mirror of
https://github.com/aljazceru/CTFd.git
synced 2026-01-18 05:24:19 +01:00
2972cf506d
Add a Config entry `view_challenges_unregistered` to indicate whether unregistered users can view challenges. Add the setting to the admin config page. Add can_view_challenges() to utils to test if a user is either authed, or the configuration allow unauthenticated users to view the challenges. Return a HTTP 401 Unauthorized error when the /chals/solves API can't provide results for an unauthenticated user. This is needed because the client side code in `chalboard.js` doesn't know if it's logged in or not and requests this anyway. (And AJAX doesn't handle redirects very well.) Alternately the client could actually know if they're logged in and not make needless API calls. When an unregistered user attempts to submit a flag, it will also fail. The user will be redirected to a login page.
32 lines
1.1 KiB
HTML
32 lines
1.1 KiB
HTML
{% extends "admin/base.html" %}
|
|
|
|
{% block content %}
|
|
<div class="row">
|
|
<br>
|
|
<h1>Config</h1>
|
|
<form method="POST">
|
|
<input name='nonce' type='hidden' value="{{ nonce }}">
|
|
|
|
<div class="row">
|
|
<label for="start">Start Date:</label>
|
|
<input id='start' name='start' type='text' placeholder="Start Date (UTC timestamp)" {% if start is defined and start != None %}value="{{ start }}"{% endif %}>
|
|
</div>
|
|
|
|
<div class="row">
|
|
<label for="end">End Date:</label>
|
|
<input id='end' name='end' type='text' placeholder="End Date (UTC timestamp)" {% if end is defined and end != None %}value="{{ end }}"{% endif %}>
|
|
</div>
|
|
|
|
<div class="row">
|
|
<input id="view_challenges_unregistered" name="view_challenges_unregistered" type="checkbox" {% if view_challenges_unregistered %}checked{% endif %}>
|
|
<label for="view_challenges_unregistered">Unregistered users can view challenges</label>
|
|
</div>
|
|
|
|
<button class="radius" type='submit'>Submit</button>
|
|
</form>
|
|
</div>
|
|
{% endblock %}
|
|
|
|
{% block scripts %}
|
|
{% endblock %}
|