aljaz/CTFd
1
0
Fork 0
mirror of https://github.com/aljazceru/CTFd.git synced 2025-12-17 22:14:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

2.1.0 (#957)

Browse Source 
https://github.com/CTFd/CTFd/milestone/6
This commit is contained in:
Kevin Chung
2019-04-17 01:36:30 -04:00
committed by GitHub
parent 33367422a5
commit b6d54b9ee9
278 changed files with 3659 additions and 13735 deletions
Download Patch File Download Diff File Expand all files Collapse all files

80
tests/api/v1/test_teams.py
View File

@@ -1,9 +1,17 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from CTFd.models import Teams, Users
from CTFd.utils import set_config
from CTFd.utils.crypto import verify_password
from tests.helpers import *
from tests.helpers import (create_ctfd,
destroy_ctfd,
register_user,
login_as_user,
gen_user,
gen_team,
gen_challenge,
gen_flag)
def test_api_teams_get_public():
@@ -297,17 +305,42 @@ def test_api_team_patch_me_not_logged_in():
destroy_ctfd(app)
def test_api_team_patch_me_logged_in():
"""Can a user patch /api/v1/teams/me if logged in"""
def test_api_team_patch_me_logged_in_user():
"""Can a user patch /api/v1/teams/me if logged in as a regular user"""
app = create_ctfd(user_mode="teams")
with app.app_context():
user1 = gen_user(app.db, name="user1", email="user1@ctfd.io")
user2 = gen_user(app.db, name="user2", email="user2@ctfd.io")
team = gen_team(app.db)
team.members.append(user1)
team.members.append(user2)
user1.team_id = team.id
user2.team_id = team.id
app.db.session.commit()
with login_as_user(app, name="user2") as client:
r = client.patch('/api/v1/teams/me', json={
"name": "team_name",
"affiliation": "changed"
})
assert r.status_code == 400
destroy_ctfd(app)
def test_api_team_patch_me_logged_in_captain():
"""Can a user patch /api/v1/teams/me if logged in as the captain"""
app = create_ctfd(user_mode="teams")
with app.app_context():
user = gen_user(app.db)
team = gen_team(app.db)
team.members.append(user)
team.captain_id = 2
user.team_id = team.id
app.db.session.commit()
with login_as_user(app, name="user_name") as client:
r = client.patch('/api/v1/teams/me', json={"name": "team_name", "affiliation": "changed"})
r = client.patch('/api/v1/teams/me', json={
"name": "team_name",
"affiliation": "changed"
})
assert r.status_code == 200
destroy_ctfd(app)
@@ -438,6 +471,45 @@ def test_api_team_get_awards():
destroy_ctfd(app)
def test_api_team_patch_password():
"""Can a user change their team password /api/v1/teams/me if logged in as the captain"""
app = create_ctfd(user_mode="teams")
with app.app_context():
user1 = gen_user(app.db, name="user1", email="user1@ctfd.io") # ID 2
user2 = gen_user(app.db, name="user2", email="user2@ctfd.io") # ID 3
team = gen_team(app.db)
team.members.append(user1)
team.members.append(user2)
team.captain_id = 2
user1.team_id = team.id
user2.team_id = team.id
app.db.session.commit()
with login_as_user(app, name="user2") as client:
r = client.patch('/api/v1/teams/me', json={
"confirm": "password",
"password": "new_password"
})
assert r.status_code == 400
assert r.get_json() == {
'errors': {'': ['Only team captains can edit team information']},
'success': False
}
team = Teams.query.filter_by(id=1).first()
assert verify_password(plaintext='new_password', ciphertext=team.password) is False
with login_as_user(app, name="user1") as client:
r = client.patch('/api/v1/teams/me', json={
"confirm": "password",
"password": "new_password"
})
assert r.status_code == 200
team = Teams.query.filter_by(id=1).first()
assert verify_password(plaintext='new_password', ciphertext=team.password)
def test_api_accessing_hidden_banned_users():
"""Hidden/Banned users should not be visible to normal users, only to admins"""
app = create_ctfd(user_mode="teams")