def __init__(self, app, client):
self.app = app
self.client = client
self.db = client.db
with self.app.app_context():
if not Role.query.filter_by(name="admin").first():
admin_role = Role(name="admin", description="Administrator")
self.db.session.add(admin_role)
if not User.query.filter_by(username="******").first():
admin_user = User(username='******',
email='*****@*****.**',
password='******',
role=admin_role,
totp_enabled=False)
self.db.session.add(admin_user)
if not Role.query.filter_by(name="user").first():
user_role = Role(name="user", description="User")
self.db.session.add(user_role)
if not User.query.filter_by(username="******").first():
normal_user = User(username='******',
email='*****@*****.**',
password='******',
role=user_role,
totp_enabled=False)
self.db.session.add(normal_user)
self.db.session.commit()
def load_user(user_id):
"""Check user whether he or she is login, if not return None.
and then page will turn to default route
"""
if user_id and re.match(r'^[a-zA-Z]+\d+$', user_id):
return User(user_id)
return None
def _create_solved_dummy_challenge(app, client):
db = client.db
with app.app_context():
_id = str(uuid4())
role = Role.query.filter_by(name="admin").first()
if not role:
role = Role(name='admin', description='Administrator')
user = User.query.filter_by(username="******").first()
if not user:
user = User(username='******',
email='*****@*****.**',
password='******',
role=role)
cat = Category.query.filter_by(name='hacking').first()
if not cat:
cat = Category(name='hacking', description='Hacking')
db.session.add(cat)
db.session.commit()
chall = Challenge(name=_id,
description='Description2',
flag='TMT{' + _id + '}',
category=cat,
points=0)
solve = Solve(user=user, challenge=chall)
db.session.add(role)
db.session.add(user)
db.session.add(chall)
db.session.add(solve)
db.session.commit()
return {'id': chall.id, 'flag': 'TMT{' + _id + '}'}
def wrapped(*args, **kwargs):
"""
Return current user if connected else throws a 401 error
"""
from app.api import User
email, password = session.get("email"), session.get("password")
user = User.login(email, password)
return function(user, *args, **kwargs)
def loginSubmit():
"""Login Post requst, user just provide an Id and then turn to last page he requets.
"""
print(request.form['userId'])
user = User(request.form['userId'])
login_user(user)
flask.flash('Logged in successfully.')
nextpage = request.form['next']
nextpage = nextpage if nextpage != '' else flask.url_for('.indexpage')
return flask.redirect(nextpage)
def _create_dummy_user(app, client):
role = Role(name='admin', description='Administrator')
user = User(username='******',
email='*****@*****.**',
password='******',
role=role)
db = client.db
with app.app_context():
db.session.add(role)
db.session.add(user)
db.session.commit()
def _create_dummy_user(app, client):
role = Role(name='supporterin', description='Supporterin')
user = User(username='******',
email='*****@*****.**',
password='******',
role=role)
db = client.db
with app.app_context():
db.session.add(role)
db.session.add(user)
public_id = user.public_id
db.session.commit()
return public_id
def test_create_message(app, client):
db = client.db
role = Role(name='admin', description='Administrator')
user = User(username='******',
email='*****@*****.**',
password='******',
role=role)
msg = Message(subject="test", message="test", user=user)
with app.app_context():
db.session.add(role)
db.session.add(user)
db.session.add(msg)
db.session.commit()
def test_create_user(app, client):
db = client.db
role = Role(name='admin', description='Administrator')
user = User(username='******',
email='*****@*****.**',
password='******',
role=role)
with app.app_context():
db.session.add(role)
db.session.add(user)
db.session.commit()
first = User.query.first()
assert isinstance(first, User)
assert len(UUID(first.public_id).hex) == 32
assert first.verify_password('testineTestHatEinPw')
def create_user(self,
username='******',
password='******',
role='user'):
with self.app.app_context():
if not User.query.filter_by(username=username).first():
_role = Role.query.filter_by(name=role).first()
if not _role:
_role = Role(name=role, description=role.upper())
self.db.session.add(_role)
user = User(username=username,
email=f'{username}@example.com',
password=password,
role=_role,
totp_enabled=False)
self.db.session.add(user)
self.db.session.commit()
def _get_user_token(app, client):
role = Role(name='user', description='user')
user = User(username='******',
email='*****@*****.**',
password='******',
role=role)
db = client.db
with app.app_context():
db.session.add(role)
db.session.add(user)
db.session.commit()
resp = client.post('/api/auth',
json={
'username': '******',
'password': '******'
})
data = json.loads(resp.data.decode())
return data.get('token')
def _get_token(app, client):
with app.app_context():
role = Role.query.filter_by(name="admin").first()
if not role:
role = Role(name='admin', description='Administrator')
user = User(
username='******',
email='*****@*****.**',
password='******',
role=role
)
db = client.db
db.session.add(role)
db.session.add(user)
