aljaz/CTFd
1
0
Fork 0
mirror of https://github.com/aljazceru/CTFd.git synced 2025-12-17 22:14:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
ae29dca881a0b1365be1e7ba639d8b36cac30ebc
CTFd/tests/api/v1/test_topics.py
Kevin Chung 27d862ab29 Challenge Topics (#1966) 
* Closes #1897 
* Adds Topics to Challenges where Topics are admin-only visible tags about challenges
* Adds `/api/v1/topics` and `/api/v1/challenges/[challenge_id]/topics` to API 
* Challenge comments have been moved into a modal
2021-07-30 00:03:16 -04:00

133 lines
4.4 KiB
Python
Raw Blame History

#!/usr/bin/env python
# -*- coding: utf-8 -*-
from tests.helpers import (
create_ctfd,
destroy_ctfd,
gen_challenge,
gen_topic,
login_as_user,
register_user,
)
def test_api_topics_non_admin():
"""Can a user interact with /api/v1/topics if not admin"""
app = create_ctfd()
with app.app_context():
gen_challenge(app.db)
gen_topic(app.db, challenge_id=1)
with app.test_client() as client:
r = client.get("/api/v1/topics", json="")
assert r.status_code == 403
"""Can a user post /api/v1/topics if not admin"""
r = client.post("/api/v1/topics")
assert r.status_code == 403
"""Can a user delete /api/v1/topics if not admin"""
r = client.delete("/api/v1/topics")
assert r.status_code == 403
"""Can a user get /api/v1/topics/<topic_id> if not admin"""
r = client.get("/api/v1/topics/1", json="")
assert r.status_code == 403
"""Can a user delete /api/v1/topics/<topic_id> if not admin"""
r = client.delete("/api/v1/topics/1", json="")
assert r.status_code == 403
register_user(app)
with login_as_user(app) as client:
r = client.get("/api/v1/topics", json="")
assert r.status_code == 403
"""Can a user post /api/v1/topics if not admin"""
r = client.post("/api/v1/topics")
assert r.status_code == 403
"""Can a user delete /api/v1/topics if not admin"""
r = client.delete("/api/v1/topics")
assert r.status_code == 403
"""Can a user get /api/v1/topics/<topic_id> if not admin"""
r = client.get("/api/v1/topics/1", json="")
assert r.status_code == 403
"""Can a user delete /api/v1/topics/<topic_id> if not admin"""
r = client.delete("/api/v1/topics/1", json="")
assert r.status_code == 403
destroy_ctfd(app)
def test_api_topics_get_admin():
"""Can a user get /api/v1/topics if admin"""
app = create_ctfd()
with app.app_context():
gen_challenge(app.db)
gen_topic(app.db, challenge_id=1)
gen_topic(app.db, challenge_id=1, value="topic2")
with login_as_user(app, name="admin") as client:
r = client.get("/api/v1/topics")
assert r.status_code == 200
assert r.get_json() == {
"success": True,
"data": [{"id": 1, "value": "topic"}, {"id": 2, "value": "topic2"}],
}
destroy_ctfd(app)
def test_api_topics_post_admin():
"""Can a user post /api/v1/topics if admin"""
app = create_ctfd()
with app.app_context():
gen_challenge(app.db)
with login_as_user(app, name="admin") as client:
r = client.post(
"/api/v1/topics",
json={"value": "topic", "type": "challenge", "challenge_id": 1},
)
assert r.status_code == 200
print(r.get_json())
assert r.get_json() == {
"success": True,
"data": {
"challenge_id": 1,
"challenge": 1,
"topic": 1,
"id": 1,
"topic_id": 1,
},
}
destroy_ctfd(app)
def test_api_topics_delete_admin():
"""Can a user delete /api/v1/topics/<topic_id> if admin"""
app = create_ctfd()
with app.app_context():
gen_challenge(app.db)
gen_topic(app.db, challenge_id=1)
with login_as_user(app, "admin") as client:
r = client.delete("/api/v1/topics/1", json="")
assert r.status_code == 200
resp = r.get_json()
assert resp.get("data") is None
assert resp.get("success") is True
destroy_ctfd(app)
def test_api_topics_delete_target_admin():
"""Can a user delete /api/v1/topics if admin"""
app = create_ctfd()
with app.app_context():
gen_challenge(app.db)
gen_topic(app.db, challenge_id=1)
with login_as_user(app, "admin") as client:
r = client.delete("/api/v1/topics?type=challenge&target_id=1", json="")
assert r.status_code == 200
resp = r.get_json()
assert resp.get("data") is None
assert resp.get("success") is True
destroy_ctfd(app)
Reference in New Issue View Git Blame Copy Permalink