mirror of
https://github.com/aljazceru/CTFd.git
synced 2025-12-17 22:14:25 +01:00
Format all the things (#991)
* Format Javascript and CSS files with `prettier`: `prettier --write 'CTFd/themes/**/*'` * Format Python with `black`: `black CTFd` & `black tests` * Travis now uses xenial instead of trusty.
This commit is contained in:
Kevin Chung
@@ -25,14 +25,14 @@ def test_api_users_get_public():
|
||||
app = create_ctfd()
|
||||
with app.app_context():
|
||||
with app.test_client() as client:
|
||||
set_config('account_visibility', 'public')
|
||||
r = client.get('/api/v1/users')
|
||||
set_config("account_visibility", "public")
|
||||
r = client.get("/api/v1/users")
|
||||
assert r.status_code == 200
|
||||
set_config('account_visibility', 'private')
|
||||
r = client.get('/api/v1/users')
|
||||
set_config("account_visibility", "private")
|
||||
r = client.get("/api/v1/users")
|
||||
assert r.status_code == 302
|
||||
set_config('account_visibility', 'admins')
|
||||
r = client.get('/api/v1/users')
|
||||
set_config("account_visibility", "admins")
|
||||
r = client.get("/api/v1/users")
|
||||
assert r.status_code == 404
|
||||
destroy_ctfd(app)
|
||||
|
||||
@@ -42,14 +42,14 @@ def test_api_users_get_private():
|
||||
app = create_ctfd()
|
||||
with app.app_context():
|
||||
with app.test_client() as client:
|
||||
set_config('account_visibility', 'public')
|
||||
r = client.get('/api/v1/users')
|
||||
set_config("account_visibility", "public")
|
||||
r = client.get("/api/v1/users")
|
||||
assert r.status_code == 200
|
||||
set_config('account_visibility', 'private')
|
||||
r = client.get('/api/v1/users')
|
||||
set_config("account_visibility", "private")
|
||||
r = client.get("/api/v1/users")
|
||||
assert r.status_code == 302
|
||||
set_config('account_visibility', 'admins')
|
||||
r = client.get('/api/v1/users')
|
||||
set_config("account_visibility", "admins")
|
||||
r = client.get("/api/v1/users")
|
||||
assert r.status_code == 404
|
||||
destroy_ctfd(app)
|
||||
|
||||
@@ -59,14 +59,14 @@ def test_api_users_get_admins():
|
||||
app = create_ctfd()
|
||||
with app.app_context():
|
||||
with app.test_client() as client:
|
||||
set_config('account_visibility', 'public')
|
||||
r = client.get('/api/v1/users')
|
||||
set_config("account_visibility", "public")
|
||||
r = client.get("/api/v1/users")
|
||||
assert r.status_code == 200
|
||||
set_config('account_visibility', 'private')
|
||||
r = client.get('/api/v1/users')
|
||||
set_config("account_visibility", "private")
|
||||
r = client.get("/api/v1/users")
|
||||
assert r.status_code == 302
|
||||
set_config('account_visibility', 'admins')
|
||||
r = client.get('/api/v1/users')
|
||||
set_config("account_visibility", "admins")
|
||||
r = client.get("/api/v1/users")
|
||||
assert r.status_code == 404
|
||||
destroy_ctfd(app)
|
||||
|
||||
@@ -76,7 +76,7 @@ def test_api_users_post_non_admin():
|
||||
app = create_ctfd()
|
||||
with app.app_context():
|
||||
with app.test_client() as client:
|
||||
r = client.post('/api/v1/users', json="")
|
||||
r = client.post("/api/v1/users", json="")
|
||||
assert r.status_code == 403
|
||||
destroy_ctfd(app)
|
||||
|
||||
@@ -85,23 +85,22 @@ def test_api_users_post_admin():
|
||||
"""Can a user post /api/v1/users if admin"""
|
||||
app = create_ctfd()
|
||||
with app.app_context():
|
||||
with login_as_user(app, 'admin') as client:
|
||||
with login_as_user(app, "admin") as client:
|
||||
# Create user
|
||||
r = client.post('/api/v1/users', json={
|
||||
"name": "user",
|
||||
"email": "user@user.com",
|
||||
"password": "password"
|
||||
})
|
||||
r = client.post(
|
||||
"/api/v1/users",
|
||||
json={"name": "user", "email": "user@user.com", "password": "password"},
|
||||
)
|
||||
assert r.status_code == 200
|
||||
|
||||
# Make sure password was hashed properly
|
||||
user = Users.query.filter_by(email='user@user.com').first()
|
||||
user = Users.query.filter_by(email="user@user.com").first()
|
||||
assert user
|
||||
assert verify_password('password', user.password)
|
||||
assert verify_password("password", user.password)
|
||||
|
||||
# Make sure user can login with the creds
|
||||
client = login_as_user(app)
|
||||
r = client.get('/profile')
|
||||
r = client.get("/profile")
|
||||
assert r.status_code == 200
|
||||
destroy_ctfd(app)
|
||||
|
||||
