mirror of
https://github.com/aljazceru/CTFd.git
synced 2025-12-17 05:54:19 +01:00
c8031b38c2
* Fix user and admin panel user/team graphs * Closes #682 * Unify login and logout under specific functions * Closes #659 * Rename Challenges.hidden to Challenges.state * Start to clean up API and front end integration starting with profile updating * Slightly cleaner code * Clean API to respond with success, data, and status codes * Simpler COUNTRIES_LIST and update profile to use COUNTRIES_LIST * Lookup country code in users page. Update front end calls to get API data properly * Fix some API endpoints and fix JS to process new responses * Update config.py to support new values * Closes #635 * Update some code to handle user types, add email domain whitelisting * Write a logging wrapper * Use logging wrapper for submissions * Close #656 * Break up config.html to make it easier to maintain * Fix logging, domain_whitelist, and config * Improving views.py, starting to add Announcements * Starting announcements front end * Make it easier to see large images, clean up some more REST API differences * Closes #668 * Update Proxyfix config to REVERSE_PROXY * Add announcements front end * Move creation/edit modals into seperate files. Start moving user updating into their admin profile pages. * Update font-awesome to 5.4.1 * Switch to user-edit icon * Update the update_check function to send up more anonymous data for statistics purposes. * Start work on #640 * Add the user action modals and update API to fix responses * Fix admin teams page * Add challenge requirements * Implement anonymous locked challenges * Team editting from admin panel * Switch from simple cache to filesystem cache * Implements a Cache backed server side session (#658) and fixes Users editting endpoint * Add our messaging for docs * Closes #700 * Remove invalid import * Move challenge enditting around a whole lot and probably break a bunch of things * Show challenge names in prerequisites instead of challenge IDs * Closes #661 * Change user templates to use url_for * Remove extra function * Rewrite admin panel to use url_for * Fix events to work under subdirectories * Start cleaning up config panel * Fix filesystem uploader; deprecate view_challenges_unregistered, view_scoreboard_if_authed, prevent_registration, view_after_ctf; implement new visibility decorators * Remove workshop mode, fix some glitches with the new visibility settings * Fix ctf_logo on core theme * Fix setup errors * Removing default from get_config b/c of memoization issues and getting some tests working * Relax email regex validation rule (#693) * Update to pycodestyle and fix new lint errors * Add a ctf_id to update_check * Change challenge plugin layout. Rename mailgun configs to be more descriptive (Closes #702) * Detect if people try to set routes with '/' to simplify #690 * Closes #690 * Clean up some code * Clean up challenge submit to rate limit * Fix js version compatability issue * Close some TODOs * Hide challenges if not authenticated * Make set_config reset the cache for those config values * Return 404 on empty challenges for /api/v1/<challenge_id>/solves * Fix setting boolean configs * Properly change account config settings * Move datetimes to isoformat (Closes #703) * Remove all .isoformat() calls because it isn't UTC aware (ends in Z). Switch to isoformat function & filter * Make /v1/submissions endpoint work for admin submission creation * Make oauth_id unique for Users and Teams * Move