aljaz/CTFd
1
0
Fork 0
mirror of https://github.com/aljazceru/CTFd.git synced 2025-12-17 22:14:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Format all the things (#991)

Browse Source 
* Format Javascript and CSS files with `prettier`: `prettier --write 'CTFd/themes/**/*'`
* Format Python with `black`: `black CTFd` & `black tests`
* Travis now uses xenial instead of trusty.
This commit is contained in:
Kevin Chung
2019-05-11 21:09:37 -04:00
committed by GitHub
parent 3d23ece370
commit 6833378c36
201 changed files with 9561 additions and 9107 deletions
Download Patch File Download Diff File Expand all files Collapse all files

411
tests/users/test_challenges.py
View File

@@ -3,13 +3,15 @@
from CTFd.models import Solves, Fails, Challenges
from CTFd.utils import set_config, text_type
from tests.helpers import (create_ctfd,
destroy_ctfd,
register_user,
login_as_user,
gen_challenge,
gen_flag,
gen_hint)
from tests.helpers import (
create_ctfd,
destroy_ctfd,
register_user,
login_as_user,
gen_challenge,
gen_flag,
gen_hint,
)
from freezegun import freeze_time
@@ -21,7 +23,7 @@ def test_user_get_challenges():
with app.app_context():
register_user(app)
client = login_as_user(app)
r = client.get('/challenges')
r = client.get("/challenges")
assert r.status_code == 200
destroy_ctfd(app)
@@ -34,7 +36,7 @@ def test_user_get_chals():
with app.app_context():
register_user(app)
client = login_as_user(app)
r = client.get('/api/v1/challenges')
r = client.get("/api/v1/challenges")
assert r.status_code == 200
destroy_ctfd(app)
@@ -48,8 +50,8 @@ def test_viewing_challenges():
register_user(app)
client = login_as_user(app)
gen_challenge(app.db)
r = client.get('/api/v1/challenges')
chals = r.get_json()['data']
r = client.get("/api/v1/challenges")
chals = r.get_json()["data"]
assert len(chals) == 1
destroy_ctfd(app)
@@ -61,7 +63,7 @@ def test_viewing_challenge():
register_user(app)
client = login_as_user(app)
gen_challenge(app.db)
r = client.get('/api/v1/challenges/1')
r = client.get("/api/v1/challenges/1")
assert r.get_json()
destroy_ctfd(app)
@@ -128,16 +130,13 @@ def test_submitting_correct_flag():
register_user(app)
client = login_as_user(app)
chal = gen_challenge(app.db)
gen_flag(app.db, challenge_id=chal.id, content='flag')
data = {
"submission": 'flag',
"challenge_id": chal.id,
}
r = client.post('/api/v1/challenges/attempt', json=data)
gen_flag(app.db, challenge_id=chal.id, content="flag")
data = {"submission": "flag", "challenge_id": chal.id}
r = client.post("/api/v1/challenges/attempt", json=data)
assert r.status_code == 200
resp = r.get_json()['data']
assert resp.get('status') == "correct"
assert resp.get('message') == "Correct"
resp = r.get_json()["data"]
assert resp.get("status") == "correct"
assert resp.get("message") == "Correct"
destroy_ctfd(app)
@@ -148,16 +147,13 @@ def test_submitting_correct_static_case_insensitive_flag():
register_user(app)
client = login_as_user(app)
chal = gen_challenge(app.db)
gen_flag(app.db, challenge_id=chal.id, content='flag', data="case_insensitive")
data = {
"submission": 'FLAG',
"challenge_id": chal.id,
}
r = client.post('/api/v1/challenges/attempt', json=data)
gen_flag(app.db, challenge_id=chal.id, content="flag", data="case_insensitive")
data = {"submission": "FLAG", "challenge_id": chal.id}
r = client.post("/api/v1/challenges/attempt", json=data)
assert r.status_code == 200
resp = r.get_json()['data']
assert resp.get('status') == "correct"
assert resp.get('message') == "Correct"
resp = r.get_json()["data"]
assert resp.get("status") == "correct"
assert resp.get("message") == "Correct"
destroy_ctfd(app)
@@ -168,16 +164,19 @@ def test_submitting_correct_regex_case_insensitive_flag():
register_user(app)
client = login_as_user(app)
chal = gen_challenge(app.db)
gen_flag(app.db, challenge_id=chal.id, type='regex', content='flag', data="case_insensitive")
data = {
"submission": 'FLAG',
"challenge_id": chal.id,
}
r = client.post('/api/v1/challenges/attempt', json=data)
gen_flag(
app.db,
challenge_id=chal.id,
type="regex",
content="flag",
data="case_insensitive",