@@ -110,22 +109,25 @@ def test_api_users_post_admin_with_attributes():
|
||||
"""Can a user post /api/v1/users with user settings"""
|
||||
app = create_ctfd()
|
||||
with app.app_context():
|
||||
with login_as_user(app, 'admin') as client:
|
||||
with login_as_user(app, "admin") as client:
|
||||
# Create user
|
||||
r = client.post('/api/v1/users', json={
|
||||
"name": "user",
|
||||
"email": "user@user.com",
|
||||
"password": "password",
|
||||
"banned": True,
|
||||
"hidden": True,
|
||||
"verified": True
|
||||
})
|
||||
r = client.post(
|
||||
"/api/v1/users",
|
||||
json={
|
||||
"name": "user",
|
||||
"email": "user@user.com",
|
||||
"password": "password",
|
||||
"banned": True,
|
||||
"hidden": True,
|
||||
"verified": True,
|
||||
},
|
||||
)
|
||||
assert r.status_code == 200
|
||||
|
||||
# Make sure password was hashed properly
|
||||
user = Users.query.filter_by(email='user@user.com').first()
|
||||
user = Users.query.filter_by(email="user@user.com").first()
|
||||
assert user
|
||||
assert verify_password('password', user.password)
|
||||
assert verify_password("password", user.password)
|
||||
assert user.banned
|
||||
assert user.hidden
|
||||
assert user.verified
|
||||
@@ -137,29 +139,27 @@ def test_api_users_post_admin_duplicate_information():
|
||||
app = create_ctfd()
|
||||
with app.app_context():
|
||||
register_user(app)
|
||||
with login_as_user(app, 'admin') as client:
|
||||
with login_as_user(app, "admin") as client:
|
||||
# Duplicate email
|
||||
r = client.post('/api/v1/users', json={
|
||||
"name": "user2",
|
||||
"email": "user@ctfd.io",
|
||||
"password": "password"
|
||||
})
|
||||
r = client.post(
|
||||
"/api/v1/users",
|
||||
json={"name": "user2", "email": "user@ctfd.io", "password": "password"},
|
||||
)
|
||||
resp = r.get_json()
|
||||
assert r.status_code == 400
|
||||
assert resp['errors']['email']
|
||||
assert resp['success'] is False
|
||||
assert resp["errors"]["email"]
|
||||
assert resp["success"] is False
|
||||
assert Users.query.count() == 2
|
||||
|
||||
# Duplicate user
|
||||
r = client.post('/api/v1/users', json={
|
||||
"name": "user",
|
||||
"email": "user2@ctfd.io",
|
||||
"password": "password"
|
||||
})
|
||||
r = client.post(
|
||||
"/api/v1/users",
|
||||
json={"name": "user", "email": "user2@ctfd.io", "password": "password"},
|
||||
)
|
||||
resp = r.get_json()
|
||||
assert r.status_code == 400
|
||||
assert resp['errors']['name']
|
||||
assert resp['success'] is False
|
||||
assert resp["errors"]["name"]
|
||||
assert resp["success"] is False
|
||||
assert Users.query.count() == 2
|
||||
destroy_ctfd(app)
|
||||
|
||||
@@ -170,28 +170,26 @@ def test_api_users_patch_admin_duplicate_information():
|
||||
with app.app_context():
|
||||
register_user(app, name="user1", email="user1@ctfd.io", password="password")
|
||||
register_user(app, name="user2", email="user2@ctfd.io", password="password")
|
||||
with login_as_user(app, 'admin') as client:
|
||||
with login_as_user(app, "admin") as client:
|
||||
# Duplicate name
|
||||
r = client.patch('/api/v1/users/1', json={
|
||||
"name": "user2",
|
||||
"email": "user@ctfd.io",
|
||||
"password": "password"
|
||||
})
|
||||
r = client.patch(
|
||||
"/api/v1/users/1",
|
||||
json={"name": "user2", "email": "user@ctfd.io", "password": "password"},
|
||||
)
|
||||
resp = r.get_json()
|
||||
assert r.status_code == 400
|
||||
assert resp['errors']['name']
|
||||
assert resp['success'] is False
|
||||
assert resp["errors"]["name"]
|
||||
assert resp["success"] is False
|
||||
|
||||
# Duplicate email
|
||||
r = client.patch('/api/v1/users/1', json={
|
||||
"name": "user",
|
||||
"email": "user2@ctfd.io",
|
||||
"password": "password"
|
||||
})
|
||||
r = client.patch(
|
||||
"/api/v1/users/1",
|
||||
json={"name": "user", "email": "user2@ctfd.io", "password": "password"},
|
||||
)
|
||||
resp = r.get_json()
|
||||
assert r.status_code == 400
|
||||
assert resp['errors']['email']
|
||||
assert resp['success'] is False
|
||||
assert resp["errors"]["email"]
|
||||
assert resp["success"] is False
|
||||
assert Users.query.count() == 3
|
||||
destroy_ctfd(app)
|
||||
|
||||
@@ -202,28 +200,26 @@ def test_api_users_patch_duplicate_information():
|
||||
with app.app_context():
|
||||
register_user(app, name="user1", email="user1@ctfd.io", password="password")
|
||||
register_user(app, name="user2", email="user2@ctfd.io", password="password")
