aljaz/CTFd
1
0
Fork 0
mirror of https://github.com/aljazceru/CTFd.git synced 2025-12-18 06:24:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

Profile insertion check (#484)

Browse Source 
* Test setting profile
* Fix issue with app_context altering database connections/state
This commit is contained in:
Kevin Chung
2017-11-26 04:22:15 -05:00
committed by GitHub
parent 46544e5729
commit db2e3b5684
3 changed files with 50 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
CTFd/utils.py
View File

@@ -221,8 +221,7 @@ def hide_scores():
def override_template(template, html):
with app.app_context():
app.jinja_loader.overriden_templates[template] = html
app.jinja_loader.overriden_templates[template] = html
def register_plugin_script(url):
@@ -474,18 +473,17 @@ def delete_file(file_id):
@cache.memoize()
def get_config(key):
with app.app_context():
value = app.config.get(key)
if value:
if value and value.isdigit():
return int(value)
elif value and isinstance(value, six.string_types):
if value.lower() == 'true':
return True
elif value.lower() == 'false':
return False
else:
return value
value = app.config.get(key)
if value:
if value and value.isdigit():
return int(value)
elif value and isinstance(value, six.string_types):
if value.lower() == 'true':
return True
elif value.lower() == 'false':
return False
else:
return value
config = Config.query.filter_by(key=key).first()
if config and config.value:
value = config.value

17
CTFd/views.py
View File

@@ -212,11 +212,11 @@ def profile():
if request.method == "POST":
errors = []
name = request.form.get('name')
email = request.form.get('email')
website = request.form.get('website')
affiliation = request.form.get('affiliation')
country = request.form.get('country')
name = request.form.get('name').strip()
email = request.form.get('email').strip()
website = request.form.get('website').strip()
affiliation = request.form.get('affiliation').strip()
country = request.form.get('country').strip()
user = Teams.query.filter_by(id=session['id']).first()
@@ -249,13 +249,14 @@ def profile():
affiliation=affiliation, country=country, errors=errors)
else:
team = Teams.query.filter_by(id=session['id']).first()
if not utils.get_config('prevent_name_change'):
team.name = name
if team.name != name:
if not utils.get_config('prevent_name_change'):
team.name = name
session['username'] = team.name
if team.email != email.lower():
team.email = email.lower()
if utils.get_config('verify_emails'):
team.verified = False
session['username'] = team.name
if 'password' in request.form.keys() and not len(request.form['password']) == 0:
team.password = bcrypt_sha256.encrypt(request.form.get('password'))

29
tests/user/test_user_facing.py
View File

@@ -219,6 +219,35 @@ def test_user_get_profile():
destroy_ctfd(app)
def test_user_set_profile():
"""Can a registered user set their private profile (/profile)"""
app = create_ctfd()
with app.app_context():
register_user(app)
client = login_as_user(app)
r = client.get('/profile')
with client.session_transaction() as sess:
data = {
'name': 'user',
'email': 'user@ctfd.io',
'confirm': '',
'password': '',
'affiliation': 'affiliation_test',
'website': 'https://ctfd.io',
'country': 'United States of America',
'nonce': sess.get('nonce')
}
r = client.post('/profile', data=data)
assert r.status_code == 302
user = Teams.query.filter_by(id=2).first()
assert user.affiliation == 'affiliation_test'
assert user.website == 'https://ctfd.io'
assert user.country == 'United States of America'
destroy_ctfd(app)
def test_user_get_logout():
"""Can a registered user load /logout"""
app = create_ctfd()