challenge submission endpoint and implement mark solved. Fix some isoformat issues. * Only show team's missing challenges if in team mode * Adding support for Hints & Unlocks * Update challenge submission url * Fix encoding functions in Python3 * Fix hexencode in Python3 * Added functional tests for challenges API for non-admin users (#705) * Set hint default type to be standard * Fix some JS issues. Closes #704 * Implement session.regenerate on top of the CachingSessionInterface * Challenge challenge attempt responses from numbers to strings * Fix password updating for UserSchema * Remove leftover challenge submission code * Remove old migrations :(, resolve challenge requirements not loading correctly, move migration functions * Added functional tests for challenges/hints/admin API (#710) * Fix helpers and re-add JSONLite * Install MySQL 5.7 * Try more mysql * Update password for mysql * Fixing issuse in Users.get_solves * Add new import/export code * Switch to CTFdSerializer for Python 3 * Re-implement import exports and add a very flaky test * Redesign submissions API response * Get export to roundtrip in tests * Int score b/c Decimal is not JSON serializeable * Remove unused route methods * Fix POST /api/v1/configs and start adding admin tests * Add user_id and team_id to top/10 * Fix admin creating Teams * Fix Team website validation * Change admins_only to reply with a 403 if the request is JSON * Organize admin tests and fix authed_only to return 403 on unauthed * Adding check_account_visibility, check_score_visibility for /api/v1/teams/<team_id>/(solves|awards|fails) * Fix teams/me endpoints again * Fix users/me endpoints to return 403 if unauthed * Fix Python 3 config API * Add fetch and promise polyfills. (#712) * Add exec to docker-entrypoint.sh (#713) * Display import_ctf Exceptions via repr (#651) - Wraps exceptions on `/admin/import` returned to users in a `repr()`, making debugging easier. * Add error messages to the admin panel, fix schemas for users, start working on UI for imports/exports * Make unauthed challenge submission attempt return 403 instead of 302, Fix user deletion, fix associated tests, remove TODOs * Remove old means of creating solves * Remove most of the content from teams.js and users.js * Remove extra code from /challenges.js * Fix POST'ing & PATCH'ing pages * Make (users|teams)/fails return only count to users. Fix public score graphs to factor in awards * Fix admin side scoregraphs. Fix Awardschemas for admins * Add requirements to db migration * Adding some team decorators * Fix require_team_mode decorator * Make verified emails decorator return 403 on JSON requests * Redo initial revision * Add SQLiteJSON back * Adding ratelimit to /redirect and removing POST from /oauth * Fix PATCH tags * Actually fix PATCH tags * Simplify 500.html * Added tests for challenges, awards, files, flags, hints ... (#723) * Added tests for challenges, awards, files, flags, hints, notifications, pages, submissions, tags * Fix user data validation functions, Fix hidden challenges and include test * Add a locked state to attempt * OAuth teams get verified, use logging functions in redirect route * Removing extra print call * Update requirements.txt * Fix possible AttributeError * Start work on #716 * Closes #717 * Fix issue patching teams * Rename .j2 to .html, implement preview for challenges if admin * Move admin/challenge.html to admin/challenges/challenge.html * Remove old modals * Add Reset CTF button (#639) * Add Reset