|
||||
with login_as_user(app, 'user1') as client:
|
||||
with login_as_user(app, "user1") as client:
|
||||
# Duplicate email
|
||||
r = client.patch('/api/v1/users/me', json={
|
||||
"name": "user2",
|
||||
"email": "user@ctfd.io",
|
||||
"password": "password"
|
||||
})
|
||||
r = client.patch(
|
||||
"/api/v1/users/me",
|
||||
json={"name": "user2", "email": "user@ctfd.io", "password": "password"},
|
||||
)
|
||||
resp = r.get_json()
|
||||
assert r.status_code == 400
|
||||
assert resp['errors']['name']
|
||||
assert resp['success'] is False
|
||||
assert resp["errors"]["name"]
|
||||
assert resp["success"] is False
|
||||
|
||||
# Duplicate user
|
||||
r = client.patch('/api/v1/users/me', json={
|
||||
"name": "user",
|
||||
"email": "user2@ctfd.io",
|
||||
"password": "password"
|
||||
})
|
||||
r = client.patch(
|
||||
"/api/v1/users/me",
|
||||
json={"name": "user", "email": "user2@ctfd.io", "password": "password"},
|
||||
)
|
||||
resp = r.get_json()
|
||||
assert r.status_code == 400
|
||||
assert resp['errors']['email']
|
||||
assert resp['success'] is False
|
||||
assert resp["errors"]["email"]
|
||||
assert resp["success"] is False
|
||||
assert Users.query.count() == 3
|
||||
destroy_ctfd(app)
|
||||
|
||||
@@ -233,15 +229,15 @@ def test_api_team_get_public():
|
||||
app = create_ctfd()
|
||||
with app.app_context():
|
||||
with app.test_client() as client:
|
||||
set_config('account_visibility', 'public')
|
||||
set_config("account_visibility", "public")
|
||||
gen_user(app.db)
|
||||
r = client.get('/api/v1/users/2')
|
||||
r = client.get("/api/v1/users/2")
|
||||
assert r.status_code == 200
|
||||
set_config('account_visibility', 'private')
|
||||
r = client.get('/api/v1/users/2')
|
||||
set_config("account_visibility", "private")
|
||||
r = client.get("/api/v1/users/2")
|
||||
assert r.status_code == 302
|
||||
set_config('account_visibility', 'admins')
|
||||
r = client.get('/api/v1/users/2')
|
||||
set_config("account_visibility", "admins")
|
||||
r = client.get("/api/v1/users/2")
|
||||
assert r.status_code == 404
|
||||
destroy_ctfd(app)
|
||||
|
||||
@@ -252,15 +248,15 @@ def test_api_team_get_private():
|
||||
with app.app_context():
|
||||
register_user(app)
|
||||
with login_as_user(app) as client:
|
||||
set_config('account_visibility', 'public')
|
||||
r = client.get('/api/v1/users/2')
|
||||
set_config("account_visibility", "public")
|
||||
r = client.get("/api/v1/users/2")
|
||||
print(r.__dict__)
|
||||
assert r.status_code == 200
|
||||
set_config('account_visibility', 'private')
|
||||
r = client.get('/api/v1/users/2')
|
||||
set_config("account_visibility", "private")
|
||||
r = client.get("/api/v1/users/2")
|
||||
assert r.status_code == 200
|
||||
set_config('account_visibility', 'admins')
|
||||
r = client.get('/api/v1/users/2')
|
||||
set_config("account_visibility", "admins")
|
||||
r = client.get("/api/v1/users/2")
|
||||
assert r.status_code == 404
|
||||
destroy_ctfd(app)
|
||||
|
||||
@@ -269,16 +265,16 @@ def test_api_team_get_admin():
|
||||
"""Can a user get /api/v1/users/<user_id> if users are viewed by admins only"""
|
||||
app = create_ctfd()
|
||||
with app.app_context():
|
||||
with login_as_user(app, 'admin') as client:
|
||||
with login_as_user(app, "admin") as client:
|
||||
gen_user(app.db)
|
||||
set_config('account_visibility', 'public')
|
||||
r = client.get('/api/v1/users/2')
|
||||
set_config("account_visibility", "public")
|
||||
r = client.get("/api/v1/users/2")
|
||||
assert r.status_code == 200
|
||||
set_config('account_visibility', 'private')
|
||||
r = client.get('/api/v1/users/2')
|
||||
set_config("account_visibility", "private")
|
||||
r = client.get("/api/v1/users/2")
|
||||
assert r.status_code == 200
|
||||
set_config('account_visibility', 'admins')
|
||||
r = client.get('/api/v1/users/2')
|
||||
set_config("account_visibility", "admins")
|
||||
r = client.get("/api/v1/users/2")
|
||||
assert r.status_code == 200
|
||||
destroy_ctfd(app)
|
||||
|
||||
@@ -289,7 +285,7 @@ def test_api_user_patch_non_admin():
|
||||
with app.app_context():
|
||||
register_user(app)
|
||||
with app.test_client() as client:
|
||||
r = client.patch('/api/v1/users/2', json="")
|
||||
r = client.patch("/api/v1/users/2", json="")
|
||||
assert r.status_code == 403
|
||||
destroy_ctfd(app)
|
