#!/usr/bin/env python # -*- coding: utf-8 -*- from tests.helpers import ( create_ctfd, destroy_ctfd, register_user, login_as_user, gen_page, gen_challenge, gen_team, ) from flask import Flask def get_bp_urls(blueprint): temp_app = Flask(__name__) temp_app.register_blueprint(blueprint) return [str(p) for p in temp_app.url_map.iter_rules()] def test_admin_access(): """Can a user access admin pages?""" app = create_ctfd() with app.app_context(): gen_page(app.db, title="title", route="/route", content="content") gen_challenge(app.db) gen_team(app.db) routes = [ '/admin/challenges/new', '/admin/export/csv', # '/admin/pages/preview', '/admin/pages/new', '/admin/teams/new', '/admin/users/new', '/admin/notifications', '/admin/challenges', '/admin/scoreboard', '/admin/statistics', '/admin/export', '/admin/config', '/admin/pages', '/admin/teams', '/admin/users', '/admin', '/admin/submissions/correct', '/admin/submissions/incorrect', '/admin/submissions', '/admin/challenges/1', # '/admin/plugins/', '/admin/pages/1', '/admin/teams/1', '/admin/users/1', ] register_user(app) client = login_as_user(app) for route in routes: r = client.get(route) assert r.status_code == 302 assert r.location.startswith('http://localhost/login') admin = login_as_user(app, name="admin") routes.remove('/admin') routes.remove('/admin/export/csv') routes.remove('/admin/export') for route in routes: r = admin.get(route) assert r.status_code == 200 destroy_ctfd(app) def test_get_admin_as_user(): app = create_ctfd() with app.app_context(): register_user(app) client = login_as_user(app) r = client.get('/admin') assert r.status_code == 302 assert r.location.startswith('http://localhost/login') destroy_ctfd(app)