2.1.0 (#957)

https://github.com/CTFd/CTFd/milestone/6
2025-12-20 15:24:25 +01:00 · 2019-04-17 01:36:30 -04:00
parent 33367422a5
commit b6d54b9ee9
278 changed files with 3659 additions and 13735 deletions
--- a/CTFd/auth.py
+++ b/CTFd/auth.py
@@ -7,6 +7,8 @@ from flask import (
    session,
    Blueprint,
 )
+from itsdangerous.exc import BadTimeSignature, SignatureExpired, BadSignature
+
 from CTFd.models import db, Users, Teams

 from CTFd.utils import get_config, get_app_config
@@ -15,13 +17,13 @@ from CTFd.utils import user as current_user
 from CTFd.utils import config, validators
 from CTFd.utils import email
 from CTFd.utils.security.auth import login_user, logout_user
-from CTFd.utils.security.passwords import hash_password, check_password
+from CTFd.utils.crypto import verify_password
 from CTFd.utils.logging import log
 from CTFd.utils.decorators.visibility import check_registration_visibility
-from CTFd.utils.modes import TEAMS_MODE, USERS_MODE
-from CTFd.utils.security.signing import serialize, unserialize, SignatureExpired, BadSignature, BadTimeSignature
-from CTFd.utils.helpers import info_for, error_for, get_errors, get_infos
 from CTFd.utils.config.visibility import registration_visible
+from CTFd.utils.modes import TEAMS_MODE
+from CTFd.utils.security.signing import unserialize
+from CTFd.utils.helpers import error_for, get_errors

 import base64
 import requests
@@ -100,7 +102,7 @@ def reset_password(data=None):
        email_address = request.form['email'].strip()
        team = Users.query.filter_by(email=email_address).first()

-        errors = get_errors()
+        get_errors()

        if config.can_send_mail() is False:
            return render_template(
@@ -144,15 +146,15 @@ def register():
        if not valid_email:
            errors.append("Please enter a valid email address")
        if email.check_email_is_whitelisted(email_address) is False:
-                errors.append(
-                    "Only email addresses under {domains} may register".format(
-                        domains=get_config('domain_whitelist')
-                    )
+            errors.append(
+                "Only email addresses under {domains} may register".format(
+                    domains=get_config('domain_whitelist')
                )
+            )
        if names:
-            errors.append('That team name is already taken')
+            errors.append('That user name is already taken')
        if team_name_email_check is True:
-            errors.append('Your team name cannot be an email address')
+            errors.append('Your user name cannot be an email address')
        if emails:
            errors.append('That email has already been used')
        if pass_short:
@@ -160,7 +162,7 @@ def register():
        if pass_long:
            errors.append('Pick a shorter password')
        if name_len:
-            errors.append('Pick a longer team name')
+            errors.append('Pick a longer user name')

        if len(errors) > 0:
            return render_template(
@@ -216,7 +218,7 @@ def login():
            user = Users.query.filter_by(name=name).first()

        if user:
-            if user and check_password(request.form['password'], user.password):
+            if user and verify_password(request.form['password'], user.password):
                session.regenerate()

                login_user(user)
@@ -346,7 +348,8 @@ def oauth_redirect():
                if team is None:
                    team = Teams(
                        name=team_name,
-                        oauth_id=team_id
+                        oauth_id=team_id,
+                        captain_id=user.id
                    )
                    db.session.add(team)
                    db.session.commit()