)
data = {"submission": "FLAG", "challenge_id": chal.id}
r = client.post("/api/v1/challenges/attempt", json=data)
assert r.status_code == 200
resp = r.get_json()['data']
assert resp.get('status') == "correct"
assert resp.get('message') == "Correct"
resp = r.get_json()["data"]
assert resp.get("status") == "correct"
assert resp.get("message") == "Correct"
destroy_ctfd(app)
@@ -188,16 +187,13 @@ def test_submitting_incorrect_flag():
register_user(app)
client = login_as_user(app)
chal = gen_challenge(app.db)
gen_flag(app.db, challenge_id=chal.id, content='flag')
data = {
"submission": 'notflag',
"challenge_id": chal.id,
}
r = client.post('/api/v1/challenges/attempt', json=data)
gen_flag(app.db, challenge_id=chal.id, content="flag")
data = {"submission": "notflag", "challenge_id": chal.id}
r = client.post("/api/v1/challenges/attempt", json=data)
assert r.status_code == 200
resp = r.get_json()['data']
assert resp.get('status') == "incorrect"
assert resp.get('message') == "Incorrect"
resp = r.get_json()["data"]
assert resp.get("status") == "incorrect"
assert resp.get("message") == "Incorrect"
destroy_ctfd(app)
@@ -208,17 +204,14 @@ def test_submitting_unicode_flag():
register_user(app)
client = login_as_user(app)
chal = gen_challenge(app.db)
gen_flag(app.db, challenge_id=chal.id, content=u'你好')
gen_flag(app.db, challenge_id=chal.id, content=u"你好")
with client.session_transaction():
data = {
"submission": '你好',
"challenge_id": chal.id,
}
r = client.post('/api/v1/challenges/attempt'.format(chal.id), json=data)
data = {"submission": "你好", "challenge_id": chal.id}
r = client.post("/api/v1/challenges/attempt".format(chal.id), json=data)
assert r.status_code == 200
resp = r.get_json()['data']
assert resp.get('status') == "correct"
assert resp.get('message') == "Correct"
resp = r.get_json()["data"]
assert resp.get("status") == "correct"
assert resp.get("message") == "Correct"
destroy_ctfd(app)
@@ -234,27 +227,21 @@ def test_challenges_with_max_attempts():
chal.max_attempts = 3
app.db.session.commit()
gen_flag(app.db, challenge_id=chal.id, content=u'flag')
gen_flag(app.db, challenge_id=chal.id, content=u"flag")
for x in range(3):
data = {
"submission": 'notflag',
"challenge_id": chal_id,
}
r = client.post('/api/v1/challenges/attempt'.format(chal_id), json=data)
data = {"submission": "notflag", "challenge_id": chal_id}
r = client.post("/api/v1/challenges/attempt".format(chal_id), json=data)
wrong_keys = Fails.query.count()
assert wrong_keys == 3
data = {
"submission": 'flag',
"challenge_id": chal_id,
}
r = client.post('/api/v1/challenges/attempt', json=data)
data = {"submission": "flag", "challenge_id": chal_id}
r = client.post("/api/v1/challenges/attempt", json=data)
assert r.status_code == 403
resp = r.get_json()['data']
assert resp.get('status') == "incorrect"
assert resp.get('message') == "You have 0 tries remaining"
resp = r.get_json()["data"]
assert resp.get("status") == "incorrect"
assert resp.get("message") == "You have 0 tries remaining"
solves = Solves.query.count()
assert solves == 0
@@ -270,31 +257,25 @@ def test_challenge_kpm_limit():
chal = gen_challenge(app.db)
chal_id = chal.id
gen_flag(app.db, challenge_id=chal.id, content=u'flag')
gen_flag(app.db, challenge_id=chal.id, content=u"flag")
for x in range(11):
with client.session_transaction():
data = {
"submission": 'notflag',
"challenge_id": chal_id,
}
r = client.post('/api/v1/challenges/attempt', json=data)
data = {"submission": "notflag", "challenge_id": chal_id}
r = client.post("/api/v1/challenges/attempt", json=data)
wrong_keys = Fails.query.count()
assert wrong_keys == 11
data = {
"submission": 'flag',
"challenge_id": chal_id,
}
r = client.post('/api/v1/challenges/attempt', json=data)
data = {"submission": "flag", "challenge_id": chal_id}
r = client.post("/api/v1/challenges/attempt", json=data)
assert r.status_code == 429
wrong_keys = Fails.query.count()
assert wrong_keys == 12
resp = r.get_json()['data']
assert resp.get('status') == "ratelimited"
assert resp.get('message') == "You're submitting flags too fast. Slow down."