||||
|
||||
@@ -299,18 +295,21 @@ def test_api_user_patch_admin():
|
||||
app = create_ctfd()
|
||||
with app.app_context():
|
||||
register_user(app)
|
||||
with login_as_user(app, 'admin') as client:
|
||||
r = client.patch('/api/v1/users/2', json={
|
||||
"name": "user",
|
||||
"email": "user@ctfd.io",
|
||||
"password": "password",
|
||||
"country": "US",
|
||||
"verified": True
|
||||
})
|
||||
with login_as_user(app, "admin") as client:
|
||||
r = client.patch(
|
||||
"/api/v1/users/2",
|
||||
json={
|
||||
"name": "user",
|
||||
"email": "user@ctfd.io",
|
||||
"password": "password",
|
||||
"country": "US",
|
||||
"verified": True,
|
||||
},
|
||||
)
|
||||
assert r.status_code == 200
|
||||
user_data = r.get_json()['data'][0]
|
||||
assert user_data['country'] == 'US'
|
||||
assert user_data['verified'] is True
|
||||
user_data = r.get_json()["data"][0]
|
||||
assert user_data["country"] == "US"
|
||||
assert user_data["verified"] is True
|
||||
destroy_ctfd(app)
|
||||
|
||||
|
||||
@@ -320,7 +319,7 @@ def test_api_user_delete_non_admin():
|
||||
with app.app_context():
|
||||
register_user(app)
|
||||
with app.test_client() as client:
|
||||
r = client.delete('/api/v1/teams/2', json="")
|
||||
r = client.delete("/api/v1/teams/2", json="")
|
||||
assert r.status_code == 403
|
||||
destroy_ctfd(app)
|
||||
|
||||
@@ -332,10 +331,10 @@ def test_api_user_delete_admin():
|
||||
register_user(app)
|
||||
user = Users.query.filter_by(id=2).first()
|
||||
simulate_user_activity(app.db, user=user)
|
||||
with login_as_user(app, 'admin') as client:
|
||||
r = client.delete('/api/v1/users/2', json="")
|
||||
with login_as_user(app, "admin") as client:
|
||||
r = client.delete("/api/v1/users/2", json="")
|
||||
assert r.status_code == 200
|
||||
assert r.get_json().get('data') is None
|
||||
assert r.get_json().get("data") is None
|
||||
assert Users.query.filter_by(id=2).first() is None
|
||||
destroy_ctfd(app)
|
||||
|
||||
@@ -345,7 +344,7 @@ def test_api_user_get_me_not_logged_in():
|
||||
app = create_ctfd()
|
||||
with app.app_context():
|
||||
with app.test_client() as client:
|
||||
r = client.get('/api/v1/users/me')
|
||||
r = client.get("/api/v1/users/me")
|
||||
assert r.status_code == 302
|
||||
destroy_ctfd(app)
|
||||
|
||||
@@ -356,7 +355,7 @@ def test_api_user_get_me_logged_in():
|
||||
with app.app_context():
|
||||
register_user(app)
|
||||
with login_as_user(app) as client:
|
||||
r = client.get('/api/v1/users/me')
|
||||
r = client.get("/api/v1/users/me")
|
||||
assert r.status_code == 200
|
||||
destroy_ctfd(app)
|
||||
|
||||
@@ -366,7 +365,7 @@ def test_api_user_patch_me_not_logged_in():
|
||||
app = create_ctfd()
|
||||
with app.app_context():
|
||||
with app.test_client() as client:
|
||||
r = client.patch('/api/v1/users/me', json="")
|
||||
r = client.patch("/api/v1/users/me", json="")
|
||||
assert r.status_code == 403
|
||||
destroy_ctfd(app)
|
||||
|
||||
@@ -378,17 +377,17 @@ def test_api_user_patch_me_logged_in():
|
||||
register_user(app)
|
||||
with login_as_user(app) as client:
|
||||
r = client.patch(
|
||||
'/api/v1/users/me',
|
||||
"/api/v1/users/me",
|
||||
json={
|
||||
"name": "user",
|
||||
"email": "user@ctfd.io",
|
||||
"password": "password",
|
||||
"confirm": "password",
|
||||
"country": "US"
|
||||
}
|
||||
"country": "US",
|
||||
},
|
||||
)
|
||||
assert r.status_code == 200
|
||||
assert r.get_json()['data']['country'] == 'US'
|
||||
assert r.get_json()["data"]["country"] == "US"
|
||||
destroy_ctfd(app)
|
||||
|
||||
|
||||
@@ -396,23 +395,23 @@ def test_api_admin_user_patch_me_logged_in():
|
||||
"""Can an admin patch /api/v1/users/me"""
|
||||
app = create_ctfd()
|
||||
with app.app_context():
|
||||
with login_as_user(app, name='admin') as client:
|
||||
with login_as_user(app, name="admin") as client:
|
||||
r = client.patch(
|
||||
'/api/v1/users/me',
|
||||
"/api/v1/users/me",
|
||||
json={
|
||||
"name": "user",
|
||||
"email": "user@ctfd.io",
|
||||
"password": "password",
|
||||
"confirm": "password",
|
||||
"country": "US"
|
||||
}
|
||||
"country": "US",
|
||||
},
|
||||
)
|
||||
assert r.status_code == 200
|
||||
assert r.get_json()['data']['country'] == 'US'
|
||||
assert r.get_json()["data"]["country"] == "US"
|
||||
|
||||
user = Users.query.filter_by(id=1).first()
|
||||
assert user.name == 'user'
|
||||
