def test_unlocking_hints_with_cost_during_frozen_ctf(): """Test that hints with a cost are unlocked if the CTF is frozen.""" app = create_ctfd() with app.app_context(): set_config( 'freeze', '1507262400') # Friday, October 6, 2017 12:00:00 AM GMT-04:00 DST with freeze_time("2017-10-4"): register_user(app) chal = gen_challenge(app.db) chal_id = chal.id gen_hint(app.db, chal_id, cost=10) gen_award(app.db, user_id=2) with freeze_time("2017-10-8"): client = login_as_user(app) client.get('/api/v1/hints/1') client.post('/api/v1/unlocks', json={'target': 1, 'type': 'hints'}) r = client.get('/api/v1/hints/1') resp = r.get_json()['data'] assert resp.get('content') == 'This is a hint' user = Users.query.filter_by(id=2).first() assert user.score == 100 destroy_ctfd(app)
def test_api_team_place_hidden_if_scores_hidden(): """/api/v1/teams/me should not reveal team place if scores aren't visible""" app = create_ctfd(user_mode="teams") with app.app_context(): gen_team(app.db) app.db.session.commit() gen_award(app.db, user_id=2, team_id=1) u = Users.query.filter_by(id=2).first() with login_as_user(app, name=u.name) as client: r = client.get("/api/v1/teams/me", json="") resp = r.get_json() assert resp["data"]["place"] == "1st" set_config("score_visibility", "hidden") with login_as_user(app, name=u.name) as client: r = client.get("/api/v1/teams/me", json="") resp = r.get_json() assert resp["data"]["place"] is None set_config("score_visibility", "admins") with login_as_user(app, name=u.name) as client: r = client.get("/api/v1/teams/me", json="") resp = r.get_json() assert resp["data"]["place"] is None with login_as_user(app, name="admin") as client: r = client.get("/api/v1/teams/1", json="") resp = r.get_json() print(resp) assert resp["data"]["place"] == "1st" destroy_ctfd(app)
def test_hint_team_unlock(): """Is a user's unlocked hint reflected on other team members""" app = create_kmactf(user_mode="teams") with app.app_context(): user = gen_user(app.db) second_user = gen_user(app.db, name="user", email="*****@*****.**") team = gen_team(app.db) user.team_id = team.id second_user.team_id = team.id team.members.append(user) team.members.append(second_user) chal = gen_challenge(app.db) gen_hint(app.db, chal.id, content="hint", cost=1, type="standard") gen_award(app.db, 2, team.id) app.db.session.commit() with login_as_user(app, name="user_name") as client: client.get("/api/v1/hints/1") client.post("/api/v1/unlocks", json={"target": 1, "type": "hints"}) client.get("/api/v1/hints/1") with login_as_user(app) as second_client: second_client.get("/api/v1/hints/1") second_client.post("/api/v1/unlocks", json={ "target": 1, "type": "hints" }) r = second_client.get("/api/v1/hints/1") assert r.json["data"]["content"] == "hint" standings = get_standings() assert standings[0][2] == "team_name" assert standings[0][3] == 99 destroy_kmactf(app)
def test_unlocking_hints_with_cost_during_ended_ctf(): """Test that hints with a cost are not unlocked if the CTF has ended""" app = create_kmactf() with app.app_context(): register_user(app) chal = gen_challenge(app.db) chal_id = chal.id gen_hint(app.db, chal_id, cost=10) gen_award(app.db, user_id=2) set_config( "start", "1507089600" ) # Wednesday, October 4, 2017 12:00:00 AM GMT-04:00 DST set_config( "end", "1507262400" ) # Friday, October 6, 2017 12:00:00 AM GMT-04:00 DST with freeze_time("2017-11-4"): client = login_as_user(app) r = client.get("/api/v1/hints/1") assert r.get_json().get("data") is None assert r.status_code == 403 r = client.post("/api/v1/unlocks", json={"target": 1, "type": "hints"}) assert r.status_code == 403 assert r.get_json() r = client.get("/api/v1/hints/1") assert r.status_code == 403 user = Users.query.filter_by(id=2).first() assert user.score == 100 assert Unlocks.query.count() == 0 destroy_kmactf(app)