resp = r.get_json()["data"]
assert resp.get("status") == "ratelimited"
assert resp.get("message") == "You're submitting flags too fast. Slow down."
solves = Solves.query.count()
assert solves == 0
@@ -302,36 +283,33 @@ def test_challenge_kpm_limit():
def test_that_view_challenges_unregistered_works():
'''Test that view_challenges_unregistered works'''
"""Test that view_challenges_unregistered works"""
app = create_ctfd()
with app.app_context():
chal = gen_challenge(app.db, name=text_type('🐺'))
chal = gen_challenge(app.db, name=text_type("🐺"))
chal_id = chal.id
gen_hint(app.db, chal_id)
client = app.test_client()
r = client.get('/api/v1/challenges', json='')
r = client.get("/api/v1/challenges", json="")
assert r.status_code == 403
r = client.get('/api/v1/challenges')
r = client.get("/api/v1/challenges")
assert r.status_code == 302
set_config('challenge_visibility', 'public')
set_config("challenge_visibility", "public")
client = app.test_client()
r = client.get('/api/v1/challenges')
assert r.get_json()['data']
r = client.get("/api/v1/challenges")
assert r.get_json()["data"]
r = client.get('/api/v1/challenges/1/solves')
assert r.get_json().get('data') is not None
r = client.get("/api/v1/challenges/1/solves")
assert r.get_json().get("data") is not None
data = {
"submission": 'not_flag',
"challenge_id": chal_id
}
r = client.post('/api/v1/challenges/attempt'.format(chal_id), json=data)
data = {"submission": "not_flag", "challenge_id": chal_id}
r = client.post("/api/v1/challenges/attempt".format(chal_id), json=data)
assert r.status_code == 403
assert r.get_json().get('data').get('status') == "authentication_required"
assert r.get_json().get('data').get('message') is None
assert r.get_json().get("data").get("status") == "authentication_required"
assert r.get_json().get("data").get("message") is None
destroy_ctfd(app)
@@ -341,32 +319,29 @@ def test_hidden_challenge_is_unreachable():
with app.app_context():
register_user(app)
client = login_as_user(app)
chal = gen_challenge(app.db, state='hidden')
gen_flag(app.db, challenge_id=chal.id, content='flag')
chal = gen_challenge(app.db, state="hidden")
gen_flag(app.db, challenge_id=chal.id, content="flag")
chal_id = chal.id
assert Challenges.query.count() == 1
r = client.get('/api/v1/challenges', json='')
data = r.get_json().get('data')
r = client.get("/api/v1/challenges", json="")
data = r.get_json().get("data")
assert data == []
r = client.get('/api/v1/challenges/1', json='')
r = client.get("/api/v1/challenges/1", json="")
assert r.status_code == 404
data = r.get_json().get('data')
data = r.get_json().get("data")
assert data is None
data = {
"submission": 'flag',
"challenge_id": chal_id
}
data = {"submission": "flag", "challenge_id": chal_id}
r = client.post('/api/v1/challenges/attempt', json=data)
r = client.post("/api/v1/challenges/attempt", json=data)
assert r.status_code == 404
r = client.post('/api/v1/challenges/attempt?preview=true', json=data)
r = client.post("/api/v1/challenges/attempt?preview=true", json=data)
assert r.status_code == 404
assert r.get_json().get('data') is None
assert r.get_json().get("data") is None
solves = Solves.query.count()
assert solves == 0
@@ -382,15 +357,12 @@ def test_hidden_challenge_is_unsolveable():
with app.app_context():
register_user(app)
client = login_as_user(app)
chal = gen_challenge(app.db, state='hidden')
gen_flag(app.db, challenge_id=chal.id, content='flag')
chal = gen_challenge(app.db, state="hidden")
