mirror of
https://github.com/aljazceru/CTFd.git
synced 2025-12-17 22:14:25 +01:00
1725e632cf
# 3.0.0a2 / 2020-07-09 **General** * Accept additional profile fields during registration (affiliation, website, country) * This does not add additional inputs. Themes or additional JavaScript can add the form inputs. **Admin Panel** * Redesign the challenge creation form to use a radio button with challenge type selection instead of a select input **API** * Admins can no longer ban themselves through `PATCH /api/v1/users/[user_id]` **Themes** * Spinner centering has been switched from a hard coded margin in CSS to flexbox CSS classes from Bootstrap **Plugins** * Revert plugin menu (`register_admin_plugin_menu_bar`, `register_user_page_menu_bar`) changes to 2.x code **Miscellaneous** * Fix issue with `Configs.ctf_name` returning incorrect value * Add prerender step back into challenges.js * Better handling of missing challenge types. Missing challenge types no longer bring down all other challenges.
18 lines
612 B
Python
18 lines
612 B
Python
#!/usr/bin/env python
|
|
# -*- coding: utf-8 -*-
|
|
|
|
from tests.helpers import create_ctfd, destroy_ctfd, login_as_user
|
|
|
|
|
|
def test_api_self_ban():
|
|
"""PATCH /api/v1/users/<user_id> should not allow a user to ban themselves"""
|
|
app = create_ctfd()
|
|
with app.app_context():
|
|
with login_as_user(app, name="admin") as client:
|
|
r = client.patch("/api/v1/users/1", json={"banned": True})
|
|
resp = r.get_json()
|
|
assert r.status_code == 400
|
|
assert resp["success"] == False
|
|
assert resp["errors"] == {"id": "You cannot ban yourself"}
|
|
destroy_ctfd(app)
|