db.session.commit()
resp = client.post('/api/auth', json={'username': '******', 'password': '******'})
data = json.loads(resp.data.decode())
return data.get('token')
def _create_dummy_message(app, client, subject):
db = client.db
with app.app_context():
role = Role.query.filter_by(name="admin").first()
if not role:
role = Role(name='admin', description='Administrator')
user = User.query.filter_by(username="******").first()
if not user:
user = User(
username='******',
email='*****@*****.**',
password='******',
role=role
)
message = Message(subject=subject, message='MyMessage', user=user)
db.session.add(message)
db.session.commit()
return message
def test_create_user(app, client):
db = client.db
with app.app_context():
role = Role(name='admin', description='Administrator')
user = User(username='******',
displayName='Testine Test',
password='******',
email='*****@*****.**',
role=role,
totp_enabled=False)
db.session.add(role)
db.session.add(user)
db.session.commit()
queried_user = User.query.filter_by(username='******').first()
assert isinstance(queried_user, User)
assert len(UUID(queried_user.guid).hex) == 32
assert queried_user.displayName == 'Testine Test'
assert queried_user.email == '*****@*****.**'
assert queried_user.verify_password('password_for_test')
def test_solve_challenge(app, client):
db = client.db
role = Role(name='admin', description='Administrator')
user = User(username='******',
email='*****@*****.**',
password='******',
role=role)
cat = Category(name='test', description='Test')
challenge = Challenge(name="TEST",
description="TEST",
flag="TEST",
category=cat,
points=0)
solve = Solve(challenge=challenge, user=user)
with app.app_context():
db.session.add(role)
db.session.add(user)
db.session.add(challenge)
db.session.add(cat)
db.session.add(solve)
db.session.commit()
assert len(Solve.query.all()) == 1
def setup(self):
redis.flushdb()
self.user = User("*****@*****.**", "password")
self.alert = Alert("*****@*****.**", "http://host.ndd/path")
self.sha = sha1(self.alert.email).hexdigest()
self.client = app.test_client()
class TestAlertAPI(object):
def setup(self):
redis.flushdb()
self.user = User("*****@*****.**", "password")
self.alert = Alert("*****@*****.**", "http://host.ndd/path")
self.sha = sha1(self.alert.email).hexdigest()
self.client = app.test_client()
def test_create_alert_unauthenticated(self):
"""
It should return an error 401 if the user is not logged in.
"""
res = self.client.post("/api/alert")
assert res.status_code == 401
assert json.loads(res.data)["error"]
def test_create_alert(self):
"""
It should create an alert for the current user if it has a big
enough plan to create one more alert.
"""
with self.client.session_transaction() as session:
res = self.client.post("/api/user/login", data=json.dumps({
"email": self.user.email,
"password": self.user.password
}), content_type="application/json")
self.user.plan = Plan(_id="basic", name="Basic", price=0, alert_number=3)
self.user.save()
res = self.client.post("/api/alert", data=json.dumps({
"email": self.user.email,
"url": self.alert.url
}), content_type="application/json")
assert res.status_code == 200
assert json.loads(res.data) == self.alert.to_dict()
def test_create_too_many_alert(self):
"""
It should return an error to the current user if it doesn't
have a big enough plan to create one more alert.
"""
with self.client.session_transaction() as session:
res = self.client.post("/api/user/login", data=json.dumps({
"email": self.user.email,
"password": self.user.password
}), content_type="application/json")
res = self.client.post("/api/alert", data=json.dumps({
"email": self.user.email,
"url": self.alert.url
}), content_type="application/json")
assert res.status_code == 400
assert json.loads(res.data)["error"]
def test_delete_alert_unauthenticated(self):
"""
It should return an error 401 if the user is not logged in.
"""
res = self.client.delete("/api/alert/{}".format(self.alert.sha))
assert res.status_code == 401
assert json.loads(res.data)["error"]
def test_delete_alert(self):
"""
It should delete an alert for the current user.
"""
self.alert.save()
with self.client.session_transaction() as session:
res = self.client.post("/api/user/login", data=json.dumps({
"email": self.user.email,
"password": self.user.password
}), content_type="application/json")
res = self.client.delete("/api/alert/{}".format(self.alert.sha))
assert res.status_code == 200
assert json.loads(res.data)["success"]
def test_get_user_alerts_unauthenticated(self):
"""
It should return an error 401 if the user is not logged in.
"""
res = self.client.get("/api/alert")
assert res.status_code == 401
assert json.loads(res.data)["error"]
def test_get_user_alerts(self):
"""
It should return all the current user's alerts.
"""
self.alert.save()
with self.client.session_transaction() as session:
res = self.client.post("/api/user/login", data=json.dumps({
"email": self.user.email,
"password": self.user.password
}), content_type="application/json")
res = self.client.get("/api/alert")
assert res.status_code == 200
assert json.loads(res.data)["alerts"] == [self.alert.to_dict()]