filter_by(id=1).first()
@@ -394,7 +394,7 @@ def test_api_team_get_me_solves_not_logged_in():
app = create_ctfd(user_mode="teams")
with app.app_context():
with app.test_client() as client:
r = client.get('/api/v1/teams/me/solves')
r = client.get("/api/v1/teams/me/solves")
assert r.status_code == 403
destroy_ctfd(app)
@@ -409,7 +409,7 @@ def test_api_team_get_me_solves_logged_in():
user.team_id = team.id
app.db.session.commit()
with login_as_user(app, name="user_name") as client:
r = client.get('/api/v1/teams/me/solves')
r = client.get("/api/v1/teams/me/solves")
assert r.status_code == 200
destroy_ctfd(app)
@@ -424,7 +424,7 @@ def test_api_team_get_solves():
user.team_id = team.id
app.db.session.commit()
with login_as_user(app, name="user_name") as client:
r = client.get('/api/v1/teams/1/solves')
r = client.get("/api/v1/teams/1/solves")
assert r.status_code == 200
destroy_ctfd(app)
@@ -434,12 +434,12 @@ def test_api_team_get_solves_after_freze_time():
app = create_ctfd(user_mode="teams")
with app.app_context():
register_user(app)
team = gen_team(app.db, name='team1', email='team1@ctfd.io', member_count=1)
team = gen_team(app.db, name="team1", email="team1@ctfd.io", member_count=1)
team_member = team.members[0]
tm_name = team_member.name
set_config('freeze', '1507262400')
set_config("freeze", "1507262400")
with freeze_time("2017-10-4"):
chal = gen_challenge(app.db)
chal_id = chal.id
@@ -453,18 +453,18 @@ def test_api_team_get_solves_after_freze_time():
assert Solves.query.count() == 2
with login_as_user(app) as client:
r = client.get('/api/v1/teams/1/solves')
data = r.get_json()['data']
r = client.get("/api/v1/teams/1/solves")
data = r.get_json()["data"]
assert len(data) == 1
with login_as_user(app, name=tm_name) as client:
r = client.get('/api/v1/teams/me/solves')
data = r.get_json()['data']
r = client.get("/api/v1/teams/me/solves")
data = r.get_json()["data"]
assert len(data) == 2
with login_as_user(app, name="admin") as client:
r = client.get('/api/v1/teams/1/solves')
data = r.get_json()['data']
r = client.get("/api/v1/teams/1/solves")
data = r.get_json()["data"]
assert len(data) == 2
destroy_ctfd(app)
@@ -474,7 +474,7 @@ def test_api_team_get_me_fails_not_logged_in():
app = create_ctfd(user_mode="teams")
with app.app_context():
with app.test_client() as client:
r = client.get('/api/v1/teams/me/fails')
r = client.get("/api/v1/teams/me/fails")
assert r.status_code == 403
destroy_ctfd(app)
@@ -489,7 +489,7 @@ def test_api_team_get_me_fails_logged_in():
user.team_id = team.id
app.db.session.commit()
with login_as_user(app, name="user_name") as client:
r = client.get('/api/v1/teams/me/fails')
r = client.get("/api/v1/teams/me/fails")
assert r.status_code == 200
destroy_ctfd(app)
@@ -504,7 +504,7 @@ def test_api_team_get_fails():
user.team_id = team.id
app.db.session.commit()
with login_as_user(app, name="user_name") as client:
r = client.get('/api/v1/teams/1/fails')
r = client.get("/api/v1/teams/1/fails")
assert r.status_code == 200
destroy_ctfd(app)
@@ -514,12 +514,12 @@ def test_api_team_get_fails_after_freze_time():
app = create_ctfd(user_mode="teams")
with app.app_context():
register_user(app)
team = gen_team(app.db, name='team1', email='team1@ctfd.io', member_count=1)
team = gen_team(app.db, name="team1", email="team1@ctfd.io", member_count=1)
team_member = team.members[0]
tm_name = team_member.name
set_config('freeze', '1507262400')
set_config("freeze", "1507262400")
with freeze_time("2017-10-4"):
chal = gen_challenge(app.db)
chal_id = chal.id
@@ -533,16 +533,16 @@ def test_api_team_get_fails_after_freze_time():
assert Fails.query.count() == 2
with login_as_user(app) as client:
r = client.get('/api/v1/teams/1/fails')
assert r.get_json()['meta']['count'] == 1
r = client.get("/api/v1/teams/1/fails")
assert r.get_json()["meta"]["count"] == 1
with login_as_user(app, name=tm_name) as client:
r = client.get('/api/v1/teams/me/fails')
assert r.get_json()['meta']['count'] == 2
r = client.get("/api/v1/teams/me/fails")
