aljaz/CTFd
1
0
Fork 0
mirror of https://github.com/aljazceru/CTFd.git synced 2025-12-17 05:54:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,237 Commits 18 Branches 43 Tags
d138117a2e5a472b5e9bbd6ee7e5f8830a892d74
Commit Graph

1237 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Kevin Chung
d138117a2e Merge branch 'master' into 1691-challenge-preview-improvements 2023-06-26 19:29:13 -04:00
Kevin Chung
79ad434d41 Add a rough implementation of improving the challenge preview 2023-06-26 19:27:27 -04:00
Kevin Chung
8cde25cab1 Merge pull request #2341 from HackademINT/pymysql-rsa 
Add the optional rsa dependency to pymysql
 2023-06-22 11:28:20 -04:00
Smyler
704e08c745 Add the optional rsa dependency to pymysql 
This dependency is required to allow compatibility with MySQL instances that enforce specific authentication protocols. This is often the case with managed databases for some public cloud providers.
PyMySQL documentation: https://pymysql.readthedocs.io/en/latest/user/installation.html
 2023-06-22 13:37:20 +02:00
Kevin Chung
dc555f70ca Merge pull request #2339 from CTFd/update-core-beta 
Update core beta
 2023-06-22 01:19:29 -04:00
Kevin Chung
de17bef1f7 Merge commit '6e0072b9028bc7c878e3a74be66754fbbcb7d32c' into update-core-beta 2023-06-22 00:24:12 -04:00
Kevin Chung
6e0072b902 Squashed 'CTFd/themes/core-beta/' changes from 5ce3003b..bb4edfb6 
bb4edfb6 Add description to TokensForm
50070166 Fix issue with missing endtrans tag
34c58129 Update README.md

git-subtree-dir: CTFd/themes/core-beta
git-subtree-split: bb4edfb6d4535406f7038099501d144d0cc998da
 2023-06-22 00:24:12 -04:00
Kevin Chung
eac44adf69 Add a description field to api tokens and make api tokens start with a 'ctfd_' prefix (#2337) 
* Add a description field for API tokens 
* API tokens now start with a `ctfd_` prefix to make them easier to identify
* Closes #2184
 2023-06-22 00:20:32 -04:00
Kevin Chung
e5518b54bd Improve rendering long submisisons admin panel (#2338) 
* Truncate submissions in the Admin Panel but have some ways to show them fully expanded and add a copy to clipboard button
* Closes #2243
 2023-06-21 20:31:25 -04:00
Kevin Chung
89cec0c5e6 Revert "Merge pull request #2334 from CTFd/2253-alpine-js-admin-panel" (#2336) 
This reverts commit fdec5bc7ab, reversing
changes made to e89d4f763c.
 2023-06-20 03:31:04 -04:00
Kevin Chung
fdec5bc7ab Merge pull request #2334 from CTFd/2253-alpine-js-admin-panel 
* Add AlpineJS to the Admin Panel as a way for plugins to add simple interactivity
* Closes #2253
 2023-06-17 04:18:30 -04:00
Kevin Chung
d8c77f19f0 Fix lint 2023-06-17 03:57:58 -04:00
Kevin Chung
ef5f41e177 Add AlpineJS to Admin Panel 2023-06-17 03:46:35 -04:00
Kevin Chung
e89d4f763c Merge pull request #2333 from CTFd/2157-free-hints-view-public 
* Free hints (those without a cost or prerequsitites) can now be viewed publicly if challenges are visible publicly
* Closes #2157
 2023-06-16 16:51:14 -04:00
Kevin Chung
cb8ea71751 Make free hints visible to unauth users if challenges are visible to unauth users 2023-06-16 16:27:31 -04:00
Kevin Chung
7bae8360c8 Merge pull request #2328 from CTFd/2308-total-user-limit 
Rough implementation of user registration limit
 2023-06-14 02:04:33 -04:00
Kevin Chung
e4b91dfe58 Add test for num_user limit via MLC 2023-06-13 20:53:07 -04:00
Kevin Chung
d5c40142fb Fix lint 2023-06-13 20:36:32 -04:00
Kevin Chung
030a6bc4d5 Merge branch 'master' into 2308-total-user-limit 2023-06-13 20:36:02 -04:00
Kevin Chung
5d055f60f6 Add test for user limit registration behavior 2023-06-13 20:02:15 -04:00
Kevin Chung
8a1c0a4b07 Merge pull request #2325 from intrigus-lgtm/patch-1 
* Enable gzip in nginx config
 2023-06-13 18:52:44 -04:00
Kevin Chung
1ae65d7b3c Remove extra space 2023-06-13 18:34:25 -04:00
Kevin Chung
4be7b9f8ed Move gzip config so location is on top 2023-06-13 18:33:35 -04:00
Kevin Chung
5e8ff5d892 Rough implementation of user registration limit 2023-06-13 17:02:30 -04:00
intrigus-lgtm
4b4847e600 Enable gzip for nginx 2023-06-12 23:52:48 +02:00
Kevin Chung
dd20786b84 Merge pull request #2324 from CTFd/pull-core-beta 
* Fix issue where the private team page would not render properly
 2023-06-11 16:20:24 -04:00
Kevin Chung
a64e7d51ef Squashed 'CTFd/themes/core-beta/' changes from 9126d77d..5ce3003b 
5ce3003b Merge pull request #47 from aCursedComrade/patch-1
c9887cb1 Fix team template