assert user.email == 'user@ctfd.io'
|
||||
assert user.name == "user"
|
||||
assert user.email == "user@ctfd.io"
|
||||
destroy_ctfd(app)
|
||||
|
||||
|
||||
@@ -422,41 +421,26 @@ def test_api_user_change_name():
|
||||
with app.app_context():
|
||||
register_user(app)
|
||||
with login_as_user(app) as client:
|
||||
r = client.patch(
|
||||
'/api/v1/users/me',
|
||||
json={
|
||||
"name": "user2",
|
||||
}
|
||||
)
|
||||
r = client.patch("/api/v1/users/me", json={"name": "user2"})
|
||||
assert r.status_code == 200
|
||||
resp = r.get_json()
|
||||
assert resp['data']['name'] == 'user2'
|
||||
assert resp['success'] is True
|
||||
assert resp["data"]["name"] == "user2"
|
||||
assert resp["success"] is True
|
||||
|
||||
set_config('name_changes', False)
|
||||
set_config("name_changes", False)
|
||||
|
||||
r = client.patch(
|
||||
'/api/v1/users/me',
|
||||
json={
|
||||
"name": "new_name",
|
||||
}
|
||||
)
|
||||
r = client.patch("/api/v1/users/me", json={"name": "new_name"})
|
||||
assert r.status_code == 400
|
||||
resp = r.get_json()
|
||||
assert 'name' in resp['errors']
|
||||
assert resp['success'] is False
|
||||
assert "name" in resp["errors"]
|
||||
assert resp["success"] is False
|
||||
|
||||
set_config('name_changes', True)
|
||||
r = client.patch(
|
||||
'/api/v1/users/me',
|
||||
json={
|
||||
"name": "new_name",
|
||||
}
|
||||
)
|
||||
set_config("name_changes", True)
|
||||
r = client.patch("/api/v1/users/me", json={"name": "new_name"})
|
||||
assert r.status_code == 200
|
||||
resp = r.get_json()
|
||||
assert resp['data']['name'] == 'new_name'
|
||||
assert resp['success'] is True
|
||||
assert resp["data"]["name"] == "new_name"
|
||||
assert resp["success"] is True
|
||||
destroy_ctfd(app)
|
||||
|
||||
|
||||
@@ -464,22 +448,17 @@ def test_api_user_change_verify_email():
|
||||
"""Test that users are marked unconfirmed if they change their email and verify_emails is turned on"""
|
||||
app = create_ctfd()
|
||||
with app.app_context():
|
||||
set_config('verify_emails', True)
|
||||
set_config("verify_emails", True)
|
||||
register_user(app)
|
||||
user = Users.query.filter_by(id=2).first()
|
||||
user.verified = True
|
||||
app.db.session.commit()
|
||||
with login_as_user(app) as client:
|
||||
r = client.patch(
|
||||
'/api/v1/users/me',
|
||||
json={
|
||||
"email": "new_email@email.com",
|
||||
}
|
||||
)
|
||||
r = client.patch("/api/v1/users/me", json={"email": "new_email@email.com"})
|
||||
assert r.status_code == 200
|
||||
resp = r.get_json()
|
||||
assert resp['data']['email'] == "new_email@email.com"
|
||||
assert resp['success'] is True
|
||||
assert resp["data"]["email"] == "new_email@email.com"
|
||||
assert resp["success"] is True
|
||||
user = Users.query.filter_by(id=2).first()
|
||||
assert user.verified is False
|
||||
destroy_ctfd(app)
|
||||
@@ -490,29 +469,23 @@ def test_api_user_change_email_under_whitelist():
|
||||
app = create_ctfd()
|
||||
with app.app_context():
|
||||
register_user(app)
|
||||
set_config('domain_whitelist', 'whitelisted.com, whitelisted.org, whitelisted.net')
|
||||
set_config(
|
||||
"domain_whitelist", "whitelisted.com, whitelisted.org, whitelisted.net"
|
||||
)
|
||||
with login_as_user(app) as client:
|
||||
r = client.patch(
|
||||
'/api/v1/users/me',
|
||||
json={
|
||||
"email": "new_email@email.com",
|
||||
}
|
||||
)
|
||||
r = client.patch("/api/v1/users/me", json={"email": "new_email@email.com"})
|
||||
assert r.status_code == 400
|
||||
resp = r.get_json()
|
||||
assert resp['errors']['email']
|
||||
assert resp['success'] is False
|
||||
assert resp["errors"]["email"]
|
||||
assert resp["success"] is False
|
||||
|
||||
r = client.patch(
|
||||
'/api/v1/users/me',
|
||||
json={
|
||||
"email": "new_email@whitelisted.com",
|
||||
}
|
||||
"/api/v1/users/me", json={"email": "new_email@whitelisted.com"}
|
||||
)
|
||||
assert r.status_code == 200
|
||||
resp = r.get_json()
|
||||
assert resp['data']['email'] == "new_email@whitelisted.com"
|
||||
assert resp['success'] is True
|
||||
assert resp["data"]["email"] == "new_email@whitelisted.com"
|
||||
assert resp["success"] is True
|
||||
destroy_ctfd(app)
|
||||
|
||||
|
||||
@@ -521,7 +494,7 @@ def test_api_user_get_me_solves_not_logged_in():
|
||||
app = create_ctfd()
|
||||
with app.app_context():
|
||||
with app.test_client() as client:
|
||||
