mirror of
https://github.com/aljazceru/CTFd.git
synced 2025-12-17 14:04:20 +01:00
8de9819bd4
# 3.3.0 / UNRELEASED
**General**
- Don't require a team for viewing challenges if Challenge visibility is set to public
- Add a `THEME_FALLBACK` config to help develop themes. See **Themes** section for details.
**API**
- Implement a faster `/api/v1/scoreboard` endpoint in Teams Mode
- Add the `solves` item to both `/api/v1/challenges` and `/api/v1/challenges/[challenge_id]` to more easily determine how many solves a challenge has
- Add the `solved_by_me` item to both `/api/v1/challenges` and `/api/v1/challenges/[challenge_id]` to more easily determine if the current account has solved the challenge
- Prevent admins from deleting themselves through `DELETE /api/v1/users/[user_id]`
- Add length checking to some sensitive fields in the Pages and Challenges schemas
- Fix issue where `PATCH /api/v1/users[user_id]` returned a list instead of a dict
- Fix exception that occured on demoting admins through `PATCH /api/v1/users[user_id]`
- Add `team_id` to `GET /api/v1/users` to determine if a user is already in a team
**Themes**
- Add a `THEME_FALLBACK` config to help develop themes.
- `THEME_FALLBACK` will configure CTFd to try to find missing theme files in the default built-in `core` theme.
- This makes it easier to develop themes or use incomplete themes.
- Allow for one theme to reference and inherit from another theme through approaches like `{% extends "core/page.html" %}`
- Allow for the automatic date rendering format to be overridden by specifying a `data-time-format` attribute.
- Add styling for the `<blockquote>` element.
- Fix scoreboard table identifier to switch between User/Team depending on configured user mode
- Switch to using Bootstrap's scss in `core/main.scss` to allow using Bootstrap variables
- Consolidate Jinja error handlers into a single function and better handle issues where error templates can't be found
**Plugins**
- Set plugin migration version after successful migrations
- Fix issue where Page URLs injected into the navbar were relative instead of absolute
**Admin Panel**
- Add User standings as well as Teams standings to the admin scoreboard when in Teams Mode
- Add a UI for adding members to a team from the team's admin page
- Add ability for admins to disable public team creation
- Link directly to users who submitted something in the submissions page if the CTF is in Teams Mode
- Fix Challenge Requirements interface in Admin Panel to not allow empty/null requirements to be added
- Fixed an issue where config times (start, end, freeze times) could not be removed
- Fix an exception that occurred when demoting an Admin user
- Adds a temporary hack for re-enabling Javascript snippets in Flag editor templates. (See #1779)
**Deployment**
- Install `python3-dev` instead of `python-dev` in apt
- Bump lxml to 4.6.2
- Bump pip-compile to 5.4.0
**Miscellaneous**
- Cache Docker builds more by copying and installing Python dependencies before copying CTFd
- Change the default emails slightly and rework confirmation email page to make some recommendations clearer
- Use `examplectf.com` as testing/development domain instead of `ctfd.io`
- Fixes issue where user's name and email would not appear in logs properly
- Add more linting by also linting with `flake8-comprehensions` and `flake8-bugbear`
102 lines
3.2 KiB
Python
102 lines
3.2 KiB
Python
#!/usr/bin/env python
|
|
# -*- coding: utf-8 -*-
|
|
|
|
from CTFd.models import Users
|
|
from CTFd.utils.crypto import verify_password
|
|
from tests.helpers import create_ctfd, destroy_ctfd, login_as_user, register_user
|
|
|
|
|
|
def test_user_set_profile():
|
|
"""Test that a user can set and remove their information in their profile"""
|
|
app = create_ctfd()
|
|
with app.app_context():
|
|
register_user(app)
|
|
client = login_as_user(app)
|
|
|
|
data = {
|
|
"name": "user",
|
|
"email": "user@examplectf.com",
|
|
"confirm": "",
|
|
"password": "",
|
|
"affiliation": "affiliation_test",
|
|
"website": "https://examplectf.com",
|
|
"country": "US",
|
|
}
|
|
|
|
r = client.patch("/api/v1/users/me", json=data)
|
|
assert r.status_code == 200
|
|
|
|
user = Users.query.filter_by(id=2).first()
|
|
assert user.affiliation == data["affiliation"]
|
|
assert user.website == data["website"]
|
|
assert user.country == data["country"]
|
|
|
|
r = client.get("/settings")
|
|
resp = r.get_data(as_text=True)
|
|
for _k, v in data.items():
|
|
assert v in resp
|
|
|
|
data = {
|
|
"name": "user",
|
|
"email": "user@examplectf.com",
|
|
"confirm": "",
|
|
"password": "",
|
|
"affiliation": "",
|
|
"website": "",
|
|
"country": "",
|
|
}
|
|
|
|
r = client.patch("/api/v1/users/me", json=data)
|
|
assert r.status_code == 200
|
|
|
|
user = Users.query.filter_by(id=2).first()
|
|
assert user.affiliation == data["affiliation"]
|
|
assert user.website == data["website"]
|
|
assert user.country == data["country"]
|
|
destroy_ctfd(app)
|
|
|
|
|
|
def test_user_can_change_password():
|
|
"""Test that a user can change their password and is prompted properly"""
|
|
app = create_ctfd()
|
|
with app.app_context():
|
|
register_user(app)
|
|
client = login_as_user(app)
|
|
|
|
data = {
|
|
"name": "user",
|
|
"email": "user@examplectf.com",
|
|
"confirm": "",
|
|
"password": "new_password",
|
|
"affiliation": "",
|
|
"website": "",
|
|
"country": "",
|
|
}
|
|
|
|
r = client.patch("/api/v1/users/me", json=data)
|
|
user = Users.query.filter_by(id=2).first()
|
|
assert verify_password(data["password"], user.password) is False
|
|
assert r.status_code == 400
|
|
assert r.get_json() == {
|
|
"errors": {"confirm": ["Please confirm your current password"]},
|
|
"success": False,
|
|
}
|
|
|
|
data["confirm"] = "wrong_password"
|
|
|
|
r = client.patch("/api/v1/users/me", json=data)
|
|
user = Users.query.filter_by(id=2).first()
|
|
assert verify_password(data["password"], user.password) is False
|
|
assert r.status_code == 400
|
|
assert r.get_json() == {
|
|
"errors": {"confirm": ["Your previous password is incorrect"]},
|
|
"success": False,
|
|
}
|
|
|
|
data["confirm"] = "password"
|
|
r = client.patch("/api/v1/users/me", json=data)
|
|
assert r.status_code == 200
|
|
user = Users.query.filter_by(id=2).first()
|
|
assert verify_password(data["password"], user.password) is True
|
|
destroy_ctfd(app)
|