git-subtree-dir: CTFd/themes/core-beta
git-subtree-split: 5ce3003b4d68352e629ee2d390bc999e7d6b071e
 2023-06-11 15:56:28 -04:00
Kevin Chung
89fb2e5803 Merge commit 'a64e7d51ef7c3bc33dfc19cc9ff48b3e3e23c64e' into pull-core-beta 2023-06-11 15:56:28 -04:00
Kevin Chung
23cdf85bf2 Mark 3.5.3 (#2319) 
# 3.5.3 / 2023-06-07

**Deployment**

- Fixed permissions error in Dockerfile
- Bump dependencies for pybluemonday
 2023-06-08 15:26:17 -04:00
Kevin Chung
b89cb3cb98 Add a section in the config panel to configure html sanitization but still allow config.ini to force it (#2316) 
* Add a section in the config panel to configure html sanitization
* `HTML_SANITIZTION` in config.ini can still force sanitization regardless of the database configuration
* Closes #2194
 2023-06-05 19:28:55 -04:00
Kevin Chung
692c4b086c Core beta (#2314) 
* Install the core-beta theme into the CTFd repo

git-subtree-dir: CTFd/themes/core-beta
git-subtree-split: 9126d77d1a858e10c25ce028a35d42efaa0f49c0
 2023-06-01 16:30:13 -04:00
Kevin Chung
1d9581cc0a Save pot file in repo (#2313) 2023-06-01 15:51:00 -04:00
Kevin Chung
635b0940e5 Add Translations layer (#2288) 
* Add rough translations support into CTFd
* Add `flask-babel` dependency
* Adds language column to users table
* Closes #570 

---------

Co-authored-by: Miłosz Skaza <milosz.skaza@ctfd.io>
 2023-06-01 15:24:00 -04:00
Kevin Chung
2474d6000d Bump pybluemonday version to support Python 3.11 (#2303) 
* Bump pybluemonday version to `0.0.11` to support Python 3.11
* Closes #2301
 2023-05-13 01:03:44 -04:00
Carl Fugate
c173ed6abd Added /opt/CTFD to chown path (line 47) to correct permissions error … (#2299) 
* Added /opt/CTFd to chown path (line 47) to correct permissions error during startup.

---------

Co-authored-by: Kevin Chung <kchung@ctfd.io>
 2023-05-05 04:44:12 -04:00
Kevin Chung
3fbfd81644 Mark 3.5.2 (#2295) 
# 3.5.2 / 2023-05-01

**General**

- Generate cachable S3 URLs by rounding time down to the previous hour to generate a consistent URL
- Change email whitelist error message to not include the list of allowed domains
- Clean up the language for confirming the password on team password change
- Fix issue where dynamic challenges break if the decay is 0 and prevent users from adding a decay limit of 0 to dynamic value challenges

**Admin Panel**

- Adds support for admins to control `robots.txt`
- Clean up the aesthetics for the 'Pause CTF' and 'View After CTF' configs
- Replaced TLS and SSL checkbox text to match the defaults used by Mozilla Thunderbird to eliminate confusion when configuring SMTP

**Deployment**

- Slim down Docker image by removing several dependencies not needed for production usage
  - The image size has been reduced from 648MB to 398MB
- In the Docker image run CTFd in a virtual environment located at `/opt/venv`
- Add freezegun to application dependencies
- Bump dependencies for pybluemonday, redis, SQLAlchemy-Utils, python-geoacumen-city
- Fix race conditions on cache healthcheck
- Fix situations where numeric config items in config.ini could cause CTFd to not start
 2023-05-01 11:25:51 -04:00
mattcurts
0a967c99e0 Confirm Old Team Password (#2261) 
* Update language for updating team password

