mirror of
https://github.com/aljazceru/CTFd.git
synced 2025-12-18 06:24:23 +01:00
Add some initial testing for user facing field items (#1611)
* Add tests for user facing field manipulation and displaying
This commit is contained in:
Kevin Chung
@@ -1,6 +1,6 @@
|
|||||||
from marshmallow import fields
|
from marshmallow import fields
|
||||||
|
|
||||||
from CTFd.models import Fields, UserFieldEntries, ma
|
from CTFd.models import Fields, UserFieldEntries, db, ma
|
||||||
|
|
||||||
|
|
||||||
class FieldSchema(ma.ModelSchema):
|
class FieldSchema(ma.ModelSchema):
|
||||||
@@ -13,6 +13,7 @@ class FieldSchema(ma.ModelSchema):
|
|||||||
class UserFieldEntriesSchema(ma.ModelSchema):
|
class UserFieldEntriesSchema(ma.ModelSchema):
|
||||||
class Meta:
|
class Meta:
|
||||||
model = UserFieldEntries
|
model = UserFieldEntries
|
||||||
|
sqla_session = db.session
|
||||||
include_fk = True
|
include_fk = True
|
||||||
load_only = ("id",)
|
load_only = ("id",)
|
||||||
exclude = ("field", "user", "user_id")
|
exclude = ("field", "user", "user_id")
|
||||||
|
|||||||
253
tests/api/v1/test_fields.py
Normal file
253
tests/api/v1/test_fields.py
Normal file
@@ -0,0 +1,253 @@
|
|||||||
|
#!/usr/bin/env python
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
|
||||||
|
from CTFd.models import Fields, UserFieldEntries
|
||||||
|
from tests.helpers import (
|
||||||
|
create_ctfd,
|
||||||
|
destroy_ctfd,
|
||||||
|
gen_field,
|
||||||
|
login_as_user,
|
||||||
|
register_user,
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
def test_api_custom_fields():
|
||||||
|
app = create_ctfd()
|
||||||
|
with app.app_context():
|
||||||
|
register_user(app)
|
||||||
|
gen_field(app.db, name="CustomField1")
|
||||||
|
gen_field(app.db, name="CustomField2")
|
||||||
|
|
||||||
|
with login_as_user(app) as user:
|
||||||
|
r = user.get("/api/v1/configs/fields", json="")
|
||||||
|
assert r.status_code == 403
|
||||||
|
|
||||||
|
with login_as_user(app, name="admin") as admin:
|
||||||
|
r = admin.get("/api/v1/configs/fields", json="")
|
||||||
|
resp = r.get_json()
|
||||||
|
|
||||||
|
assert resp == {
|
||||||
|
"success": True,
|
||||||
|
"data": [
|
||||||
|
{
|
||||||
|
"public": True,
|
||||||
|
"required": True,
|
||||||
|
"type": "user",
|
||||||
|
"editable": True,
|
||||||
|
"id": 1,
|
||||||
|
"field_type": "text",
|
||||||
|
"description": "CustomFieldDescription",
|
||||||
|
"name": "CustomField1",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"public": True,
|
||||||
|
"required": True,
|
||||||
|
"type": "user",
|
||||||
|
"editable": True,
|
||||||
|
"id": 2,
|
||||||
|
"field_type": "text",
|
||||||
|
"description": "CustomFieldDescription",
|
||||||
|
"name": "CustomField2",
|
||||||
|
},
|
||||||
|
],
|
||||||
|
}
|
||||||
|
|
||||||
|
r = admin.post(
|
||||||
|
"/api/v1/configs/fields",
|
||||||
|
json={
|
||||||
|
"public": True,
|
||||||
|
"required": True,
|
||||||
|
"editable": True,
|
||||||
|
"id": 2,
|
||||||
|
"type": "user",
|
||||||
|
"field_type": "text",
|
||||||
|
"description": "CustomFieldDescription",
|
||||||
|
"name": "CustomField3",
|
||||||
|
},
|
||||||
|
)
|
||||||
|
assert r.status_code == 200
|
||||||
|
|
||||||
|
r = admin.get("/api/v1/configs/fields", json="")
