756 generic data fields (#1608)

* Adds the ability to add custom user fields for registration/profile settings * Admins can create fields that users can optionally edit * Works on #756
2025-12-17 22:14:25 +01:00 · 2020-08-19 20:18:37 -04:00
parent 0bc58d5af1
commit fb454b8262
60 changed files with 1715 additions and 51 deletions
--- a/tests/api/v1/test_fields.py
+++ b/tests/api/v1/test_fields.py
@@ -0,0 +1,253 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+from CTFd.models import Fields, UserFieldEntries
+from tests.helpers import (
+    create_ctfd,
+    destroy_ctfd,
+    gen_field,
+    login_as_user,
+    register_user,
+)
+
+
+def test_api_custom_fields():
+    app = create_ctfd()
+    with app.app_context():
+        register_user(app)
+        gen_field(app.db, name="CustomField1")
+        gen_field(app.db, name="CustomField2")
+
+        with login_as_user(app) as user:
+            r = user.get("/api/v1/configs/fields", json="")
+            assert r.status_code == 403
+
+        with login_as_user(app, name="admin") as admin:
+            r = admin.get("/api/v1/configs/fields", json="")
+            resp = r.get_json()
+
+            assert resp == {
+                "success": True,
+                "data": [
+                    {
+                        "public": True,
+                        "required": True,
+                        "type": "user",
+                        "editable": True,
+                        "id": 1,
+                        "field_type": "text",
+                        "description": "CustomFieldDescription",
+                        "name": "CustomField1",
+                    },
+                    {
+                        "public": True,
+                        "required": True,
+                        "type": "user",
+                        "editable": True,
+                        "id": 2,
+                        "field_type": "text",
+                        "description": "CustomFieldDescription",
+                        "name": "CustomField2",
+                    },
+                ],
+            }
+
+            r = admin.post(
+                "/api/v1/configs/fields",
+                json={
+                    "public": True,
+                    "required": True,
+                    "editable": True,
+                    "id": 2,
+                    "type": "user",
+                    "field_type": "text",
+                    "description": "CustomFieldDescription",
+                    "name": "CustomField3",
+                },
+            )
+            assert r.status_code == 200
+
+            r = admin.get("/api/v1/configs/fields", json="")
+            resp = r.get_json()
+            assert resp == {
+                "success": True,
+                "data": [
+                    {
+                        "public": True,
+                        "required": True,
+                        "type": "user",
+                        "editable": True,
+                        "id": 1,
+                        "field_type": "text",
+                        "description": "CustomFieldDescription",
+                        "name": "CustomField1",
+                    },
+                    {
+                        "public": True,
+                        "required": True,
+                        "type": "user",
+                        "editable": True,
+                        "id": 2,
+                        "field_type": "text",
+                        "description": "CustomFieldDescription",
+                        "name": "CustomField2",
+                    },
+                    {
+                        "public": True,
+                        "required": True,
+                        "editable": True,
+                        "id": 3,
+                        "type": "user",
+                        "field_type": "text",
+                        "description": "CustomFieldDescription",
+                        "name": "CustomField3",
+                    },
+                ],
+            }
+
+            r = admin.patch(
+                "/api/v1/configs/fields/3",
+                json={
+                    "public": False,
+                    "required": False,
+                    "editable": False,
+                    "id": 4,
+                    "type": "user",
+                    "field_type": "text",
+                    "description": "CustomFieldDescription",
+                    "name": "PatchedCustomField3",
+                },
+            )
+            assert r.status_code == 200
+            assert r.get_json()["data"] == {
+                "public": False,
+                "required": False,