gen_flag(app.db, challenge_id=chal.id, content="flag")
data = {
"submission": 'flag',
"challenge_id": chal.id
}
data = {"submission": "flag", "challenge_id": chal.id}
r = client.post('/api/v1/challenges/attempt', json=data)
r = client.post("/api/v1/challenges/attempt", json=data)
assert r.status_code == 404
solves = Solves.query.count()
@@ -408,60 +380,49 @@ def test_challenge_with_requirements_is_unsolveable():
register_user(app)
client = login_as_user(app)
chal1 = gen_challenge(app.db)
gen_flag(app.db, challenge_id=chal1.id, content='flag')
gen_flag(app.db, challenge_id=chal1.id, content="flag")
requirements = {
'prerequisites': [1]
}
requirements = {"prerequisites": [1]}
chal2 = gen_challenge(app.db, requirements=requirements)
app.db.session.commit()
gen_flag(app.db, challenge_id=chal2.id, content='flag')
gen_flag(app.db, challenge_id=chal2.id, content="flag")
r = client.get('/api/v1/challenges')
challenges = r.get_json()['data']
r = client.get("/api/v1/challenges")
challenges = r.get_json()["data"]
assert len(challenges) == 1
assert challenges[0]['id'] == 1
assert challenges[0]["id"] == 1
r = client.get('/api/v1/challenges/2')
r = client.get("/api/v1/challenges/2")
assert r.status_code == 403
assert r.get_json().get('data') is None
assert r.get_json().get("data") is None
# Attempt to solve hidden Challenge 2
data = {
"submission": 'flag',
"challenge_id": 2
}
r = client.post('/api/v1/challenges/attempt', json=data)
data = {"submission": "flag", "challenge_id": 2}
r = client.post("/api/v1/challenges/attempt", json=data)
assert r.status_code == 403
assert r.get_json().get('data') is None
assert r.get_json().get("data") is None
# Solve Challenge 1
data = {
"submission": 'flag',
"challenge_id": 1
}
r = client.post('/api/v1/challenges/attempt', json=data)
resp = r.get_json()['data']
assert resp['status'] == 'correct'
data = {"submission": "flag", "challenge_id": 1}
r = client.post("/api/v1/challenges/attempt", json=data)
resp = r.get_json()["data"]
assert resp["status"] == "correct"
# Challenge 2 should now be visible
r = client.get('/api/v1/challenges')
challenges = r.get_json()['data']
r = client.get("/api/v1/challenges")
challenges = r.get_json()["data"]
assert len(challenges) == 2
r = client.get('/api/v1/challenges/2')
r = client.get("/api/v1/challenges/2")
assert r.status_code == 200
assert r.get_json().get('data')['id'] == 2
assert r.get_json().get("data")["id"] == 2
# Attempt to solve the now-visible Challenge 2
data = {
"submission": 'flag',
"challenge_id": 2
}
r = client.post('/api/v1/challenges/attempt', json=data)
data = {"submission": "flag", "challenge_id": 2}
r = client.post("/api/v1/challenges/attempt", json=data)
assert r.status_code == 200
assert resp['status'] == 'correct'
assert resp["status"] == "correct"
destroy_ctfd(app)
@@ -470,32 +431,29 @@ def test_challenges_cannot_be_solved_while_paused():
"""Test that challenges cannot be solved when the CTF is paused"""
app = create_ctfd()
with app.app_context():
set_config('paused', True)
set_config("paused", True)
register_user(app)
client = login_as_user(app)
r = client.get('/challenges')
r = client.get("/challenges")
assert r.status_code == 200
# Assert that there is a paused message
data = r.get_data(as_text=True)
assert 'paused' in data
assert "paused" in data
chal = gen_challenge(app.db)
gen_flag(app.db, challenge_id=chal.id, content='flag')
gen_flag(app.db, challenge_id=chal.id, content="flag")
data = {