link to config.html * Delete Tracking * files handler should return a 404 on files it cant find * Denote official teams (#729), make scoregraph fill to zero * Remove old javascript files, make some challenge elements refresh by reloading * Fix team editting modals to work more reliably * Fix rendering of CTF paused * Remove hide_scores funtion and roll it into scores visibility * Log to stdout/stderr by default (#719) * Fix user searching * Remove searching for users/teams by country * Add badges to admin team and user pages, implement user banning (#643) * Remove shell.py, clean up admin team.html, add tests for banned users, teams * Start cleaning up dynamic_challenges to meet new challenge type plugin format * Remove POST method from teams.public * Add credentials: 'same-origin' to all fetch calls (#734) * Add challenge preview, add challenge deletion, fix file deletions when deleting challenges * Fix imports UI (#735) * Show prerequisites before adding a blank one (#738), Refresh all challenges after a submission (#739) * Admins can see hidden challenges * Fix some UI elements, fix loading location hash, set version to be 2.0.0 * Clean up some challenge plugin pages * Add default for flag type * Fix Python3 bytes/str issues * Add in MLC urls and support user mode for oauth * Fix seeing user graphs when scores are hidden, clean up setup.html, add links to MLC oauth * Add state parameter support * Use URLSafeTimedSerializer wrapper for sending token based emails * setting APPLICATION_ROOT from env var (#732) * Rearrange config.py and update README * Updating README
543 lines
17 KiB
Python
543 lines
17 KiB
Python
#!/usr/bin/env python
|
|
# -*- coding: utf-8 -*-
|
|
|
|
from CTFd.models import Teams, Solves, Fails, Challenges
|
|
from CTFd.utils import get_config, set_config
|
|
from tests.helpers import *
|
|
from freezegun import freeze_time
|
|
from mock import patch
|
|
import json
|
|
|
|
|
|
def test_user_get_challenges():
|
|
"""
|
|
Can a registered user load /challenges
|
|
"""
|
|
app = create_ctfd()
|
|
with app.app_context():
|
|
register_user(app)
|
|
client = login_as_user(app)
|
|
r = client.get('/challenges')
|
|
assert r.status_code == 200
|
|
destroy_ctfd(app)
|
|
|
|
|
|
def test_user_get_chals():
|
|
"""
|
|
Can a registered user load /chals
|
|
"""
|
|
app = create_ctfd()
|
|
with app.app_context():
|
|
register_user(app)
|
|
client = login_as_user(app)
|
|
r = client.get('/api/v1/challenges')
|
|
assert r.status_code == 200
|
|
destroy_ctfd(app)
|
|
|
|
|
|
def test_viewing_challenges():
|
|
"""
|
|
Test that users can see added challenges
|
|
"""
|
|
app = create_ctfd()
|
|
with app.app_context():
|
|
register_user(app)
|
|
client = login_as_user(app)
|
|
gen_challenge(app.db)
|
|
r = client.get('/api/v1/challenges')
|
|
chals = r.get_json()['data']
|
|
assert len(chals) == 1
|
|
destroy_ctfd(app)
|
|
|
|
|
|
def test_viewing_challenge():
|
|
"""Test that users can see individual challenges"""
|
|
app = create_ctfd()
|
|
with app.app_context():
|
|
register_user(app)
|
|
client = login_as_user(app)
|
|
gen_challenge(app.db)
|
|
r = client.get('/api/v1/challenges/1')
|
|
assert r.get_json()
|
|
destroy_ctfd(app)
|
|
|
|
|
|
# def test_chals_solves():
|
|
# """Test that the /chals/solves endpoint works properly"""
|
|
# app = create_ctfd()
|
|
# with app.app_context():
|
|
# # Generate 5 users
|
|
# for c in range(1, 6):
|
|
# name = "user{}".format(c)
|
|
# email = "user{}@ctfd.io".format(c)
|
|
