mirror of
https://github.com/aljazceru/CTFd.git
synced 2025-12-17 14:04:20 +01:00
3af98b17d5
* Bootstrap v4 (#490) * Upgrading original theme to use Bootstrap v4 and overall improve use of utility classes * Fixing graph issues. Colors per team & cleaner hover * The solves tab now shows relative time instead of absolute time * Redesign admin theme * Updating modals and changing form name from desc to description * Moving CSS config from Pages to Config page * Adding IP address count to statistics * Move control of certain modals (files, flags, tags, hints) to challenges page * Expanding size of config page * Combining statistics and graphs pages * Moving percentage solved to the statistics page instead of the admin challenges page * Rename Keys.key_type to Keys.type (#459) (#478) * Rename keys.key_type to keys.type (#459) * Fixing previous migration to not be worried about key_type v type * Fixing loading of challenge type plugins * Switching from Handlebars to Nunjucks (#491) * Switching from Handlebars to Nunjucks * Allow admins to unlock hints before CTF begins and test that this is not allowed for regular users * Authed only (#492) * Adding authed_only decorator and adding next to url_for * Adding a basic preview to hints (#494) * Hints have a preview now for creating and updating hints. HTML and markdown are still allowed. * Ezq (#495) * Adding ezq as a simple wrapper around bootstrap modals * Use tabs not spaces and remove gray background on inputs * Adding title & draft to Pages. Making page preview open a new tab (#497) * Adding title & draft to Pages. * Making page preview open a new tab instead of render in the existing tab * Draft pages cannot be seen without a preview * Update check (#499) * Add update_check function * Notify user that a CTFd update is available in the admin panel * Adding update_check tests * Ratelimit (#500) * Implementing a ratelimit function * Fix error page formatting * Add rate limiting tests * Rate limit authentication functions and rate limit admin send email function * Load user solves before we load challenges to avoid unstyled buttons (#502) * Add a challenge preview (#503) * Adding a challenge preview to the admin panel * Change /admin/chals/<int:chalid> to /admin/chal/<int:chalid> * Adding codecov (#504) * Test coverage at https://codecov.io/gh/CTFd/CTFd * Sendmail improvements (#505) * Add get_smtp timeout, add sendmail error messages * Adding more error handling to sendmail * Adding Flask-Script (#507) * Pause ctf (#508) * Implement CTF pausing * Test CTF pausing * Fix loading challenges for users (#510) * Fix loading challenges for users * Temporarily switch themes in test * Pause help text (#509) * Adding pause help text * Pages authed (#511) * Adding authentication options to pages * Adding tests for accessing pages while draft & auth_required * Merging master into 1.1 (#513) * Name the core theme and remove the original theme
129 lines
4.1 KiB
Python
129 lines
4.1 KiB
Python
#!/usr/bin/env python
|
|
# -*- coding: utf-8 -*-
|
|
|
|
from tests.helpers import *
|
|
from CTFd.models import Pages
|
|
from CTFd.utils import get_config, set_config, override_template, sendmail, verify_email, ctf_started, ctf_ended
|
|
from CTFd.plugins.challenges import get_chal_class
|
|
from freezegun import freeze_time
|
|
from mock import patch
|
|
|
|
|
|
def test_admin_page_create():
|
|
"""Can an admin create a page?"""
|
|
app = create_ctfd()
|
|
with app.app_context():
|
|
client = login_as_user(app, name="admin", password="password")
|
|
r = client.get('/admin/pages?operation=create')
|
|
assert r.status_code == 200
|
|
with client.session_transaction() as sess:
|
|
data = {
|
|
"route": "this-is-a-route",
|
|
"html": "This is some HTML",
|
|
"title": "Title",
|
|
"auth_required": "on",
|
|
"nonce": sess.get('nonce')
|
|
}
|
|
r = client.post('/admin/pages?operation=publish', data=data)
|
|
r = client.get('/admin/pages?route=this-is-a-route')
|
|
assert r.status_code == 200
|
|
|
|
r = client.get('/this-is-a-route')
|
|
assert r.status_code == 200
|
|
output = r.get_data(as_text=True)
|
|
assert "This is some HTML" in output
|
|
destroy_ctfd(app)
|
|
|
|
|
|
def test_admin_page_create_draft():
|
|
"""Draft pages should not be shown"""
|
|
app = create_ctfd()
|
|
with app.app_context():
|
|
client = login_as_user(app, name="admin", password="password")
|
|
r = client.get('/admin/pages?operation=create')
|
|
assert r.status_code == 200
|
|
with client.session_transaction() as sess:
|
|
data = {
|
|
"route": "this-is-a-route",
|
|
"html": "This is some HTML",
|
|
"title": "Title",
|
|
"nonce": sess.get('nonce')
|
|
}
|
|
r = client.post('/admin/pages?operation=save', data=data)
|
|
r = client.get('/this-is-a-route')
|
|
assert r.status_code == 404
|
|
destroy_ctfd(app)
|
|
|
|
|
|
def test_admin_page_preview():
|
|
"""Page previews should not create a new page"""
|
|
app = create_ctfd()
|
|
with app.app_context():
|
|
client = login_as_user(app, name="admin", password="password")
|
|
|
|
with client.session_transaction() as sess:
|
|
data = {
|
|
"route": "this-is-a-route",
|
|
"html": "This is some HTML",
|
|
"title": "Title",
|
|
"nonce": sess.get('nonce')
|
|
}
|
|
r = client.post('/admin/pages?operation=preview', data=data)
|
|
|
|
output = r.get_data(as_text=True)
|
|
assert "This is some HTML" in output
|
|
|
|
assert len(Pages.query.all()) == 1 # The index page counts as a page
|
|
destroy_ctfd(app)
|
|
|
|
|
|
def test_admin_page_update():
|
|
"""Can an admin update a page?"""
|
|
app = create_ctfd()
|
|
with app.app_context():
|
|
client = login_as_user(app, name="admin", password="password")
|
|
r = client.get('/admin/pages?id=1')
|
|
assert r.status_code == 200
|
|
with client.session_transaction() as sess:
|
|
data = {
|
|
"route": "index",
|
|
"html": "New Index Page",
|
|
"title": "title",
|
|
"id": 1,
|
|
"nonce": sess.get('nonce')
|
|
}
|
|
r = client.post('/admin/pages?operation=save', data=data)
|
|
r = client.get('/admin/pages?id=1')
|
|
assert r.status_code == 200
|
|
output = r.get_data(as_text=True)
|
|
assert "New Index Page" in output
|
|
|
|
r = client.get('/')
|
|
assert r.status_code == 200
|
|
output = r.get_data(as_text=True)
|
|
assert "New Index Page" in output
|
|
destroy_ctfd(app)
|
|
|
|
|
|
def test_admin_page_delete():
|
|
"""Can an admin delete a page?"""
|
|
app = create_ctfd()
|
|
with app.app_context():
|
|
client = login_as_user(app, name="admin", password="password")
|
|
|
|
with client.session_transaction() as sess:
|
|
data = {
|
|
"id": 1,
|
|
"nonce": sess.get('nonce')
|
|
}
|
|
r = client.post('/admin/pages/delete', data=data)
|
|
assert r.status_code == 200
|
|
|
|
r = client.get('/')
|
|
assert r.status_code == 404
|
|
|
|
count = Pages.query.count()
|
|
assert count == 0
|
|
|
|
destroy_ctfd(app)
|