"submission": 'flag',
"challenge_id": chal.id
}
r = client.post('/api/v1/challenges/attempt', json=data)
data = {"submission": "flag", "challenge_id": chal.id}
r = client.post("/api/v1/challenges/attempt", json=data)
# Assert that the JSON message is correct
resp = r.get_json()['data']
resp = r.get_json()["data"]
assert r.status_code == 403
assert resp['status'] == 'paused'
assert resp['message'] == 'CTFd is paused'
assert resp["status"] == "paused"
assert resp["message"] == "CTFd is paused"
# There are no solves saved
solves = Solves.query.count()
@@ -511,47 +469,45 @@ def test_challenge_board_under_view_after_ctf():
"""Test that the challenge board does not show an error under view_after_ctf"""
app = create_ctfd()
with app.app_context():
set_config('view_after_ctf', True)
set_config('start', '1507089600') # Wednesday, October 4, 2017 12:00:00 AM GMT-04:00 DST
set_config('end', '1507262400') # Friday, October 6, 2017 12:00:00 AM GMT-04:00 DST
set_config("view_after_ctf", True)
set_config(
"start", "1507089600"
) # Wednesday, October 4, 2017 12:00:00 AM GMT-04:00 DST
set_config(
"end", "1507262400"
) # Friday, October 6, 2017 12:00:00 AM GMT-04:00 DST
register_user(app)
client = login_as_user(app)
gen_challenge(app.db)
gen_flag(app.db, challenge_id=1, content='flag')
gen_flag(app.db, challenge_id=1, content="flag")
gen_challenge(app.db)
gen_flag(app.db, challenge_id=2, content='flag')
gen_flag(app.db, challenge_id=2, content="flag")
# CTF is ongoing. Normal operation.
with freeze_time("2017-10-5"):
r = client.get('/challenges')
r = client.get("/challenges")
assert r.status_code == 200
assert "has ended" not in r.get_data(as_text=True)
data = {
"submission": 'flag',
"challenge_id": 1
}
r = client.post('/api/v1/challenges/attempt', json=data)
data = {"submission": "flag", "challenge_id": 1}
r = client.post("/api/v1/challenges/attempt", json=data)
assert r.status_code == 200
assert r.get_json()['data']['status'] == "correct"
assert r.get_json()["data"]["status"] == "correct"
assert Solves.query.count() == 1
# CTF is now over. There should be a message and challenges should show submission status but not store solves
with freeze_time("2017-10-7"):
r = client.get('/challenges')
r = client.get("/challenges")
assert r.status_code == 200
assert "has ended" in r.get_data(as_text=True)
data = {
"submission": 'flag',
"challenge_id": 2
}
r = client.post('/api/v1/challenges/attempt', json=data)
data = {"submission": "flag", "challenge_id": 2}
r = client.post("/api/v1/challenges/attempt", json=data)
assert r.status_code == 200
assert r.get_json()['data']['status'] == "correct"
assert r.get_json()["data"]["status"] == "correct"
assert Solves.query.count() == 1
destroy_ctfd(app)
@@ -559,73 +515,65 @@ def test_challenge_board_under_view_after_ctf():
def test_challenges_under_view_after_ctf():
app = create_ctfd()
with app.app_context(), freeze_time("2017-10-7"):
set_config('start', '1507089600') # Wednesday, October 4, 2017 12:00:00 AM GMT-04:00 DST
set_config('end', '1507262400') # Friday, October 6, 2017 12:00:00 AM GMT-04:00 DST
set_config(
"start", "1507089600"
) # Wednesday, October 4, 2017 12:00:00 AM GMT-04:00 DST
set_config(
"end", "1507262400"
) # Friday, October 6, 2017 12:00:00 AM GMT-04:00 DST
register_user(app)
client = login_as_user(app)
gen_challenge(app.db)
gen_flag(app.db, challenge_id=1, content='flag')
gen_flag(app.db, challenge_id=1, content="flag")
r = client.get('/challenges')