# register_user(app, name=name, email=email, password="password")
|
|
#
|
|
# # Generate 5 challenges
|
|
# for c in range(6):
|
|
# chal1 = gen_challenge(app.db, value=100)
|
|
#
|
|
# user_ids = list(range(2, 7))
|
|
# chal_ids = list(range(1, 6))
|
|
# for u in user_ids:
|
|
# for c in chal_ids:
|
|
# gen_solve(app.db, teamid=u, chalid=c)
|
|
# chal_ids.pop()
|
|
#
|
|
# client = login_as_user(app, name="user1")
|
|
#
|
|
# with client.session_transaction() as sess:
|
|
# r = client.get('/chals/solves')
|
|
# output = r.get_data(as_text=True)
|
|
# saved = json.loads('''{
|
|
# "1": 5,
|
|
# "2": 4,
|
|
# "3": 3,
|
|
# "4": 2,
|
|
# "5": 1,
|
|
# "6": 0
|
|
# }
|
|
# ''')
|
|
# received = json.loads(output)
|
|
# assert saved == received
|
|
# set_config('hide_scores', True)
|
|
# with client.session_transaction() as sess:
|
|
# r = client.get('/chals/solves')
|
|
# output = r.get_data(as_text=True)
|
|
# saved = json.loads('''{
|
|
# "1": -1,
|
|
# "2": -1,
|
|
# "3": -1,
|
|
# "4": -1,
|
|
# "5": -1,
|
|
# "6": -1
|
|
# }
|
|
# ''')
|
|
# received = json.loads(output)
|
|
# assert saved == received
|
|
# destroy_ctfd(app)
|
|
|
|
|
|
def test_submitting_correct_flag():
|
|
"""Test that correct flags are correct"""
|
|
app = create_ctfd()
|
|
with app.app_context():
|
|
register_user(app)
|
|
client = login_as_user(app)
|
|
chal = gen_challenge(app.db)
|
|
flag = gen_flag(app.db, challenge_id=chal.id, content='flag')
|
|
data = {
|
|
"submission": 'flag',
|
|
"challenge_id": chal.id,
|
|
}
|
|
r = client.post('/api/v1/challenges/attempt', json=data)
|
|
assert r.status_code == 200
|
|
resp = r.get_json()['data']
|
|
assert resp.get('status') == "correct"
|
|
assert resp.get('message') == "Correct"
|
|
destroy_ctfd(app)
|
|
|
|
|
|
def test_submitting_correct_static_case_insensitive_flag():
|
|
"""Test that correct static flags are correct if the static flag is marked case_insensitive"""
|
|
app = create_ctfd()
|
|
with app.app_context():
|
|
register_user(app)
|
|
client = login_as_user(app)
|
|
chal = gen_challenge(app.db)
|
|
flag = gen_flag(app.db, challenge_id=chal.id, content='flag', data="case_insensitive")
|
|
data = {
|
|
"submission": 'FLAG',
|
|
"challenge_id": chal.id,
|
|
}
|
|
r = client.post('/api/v1/challenges/attempt', json=data)
|
|
assert r.status_code == 200
|
|
resp = r.get_json()['data']
|
|
assert resp.get('status') == "correct"
|
|
assert resp.get('message') == "Correct"
|
|
destroy_ctfd(app)
|
|
|
|
|
|
def test_submitting_correct_regex_case_insensitive_flag():
|
|
"""Test that correct regex flags are correct if the regex flag is marked case_insensitive"""
|
|
app = create_ctfd()
|
|
with app.app_context():
|
|
register_user(app)
|
|
client = login_as_user(app)
|
|
chal = gen_challenge(app.db)
|
|
flag = gen_flag(app.db, challenge_id=chal.id, type='regex', content='flag', data="case_insensitive")
|
|
data = {
|
|
"submission": 'FLAG',
|
|
"challenge_id": chal.id,
|
|
}
|
|
r = client.post('/api/v1/challenges/attempt', json=data)
|
|
assert r.status_code == 200
|
|
resp = r.get_json()['data']
|
|
assert resp.get('status') == "correct"
|
|
assert resp.get('message') == "Correct"
|
|
destroy_ctfd(app)
|
|
|
|
|
|
def test_submitting_incorrect_flag():
|
|
"""Test that incorrect flags are incorrect"""
|
|
app = create_ctfd()
|
|
with app.app_context():
|
|
register_user(app)
|
|
client = login_as_user(app)
|
|
chal = gen_challenge(app.db)
|
|
flag = gen_flag(app.db, challenge_id=chal.id, content='flag')
|
|
data = {
|
|
"submission": 'notflag',
