Beispiel #1
0
 def resolve_challenge(self, info, **kwargs):
     validate_user_is_authenticated(info.context.user)
     if validate_user_is_staff(info.context.user):
         return Challenge.objects.get(pk=kwargs.get('id'))
     else:
         validate_active_event()
         return Challenge.objects.get(pk=kwargs.get('id'), hidden=False)
Beispiel #2
0
 def resolve_challenges(self, info, **kwargs):
     validate_user_is_authenticated(info.context.user)
     if validate_user_is_staff(info.context.user):
         return Challenge.objects.all().order_by('points')
     else:
         return Challenge.objects.filter(category__hidden=False,
                                         hidden=False).order_by('points')
Beispiel #3
0
    def mutate(self, info, challenge, flag):
        validate_user_is_authenticated(info.context.user)

        # If user is not staff validate there is an active event.
        if not validate_user_is_staff(info.context.user):
            validate_active_event()
        
        try:
            team = Profile.objects.get(user=info.context.user).team
        except:
            raise Exception('You must be on a team to submit flags')

        try:
            challenge = Challenge.objects.get(pk=challenge)
        except:
            raise Exception('Challenge not found')

        # Check if challenge has been solved by the team 
        if team.solved.filter(challenge=challenge):
            raise Exception('Challenge already solved!')

        solved = False
        if challenge.flag.hashed:
            if challenge.flag.value == hashlib.sha256(flag.encode('utf-8')).hexdigest():
                solved = True
        else:
            if challenge.flag.value == flag:
                solved = True

        if solved:
            solve = SolvedChallenge(team=team, user=info.context.user, challenge=challenge)
            solve.save()

            '''
            Flag tracker
            '''
            # print(info.context.META.get('HTTP_X_FORWARDED_FOR'), info.context.META.get('HTTP_X_REAL_IP'), info.context.META.get('HTTP_USER_AGENT'))
            try:
                flagtracker = FlagTracker(solve=solve, address=info.context.META.get('HTTP_X_REAL_IP'), agent=info.context.META.get('HTTP_USER_AGENT'))
                flagtracker.save()
            except:
                pass

            code=1
        else:
            fail = Failure(team=team, user=info.context.user, challenge=challenge)
            fail.save()
            code=0

        # if code == 1:
        #     try:
        #         # Send signal to scoreboard
        #         channel_layer = channels.layers.get_channel_layer()
        #         async_to_sync(channel_layer.group_send)("scoreboard", {"type": "scoreboard.update", "team": team.name, "points": team.points, "added": get_challenge.points, "time": solve.timestamp.strftime("%I:%M:%S")} )
        #     except:
        #         pass

        return SubmitFlag(code=code)
Beispiel #4
0
 def resolve_user(self, info, id=None):
     validate_user_is_admin(info.context.user)
     if validate_user_is_staff(info.context.user):
         if id:
             return User.objects.get(id=id)
         else:
             raise Exception('No user ID was provided')
     else:
         raise Exception('Not authorized to view query users')
Beispiel #5
0
 def resolve_categories(self, info, first=None, skip=None, **kwargs):
     validate_user_is_authenticated(info.context.user)
     if validate_user_is_staff(info.context.user):
         categories = Category.objects.all()
         if skip is not None:
             categories = categories[skip:]
         if first is not None:
             categories = categories[:first]
         return categories
     else:
         validate_active_event()
         return Category.objects.filter(hidden=False)
Beispiel #6
0
 def resolve_challenges(self, info, first=None, skip=None, **kwargs):
     validate_user_is_authenticated(info.context.user)
     if validate_user_is_staff(info.context.user):
         challenges = Challenge.objects.all().order_by('name')
         if skip is not None : 
             challenges = challenges[skip:]
         if first is not None: 
             challenges = challenges[:first]
         return challenges
     else:
         validate_active_event()
         return Challenge.objects.filter(category__hidden=False, hidden=False).order_by('points')
Beispiel #7
0
    def resolve_team_name(self, info, **kwargs):
        validate_user_is_authenticated(info.context.user)

        if validate_user_is_staff(info.context.user):
            return Team.objects.get(name__iexact=kwargs.get('name'))
        else:
            if Event.objects.first() and Event.objects.first().private is True:
                team = Team.objects.get(name__iexact=kwargs.get('name'))
                if info.context.user.profile.team == team:
                    return team
                else:
                    raise Exception(
                        "This event is being run in privacy mode. You are not allowed to query teams. If you are querying for your team please use the team query"
                    )
            else:
                return Team.objects.get(name__iexact=kwargs.get('name'))
Beispiel #8
0
    def resolve_searchteam(self, info, **kwargs):
        validate_user_is_authenticated(info.context.user)
        if validate_user_is_staff(info.context.user):
            return Team.objects.filter(
                Q(name__contains=kwargs.get('query'))
                | Q(affiliation__contains=kwargs.get('query'))
                | Q(website__contains=kwargs.get('query')))
        else:
            if Event.objects.first() and Event.objects.first().private is True:
                raise Exception(
                    "This event is being run in privacy mode. You are not allowed to search teams."
                )