assert r.get_json()["meta"]["count"] == 2
with login_as_user(app, name="admin") as client:
r = client.get('/api/v1/teams/1/fails')
assert r.get_json()['meta']['count'] == 2
r = client.get("/api/v1/teams/1/fails")
assert r.get_json()["meta"]["count"] == 2
destroy_ctfd(app)
@@ -551,7 +551,7 @@ def test_api_team_get_me_awards_not_logged_in():
app = create_ctfd(user_mode="teams")
with app.app_context():
with app.test_client() as client:
r = client.get('/api/v1/teams/me/awards')
r = client.get("/api/v1/teams/me/awards")
assert r.status_code == 403
destroy_ctfd(app)
@@ -566,7 +566,7 @@ def test_api_team_get_me_awards_logged_in():
user.team_id = team.id
app.db.session.commit()
with login_as_user(app, name="user_name") as client:
r = client.get('/api/v1/teams/me/awards')
r = client.get("/api/v1/teams/me/awards")
assert r.status_code == 200
destroy_ctfd(app)
@@ -581,7 +581,7 @@ def test_api_team_get_awards():
user.team_id = team.id
app.db.session.commit()
with login_as_user(app, name="user_name") as client:
r = client.get('/api/v1/teams/1/awards')
r = client.get("/api/v1/teams/1/awards")
assert r.status_code == 200
destroy_ctfd(app)
@@ -591,12 +591,12 @@ def test_api_team_get_awards_after_freze_time():
app = create_ctfd(user_mode="teams")
with app.app_context():
register_user(app)
team = gen_team(app.db, name='team1', email='team1@ctfd.io', member_count=1)
team = gen_team(app.db, name="team1", email="team1@ctfd.io", member_count=1)
team_member = team.members[0]
tm_name = team_member.name
set_config('freeze', '1507262400')
set_config("freeze", "1507262400")
with freeze_time("2017-10-4"):
gen_award(app.db, user_id=3)
@@ -606,18 +606,18 @@ def test_api_team_get_awards_after_freze_time():
assert Awards.query.count() == 2
with login_as_user(app) as client:
r = client.get('/api/v1/teams/1/awards')
data = r.get_json()['data']
r = client.get("/api/v1/teams/1/awards")
data = r.get_json()["data"]
assert len(data) == 1
with login_as_user(app, name=tm_name) as client:
r = client.get('/api/v1/teams/me/awards')
data = r.get_json()['data']
r = client.get("/api/v1/teams/me/awards")
data = r.get_json()["data"]
assert len(data) == 2
with login_as_user(app, name="admin") as client:
r = client.get('/api/v1/teams/1/awards')
data = r.get_json()['data']
r = client.get("/api/v1/teams/1/awards")
data = r.get_json()["data"]
assert len(data) == 2
destroy_ctfd(app)
@@ -636,29 +636,32 @@ def test_api_team_patch_password():
user2.team_id = team.id
app.db.session.commit()
with login_as_user(app, name="user2") as client:
r = client.patch('/api/v1/teams/me', json={
"confirm": "password",
"password": "new_password"
})
r = client.patch(
"/api/v1/teams/me",
json={"confirm": "password", "password": "new_password"},
)
assert r.status_code == 400
assert r.get_json() == {
'errors': {'': ['Only team captains can edit team information']},
'success': False
"errors": {"": ["Only team captains can edit team information"]},
"success": False,
}
team = Teams.query.filter_by(id=1).first()
assert verify_password(plaintext='new_password', ciphertext=team.password) is False
assert (
verify_password(plaintext="new_password", ciphertext=team.password)
is False
)
with login_as_user(app, name="user1") as client:
r = client.patch('/api/v1/teams/me', json={
"confirm": "password",
"password": "new_password"
})
r = client.patch(
"/api/v1/teams/me",
json={"confirm": "password", "password": "new_password"},
)
assert r.status_code == 200
team = Teams.query.filter_by(id=1).first()
assert verify_password(plaintext='new_password', ciphertext=team.password)
assert verify_password(plaintext="new_password", ciphertext=team.password)
def test_api_accessing_hidden_banned_users():
@@ -670,38 +673,42 @@ def test_api_accessing_hidden_banned_users():
register_user(app, name="visible_user", email="visible_user@ctfd.io")
user = Users.query.filter_by(id=2).first()
team = gen_team(app.db, name='hidden_team', email="hidden_team@ctfd.io", hidden=True)
team = gen_team(
app.db, name="hidden_team", email="hidden_team@ctfd.io", hidden=True