r = client.get('/api/v1/users/me/solves')
|
||||
r = client.get("/api/v1/users/me/solves")
|
||||
assert r.status_code == 403
|
||||
destroy_ctfd(app)
|
||||
|
||||
@@ -532,7 +505,7 @@ def test_api_user_get_me_solves_logged_in():
|
||||
with app.app_context():
|
||||
register_user(app)
|
||||
with login_as_user(app) as client:
|
||||
r = client.get('/api/v1/users/me/solves')
|
||||
r = client.get("/api/v1/users/me/solves")
|
||||
assert r.status_code == 200
|
||||
destroy_ctfd(app)
|
||||
|
||||
@@ -543,7 +516,7 @@ def test_api_user_get_solves():
|
||||
with app.app_context():
|
||||
register_user(app)
|
||||
with login_as_user(app) as client:
|
||||
r = client.get('/api/v1/users/2/solves')
|
||||
r = client.get("/api/v1/users/2/solves")
|
||||
assert r.status_code == 200
|
||||
destroy_ctfd(app)
|
||||
|
||||
@@ -556,7 +529,7 @@ def test_api_user_get_solves_after_freze_time():
|
||||
register_user(app, name="user2", email="user2@ctfd.io")
|
||||
|
||||
# Friday, October 6, 2017 12:00:00 AM GMT-04:00 DST
|
||||
set_config('freeze', '1507262400')
|
||||
set_config("freeze", "1507262400")
|
||||
with freeze_time("2017-10-4"):
|
||||
chal = gen_challenge(app.db)
|
||||
chal_id = chal.id
|
||||
@@ -572,21 +545,21 @@ def test_api_user_get_solves_after_freze_time():
|
||||
|
||||
# User 2 should have 2 solves when seen by themselves
|
||||
client = login_as_user(app, name="user1")
|
||||
r = client.get('/api/v1/users/me/solves')
|
||||
data = r.get_json()['data']
|
||||
r = client.get("/api/v1/users/me/solves")
|
||||
data = r.get_json()["data"]
|
||||
assert len(data) == 2
|
||||
|
||||
# User 2 should have 1 solve when seen by another user
|
||||
client = login_as_user(app, name="user2")
|
||||
r = client.get('/api/v1/users/2/solves')
|
||||
data = r.get_json()['data']
|
||||
r = client.get("/api/v1/users/2/solves")
|
||||
data = r.get_json()["data"]
|
||||
assert len(data) == 1
|
||||
|
||||
# Admins should see all solves for the user
|
||||
admin = login_as_user(app, name="admin")
|
||||
|
||||
r = admin.get('/api/v1/users/2/solves')
|
||||
data = r.get_json()['data']
|
||||
r = admin.get("/api/v1/users/2/solves")
|
||||
data = r.get_json()["data"]
|
||||
assert len(data) == 2
|
||||
destroy_ctfd(app)
|
||||
|
||||
@@ -596,7 +569,7 @@ def test_api_user_get_me_fails_not_logged_in():
|
||||
app = create_ctfd()
|
||||
with app.app_context():
|
||||
with app.test_client() as client:
|
||||
r = client.get('/api/v1/users/me/fails')
|
||||
r = client.get("/api/v1/users/me/fails")
|
||||
assert r.status_code == 403
|
||||
destroy_ctfd(app)
|
||||
|
||||
@@ -607,7 +580,7 @@ def test_api_user_get_me_fails_logged_in():
|
||||
with app.app_context():
|
||||
register_user(app)
|
||||
with login_as_user(app) as client:
|
||||
r = client.get('/api/v1/users/me/fails')
|
||||
r = client.get("/api/v1/users/me/fails")
|
||||
assert r.status_code == 200
|
||||
destroy_ctfd(app)
|
||||
|
||||
@@ -618,7 +591,7 @@ def test_api_user_get_fails():
|
||||
with app.app_context():
|
||||
register_user(app)
|
||||
with login_as_user(app) as client:
|
||||
r = client.get('/api/v1/users/2/fails')
|
||||
r = client.get("/api/v1/users/2/fails")
|
||||
assert r.status_code == 200
|
||||
destroy_ctfd(app)
|
||||
|
||||
@@ -631,7 +604,7 @@ def test_api_user_get_fails_after_freze_time():
|
||||
register_user(app, name="user2", email="user2@ctfd.io")
|
||||
|
||||
# Friday, October 6, 2017 12:00:00 AM GMT-04:00 DST
|
||||
set_config('freeze', '1507262400')
|
||||
set_config("freeze", "1507262400")
|
||||
with freeze_time("2017-10-4"):
|
||||
chal = gen_challenge(app.db)
|
||||
chal_id = chal.id
|
||||
@@ -647,19 +620,19 @@ def test_api_user_get_fails_after_freze_time():
|
||||
|
||||
# User 2 should have 2 fail when seen by themselves
|
||||
client = login_as_user(app, name="user1")
|
||||
r = client.get('/api/v1/users/me/fails')
|
||||
assert r.get_json()['meta']['count'] == 2
|
||||
r = client.get("/api/v1/users/me/fails")
|
||||
assert r.get_json()["meta"]["count"] == 2
|
||||
|
||||
# User 2 should have 1 fail when seen by another user
|
||||
client = login_as_user(app, name="user2")
|
||||
r = client.get('/api/v1/users/2/fails')
|
||||
assert r.get_json()['meta']['count'] == 1
|
||||
r = client.get("/api/v1/users/2/fails")
|
||||
assert r.get_json()["meta"]["count"] == 1
|
||||
|
||||
# Admins should see all fails for the user
|
