Fix download with auth token fail after ctf (458ce2e) (#2011)

* Fix issue where unauthed users couldn't download challenge files after CTF end but viewing after CTF was enabled
2025-12-17 05:54:19 +01:00 · 2022-03-07 10:25:46 +08:00
parent de6f8e059b
commit a868faffb5
2 changed files with 29 additions and 1 deletions
--- a/tests/test_views.py
+++ b/tests/test_views.py
@@ -383,6 +383,19 @@ def test_user_can_access_files_with_auth_token():
                        r = admin.get(file_url)
                        assert r.status_code == 200
                        assert r.get_data(as_text=True) == "testing file load"
+
+                with freeze_time("2017-10-7"):
+                    # Friday, October 6, 2017 12:00:00 AM GMT-04:00 DST
+                    set_config("end", "1507262400")
+                    set_config("view_after_ctf", True)
+                    for v in ("public", "private"):
+                        set_config("challenge_visibility", v)
+
+                        # Unauthed users should be able to download if view_after_ctf
+                        client = app.test_client()
+                        r = client.get(file_url)
+                        assert r.status_code == 200
+                        assert r.get_data(as_text=True) == "testing file load"
        finally:
            rmdir(directory)
    destroy_ctfd(app)
@@ -428,6 +441,12 @@ def test_user_can_access_files_if_view_after_ctf():
                    r = client.get(file_url)
                    assert r.status_code == 200
                    assert r.get_data(as_text=True) == "testing file load"
+
+                    # Unauthed users should be able to download if view_after_ctf
+                    client = app.test_client()
+                    r = client.get(file_url)
+                    assert r.status_code == 200
+                    assert r.get_data(as_text=True) == "testing file load"
        finally:
            rmdir(directory)