def test_reset(): app = create_kmactf() with app.app_context(): base_user = "******" for x in range(10): chal = gen_challenge(app.db, name="chal_name{}".format(x)) gen_flag(app.db, challenge_id=chal.id, content="flag") for x in range(10): user = base_user + str(x) user_email = user + "@kmactf.io" user_obj = gen_user(app.db, name=user, email=user_email) gen_award(app.db, user_id=user_obj.id) gen_solve(app.db, user_id=user_obj.id, challenge_id=random.randint(1, 10)) gen_fail(app.db, user_id=user_obj.id, challenge_id=random.randint(1, 10)) gen_tracking(app.db, user_id=user_obj.id) assert Users.query.count() == 11 # 11 because of the first admin user assert Challenges.query.count() == 10 register_user(app) client = login_as_user(app, name="admin", password="******") with client.session_transaction() as sess: data = {"nonce": sess.get("nonce")} client.post("/admin/reset", data=data) assert Users.query.count() == 0 assert Challenges.query.count() == 10 assert Solves.query.count() == 0 assert Fails.query.count() == 0 assert Tracking.query.count() == 0 destroy_kmactf(app)
def test_unlocking_hints_with_cost_during_frozen_ctf(): """Test that hints with a cost are unlocked if the CTF is frozen.""" app = create_kmactf() with app.app_context(): set_config( "freeze", "1507262400" ) # Friday, October 6, 2017 12:00:00 AM GMT-04:00 DST with freeze_time("2017-10-4"): register_user(app) chal = gen_challenge(app.db) chal_id = chal.id gen_hint(app.db, chal_id, cost=10) gen_award(app.db, user_id=2) with freeze_time("2017-10-8"): client = login_as_user(app) client.get("/api/v1/hints/1") client.post("/api/v1/unlocks", json={"target": 1, "type": "hints"}) r = client.get("/api/v1/hints/1") resp = r.get_json()["data"] assert resp.get("content") == "This is a hint" user = Users.query.filter_by(id=2).first() assert user.score == 100 destroy_kmactf(app)
def test_hidden_teams_visibility(): """Hidden teams should not show up on /teams or /api/v1/teams or /api/v1/scoreboard""" app = create_ctfd(user_mode="teams") with app.app_context(): register_user(app) with login_as_user(app) as client: user = Users.query.filter_by(id=2).first() user_id = user.id team = gen_team(app.db, name="visible_team", hidden=True) team_id = team.id team_name = team.name team.members.append(user) user.team_id = team.id app.db.session.commit() r = client.get("/teams") response = r.get_data(as_text=True) # Only search in body content body_start = response.find("<body>") body_end = response.find("</body>") response = response[body_start:body_end] assert team_name not in response r = client.get("/api/v1/teams") response = r.get_json() assert team_name not in response gen_award(app.db, user_id, team_id=team_id) r = client.get("/scoreboard") response = r.get_data(as_text=True) # Only search in body content body_start = response.find("<body>") body_end = response.find("</body>") response = response[body_start:body_end] assert team_name not in response r = client.get("/api/v1/scoreboard") response = r.get_json() assert team_name not in response # Team should re-appear after disabling hiding # Use an API call to cause a cache clear with login_as_user(app, name="admin") as admin: r = admin.patch("/api/v1/teams/1", json={"hidden": False}) assert r.status_code == 200 r = client.get("/teams") response = r.get_data(as_text=True) assert team_name in response r = client.get("/api/v1/teams") response = r.get_data(as_text=True) assert team_name in response r = client.get("/api/v1/scoreboard") response = r.get_data(as_text=True) assert team_name in response destroy_ctfd(app)
def test_api_award_get_admin(): """Can a user get /api/v1/awards/<award_id> if admin""" app = create_ctfd() with app.app_context(): gen_award(app.db, 1) with login_as_user(app, 'admin') as client: r = client.get('/api/v1/awards/1', json="") assert r.status_code == 200 destroy_ctfd(app)
def test_api_award_delete_admin(): """Can a user delete /api/v1/awards/<award_id> if admin""" app = create_kmactf() with app.app_context(): gen_award(app.db, 1) with login_as_user(app, "admin") as client: r = client.delete("/api/v1/awards/1", json="") assert r.status_code == 200 destroy_kmactf(app)