)
team.members.append(user)
user.team_id = team.id
app.db.session.commit()
user = Users.query.filter_by(id=3).first()
team = gen_team(app.db, name='banned_team', email="banned_team@ctfd.io", banned=True)
team = gen_team(
app.db, name="banned_team", email="banned_team@ctfd.io", banned=True
)
team.members.append(user)
user.team_id = team.id
app.db.session.commit()
with login_as_user(app, name="visible_user") as client:
assert client.get('/api/v1/teams/1').status_code == 404
assert client.get('/api/v1/teams/1/solves').status_code == 404
assert client.get('/api/v1/teams/1/fails').status_code == 404
assert client.get('/api/v1/teams/1/awards').status_code == 404
assert client.get("/api/v1/teams/1").status_code == 404
assert client.get("/api/v1/teams/1/solves").status_code == 404
assert client.get("/api/v1/teams/1/fails").status_code == 404
assert client.get("/api/v1/teams/1/awards").status_code == 404
assert client.get('/api/v1/teams/2').status_code == 404
assert client.get('/api/v1/teams/2/solves').status_code == 404
assert client.get('/api/v1/teams/2/fails').status_code == 404
assert client.get('/api/v1/teams/2/awards').status_code == 404
assert client.get("/api/v1/teams/2").status_code == 404
assert client.get("/api/v1/teams/2/solves").status_code == 404
assert client.get("/api/v1/teams/2/fails").status_code == 404
assert client.get("/api/v1/teams/2/awards").status_code == 404
with login_as_user(app, name="admin") as client:
assert client.get('/api/v1/teams/1').status_code == 200
assert client.get('/api/v1/teams/1/solves').status_code == 200
assert client.get('/api/v1/teams/1/fails').status_code == 200
assert client.get('/api/v1/teams/1/awards').status_code == 200
assert client.get("/api/v1/teams/1").status_code == 200
assert client.get("/api/v1/teams/1/solves").status_code == 200
assert client.get("/api/v1/teams/1/fails").status_code == 200
assert client.get("/api/v1/teams/1/awards").status_code == 200
assert client.get('/api/v1/teams/2').status_code == 200
assert client.get('/api/v1/teams/2/solves').status_code == 200
assert client.get('/api/v1/teams/2/fails').status_code == 200
assert client.get('/api/v1/teams/2/awards').status_code == 200
assert client.get("/api/v1/teams/2").status_code == 200
assert client.get("/api/v1/teams/2/solves").status_code == 200
assert client.get("/api/v1/teams/2/fails").status_code == 200
assert client.get("/api/v1/teams/2/awards").status_code == 200
destroy_ctfd(app)
@@ -714,15 +721,18 @@ def test_api_user_without_team_challenge_interaction():
gen_flag(app.db, 1)
with login_as_user(app) as client:
assert client.get('/api/v1/challenges').status_code == 403
assert client.get('/api/v1/challenges/1').status_code == 403
assert client.post('/api/v1/challenges/attempt', json={
"challenge_id": 1,
"submission": "wrong_flag"
}).status_code == 403
assert client.get("/api/v1/challenges").status_code == 403
assert client.get("/api/v1/challenges/1").status_code == 403
assert (
client.post(
"/api/v1/challenges/attempt",
json={"challenge_id": 1, "submission": "wrong_flag"},
).status_code
== 403
)
# Create a user with a team
user = gen_user(app.db, email='user_name@ctfd.io')
user = gen_user(app.db, email="user_name@ctfd.io")
team = gen_team(app.db)
team.members.append(user)
user.team_id = team.id
@@ -730,10 +740,13 @@ def test_api_user_without_team_challenge_interaction():
# Test if user with team can interact with challenges
with login_as_user(app, name="user_name") as client:
assert client.get('/api/v1/challenges').status_code == 200
assert client.get('/api/v1/challenges/1').status_code == 200
assert client.post('/api/v1/challenges/attempt', json={
"challenge_id": 1,
"submission": "flag"
}).status_code == 200
assert client.get("/api/v1/challenges").status_code == 200
assert client.get("/api/v1/challenges/1").status_code == 200
assert (
client.post(
"/api/v1/challenges/attempt",
json={"challenge_id": 1, "submission": "flag"},
).status_code
== 200
)
destroy_ctfd(app)