|
|
"challenge_id": chal.id,
|
|
}
|
|
r = client.post('/api/v1/challenges/attempt', json=data)
|
|
assert r.status_code == 200
|
|
resp = r.get_json()['data']
|
|
assert resp.get('status') == "incorrect"
|
|
assert resp.get('message') == "Incorrect"
|
|
destroy_ctfd(app)
|
|
|
|
|
|
def test_submitting_unicode_flag():
|
|
"""Test that users can submit a unicode flag"""
|
|
app = create_ctfd()
|
|
with app.app_context():
|
|
register_user(app)
|
|
client = login_as_user(app)
|
|
chal = gen_challenge(app.db)
|
|
flag = gen_flag(app.db, challenge_id=chal.id, content=u'你好')
|
|
with client.session_transaction() as sess:
|
|
data = {
|
|
"submission": '你好',
|
|
"challenge_id": chal.id,
|
|
}
|
|
r = client.post('/api/v1/challenges/attempt'.format(chal.id), json=data)
|
|
assert r.status_code == 200
|
|
resp = r.get_json()['data']
|
|
assert resp.get('status') == "correct"
|
|
assert resp.get('message') == "Correct"
|
|
destroy_ctfd(app)
|
|
|
|
|
|
def test_challenges_with_max_attempts():
|
|
"""Test that users are locked out of a challenge after they reach max_attempts"""
|
|
app = create_ctfd()
|
|
with app.app_context():
|
|
register_user(app)
|
|
client = login_as_user(app)
|
|
chal = gen_challenge(app.db)
|
|
chal = Challenges.query.filter_by(id=chal.id).first()
|
|
chal_id = chal.id
|
|
chal.max_attempts = 3
|
|
app.db.session.commit()
|
|
|
|
flag = gen_flag(app.db, challenge_id=chal.id, content=u'flag')
|
|
for x in range(3):
|
|
data = {
|
|
"submission": 'notflag',
|
|
"challenge_id": chal_id,
|
|
}
|
|
r = client.post('/api/v1/challenges/attempt'.format(chal_id), json=data)
|
|
|
|
wrong_keys = Fails.query.count()
|
|
assert wrong_keys == 3
|
|
|
|
data = {
|
|
"submission": 'flag',
|
|
"challenge_id": chal_id,
|
|
}
|
|
r = client.post('/api/v1/challenges/attempt', json=data)
|
|
assert r.status_code == 403
|
|
|
|
resp = r.get_json()['data']
|
|
assert resp.get('status') == "incorrect"
|
|
assert resp.get('message') == "You have 0 tries remaining"
|
|
|
|
solves = Solves.query.count()
|
|
assert solves == 0
|
|
destroy_ctfd(app)
|
|
|
|
|
|
def test_challenge_kpm_limit():
|
|
"""Test that users are properly ratelimited when submitting flags"""
|
|
app = create_ctfd()
|
|
with app.app_context():
|
|
register_user(app)
|
|
client = login_as_user(app)
|
|
chal = gen_challenge(app.db)
|
|
chal_id = chal.id
|
|
|
|
flag = gen_flag(app.db, challenge_id=chal.id, content=u'flag')
|
|
for x in range(11):
|
|
with client.session_transaction() as sess:
|
|
data = {
|
|
"submission": 'notflag',
|
|
"challenge_id": chal_id,
|
|
}
|
|
r = client.post('/api/v1/challenges/attempt', json=data)
|
|
|
|
wrong_keys = Fails.query.count()
|
|
assert wrong_keys == 11
|
|
|
|
data = {
|
|
"submission": 'flag',
|
|
"challenge_id": chal_id,
|
|
}
|
|
r = client.post('/api/v1/challenges/attempt', json=data)
|
|
assert r.status_code == 429
|
|
|
|
wrong_keys = Fails.query.count()
|
|
assert wrong_keys == 12
|
|
|
|
resp = r.get_json()['data']
|
|
assert resp.get('status') == "ratelimited"
|
|
assert resp.get('message') == "You're submitting flags too fast. Slow down."
|
|
|
|
solves = Solves.query.count()
|
|
assert solves == 0
|
|
destroy_ctfd(app)
|
|
|
|
|
|
# def test_submitting_flags_with_large_ips():
|
|
# """Test that users with high octect IP addresses can submit flags"""
|
|
# app = create_ctfd()
|
|
# with app.app_context():
|
|
# register_user(app)
|
|
# client = login_as_user(app)
|
|
#
|
|
# # SQLite doesn't support BigInteger well so we can't test it properly
|