|
||||||
|
resp = r.get_json()
|
||||||
|
assert resp == {
|
||||||
|
"success": True,
|
||||||
|
"data": [
|
||||||
|
{
|
||||||
|
"public": True,
|
||||||
|
"required": True,
|
||||||
|
"type": "user",
|
||||||
|
"editable": True,
|
||||||
|
"id": 1,
|
||||||
|
"field_type": "text",
|
||||||
|
"description": "CustomFieldDescription",
|
||||||
|
"name": "CustomField1",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"public": True,
|
||||||
|
"required": True,
|
||||||
|
"type": "user",
|
||||||
|
"editable": True,
|
||||||
|
"id": 2,
|
||||||
|
"field_type": "text",
|
||||||
|
"description": "CustomFieldDescription",
|
||||||
|
"name": "CustomField2",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"public": True,
|
||||||
|
"required": True,
|
||||||
|
"editable": True,
|
||||||
|
"id": 3,
|
||||||
|
"type": "user",
|
||||||
|
"field_type": "text",
|
||||||
|
"description": "CustomFieldDescription",
|
||||||
|
"name": "CustomField3",
|
||||||
|
},
|
||||||
|
],
|
||||||
|
}
|
||||||
|
|
||||||
|
r = admin.patch(
|
||||||
|
"/api/v1/configs/fields/3",
|
||||||
|
json={
|
||||||
|
"public": False,
|
||||||
|
"required": False,
|
||||||
|
"editable": False,
|
||||||
|
"id": 4,
|
||||||
|
"type": "user",
|
||||||
|
"field_type": "text",
|
||||||
|
"description": "CustomFieldDescription",
|
||||||
|
"name": "PatchedCustomField3",
|
||||||
|
},
|
||||||
|
)
|
||||||
|
assert r.status_code == 200
|
||||||
|
assert r.get_json()["data"] == {
|
||||||
|
"public": False,
|
||||||
|
"required": False,
|
||||||
|
"editable": False,
|
||||||
|
"id": 3,
|
||||||
|
"type": "user",
|
||||||
|
"field_type": "text",
|
||||||
|
"description": "CustomFieldDescription",
|
||||||
|
"name": "PatchedCustomField3",
|
||||||
|
}
|
||||||
|
|
||||||
|
r = admin.get("/api/v1/configs/fields/3", json="")
|
||||||
|
assert r.status_code == 200
|
||||||
|
assert r.get_json()["data"] == {
|
||||||
|
"public": False,
|
||||||
|
"required": False,
|
||||||
|
"editable": False,
|
||||||
|
"id": 3,
|
||||||
|
"type": "user",
|
||||||
|
"field_type": "text",
|
||||||
|
"description": "CustomFieldDescription",
|
||||||
|
"name": "PatchedCustomField3",
|
||||||
|
}
|
||||||
|
|
||||||
|
r = admin.delete("/api/v1/configs/fields/3", json="")
|
||||||
|
assert r.status_code == 200
|
||||||
|
|
||||||
|
r = admin.get("/api/v1/configs/fields/3", json="")
|
||||||
|
assert r.status_code == 404
|
||||||
|
destroy_ctfd(app)
|
||||||
|
|
||||||
|
|
||||||
|
def test_api_self_fields_permissions():
|
||||||
|
app = create_ctfd()
|
||||||
|
with app.app_context():
|
||||||
|
gen_field(app.db, name="CustomField1", public=False, editable=False)
|
||||||
|
gen_field(app.db, name="CustomField2", public=True, editable=True)
|
||||||
|
|
||||||
|
with app.test_client() as client:
|
||||||
|
client.get("/register")
|
||||||
|
with client.session_transaction() as sess:
|
||||||
|
data = {
|
||||||
|
"name": "user",
|
||||||
|
"email": "user@ctfd.io",
|
||||||
|
"password": "password",
|
||||||
|
"nonce": sess.get("nonce"),
|
||||||
|
"fields[1]": "CustomValue1",
|
||||||
|
"fields[2]": "CustomValue2",
|
||||||
|
}
|
||||||
|
r = client.post("/register", data=data)
|
||||||
|
with client.session_transaction() as sess:
|
||||||
|
