aljaz/CTFd
1
0
Fork 0
mirror of https://github.com/aljazceru/CTFd.git synced 2025-12-17 14:04:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

make require_team abort 404 when not in team mode (#2120)

Browse Source 
* Closes #2119
This commit is contained in:
Frank
2022-06-20 08:30:18 +08:00
committed by GitHub
parent a1d9c12a91
commit d966f15dec
2 changed files with 26 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
CTFd/api/v1/teams.py
View File

@@ -18,6 +18,7 @@ from CTFd.schemas.submissions import SubmissionSchema
from CTFd.schemas.teams import TeamSchema
from CTFd.utils import get_config
from CTFd.utils.decorators import admins_only, authed_only, require_team
from CTFd.utils.decorators.modes import require_team_mode
from CTFd.utils.decorators.visibility import (
check_account_visibility,
check_score_visibility,
@@ -50,6 +51,8 @@ teams_namespace.schema_model(
@teams_namespace.route("")
class TeamList(Resource):
method_decorators = [require_team_mode]
@check_account_visibility
@teams_namespace.doc(
description="Endpoint to get Team objects in bulk",
@@ -159,6 +162,8 @@ class TeamList(Resource):
@teams_namespace.route("/<int:team_id>")
@teams_namespace.param("team_id", "Team ID")
class TeamPublic(Resource):
method_decorators = [require_team_mode]
@check_account_visibility
@teams_namespace.doc(
description="Endpoint to get a specific Team object",
@@ -247,6 +252,8 @@ class TeamPublic(Resource):
@teams_namespace.route("/me")
@teams_namespace.param("team_id", "Current Team")
class TeamPrivate(Resource):
method_decorators = [require_team_mode]
@authed_only
@require_team
@teams_namespace.doc(
@@ -376,6 +383,8 @@ class TeamPrivate(Resource):
@teams_namespace.route("/me/members")
class TeamPrivateMembers(Resource):
method_decorators = [require_team_mode]
@authed_only
@require_team
def post(self):
@@ -397,6 +406,8 @@ class TeamPrivateMembers(Resource):
@teams_namespace.route("/<team_id>/members")
@teams_namespace.param("team_id", "Team ID")
class TeamMembers(Resource):
method_decorators = [require_team_mode]
@admins_only
def get(self, team_id):
team = Teams.query.filter_by(id=team_id).first_or_404()
@@ -485,6 +496,8 @@ class TeamMembers(Resource):
@teams_namespace.route("/me/solves")
class TeamPrivateSolves(Resource):
method_decorators = [require_team_mode]
@authed_only
@require_team
def get(self):
@@ -504,6 +517,8 @@ class TeamPrivateSolves(Resource):
@teams_namespace.route("/me/fails")
class TeamPrivateFails(Resource):
method_decorators = [require_team_mode]
@authed_only
@require_team
def get(self):
@@ -532,6 +547,8 @@ class TeamPrivateFails(Resource):
@teams_namespace.route("/me/awards")
class TeamPrivateAwards(Resource):
method_decorators = [require_team_mode]
@authed_only
@require_team
def get(self):
@@ -551,6 +568,8 @@ class TeamPrivateAwards(Resource):
@teams_namespace.route("/<team_id>/solves")
@teams_namespace.param("team_id", "Team ID")
class TeamPublicSolves(Resource):
method_decorators = [require_team_mode]
@check_account_visibility
@check_score_visibility
def get(self, team_id):
@@ -574,6 +593,8 @@ class TeamPublicSolves(Resource):
@teams_namespace.route("/<team_id>/fails")
@teams_namespace.param("team_id", "Team ID")
class TeamPublicFails(Resource):
method_decorators = [require_team_mode]
@check_account_visibility
@check_score_visibility
def get(self, team_id):
@@ -606,6 +627,8 @@ class TeamPublicFails(Resource):
@teams_namespace.route("/<team_id>/awards")
@teams_namespace.param("team_id", "Team ID")
class TeamPublicAwards(Resource):
method_decorators = [require_team_mode]
@check_account_visibility
@check_score_visibility
def get(self, team_id):

2
CTFd/utils/decorators/__init__.py
View File

@@ -151,6 +151,8 @@ def require_team(f):
else:
return redirect(url_for("teams.private", next=request.full_path))
return f(*args, **kwargs)
else:
abort(404)
return require_team_wrapper