---------

Co-authored-by: Kevin Chung <kchung@ctfd.io>
 2023-04-27 01:56:27 -04:00
skandix
25b3d77ed0 bump SQLAlchemy-Utils to version 0.41.0 (#2294) 
* Bump down SQLAlchemy-Utils to version 0.41.0

* Update development dependencies

---------

Signed-off-by: Bendik Dyrli <skandix@datapor.no>
Co-authored-by: Kevin Chung <kchung@ctfd.io>
 2023-04-27 01:38:31 -04:00
Peyton Duncan
ab91e7df34 SMTP TLS/SSL Labels to Match Thunderbird (#2293) 
* TLS/SSL Labels to Match Thunderbird

Replaced TLS and SSL checkbox text to match the
defaults used by Mozilla Thunderbird to eliminate confusion when
configuring SMTP

* Add link to email server documentation

* Properly save changes

---------

Co-authored-by: Kevin Chung <kchung@ctfd.io>
 2023-04-27 00:53:59 -04:00
Kevin Chung
2a6f47d2ea Change email whitelist error message to not include the list of allowed domains (#2286) 
* Change email whitelist error message to not include the list of allowed domains
 2023-04-13 14:23:18 -04:00
dependabot[bot]
440aaddfb1 Bump redis from 3.5.2 to 4.4.4 (#2275) 
Bumps [redis](https://github.com/redis/redis-py) from 3.5.2 to 4.4.4.
- [Release notes](https://github.com/redis/redis-py/releases)
- [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES)
- [Commits](https://github.com/redis/redis-py/compare/3.5.2...v4.4.4)

---
updated-dependencies:
- dependency-name: redis
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Kevin Chung <kchung@ctfd.io>
 2023-04-13 01:55:16 -04:00
Kevin Chung
c405fbb9b1 Bump pybluemonday version (#2285) 
* Bump pybluemonday version
* Remove codecov from development.txt
 2023-04-13 01:36:08 -04:00
Alper Berber
23c7b2f90f use ruff instead of flake8 (#2278) 
* add: use ruff instead of flake8

* Update ruff switches and remove flake8 plugins

* fix: ignore linting rules

* fix: ignore I001

* fix: spaces before noqa

---------

Co-authored-by: Kevin Chung <kchung@ctfd.io>
 2023-04-11 11:20:48 -04:00
Smyler
faa937020a Prevent race conditions on /healthcheck (#2273) 
In a high availability deployment scenario, two clients may make a request on /healthcheck at the exact same time, which can lead to check_config returning False if the second requests changes the 'healthcheck' cache key before the first one has had time to fetch the value it had set.

A solution to counter this is to ensure different keys are used for each healthcheck.
 2023-04-03 02:01:17 -04:00
Kevin Chung
870eefb184 Fix issue where we are double processing config.ini items (#2274) 
* In some cases with numeric config items it appears that we can end up processing a string twice. This issue fixes it so that we only process the strings once at configparser load time with `before_get`
 2023-03-28 14:07:52 -04:00
Kevin Chung
b17adaf7aa Add support for robots.txt (#2269) 
* Adds support for admins to control `robots.txt`
* Closes #2141
 2023-03-12 17:03:35 -04:00
Kevin Chung
68da00900a Add freezegun to runtime dependencies, generate cachable s3 urls (#2264) 
* Add freezegun to application dependencies
* Generate cachable S3 URLs by rounding time down to the previous hour to generate a consistent URL
 2023-02-19 15:01:28 -05:00
Kevin Chung
c8dbfa6050 Fix Dockerfile venv so plugins can be installed at runtime (#2260) 
* Set ownership of venv in Dockerfile to 1001
 2023-02-14 21:22:29 -05:00
Kevin Chung
472010fcc2 Fix scoreboard detail count parameter (#2256) 
* Add int requirement to `/api/v1/scoreboard/top/<count>`
 2023-02-09 12:27:47 -05:00
Kevin Chung
68c3438474 Fix issue where dynamic challenges break if the decay is 0 (#2255) 
* Fix issue where dynamic challenges break if the decay is 0
* Prevent users from adding a decay limit of 0 to dynamic value challenges
 2023-02-08 13:22:16 -05:00