|
# ip_addresses = ['172.18.0.1', '255.255.255.255', '2001:0db8:85a3:0000:0000:8a2e:0370:7334']
|
|
# for ip_address in ip_addresses:
|
|
# # Monkeypatch get_ip
|
|
# def get_ip_fake(req=None):
|
|
# return ip_address
|
|
# utils.get_ip = get_ip_fake
|
|
#
|
|
# # Generate challenge and flag
|
|
# chal = gen_challenge(app.db)
|
|
# chal_id = chal.id
|
|
# flag = gen_flag(app.db, chal=chal.id, flag=u'correct_key')
|
|
#
|
|
# # Submit wrong_key
|
|
# with client.session_transaction() as sess:
|
|
# data = {
|
|
# "key": 'wrong_key',
|
|
# "nonce": sess.get('nonce')
|
|
# }
|
|
# r = client.post('/api/v1/challenges/attempt'.format(chal_id), json=data)
|
|
# assert r.status_code == 200
|
|
# resp = json.loads(r.data.decode('utf8'))
|
|
# assert resp.get('status') == 0 and resp.get('message') == "Incorrect"
|
|
# assert Fails.query.filter_by(ip=ip_address).first()
|
|
#
|
|
# # Submit correct key
|
|
# with client.session_transaction() as sess:
|
|
# data = {
|
|
# "key": 'correct_key',
|
|
# "nonce": sess.get('nonce')
|
|
# }
|
|
# r = client.post('/api/v1/challenges/attempt'.format(chal_id), json=data)
|
|
# assert r.status_code == 200
|
|
# resp = json.loads(r.data.decode('utf8'))
|
|
# assert resp.get('status') == 1 and resp.get('message') == "Correct"
|
|
# assert Solves.query.filter_by(ip=ip_address).first()
|
|
# destroy_ctfd(app)
|
|
|
|
|
|
def test_that_view_challenges_unregistered_works():
|
|
'''Test that view_challenges_unregistered works'''
|
|
app = create_ctfd()
|
|
with app.app_context():
|
|
chal = gen_challenge(app.db, name=text_type('🐺'))
|
|
chal_id = chal.id
|
|
hint = gen_hint(app.db, chal_id)
|
|
|
|
client = app.test_client()
|
|
r = client.get('/api/v1/challenges', json='')
|
|
assert r.status_code == 403
|
|
r = client.get('/api/v1/challenges')
|
|
assert r.status_code == 302
|
|
|
|
set_config('challenge_visibility', 'public')
|
|
|
|
client = app.test_client()
|
|
r = client.get('/api/v1/challenges')
|
|
assert r.get_json()['data']
|
|
|
|
# r = client.get('/chals/solves')
|
|
# data = r.get_data(as_text=True)
|
|
# assert json.loads(data) == json.loads('''{
|
|
# "1": 0
|
|
# }
|
|
# ''')
|
|
|
|
r = client.get('/api/v1/challenges/1/solves')
|
|
assert r.get_json().get('data') is not None
|
|
|
|
data = {
|
|
"submission": 'not_flag',
|
|
"challenge_id": chal_id
|
|
}
|
|
r = client.post('/api/v1/challenges/attempt'.format(chal_id), json=data)
|
|
assert r.status_code == 403
|
|
resp = r.get_json().get('data') is None
|
|
destroy_ctfd(app)
|
|
|
|
|
|
def test_hidden_challenge_is_unreachable():
|
|
"""Test that hidden challenges return 404 and do not insert a solve or wrong key"""
|
|
app = create_ctfd()
|
|
with app.app_context():
|
|
register_user(app)
|
|
client = login_as_user(app)
|
|
chal = gen_challenge(app.db, state='hidden')
|
|
flag = gen_flag(app.db, challenge_id=chal.id, content='flag')
|
|
chal_id = chal.id
|
|
|
|
assert Challenges.query.count() == 1
|
|
|
|
r = client.get('/api/v1/challenges', json='')
|
|
data = r.get_json().get('data')
|
|
assert data == []
|
|
|
|
r = client.get('/api/v1/challenges/1', json='')
|
|
assert r.status_code == 404
|
|
data = r.get_json().get('data')
|
|
assert data is None
|
|
|
|
data = {
|
|
"submission": 'flag',
|
|
"challenge_id": chal_id
|
|
}
|
|
|
|
r = client.post('/api/v1/challenges/attempt', json=data)
|
|
assert r.status_code == 404
|
|
|
|
r = client.post('/api/v1/challenges/attempt?preview=true', json=data)
|
|