            return Team.objects.filter(hidden=False).filter(
                Q(name__contains=kwargs.get('query'))
                | Q(affiliation__contains=kwargs.get('query'))
                | Q(website__contains=kwargs.get('query')))
Beispiel #9
0
    def resolve_failures(self, info, first=None, skip=None, **kwargs):
        validate_user_is_authenticated(info.context.user)
        if validate_user_is_staff(info.context.user):
            failures = Failure.objects.all().order_by('-timestamp')
        else:
            if Event.objects.first() and Event.objects.first().private is True:
                raise Exception(
                    "This event is being run in privacy mode. You are not allowed to query failures."
                )
            else:
                failures = Failure.objects.all().order_by('-timestamp')

        if skip is not None:
            failures = failures[skip:]
        if first is not None:
            failures = failures[:first]

        return failures
Beispiel #10
0
    def resolve_solves(self, info, first=None, skip=None, **kwargs):
        validate_user_is_authenticated(info.context.user)
        if validate_user_is_staff(info.context.user):
            solves = SolvedChallenge.objects.all().order_by('-timestamp')
        else:
            if Event.objects.first() and Event.objects.first().private is True:
                raise Exception(
                    "This event is being run in privacy mode. You are not allowed to query solves. If you want to query your team solves please use the teamsolves query."
                )
            else:
                solves = SolvedChallenge.objects.all().order_by('-timestamp')

        if skip is not None:
            solves = solves[skip:]
        if first is not None:
            solves = solves[:first]

        return solves
Beispiel #11
0
 def resolve_users(self, info):
     validate_user_is_admin(info.context.user)
     if validate_user_is_staff(info.context.user):
         return User.objects.all()
     else:
         raise Exception('Not authorized to view query users')
Beispiel #12
0
 def resolve_email(self, info):
     if validate_user_is_staff(info.context.user):
         return self.email
     else:
         raise Exception(
             'Not authorized to view email information for users')
Beispiel #13
0
 def resolve_last_login(self, info):
     if validate_user_is_staff(info.context.user):
         return self.last_login
     else:
         raise Exception('Not authorized to view last login information')
Beispiel #14
0
 def resolve_is_active(self, info):
     if validate_user_is_staff(info.context.user):
         return self.is_active
     else:
         raise Exception('Not authorized to view active information')
Beispiel #15
0
 def resolve_value(self, info):
     if validate_user_is_staff(info.context.user):
         return self.value
     else:
         raise Exception(
             'Not authorized to view accesscode information for teams')
Beispiel #16
0
 def resolve_categories(self, info, **kwargs):
     validate_user_is_authenticated(info.context.user)
     if validate_user_is_staff(info.context.user):
         return Category.objects.all()
     else:
         return Category.objects.filter(hidden=False)
Beispiel #17
0
 def resolve_category(self, info, id=None, **kwargs):
     if validate_user_is_staff(info.context.user):
         return Category.objects.get(id=id)
     else:
         raise Exception("Bad permissions.")
Beispiel #18
0
 def resolve_flag_tracker(self, info, **kwargs):
     if validate_user_is_staff(info.context.user):
         return FlagTracker.objects.all()
     else:
         raise Exception('Not authorized to view flag tracking information')
Beispiel #19
0
 def resolve_categories_count(self, info, **kwargs):
     if validate_user_is_staff(info.context.user):
         return Category.objects.count()
     else:
         raise Exception("You are not authorized to view this information.")
Beispiel #20
0
    def mutate(self, info, number=10):
        validate_user_is_authenticated(info.context.user)

        if not validate_user_is_staff(info.context.user):
            if Event.objects.first() and Event.objects.first().private is True:
                raise Exception(
                    "This event is being run in privacy mode. You are not allowed to query teams."
                )

        # Sort to get the top 5 by point value
        if validate_user_is_staff(info.context.user):
            teams = sorted(list(Team.objects.all()),
                           key=lambda x: x.points,
                           reverse=True)[:5]
        else:
            teams = sorted(list(Team.objects.filter(hidden=False)),
                           key=lambda x: x.points,
                           reverse=True)[:5]

        # Get all solved challenges from the top 5 teams.
        solved = SolvedChallenge.objects.filter(
            team__name__in=[team.name for team in teams]).order_by('timestamp')

        graph = []
        for team in teams:
            graph.append({
                'label': team.name,
                'data': [0],
                'backgroundColor': '',
                'borderColor': '',
                'fill': 'false'
            })

        colors = ['#FFD700', '#909497', '#A46628', '#3232CD', '#93C54B']

        # Build colors
        for i, team in enumerate(graph):
            team['backgroundColor'] = colors[i]
            team['borderColor'] = colors[i]

        # Construct the data for solved timelinw
        for solve in solved:

            for team in graph:
                if team["label"] == solve.team.name:
                    if team['data']:
                        team['data'].append(team['data'][-1] +
                                            solve.challenge.points)
                    else:
                        team['data'].append(solve.challenge.points)
                else:
                    if team['data']:
                        team['data'].append(team['data'][-1])
                    else:
                        team['data'].append(0)

        # Construct time for all solved challenges.
        timeline = [0]
        for solve in solved:
            utc = solve.timestamp.replace(tzinfo=pytz.UTC)
            localtz = utc.astimezone(timezone.get_current_timezone())
            # "%m/%d %I:%M:%S"
            timeline.append(localtz.strftime("%I:%M:%S"))

        return Graph(json.dumps(timeline), json.dumps(graph))