def test_hint_team_unlock(): """Is a user's unlocked hint reflected on other team members""" app = create_ctfd(user_mode="teams") with app.app_context(): user = gen_user(app.db) second_user = gen_user(app.db, name="user", email="*****@*****.**") team = gen_team(app.db) user.team_id = team.id second_user.team_id = team.id team.members.append(user) team.members.append(second_user) chal = gen_challenge(app.db) gen_hint(app.db, chal.id, content="hint", cost=1, type="standard") # Give the points to the user that doesn't unlock # Users that unlock hints should be able to unlock but cost their team points gen_award(app.db, user_id=3, team_id=team.id) app.db.session.commit() with login_as_user(app, name="user_name") as client: # Assert that we don't see a hint r = client.get("/api/v1/hints/1") assert r.get_json()["data"].get("content") is None # Unlock the hint client.post("/api/v1/unlocks", json={"target": 1, "type": "hints"}) # Assert that we see a hint r = client.get("/api/v1/hints/1") assert r.get_json()["data"].get("content") with login_as_user(app) as second_client: # Assert that we see a hint r = second_client.get("/api/v1/hints/1") assert r.get_json()["data"].get("content") # Assert that we can't double unlock r = second_client.post("/api/v1/unlocks", json={ "target": 1, "type": "hints" }) assert r.status_code == 400 assert (r.get_json()["errors"]["target"] == "You've already unlocked this this target") # Assert that we see a hint r = second_client.get("/api/v1/hints/1") assert r.json["data"]["content"] == "hint" # Verify standings # We start with 100 points from the award. # We lose a point because we unlock successfully once standings = get_standings() assert standings[0][2] == "team_name" assert standings[0][3] == 99 destroy_ctfd(app)
def test_hidden_teams_visibility(): """Hidden teams should not show up on /teams or /api/v1/teams or /api/v1/scoreboard""" app = create_ctfd(user_mode="teams") with app.app_context(): register_user(app) with login_as_user(app) as client: user = Users.query.filter_by(id=2).first() team = gen_team(app.db, name='visible_team', hidden=True) team.members.append(user) user.team_id = team.id app.db.session.commit() r = client.get('/teams') response = r.get_data(as_text=True) assert team.name not in response r = client.get('/api/v1/teams') response = r.get_json() assert team.name not in response gen_award(app.db, user.id, team_id=team.id) r = client.get('/scoreboard') response = r.get_data(as_text=True) assert team.name not in response r = client.get('/api/v1/scoreboard') response = r.get_json() assert team.name not in response # Team should re-appear after disabling hiding # Use an API call to cause a cache clear with login_as_user(app, name='admin') as admin: r = admin.patch('/api/v1/teams/1', json={ "hidden": False, }) assert r.status_code == 200 r = client.get('/teams') response = r.get_data(as_text=True) assert team.name in response r = client.get('/api/v1/teams') response = r.get_data(as_text=True) assert team.name in response r = client.get('/api/v1/scoreboard') response = r.get_data(as_text=True) assert team.name in response destroy_ctfd(app)
def test_hidden_user_visibility(): """Hidden users should not show up on /users or /api/v1/users or /api/v1/scoreboard""" app = create_ctfd() with app.app_context(): register_user(app, name="hidden_user") with login_as_user(app, name="hidden_user") as client: user = Users.query.filter_by(id=2).first() user_name = user.name user.hidden = True app.db.session.commit() r = client.get('/users') response = r.get_data(as_text=True) assert user_name not in response r = client.get('/api/v1/users') response = r.get_json() assert user_name not in response gen_award(app.db, user.id) r = client.get('/scoreboard') response = r.get_data(as_text=True) assert user_name not in response r = client.get('/api/v1/scoreboard') response = r.get_json() assert user_name not in response # User should re-appear after disabling hiding # Use an API call to cause a cache clear with login_as_user(app, name='admin') as admin: r = admin.patch('/api/v1/users/2', json={ "hidden": False, }) assert r.status_code == 200 r = client.get('/users') response = r.get_data(as_text=True) assert user_name in response r = client.get('/api/v1/users') response = r.get_data(as_text=True) assert user_name in response r = client.get('/api/v1/scoreboard') response = r.get_data(as_text=True) assert user_name in response destroy_ctfd(app)