+                "editable": False,
+                "id": 3,
+                "type": "user",
+                "field_type": "text",
+                "description": "CustomFieldDescription",
+                "name": "PatchedCustomField3",
+            }
+
+            r = admin.get("/api/v1/configs/fields/3", json="")
+            assert r.status_code == 200
+            assert r.get_json()["data"] == {
+                "public": False,
+                "required": False,
+                "editable": False,
+                "id": 3,
+                "type": "user",
+                "field_type": "text",
+                "description": "CustomFieldDescription",
+                "name": "PatchedCustomField3",
+            }
+
+            r = admin.delete("/api/v1/configs/fields/3", json="")
+            assert r.status_code == 200
+
+            r = admin.get("/api/v1/configs/fields/3", json="")
+            assert r.status_code == 404
+    destroy_ctfd(app)
+
+
+def test_api_self_fields_permissions():
+    app = create_ctfd()
+    with app.app_context():
+        gen_field(app.db, name="CustomField1", public=False, editable=False)
+        gen_field(app.db, name="CustomField2", public=True, editable=True)
+
+        with app.test_client() as client:
+            client.get("/register")
+            with client.session_transaction() as sess:
+                data = {
+                    "name": "user",
+                    "email": "user@ctfd.io",
+                    "password": "password",
+                    "nonce": sess.get("nonce"),
+                    "fields[1]": "CustomValue1",
+                    "fields[2]": "CustomValue2",
+                }
+            r = client.post("/register", data=data)
+            with client.session_transaction() as sess:
+                assert sess["id"]
+
+        with login_as_user(app) as user, login_as_user(app, name="admin") as admin:
+            r = user.get("/api/v1/users/me")
+            resp = r.get_json()
+            assert resp["data"]["fields"] == [
+                {
+                    "value": "CustomValue2",
+                    "name": "CustomField2",
+                    "description": "CustomFieldDescription",
+                    "type": "text",
+                    "field_id": 2,
+                }
+            ]
+
+            r = admin.get("/api/v1/users/2")
+            resp = r.get_json()
+            assert len(resp["data"]["fields"]) == 2
+
+            field = Fields.query.filter_by(id=1).first()
+            field.public = True
+            app.db.session.commit()
+            r = user.get("/api/v1/users/me")
+            resp = r.get_json()
+            assert len(resp["data"]["fields"]) == 2
+
+    destroy_ctfd(app)
+
+
+def test_partial_field_update():
+    app = create_ctfd()
+    with app.app_context():
+        register_user(app)
+        gen_field(app.db, name="CustomField1")
+        gen_field(app.db, name="CustomField2")
+
+        with login_as_user(app) as user:
+            r = user.patch(
+                "/api/v1/users/me",
+                json={
+                    "fields": [
+                        {"field_id": 1, "value": "CustomValue1"},
+                        {"field_id": 2, "value": "CustomValue2"},
+                    ]
+                },
+            )
+            assert r.status_code == 200
+            assert UserFieldEntries.query.count() == 2
+
+            r = user.patch(
+                "/api/v1/users/me",
+                json={"fields": [{"field_id": 2, "value": "NewCustomValue2"}]},
+            )
+            assert r.status_code == 200
+            assert UserFieldEntries.query.count() == 2
+            assert (
+                UserFieldEntries.query.filter_by(field_id=1, user_id=2).first().value
+                == "CustomValue1"
+            )
+            assert (
+                UserFieldEntries.query.filter_by(field_id=2, user_id=2).first().value
+                == "NewCustomValue2"
+            )
+
+        with login_as_user(app, name="admin") as admin:
+            r = admin.patch(
+                "/api/v1/users/2",
+                json={"fields": [{"field_id": 2, "value": "AdminNewCustomValue2"}]},
+            )
+            assert r.status_code == 200
+            assert UserFieldEntries.query.count() == 2
+            assert (
+                UserFieldEntries.query.filter_by(field_id=1, user_id=2).first().value
+                == "CustomValue1"
+            )
+            assert (
+                UserFieldEntries.query.filter_by(field_id=2, user_id=2).first().value
+                == "AdminNewCustomValue2"
+            )
+
+    destroy_ctfd(app)