aljaz/CTFd
1
0
Fork 0
mirror of https://github.com/aljazceru/CTFd.git synced 2025-12-20 15:24:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Plugins enhanced utils (#231)

Browse Source 
* Updating utils functions to be monkey patchable

* Also fixing a team email update issue

* Adding more tests
This commit is contained in:
Kevin Chung
2017-03-22 20:00:45 -04:00
committed by GitHub
parent ede7f1bad2
commit a3a7d75ae8
17 changed files with 351 additions and 195 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
CTFd/views.py
View File

@@ -5,9 +5,9 @@ from flask import current_app as app, render_template, request, redirect, abort,
from jinja2.exceptions import TemplateNotFound
from passlib.hash import bcrypt_sha256
from CTFd.utils import authed, is_setup, validate_url, get_config, set_config, sha512, cache, ctftime, view_after_ctf, ctf_started, \
is_admin, hide_scores
from CTFd.models import db, Teams, Solves, Awards, Files, Pages
from CTFd.utils import cache
from CTFd import utils
views = Blueprint('views', __name__)
@@ -16,7 +16,7 @@ views = Blueprint('views', __name__)
def redirect_setup():
if request.path.startswith("/static"):
return
if not is_setup() and request.path != "/setup":
if not utils.is_setup() and request.path != "/setup":
return redirect(url_for('views.setup'))
@@ -25,15 +25,15 @@ def setup():
# with app.app_context():
# admin = Teams.query.filter_by(admin=True).first()
if not is_setup():
if not utils.is_setup():
if not session.get('nonce'):
session['nonce'] = sha512(os.urandom(10))
session['nonce'] = utils.sha512(os.urandom(10))
if request.method == 'POST':
ctf_name = request.form['ctf_name']
ctf_name = set_config('ctf_name', ctf_name)
ctf_name = utils.set_config('ctf_name', ctf_name)
# CSS
css = set_config('start', '')
css = utils.set_config('start', '')
# Admin user
name = request.form['name']
@@ -56,29 +56,29 @@ def setup():
</div>""".format(request.script_root))
# max attempts per challenge
max_tries = set_config("max_tries", 0)
max_tries = utils.set_config("max_tries", 0)
# Start time
start = set_config('start', None)
end = set_config('end', None)
start = utils.set_config('start', None)
end = utils.set_config('end', None)
# Challenges cannot be viewed by unregistered users
view_challenges_unregistered = set_config('view_challenges_unregistered', None)
view_challenges_unregistered = utils.set_config('view_challenges_unregistered', None)
# Allow/Disallow registration
prevent_registration = set_config('prevent_registration', None)
prevent_registration = utils.set_config('prevent_registration', None)
# Verify emails
verify_emails = set_config('verify_emails', None)
verify_emails = utils.set_config('verify_emails', None)
mail_server = set_config('mail_server', None)
mail_port = set_config('mail_port', None)
mail_tls = set_config('mail_tls', None)
mail_ssl = set_config('mail_ssl', None)
mail_username = set_config('mail_username', None)
mail_password = set_config('mail_password', None)
mail_server = utils.set_config('mail_server', None)
mail_port = utils.set_config('mail_port', None)
mail_tls = utils.set_config('mail_tls', None)
mail_ssl = utils.set_config('mail_ssl', None)
mail_username = utils.set_config('mail_username', None)
mail_password = utils.set_config('mail_password', None)
setup = set_config('setup', True)
setup = utils.set_config('setup', True)
db.session.add(page)
db.session.add(admin)
@@ -87,7 +87,7 @@ def setup():
session['username'] = admin.name
session['id'] = admin.id
session['admin'] = admin.admin
session['nonce'] = sha512(os.urandom(10))
session['nonce'] = utils.sha512(os.urandom(10))
db.session.close()
app.setup = False
@@ -102,7 +102,7 @@ def setup():
# Custom CSS handler
@views.route('/static/user.css')
def custom_css():
return Response(get_config("css"), mimetype='text/css')
return Response(utils.get_config("css"), mimetype='text/css')
# Static HTML files
@@ -124,7 +124,7 @@ def teams(page):
page_start = results_per_page * (page - 1)
page_end = results_per_page * (page - 1) + results_per_page
if get_config('verify_emails'):
if utils.get_config('verify_emails'):
count = Teams.query.filter_by(verified=True, banned=False).count()
teams = Teams.query.filter_by(verified=True, banned=False).slice(page_start, page_end).all()
else:
@@ -136,7 +136,7 @@ def teams(page):
@views.route('/team/<int:teamid>', methods=['GET', 'POST'])
def team(teamid):
if get_config('view_scoreboard_if_authed') and not authed():
if utils.get_config('view_scoreboard_if_utils.authed') and not utils.authed():
return redirect(url_for('auth.login', next=request.path))
errors = []
user = Teams.query.filter_by(id=teamid).first_or_404()
@@ -146,7 +146,7 @@ def team(teamid):
place = user.place()
db.session.close()
if hide_scores() and teamid != session.get('id'):
if utils.hide_scores() and teamid != session.get('id'):
errors.append('Scores are currently hidden')
if errors:
@@ -163,7 +163,7 @@ def team(teamid):
@views.route('/profile', methods=['POST', 'GET'])
def profile():
if authed():
if utils.authed():
if request.method == "POST":
errors = []
@@ -175,7 +175,7 @@ def profile():
user = Teams.query.filter_by(id=session['id']).first()
if not get_config('prevent_name_change'):
if not utils.get_config('prevent_name_change'):
names = Teams.query.filter_by(name=name).first()
name_len = len(request.form['name']) == 0
@@ -187,13 +187,13 @@ def profile():
errors.append("Your old password doesn't match what we have.")
if not valid_email:
errors.append("That email doesn't look right")
if not get_config('prevent_name_change') and names and name != session['username']:
if not utils.get_config('prevent_name_change') and names and name != session['username']:
errors.append('That team name is already taken')
if emails and emails.id != session['id']:
errors.append('That email has already been used')
if not get_config('prevent_name_change') and name_len:
if not utils.get_config('prevent_name_change') and name_len:
errors.append('Pick a longer team name')
if website.strip() and not validate_url(website):
if website.strip() and not utils.validate_url(website):
errors.append("That doesn't look like a valid URL")
if len(errors) > 0:
@@ -201,11 +201,11 @@ def profile():
affiliation=affiliation, country=country, errors=errors)
else:
team = Teams.query.filter_by(id=session['id']).first()
if not get_config('prevent_name_change'):
if not utils.get_config('prevent_name_change'):
team.name = name
if team.email != email.lower():
team.email = email.lower()
if get_config('verify_emails'):
if utils.get_config('verify_emails'):
team.verified = False
session['username'] = team.name
@@ -224,8 +224,8 @@ def profile():
website = user.website
affiliation = user.affiliation
country = user.country
prevent_name_change = get_config('prevent_name_change')
confirm_email = get_config('verify_emails') and not user.verified
prevent_name_change = utils.get_config('prevent_name_change')
confirm_email = utils.get_config('verify_emails') and not user.verified
return render_template('profile.html', name=name, email=email, website=website, affiliation=affiliation,
country=country, prevent_name_change=prevent_name_change, confirm_email=confirm_email)
else:
@@ -237,9 +237,9 @@ def profile():
def file_handler(path):
f = Files.query.filter_by(location=path).first_or_404()
if f.chal:
if not is_admin():
if not ctftime():
if view_after_ctf() and ctf_started():
if not utils.is_admin():
if not utils.ctftime():
if utils.view_after_ctf() and utils.ctf_started():
pass
else:
abort(403)