def test_teams_dont_prevent_other_teams_from_unlocking_hints(): """Unlocks from one user don't affect other users""" app = create_ctfd(user_mode="teams") with app.app_context(): chal = gen_challenge(app.db) gen_hint(app.db, chal.id, content="This is a hint", cost=1, type="standard") team1 = gen_team(app.db, name="team1", email="*****@*****.**") team2 = gen_team(app.db, name="team2", email="*****@*****.**") # Give users points with an award gen_award(app.db, user_id=team1.captain_id) gen_award(app.db, user_id=team2.captain_id) captain1 = team1.captain.name captain2 = team2.captain.name app.db.session.commit() # First team unlocks hint with login_as_user(app, name=captain1) as client: r = client.get("/api/v1/hints/1") assert r.status_code == 200 r = client.post("/api/v1/unlocks", json={ "target": 1, "type": "hints" }) assert r.status_code == 200 r = client.get("/api/v1/hints/1") assert r.status_code == 200 # Second team unlocks hint with login_as_user(app, name=captain2) as client: r = client.get("/api/v1/hints/1") assert r.status_code == 200 r = client.post("/api/v1/unlocks", json={ "target": 1, "type": "hints" }) assert r.status_code == 200 r = client.get("/api/v1/hints/1") assert r.status_code == 200 destroy_ctfd(app)
def test_reset_team_mode(): app = create_ctfd(user_mode="teams") with app.app_context(): base_user = '******' base_team = 'team' for x in range(10): chal = gen_challenge(app.db, name='chal_name{}'.format(x)) gen_flag(app.db, challenge_id=chal.id, content='flag') for x in range(10): user = base_user + str(x) user_email = user + "@ctfd.io" user_obj = gen_user(app.db, name=user, email=user_email) team_obj = gen_team(app.db, name=base_team + str(x), email=base_team + str(x) + '@ctfd.io') team_obj.members.append(user_obj) team_obj.captain_id = user_obj.id app.db.session.commit() gen_award(app.db, user_id=user_obj.id) gen_solve(app.db, user_id=user_obj.id, challenge_id=random.randint(1, 10)) gen_fail(app.db, user_id=user_obj.id, challenge_id=random.randint(1, 10)) gen_tracking(app.db, user_id=user_obj.id) assert Teams.query.count() == 10 assert Users.query.count( ) == 51 # 10 random users, 40 users (10 teams * 4), 1 admin user assert Challenges.query.count() == 10 register_user(app) client = login_as_user(app, name="admin", password="******") with client.session_transaction() as sess: data = {"nonce": sess.get('nonce')} client.post('/admin/reset', data=data) assert Teams.query.count() == 0 assert Users.query.count() == 0 assert Challenges.query.count() == 10 assert Solves.query.count() == 0 assert Fails.query.count() == 0 assert Tracking.query.count() == 0 destroy_ctfd(app)
def test_api_hint_unlocked(): """Can the users unlock /api/v1/hints/<hint_id> if they have enough points""" app = create_ctfd() with app.app_context(): chal = gen_challenge(app.db) gen_hint(app.db, chal.id, content="This is a hint", cost=1, type="standard") register_user(app) # Give user points with an award gen_award(app.db, 2) client = login_as_user(app) r = client.get("/api/v1/hints/1") assert r.status_code == 200 r = client.post("/api/v1/unlocks", json={"target": 1, "type": "hints"}) assert r.status_code == 200 r = client.get("/api/v1/hints/1") assert r.status_code == 200 destroy_ctfd(app)
