From db2e3b56845533210dbafe60a25b8d59c16673f3 Mon Sep 17 00:00:00 2001 From: Kevin Chung Date: Sun, 26 Nov 2017 04:22:15 -0500 Subject: [PATCH] Profile insertion check (#484) * Test setting profile * Fix issue with app_context altering database connections/state --- CTFd/utils.py | 26 ++++++++++++-------------- CTFd/views.py | 17 +++++++++-------- tests/user/test_user_facing.py | 29 +++++++++++++++++++++++++++++ 3 files changed, 50 insertions(+), 22 deletions(-) diff --git a/CTFd/utils.py b/CTFd/utils.py index bf1274f1..2d9c6cc2 100644 --- a/CTFd/utils.py +++ b/CTFd/utils.py @@ -221,8 +221,7 @@ def hide_scores(): def override_template(template, html): - with app.app_context(): - app.jinja_loader.overriden_templates[template] = html + app.jinja_loader.overriden_templates[template] = html def register_plugin_script(url): @@ -474,18 +473,17 @@ def delete_file(file_id): @cache.memoize() def get_config(key): - with app.app_context(): - value = app.config.get(key) - if value: - if value and value.isdigit(): - return int(value) - elif value and isinstance(value, six.string_types): - if value.lower() == 'true': - return True - elif value.lower() == 'false': - return False - else: - return value + value = app.config.get(key) + if value: + if value and value.isdigit(): + return int(value) + elif value and isinstance(value, six.string_types): + if value.lower() == 'true': + return True + elif value.lower() == 'false': + return False + else: + return value config = Config.query.filter_by(key=key).first() if config and config.value: value = config.value diff --git a/CTFd/views.py b/CTFd/views.py index 8a877cf6..0277a25b 100644 --- a/CTFd/views.py +++ b/CTFd/views.py @@ -212,11 +212,11 @@ def profile(): if request.method == "POST": errors = [] - name = request.form.get('name') - email = request.form.get('email') - website = request.form.get('website') - affiliation = request.form.get('affiliation') - country = request.form.get('country') + name = request.form.get('name').strip() + email = request.form.get('email').strip() + website = request.form.get('website').strip() + affiliation = request.form.get('affiliation').strip() + country = request.form.get('country').strip() user = Teams.query.filter_by(id=session['id']).first() @@ -249,13 +249,14 @@ def profile(): affiliation=affiliation, country=country, errors=errors) else: team = Teams.query.filter_by(id=session['id']).first() - if not utils.get_config('prevent_name_change'): - team.name = name + if team.name != name: + if not utils.get_config('prevent_name_change'): + team.name = name + session['username'] = team.name if team.email != email.lower(): team.email = email.lower() if utils.get_config('verify_emails'): team.verified = False - session['username'] = team.name if 'password' in request.form.keys() and not len(request.form['password']) == 0: team.password = bcrypt_sha256.encrypt(request.form.get('password')) diff --git a/tests/user/test_user_facing.py b/tests/user/test_user_facing.py index 29623c69..8324e451 100644 --- a/tests/user/test_user_facing.py +++ b/tests/user/test_user_facing.py @@ -219,6 +219,35 @@ def test_user_get_profile(): destroy_ctfd(app) +def test_user_set_profile(): + """Can a registered user set their private profile (/profile)""" + app = create_ctfd() + with app.app_context(): + register_user(app) + client = login_as_user(app) + r = client.get('/profile') + with client.session_transaction() as sess: + data = { + 'name': 'user', + 'email': 'user@ctfd.io', + 'confirm': '', + 'password': '', + 'affiliation': 'affiliation_test', + 'website': 'https://ctfd.io', + 'country': 'United States of America', + 'nonce': sess.get('nonce') + } + + r = client.post('/profile', data=data) + assert r.status_code == 302 + + user = Teams.query.filter_by(id=2).first() + assert user.affiliation == 'affiliation_test' + assert user.website == 'https://ctfd.io' + assert user.country == 'United States of America' + destroy_ctfd(app) + + def test_user_get_logout(): """Can a registered user load /logout""" app = create_ctfd()