CTFd/tests/admin/test_views.py

#!/usr/bin/env python
# -*- coding: utf-8 -*-

from tests.helpers import (
    create_ctfd,
    destroy_ctfd,
    register_user,
    login_as_user,
    gen_page,
    gen_challenge,
    gen_team,
)
from flask import Flask


def get_bp_urls(blueprint):
    temp_app = Flask(__name__)
    temp_app.register_blueprint(blueprint)
    return [str(p) for p in temp_app.url_map.iter_rules()]


def test_admin_access():
    """Can a user access admin pages?"""
    app = create_ctfd()
    with app.app_context():
        gen_page(app.db, title="title", route="/route", content="content")
        gen_challenge(app.db)
        gen_team(app.db)
        routes = [
            '/admin/challenges/new',
            '/admin/export/csv',
            # '/admin/pages/preview',
            '/admin/pages/new',
            '/admin/teams/new',
            '/admin/users/new',
            '/admin/notifications',
            '/admin/challenges',
            '/admin/scoreboard',
            '/admin/statistics',
            '/admin/export',
            '/admin/config',
            '/admin/pages',
            '/admin/teams',
            '/admin/users',
            '/admin',
            '/admin/submissions/correct',
            '/admin/submissions/incorrect',
            '/admin/submissions',
            '/admin/challenges/1',
            # '/admin/plugins/<plugin>',
            '/admin/pages/1',
            '/admin/teams/1',
            '/admin/users/1',
        ]
        register_user(app)
        client = login_as_user(app)

        for route in routes:
            r = client.get(route)
            assert r.status_code == 302
            assert r.location.startswith('http://localhost/login')

        admin = login_as_user(app, name="admin")
        routes.remove('/admin')
        routes.remove('/admin/export/csv')
        routes.remove('/admin/export')
        for route in routes:
            r = admin.get(route)
            assert r.status_code == 200
    destroy_ctfd(app)


def test_get_admin_as_user():
    app = create_ctfd()
    with app.app_context():
        register_user(app)
        client = login_as_user(app)
        r = client.get('/admin')
        assert r.status_code == 302
        assert r.location.startswith('http://localhost/login')
    destroy_ctfd(app)