||||
admin = login_as_user(app, name="admin")
|
||||
|
||||
r = admin.get('/api/v1/users/2/fails')
|
||||
assert r.get_json()['meta']['count'] == 2
|
||||
r = admin.get("/api/v1/users/2/fails")
|
||||
assert r.get_json()["meta"]["count"] == 2
|
||||
destroy_ctfd(app)
|
||||
|
||||
|
||||
@@ -668,7 +641,7 @@ def test_api_user_get_me_awards_not_logged_in():
|
||||
app = create_ctfd()
|
||||
with app.app_context():
|
||||
with app.test_client() as client:
|
||||
r = client.get('/api/v1/users/me/awards')
|
||||
r = client.get("/api/v1/users/me/awards")
|
||||
assert r.status_code == 403
|
||||
destroy_ctfd(app)
|
||||
|
||||
@@ -679,7 +652,7 @@ def test_api_user_get_me_awards_logged_in():
|
||||
with app.app_context():
|
||||
register_user(app)
|
||||
with login_as_user(app) as client:
|
||||
r = client.get('/api/v1/users/me/awards')
|
||||
r = client.get("/api/v1/users/me/awards")
|
||||
assert r.status_code == 200
|
||||
destroy_ctfd(app)
|
||||
|
||||
@@ -690,7 +663,7 @@ def test_api_user_get_awards():
|
||||
with app.app_context():
|
||||
register_user(app)
|
||||
with login_as_user(app) as client:
|
||||
r = client.get('/api/v1/users/2/awards')
|
||||
r = client.get("/api/v1/users/2/awards")
|
||||
assert r.status_code == 200
|
||||
destroy_ctfd(app)
|
||||
|
||||
@@ -703,7 +676,7 @@ def test_api_user_get_awards_after_freze_time():
|
||||
register_user(app, name="user2", email="user2@ctfd.io")
|
||||
|
||||
# Friday, October 6, 2017 12:00:00 AM GMT-04:00 DST
|
||||
set_config('freeze', '1507262400')
|
||||
set_config("freeze", "1507262400")
|
||||
with freeze_time("2017-10-4"):
|
||||
gen_award(app.db, user_id=2)
|
||||
|
||||
@@ -715,21 +688,21 @@ def test_api_user_get_awards_after_freze_time():
|
||||
|
||||
# User 2 should have 2 awards when seen by themselves
|
||||
client = login_as_user(app, name="user1")
|
||||
r = client.get('/api/v1/users/me/awards')
|
||||
data = r.get_json()['data']
|
||||
r = client.get("/api/v1/users/me/awards")
|
||||
data = r.get_json()["data"]
|
||||
assert len(data) == 2
|
||||
|
||||
# User 2 should have 1 award when seen by another user
|
||||
client = login_as_user(app, name="user2")
|
||||
r = client.get('/api/v1/users/2/awards')
|
||||
data = r.get_json()['data']
|
||||
r = client.get("/api/v1/users/2/awards")
|
||||
data = r.get_json()["data"]
|
||||
assert len(data) == 1
|
||||
|
||||
# Admins should see all awards for the user
|
||||
admin = login_as_user(app, name="admin")
|
||||
|
||||
r = admin.get('/api/v1/users/2/awards')
|
||||
data = r.get_json()['data']
|
||||
r = admin.get("/api/v1/users/2/awards")
|
||||
data = r.get_json()["data"]
|
||||
assert len(data) == 2
|
||||
destroy_ctfd(app)
|
||||
|
||||
@@ -745,16 +718,16 @@ def test_api_accessing_hidden_users():
|
||||
app.db.session.commit()
|
||||
|
||||
with login_as_user(app, name="visible_user") as client:
|
||||
assert client.get('/api/v1/users/3').status_code == 404
|
||||
assert client.get('/api/v1/users/3/solves').status_code == 404
|
||||
assert client.get('/api/v1/users/3/fails').status_code == 404
|
||||
assert client.get('/api/v1/users/3/awards').status_code == 404
|
||||
assert client.get("/api/v1/users/3").status_code == 404
|
||||
assert client.get("/api/v1/users/3/solves").status_code == 404
|
||||
assert client.get("/api/v1/users/3/fails").status_code == 404
|
||||
assert client.get("/api/v1/users/3/awards").status_code == 404
|
||||
|
||||
with login_as_user(app, name="admin") as client:
|
||||
assert client.get('/api/v1/users/3').status_code == 200
|
||||
assert client.get('/api/v1/users/3/solves').status_code == 200
|
||||
assert client.get('/api/v1/users/3/fails').status_code == 200
|
||||
assert client.get('/api/v1/users/3/awards').status_code == 200
|
||||
assert client.get("/api/v1/users/3").status_code == 200
|
||||
assert client.get("/api/v1/users/3/solves").status_code == 200
|
||||
assert client.get("/api/v1/users/3/fails").status_code == 200
|
||||
assert client.get("/api/v1/users/3/awards").status_code == 200
|
||||
destroy_ctfd(app)
|
||||
|
||||
|
||||
@@ -769,16 +742,16 @@ def test_api_accessing_banned_users():
|
||||
app.db.session.commit()
|
||||
|
||||
with login_as_user(app, name="visible_user") as client:
|
||||
assert client.get('/api/v1/users/3').status_code == 404
|
||||
assert client.get('/api/v1/users/3/solves').status_code == 404