assert sess["id"]
|
||||||
|
|
||||||
|
with login_as_user(app) as user, login_as_user(app, name="admin") as admin:
|
||||||
|
r = user.get("/api/v1/users/me")
|
||||||
|
resp = r.get_json()
|
||||||
|
assert resp["data"]["fields"] == [
|
||||||
|
{
|
||||||
|
"value": "CustomValue2",
|
||||||
|
"name": "CustomField2",
|
||||||
|
"description": "CustomFieldDescription",
|
||||||
|
"type": "text",
|
||||||
|
"field_id": 2,
|
||||||
|
}
|
||||||
|
]
|
||||||
|
|
||||||
|
r = admin.get("/api/v1/users/2")
|
||||||
|
resp = r.get_json()
|
||||||
|
assert len(resp["data"]["fields"]) == 2
|
||||||
|
|
||||||
|
field = Fields.query.filter_by(id=1).first()
|
||||||
|
field.public = True
|
||||||
|
app.db.session.commit()
|
||||||
|
r = user.get("/api/v1/users/me")
|
||||||
|
resp = r.get_json()
|
||||||
|
assert len(resp["data"]["fields"]) == 2
|
||||||
|
|
||||||
|
destroy_ctfd(app)
|
||||||
|
|
||||||
|
|
||||||
|
def test_partial_field_update():
|
||||||
|
app = create_ctfd()
|
||||||
|
with app.app_context():
|
||||||
|
register_user(app)
|
||||||
|
gen_field(app.db, name="CustomField1")
|
||||||
|
gen_field(app.db, name="CustomField2")
|
||||||
|
|
||||||
|
with login_as_user(app) as user:
|
||||||
|
r = user.patch(
|
||||||
|
"/api/v1/users/me",
|
||||||
|
json={
|
||||||
|
"fields": [
|
||||||
|
{"field_id": 1, "value": "CustomValue1"},
|
||||||
|
{"field_id": 2, "value": "CustomValue2"},
|
||||||
|
]
|
||||||
|
},
|
||||||
|
)
|
||||||
|
assert r.status_code == 200
|
||||||
|
assert UserFieldEntries.query.count() == 2
|
||||||
|
|
||||||
|
r = user.patch(
|
||||||
|
"/api/v1/users/me",
|
||||||
|
json={"fields": [{"field_id": 2, "value": "NewCustomValue2"}]},
|
||||||
|
)
|
||||||
|
assert r.status_code == 200
|
||||||
|
assert UserFieldEntries.query.count() == 2
|
||||||
|
assert (
|
||||||
|
UserFieldEntries.query.filter_by(field_id=1, user_id=2).first().value
|
||||||
|
== "CustomValue1"
|
||||||
|
)
|
||||||
|
assert (
|
||||||
|
UserFieldEntries.query.filter_by(field_id=2, user_id=2).first().value
|
||||||
|
== "NewCustomValue2"
|
||||||
|
)
|
||||||
|
|
||||||
|
with login_as_user(app, name="admin") as admin:
|
||||||
|
r = admin.patch(
|
||||||
|
"/api/v1/users/2",
|
||||||
|
json={"fields": [{"field_id": 2, "value": "AdminNewCustomValue2"}]},
|
||||||
|
)
|
||||||
|
assert r.status_code == 200
|
||||||
|
assert UserFieldEntries.query.count() == 2
|
||||||
|
assert (
|
||||||
|
UserFieldEntries.query.filter_by(field_id=1, user_id=2).first().value
|
||||||
|
== "CustomValue1"
|
||||||
|
)
|
||||||
|
assert (
|
||||||
|
UserFieldEntries.query.filter_by(field_id=2, user_id=2).first().value
|
||||||
|
== "AdminNewCustomValue2"
|
||||||
|
)
|
||||||
|
|
||||||
|
destroy_ctfd(app)
|
||||||
@@ -22,6 +22,7 @@ from CTFd.models import (
|
|||||||
Challenges,
|
Challenges,
|
||||||
Comments,
|
Comments,
|
||||||
Fails,
|
Fails,
|
||||||
|
Fields,
|
||||||
Files,
|
Files,
|
||||||
Flags,
|
Flags,
|
||||||
Hints,
|
Hints,
|
||||||
@@ -458,6 +459,30 @@ def gen_comment(db, content="comment", author_id=None, type="challenge", **kwarg
|
|||||||
return comment
|
return comment
|
||||||
|
|
||||||
|
|
||||||
|
def gen_field(
|
||||||
|
db,
|
||||||
|
name="CustomField",
|
||||||
|
type="user",
|
||||||