def test_users_dont_prevent_other_users_from_unlocking_hints(): """Unlocks from one user don't affect other users""" app = create_ctfd() with app.app_context(): chal = gen_challenge(app.db) gen_hint(app.db, chal.id, content="This is a hint", cost=1, type="standard") register_user(app) register_user(app, name="user2", email="*****@*****.**") # Give users points with an award gen_award(app.db, user_id=2) gen_award(app.db, user_id=3) # First user unlocks hints with login_as_user(app) as client: r = client.get("/api/v1/hints/1") assert r.status_code == 200 r = client.post("/api/v1/unlocks", json={ "target": 1, "type": "hints" }) assert r.status_code == 200 r = client.get("/api/v1/hints/1") assert r.status_code == 200 # Second user unlocks hints with login_as_user(app, name="user2") as client: r = client.get("/api/v1/hints/1") assert r.status_code == 200 r = client.post("/api/v1/unlocks", json={ "target": 1, "type": "hints" }) assert r.status_code == 200 r = client.get("/api/v1/hints/1") assert r.status_code == 200 destroy_ctfd(app)
def test_unlocking_hints_with_cost_before_ctf(): """Test that hints are not unlocked if the CTF hasn't begun""" app = create_ctfd() with app.app_context(): register_user(app) chal = gen_challenge(app.db) chal_id = chal.id gen_hint(app.db, chal_id) gen_award(app.db, user_id=2) set_config('start', '1507089600' ) # Wednesday, October 4, 2017 12:00:00 AM GMT-04:00 DST set_config( 'end', '1507262400') # Friday, October 6, 2017 12:00:00 AM GMT-04:00 DST with freeze_time("2017-10-1"): client = login_as_user(app) r = client.get('/api/v1/hints/1') assert r.status_code == 403 assert r.get_json().get('data') is None r = client.post('/api/v1/unlocks', json={ 'target': 1, 'type': 'hints' }) assert r.status_code == 403 assert r.get_json().get('data') is None r = client.get('/api/v1/hints/1') assert r.get_json().get('data') is None assert r.status_code == 403 user = Users.query.filter_by(id=2).first() assert user.score == 100 assert Unlocks.query.count() == 0 destroy_ctfd(app)
def test_user_can_unlock_hint(): """Test that a user can unlock a hint if they have enough points""" app = create_kmactf() with app.app_context(): with app.test_client(): register_user(app, name="user1", email="*****@*****.**") chal = gen_challenge(app.db, value=100) chal_id = chal.id gen_flag(app.db, challenge_id=chal.id, content="flag") hint = gen_hint(app.db, chal_id, cost=10) hint_id = hint.id gen_award(app.db, user_id=2, value=15) client = login_as_user(app, name="user1", password="******") user = Users.query.filter_by(name="user1").first() assert user.score == 15 with client.session_transaction(): r = client.get("/api/v1/hints/{}".format(hint_id)) resp = r.get_json() assert resp["data"].get("content") is None params = {"target": hint_id, "type": "hints"} r = client.post("/api/v1/unlocks", json=params) resp = r.get_json() assert resp["success"] is True r = client.get("/api/v1/hints/{}".format(hint_id)) resp = r.get_json() assert resp["data"].get("content") == "This is a hint" user = Users.query.filter_by(name="user1").first() assert user.score == 5 destroy_kmactf(app)
def test_unlocking_hints_with_cost_during_ctf_with_points(): """Test that hints with a cost are unlocked if you have the points""" app = create_ctfd() with app.app_context(): register_user(app) chal = gen_challenge(app.db) chal_id = chal.id gen_hint(app.db, chal_id, cost=10) gen_award(app.db, user_id=2) client = login_as_user(app) r = client.get('/api/v1/hints/1') assert r.get_json()['data'].get('content') is None client.post('/api/v1/unlocks', json={'target': 1, 'type': 'hints'}) r = client.get('/api/v1/hints/1') assert r.get_json()['data'].get('content') == 'This is a hint' user = Users.query.filter_by(id=2).first() assert user.score == 90 destroy_ctfd(app)