|
||||
assert client.get('/api/v1/users/3/fails').status_code == 404
|
||||
assert client.get('/api/v1/users/3/awards').status_code == 404
|
||||
assert client.get("/api/v1/users/3").status_code == 404
|
||||
assert client.get("/api/v1/users/3/solves").status_code == 404
|
||||
assert client.get("/api/v1/users/3/fails").status_code == 404
|
||||
assert client.get("/api/v1/users/3/awards").status_code == 404
|
||||
|
||||
with login_as_user(app, name="admin") as client:
|
||||
assert client.get('/api/v1/users/3').status_code == 200
|
||||
assert client.get('/api/v1/users/3/solves').status_code == 200
|
||||
assert client.get('/api/v1/users/3/fails').status_code == 200
|
||||
assert client.get('/api/v1/users/3/awards').status_code == 200
|
||||
assert client.get("/api/v1/users/3").status_code == 200
|
||||
assert client.get("/api/v1/users/3/solves").status_code == 200
|
||||
assert client.get("/api/v1/users/3/fails").status_code == 200
|
||||
assert client.get("/api/v1/users/3/awards").status_code == 200
|
||||
destroy_ctfd(app)
|
||||
|
||||
|
||||
@@ -790,50 +763,40 @@ def test_api_user_send_email():
|
||||
register_user(app)
|
||||
|
||||
with login_as_user(app) as client:
|
||||
r = client.post('/api/v1/users/2/email', json={
|
||||
'text': 'email should get rejected'
|
||||
})
|
||||
r = client.post(
|
||||
"/api/v1/users/2/email", json={"text": "email should get rejected"}
|
||||
)
|
||||
assert r.status_code == 403
|
||||
|
||||
with login_as_user(app, "admin") as admin:
|
||||
r = admin.post('/api/v1/users/2/email', json={
|
||||
'text': 'email should be accepted'
|
||||
})
|
||||
r = admin.post(
|
||||
"/api/v1/users/2/email", json={"text": "email should be accepted"}
|
||||
)
|
||||
assert r.get_json() == {
|
||||
'success': False,
|
||||
'errors': {
|
||||
"": [
|
||||
"Email settings not configured"
|
||||
]
|
||||
}
|
||||
"success": False,
|
||||
"errors": {"": ["Email settings not configured"]},
|
||||
}
|
||||
assert r.status_code == 400
|
||||
|
||||
set_config('verify_emails', True)
|
||||
set_config('mail_server', 'localhost')
|
||||
set_config('mail_port', 25)
|
||||
set_config('mail_useauth', True)
|
||||
set_config('mail_username', 'username')
|
||||
set_config('mail_password', 'password')
|
||||
set_config("verify_emails", True)
|
||||
set_config("mail_server", "localhost")
|
||||
set_config("mail_port", 25)
|
||||
set_config("mail_useauth", True)
|
||||
set_config("mail_username", "username")
|
||||
set_config("mail_password", "password")
|
||||
|
||||
with login_as_user(app, "admin") as admin:
|
||||
r = admin.post('/api/v1/users/2/email', json={
|
||||
'text': ''
|
||||
})
|
||||
r = admin.post("/api/v1/users/2/email", json={"text": ""})
|
||||
assert r.get_json() == {
|
||||
'success': False,
|
||||
'errors': {
|
||||
"text": [
|
||||
"Email text cannot be empty"
|
||||
]
|
||||
}
|
||||
"success": False,
|
||||
"errors": {"text": ["Email text cannot be empty"]},
|
||||
}
|
||||
assert r.status_code == 400
|
||||
|
||||
with login_as_user(app, "admin") as admin:
|
||||
r = admin.post('/api/v1/users/2/email', json={
|
||||
'text': 'email should be accepted'
|
||||
})
|
||||
r = admin.post(
|
||||
"/api/v1/users/2/email", json={"text": "email should be accepted"}
|
||||
)
|
||||
assert r.status_code == 200
|
||||
|
||||
destroy_ctfd(app)
|
||||
@@ -847,12 +810,16 @@ def test_api_user_get_schema():
|
||||
register_user(app, name="user2", email="user2@ctfd.io") # ID 3
|
||||
|
||||
with app.test_client() as client:
|
||||
r = client.get('/api/v1/users/3')
|
||||
data = r.get_json()['data']
|
||||
assert sorted(data.keys()) == sorted(UserSchema.views['user'] + ['score', 'place'])
|
||||
r = client.get("/api/v1/users/3")
|
||||
data = r.get_json()["data"]
|
||||
assert sorted(data.keys()) == sorted(
|
||||
UserSchema.views["user"] + ["score", "place"]
|
||||
)
|
||||
|
||||
with login_as_user(app, name="user1") as client:
|
||||
r = client.get('/api/v1/users/3')
|
||||
data = r.get_json()['data']
|
||||
assert sorted(data.keys()) == sorted(UserSchema.views['user'] + ['score', 'place'])
|
||||
r = client.get("/api/v1/users/3")
|
||||
data = r.get_json()["data"]
|
||||
assert sorted(data.keys()) == sorted(
|
||||
UserSchema.views["user"] + ["score", "place"]
|
||||
)
|
||||
destroy_ctfd(app)
|
||||
|
||||
Reference in New Issue
Block a user