|
field_type="text",
|
||||||
|
description="CustomFieldDescription",
|
||||||
|
required=True,
|
||||||
|
public=True,
|
||||||
|
editable=True,
|
||||||
|
):
|
||||||
|
field = Fields(
|
||||||
|
name=name,
|
||||||
|
type=type,
|
||||||
|
field_type=field_type,
|
||||||
|
description=description,
|
||||||
|
required=required,
|
||||||
|
public=public,
|
||||||
|
editable=editable,
|
||||||
|
)
|
||||||
|
db.session.add(field)
|
||||||
|
db.session.commit()
|
||||||
|
return field
|
||||||
|
|
||||||
|
|
||||||
def simulate_user_activity(db, user):
|
def simulate_user_activity(db, user):
|
||||||
gen_tracking(db, user_id=user.id)
|
gen_tracking(db, user_id=user.id)
|
||||||
gen_award(db, user_id=user.id)
|
gen_award(db, user_id=user.id)
|
||||||
|
|||||||
160
tests/users/test_fields.py
Normal file
160
tests/users/test_fields.py
Normal file
@@ -0,0 +1,160 @@
|
|||||||
|
#!/usr/bin/env python
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
|
||||||
|
from tests.helpers import (
|
||||||
|
create_ctfd,
|
||||||
|
destroy_ctfd,
|
||||||
|
gen_field,
|
||||||
|
login_as_user,
|
||||||
|
register_user,
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
def test_new_fields_show_on_pages():
|
||||||
|
app = create_ctfd()
|
||||||
|
with app.app_context():
|
||||||
|
register_user(app)
|
||||||
|
|
||||||
|
gen_field(app.db)
|
||||||
|
|
||||||
|
with login_as_user(app) as client:
|
||||||
|
r = client.get("/register")
|
||||||
|
assert "CustomField" in r.get_data(as_text=True)
|
||||||
|
assert "CustomFieldDescription" in r.get_data(as_text=True)
|
||||||
|
|
||||||
|
r = client.get("/settings")
|
||||||
|
assert "CustomField" in r.get_data(as_text=True)
|
||||||
|
assert "CustomFieldDescription" in r.get_data(as_text=True)
|
||||||
|
|
||||||
|
r = client.patch(
|
||||||
|
"/api/v1/users/me",
|
||||||
|
json={"fields": [{"field_id": 1, "value": "CustomFieldEntry"}]},
|
||||||
|
)
|
||||||
|
resp = r.get_json()
|
||||||
|
assert resp["success"] is True
|
||||||
|
assert resp["data"]["fields"][0]["value"] == "CustomFieldEntry"
|
||||||
|
assert resp["data"]["fields"][0]["description"] == "CustomFieldDescription"
|
||||||
|
assert resp["data"]["fields"][0]["name"] == "CustomField"
|
||||||
|
assert resp["data"]["fields"][0]["field_id"] == 1
|
||||||
|
|
||||||
|
r = client.get("/user")
|
||||||
|
resp = r.get_data(as_text=True)
|
||||||
|
assert "CustomField" in resp
|
||||||
|
assert "CustomFieldEntry" in resp
|
||||||
|
|
||||||
|
r = client.get("/users/2")
|
||||||
|
resp = r.get_data(as_text=True)
|
||||||
|
assert "CustomField" in resp
|
||||||
|
assert "CustomFieldEntry" in resp
|
||||||
|
destroy_ctfd(app)
|
||||||
|
|
||||||
|
|
||||||
|
def test_fields_required_on_register():
|
||||||
|
app = create_ctfd()
|
||||||
|
with app.app_context():
|
||||||
|
gen_field(app.db)
|
||||||
|
|
||||||
|
with app.app_context():
|
||||||
|
with app.test_client() as client:
|
||||||
|
client.get("/register")
|
||||||
|
with client.session_transaction() as sess:
|
||||||
|
data = {
|
||||||
|
"name": "user",
|
||||||
|
"email": "user@ctfd.io",
|
||||||
|
"password": "password",
|
||||||
|
"nonce": sess.get("nonce"),
|
||||||
|
}
|
||||||
|
client.post("/register", data=data)
|
||||||
|