r = client.get("/challenges")
assert r.status_code == 403
r = client.get('/api/v1/challenges')
r = client.get("/api/v1/challenges")
assert r.status_code == 403
assert r.get_json().get('data') is None
assert r.get_json().get("data") is None
r = client.get('/api/v1/challenges/1')
r = client.get("/api/v1/challenges/1")
assert r.status_code == 403
assert r.get_json().get('data') is None
assert r.get_json().get("data") is None
data = {
"submission": 'flag',
"challenge_id": 1
}
r = client.post('/api/v1/challenges/attempt', json=data)
data = {"submission": "flag", "challenge_id": 1}
r = client.post("/api/v1/challenges/attempt", json=data)
assert r.status_code == 403
assert r.get_json().get('data') is None
assert r.get_json().get("data") is None
assert Solves.query.count() == 0
data = {
"submission": 'notflag',
"challenge_id": 1
}
r = client.post('/api/v1/challenges/attempt', json=data)
data = {"submission": "notflag", "challenge_id": 1}
r = client.post("/api/v1/challenges/attempt", json=data)
assert r.status_code == 403
assert r.get_json().get('data') is None
assert r.get_json().get("data") is None
assert Fails.query.count() == 0
set_config('view_after_ctf', True)
set_config("view_after_ctf", True)
r = client.get('/challenges')
r = client.get("/challenges")
assert r.status_code == 200
r = client.get('/api/v1/challenges')
r = client.get("/api/v1/challenges")
assert r.status_code == 200
assert r.get_json()['data'][0]['id'] == 1
assert r.get_json()["data"][0]["id"] == 1
r = client.get('/api/v1/challenges/1')
r = client.get("/api/v1/challenges/1")
assert r.status_code == 200
assert r.get_json()['data']['id'] == 1
assert r.get_json()["data"]["id"] == 1
data = {
"submission": 'flag',
"challenge_id": 1
}
r = client.post('/api/v1/challenges/attempt', json=data)
data = {"submission": "flag", "challenge_id": 1}
r = client.post("/api/v1/challenges/attempt", json=data)
assert r.status_code == 200
assert r.get_json()['data']['status'] == "correct"
assert r.get_json()["data"]["status"] == "correct"
assert Solves.query.count() == 0
data = {
"submission": 'notflag',
"challenge_id": 1
}
r = client.post('/api/v1/challenges/attempt', json=data)
data = {"submission": "notflag", "challenge_id": 1}
r = client.post("/api/v1/challenges/attempt", json=data)
assert r.status_code == 200
assert r.get_json()['data']['status'] == "incorrect"
assert r.get_json()["data"]["status"] == "incorrect"
assert Fails.query.count() == 0
destroy_ctfd(app)
@@ -634,27 +582,24 @@ def test_challenges_under_view_after_ctf():
def test_challenges_admin_only_as_user():
app = create_ctfd()
with app.app_context():
set_config('challenge_visibility', 'admins')
set_config("challenge_visibility", "admins")
register_user(app)
admin = login_as_user(app, name="admin")
gen_challenge(app.db)
gen_flag(app.db, challenge_id=1, content='flag')
gen_flag(app.db, challenge_id=1, content="flag")
r = admin.get('/challenges')
r = admin.get("/challenges")
assert r.status_code == 200
r = admin.get('/api/v1/challenges', json='')
r = admin.get("/api/v1/challenges", json="")
assert r.status_code == 200
r = admin.get('/api/v1/challenges/1', json='')
r = admin.get("/api/v1/challenges/1", json="")
assert r.status_code == 200
data = {
"submission": 'flag',
"challenge_id": 1
}
r = admin.post('/api/v1/challenges/attempt', json=data)
data = {"submission": "flag", "challenge_id": 1}
r = admin.post("/api/v1/challenges/attempt", json=data)
assert r.status_code == 200
destroy_ctfd(app)