Limit total number of teams (#1867)

* Adds support for a total teams limit
2025-12-17 05:54:19 +01:00 · 2021-06-25 20:00:40 -07:00
parent df27d0e7a9
commit dd05f57b6a
9 changed files with 110 additions and 1 deletions
--- a/tests/oauth/test_teams.py
+++ b/tests/oauth/test_teams.py
@@ -30,3 +30,42 @@ def test_team_size_limit():
        login_with_mlc(app, team_name="team_name", team_oauth_id=1234)
        assert len(Teams.query.filter_by(id=team_id).first().members) == 2
    destroy_ctfd(app)
+
+
+def test_num_teams_limit():
+    """Only num_teams teams can be created even via MLC"""
+    app = create_ctfd(user_mode="teams")
+    app.config.update(
+        {
+            "OAUTH_CLIENT_ID": "ctfd_testing_client_id",
+            "OAUTH_CLIENT_SECRET": "ctfd_testing_client_secret",
+            "OAUTH_AUTHORIZATION_ENDPOINT": "http://auth.localhost/oauth/authorize",
+            "OAUTH_TOKEN_ENDPOINT": "http://auth.localhost/oauth/token",
+            "OAUTH_API_ENDPOINT": "http://api.localhost/user",
+        }
+    )
+    with app.app_context():
+        set_config("num_teams", 1)
+        gen_team(app.db, member_count=1, oauth_id=1234)
+        login_with_mlc(
+            app,
+            name="foobar",
+            email="foobar@a.com",
+            oauth_id=111,
+            team_name="foobar",
+            team_oauth_id=1111,
+            raise_for_error=False,
+        )
+        assert Teams.query.count() == 1
+
+        set_config("num_teams", 2)
+        login_with_mlc(
+            app,
+            name="foobarbaz",
+            email="foobarbaz@a.com",
+            oauth_id=222,
+            team_name="foobarbaz",
+            team_oauth_id=2222,
+        )
+        assert Teams.query.count() == 2
+    destroy_ctfd(app)
--- a/tests/teams/test_teams.py
+++ b/tests/teams/test_teams.py
@@ -181,6 +181,40 @@ def test_team_size_limit():
    destroy_ctfd(app)


+def test_num_teams_limit():
+    """Only num_teams teams can be created"""
+    app = create_ctfd(user_mode="teams")
+    with app.app_context():
+        set_config("num_teams", 1)
+
+        # Create a team
+        gen_team(app.db, member_count=1)
+
+        register_user(app)
+        with login_as_user(app) as client:
+            r = client.get("/teams/new")
+            assert r.status_code == 403
+
+            # team should be blocked from creation
+            with client.session_transaction() as sess:
+                data = {
+                    "name": "team1",
+                    "password": "password",
+                    "nonce": sess.get("nonce"),
+                }
+            r = client.post("/teams/new", data=data)
+            resp = r.get_data(as_text=True)
+            assert Teams.query.count() == 1
+            assert "Reached the maximum number of teams" in resp
+
+            # Can the team be created after the num has been bumped
+            set_config("num_teams", 2)
+            r = client.post("/teams/new", data=data)
+            resp = r.get_data(as_text=True)
+            assert Teams.query.count() == 2
+    destroy_ctfd(app)
+
+
 def test_team_creation_disable():
    app = create_ctfd(user_mode="teams")
    with app.app_context():