with client.session_transaction() as sess:
|
||||||
|
assert sess.get("id") is None
|
||||||
|
|
||||||
|
with client.session_transaction() as sess:
|
||||||
|
data = {
|
||||||
|
"name": "user",
|
||||||
|
"email": "user@ctfd.io",
|
||||||
|
"password": "password",
|
||||||
|
"fields[1]": "custom_field_value",
|
||||||
|
"nonce": sess.get("nonce"),
|
||||||
|
}
|
||||||
|
client.post("/register", data=data)
|
||||||
|
with client.session_transaction() as sess:
|
||||||
|
assert sess["id"]
|
||||||
|
destroy_ctfd(app)
|
||||||
|
|
||||||
|
|
||||||
|
def test_fields_properties():
|
||||||
|
app = create_ctfd()
|
||||||
|
with app.app_context():
|
||||||
|
register_user(app)
|
||||||
|
|
||||||
|
gen_field(
|
||||||
|
app.db, name="CustomField1", required=True, public=True, editable=True
|
||||||
|
)
|
||||||
|
gen_field(
|
||||||
|
app.db, name="CustomField2", required=False, public=True, editable=True
|
||||||
|
)
|
||||||
|
gen_field(
|
||||||
|
app.db, name="CustomField3", required=False, public=False, editable=True
|
||||||
|
)
|
||||||
|
gen_field(
|
||||||
|
app.db, name="CustomField4", required=False, public=False, editable=False
|
||||||
|
)
|
||||||
|
|
||||||
|
with login_as_user(app) as client:
|
||||||
|
r = client.get("/register")
|
||||||
|
resp = r.get_data(as_text=True)
|
||||||
|
assert "CustomField1" in resp
|
||||||
|
assert "CustomField2" in resp
|
||||||
|
assert "CustomField3" in resp
|
||||||
|
assert "CustomField4" in resp
|
||||||
|
|
||||||
|
r = client.get("/settings")
|
||||||
|
resp = r.get_data(as_text=True)
|
||||||
|
assert "CustomField1" in resp
|
||||||
|
assert "CustomField2" in resp
|
||||||
|
assert "CustomField3" in resp
|
||||||
|
assert "CustomField4" not in resp
|
||||||
|
|
||||||
|
r = client.patch(
|
||||||
|
"/api/v1/users/me",
|
||||||
|
json={
|
||||||
|
"fields": [
|
||||||
|
{"field_id": 1, "value": "CustomFieldEntry1"},
|
||||||
|
{"field_id": 2, "value": "CustomFieldEntry2"},
|
||||||
|
{"field_id": 3, "value": "CustomFieldEntry3"},
|
||||||
|
{"field_id": 4, "value": "CustomFieldEntry4"},
|
||||||
|
]
|
||||||
|
},
|
||||||
|
)
|
||||||
|
resp = r.get_json()
|
||||||
|
assert resp == {
|
||||||
|
"success": False,
|
||||||
|
"errors": {"fields": ["Field CustomField4 cannot be editted"]},
|
||||||
|
}
|
||||||
|
|
||||||
|
r = client.patch(
|
||||||
|
"/api/v1/users/me",
|
||||||
|
json={
|
||||||
|
"fields": [
|
||||||
|
{"field_id": 1, "value": "CustomFieldEntry1"},
|
||||||
|
{"field_id": 2, "value": "CustomFieldEntry2"},
|
||||||
|
{"field_id": 3, "value": "CustomFieldEntry3"},
|
||||||
|
]
|
||||||
|
},
|
||||||
|
)
|
||||||
|
assert r.status_code == 200
|
||||||
|
|
||||||
|
r = client.get("/user")
|
||||||
|
resp = r.get_data(as_text=True)
|
||||||
|
assert "CustomField1" in resp
|
||||||
|
assert "CustomField2" in resp
|
||||||
|
assert "CustomField3" not in resp
|
||||||
|
assert "CustomField4" not in resp
|
||||||
|
|
||||||
|
r = client.get("/users/2")
|
||||||
|
resp = r.get_data(as_text=True)
|
||||||
|
assert "CustomField1" in resp
|
||||||
|
assert "CustomField2" in resp
|
||||||
|
assert "CustomField3" not in resp
|
||||||
|
assert "CustomField4" not in resp
|
||||||
|
destroy_ctfd(app)
|
||||||
Reference in New Issue
Block a user