assert r.status_code == 404
|
|
assert r.get_json().get('data') is None
|
|
|
|
solves = Solves.query.count()
|
|
assert solves == 0
|
|
|
|
wrong_keys = Fails.query.count()
|
|
assert wrong_keys == 0
|
|
destroy_ctfd(app)
|
|
|
|
|
|
def test_hidden_challenge_is_unsolveable():
|
|
"""Test that hidden challenges return 404 and do not insert a solve or wrong key"""
|
|
app = create_ctfd()
|
|
with app.app_context():
|
|
register_user(app)
|
|
client = login_as_user(app)
|
|
chal = gen_challenge(app.db, state='hidden')
|
|
flag = gen_flag(app.db, challenge_id=chal.id, content='flag')
|
|
|
|
data = {
|
|
"submission": 'flag',
|
|
"challenge_id": chal.id
|
|
}
|
|
|
|
r = client.post('/api/v1/challenges/attempt', json=data)
|
|
assert r.status_code == 404
|
|
|
|
solves = Solves.query.count()
|
|
assert solves == 0
|
|
|
|
wrong_keys = Fails.query.count()
|
|
assert wrong_keys == 0
|
|
destroy_ctfd(app)
|
|
|
|
|
|
def test_challenges_cannot_be_solved_while_paused():
|
|
"""Test that challenges cannot be solved when the CTF is paused"""
|
|
app = create_ctfd()
|
|
with app.app_context():
|
|
set_config('paused', True)
|
|
|
|
register_user(app)
|
|
client = login_as_user(app)
|
|
|
|
r = client.get('/challenges')
|
|
assert r.status_code == 200
|
|
|
|
# Assert that there is a paused message
|
|
data = r.get_data(as_text=True)
|
|
assert 'paused' in data
|
|
|
|
chal = gen_challenge(app.db)
|
|
flag = gen_flag(app.db, challenge_id=chal.id, content='flag')
|
|
|
|
data = {
|
|
"submission": 'flag',
|
|
"challenge_id": chal.id
|
|
}
|
|
r = client.post('/api/v1/challenges/attempt', json=data)
|
|
|
|
# Assert that the JSON message is correct
|
|
resp = r.get_json()['data']
|
|
assert r.status_code == 403
|
|
assert resp['status'] == 'paused'
|
|
assert resp['message'] == 'CTFd is paused'
|
|
|
|
# There are no solves saved
|
|
solves = Solves.query.count()
|
|
assert solves == 0
|
|
|
|
# There are no wrong keys saved
|
|
wrong_keys = Fails.query.count()
|
|
assert wrong_keys == 0
|
|
destroy_ctfd(app)
|
|
|
|
|
|
# def test_challenge_solves_can_be_seen():
|
|
# """Test that the /solves endpoint works properly for users"""
|
|
# app = create_ctfd()
|
|
# with app.app_context():
|
|
# register_user(app)
|
|
#
|
|
# with app.test_client() as client:
|
|
# r = client.get('/solves')
|
|
# assert r.location.startswith("http://localhost/login?next=")
|
|
# assert r.status_code == 302
|
|
#
|
|
# client = login_as_user(app)
|
|
#
|
|
# r = client.get('/solves')
|
|
# data = r.get_data(as_text=True)
|
|
# data = json.loads(data)
|
|
#
|
|
# assert len(data['solves']) == 0
|
|
#
|
|
# chal = gen_challenge(app.db)
|
|
# chal_id = chal.id
|
|
# flag = gen_flag(app.db, chal=chal_id, flag='flag')
|
|
# with client.session_transaction() as sess:
|
|
# data = {
|
|
# "key": 'flag',
|
|
# "nonce": sess.get('nonce')
|
|
# }
|
|
# r = client.post('/api/v1/challenges/attempt'.format(chal_id), json=data)
|
|
#
|
|
# data = r.get_data(as_text=True)
|
|
# data = json.loads(data)
|
|
#
|
|
# r = client.get('/solves')
|
|
# data = r.get_data(as_text=True)
|
|
# data = json.loads(data)
|
|
#
|
|
# assert len(data['solves']) > 0
|
|
#
|
|
# team = Teams.query.filter_by(id=2).first()
|
|
# team.banned = True
|
|
# db.session.commit()
|
|
#
|
|
# r = client.get('/solves')
|
|
# data = r.get_data(as_text=True)
|
|
# data = json.loads(data)
|
|
#
|
|
# team = Teams.query.filter_by(id=2).first()
|
|
# assert team.banned
|
|
# assert len(data['solves']) > 0
|
|
# destroy_ctfd(app)
|