def test_unlocking_hints_with_cost_during_ctf_with_points(): """Test that hints with a cost are unlocked if you have the points""" app = create_kmactf() with app.app_context(): register_user(app) chal = gen_challenge(app.db) chal_id = chal.id gen_hint(app.db, chal_id, cost=10) gen_award(app.db, user_id=2) client = login_as_user(app) r = client.get("/api/v1/hints/1") assert r.get_json()["data"].get("content") is None client.post("/api/v1/unlocks", json={"target": 1, "type": "hints"}) r = client.get("/api/v1/hints/1") assert r.get_json()["data"].get("content") == "This is a hint" user = Users.query.filter_by(id=2).first() assert user.score == 90 destroy_kmactf(app)
def test_user_score_is_correct(): """Test that a user's score is correct""" app = create_ctfd() with app.app_context(): # create user1 register_user(app, name="user1", email="*****@*****.**") # create challenge chal = gen_challenge(app.db, value=100) gen_flag(app.db, challenge_id=chal.id, content="flag") chal_id = chal.id # create a solve for the challenge for user1. (the id is 2 because of the admin) gen_solve(app.db, user_id=2, challenge_id=chal_id) user1 = Users.query.filter_by(id=2).first() # assert that user1's score is 100 assert user1.score == 100 assert user1.place == "1st" # create user2 register_user(app, name="user2", email="*****@*****.**") # user2 solves the challenge gen_solve(app.db, 3, challenge_id=chal_id) # assert that user2's score is 100 but is in 2nd place user2 = Users.query.filter_by(id=3).first() assert user2.score == 100 assert user2.place == "2nd" # create an award for user2 gen_award(app.db, user_id=3, value=5) # assert that user2's score is now 105 and is in 1st place assert user2.score == 105 assert user2.place == "1st" destroy_ctfd(app)
def test_api_user_get_awards_after_freze_time(): """Can a user get /api/v1/users/<user_id>/awards after freeze time""" app = create_ctfd(user_mode="users") with app.app_context(): register_user(app, name="user1", email="*****@*****.**") register_user(app, name="user2", email="*****@*****.**") # Friday, October 6, 2017 12:00:00 AM GMT-04:00 DST set_config("freeze", "1507262400") with freeze_time("2017-10-4"): gen_award(app.db, user_id=2) with freeze_time("2017-10-8"): gen_award(app.db, user_id=2) # There should now be two awards assigned to the same user. assert Awards.query.count() == 2 # User 2 should have 2 awards when seen by themselves client = login_as_user(app, name="user1") r = client.get("/api/v1/users/me/awards") data = r.get_json()["data"] assert len(data) == 2 # User 2 should have 1 award when seen by another user client = login_as_user(app, name="user2") r = client.get("/api/v1/users/2/awards") data = r.get_json()["data"] assert len(data) == 1 # Admins should see all awards for the user admin = login_as_user(app, name="admin") r = admin.get("/api/v1/users/2/awards") data = r.get_json()["data"] assert len(data) == 2 destroy_ctfd(app)
def test_api_team_get_awards_after_freze_time(): """Can a user get /api/v1/teams/<team_id>/awards after freeze time""" app = create_ctfd(user_mode="teams") with app.app_context(): register_user(app) team = gen_team(app.db, name="team1", email="*****@*****.**", member_count=1) team_member = team.members[0] tm_name = team_member.name set_config("freeze", "1507262400") with freeze_time("2017-10-4"): gen_award(app.db, user_id=3) with freeze_time("2017-10-8"): gen_award(app.db, user_id=3) assert Awards.query.count() == 2 with login_as_user(app) as client: r = client.get("/api/v1/teams/1/awards") data = r.get_json()["data"] assert len(data) == 1 with login_as_user(app, name=tm_name) as client: r = client.get("/api/v1/teams/me/awards") data = r.get_json()["data"] assert len(data) == 2 with login_as_user(app, name="admin") as client: r = client.get("/api/v1/teams/1/awards") data = r.get_json()["data"] assert len(data) == 2 destroy_ctfd(app)
def test_reset(): app = create_ctfd() with app.app_context(): base_user = "******" for x in range(10): chal = gen_challenge(app.db, name="chal_name{}".format(x)) gen_flag(app.db, challenge_id=chal.id, content="flag") gen_hint(app.db, challenge_id=chal.id) gen_file( app.db, location="{name}/{name}.file".format(name=chal.name), challenge_id=chal.id, ) for x in range(10): user = base_user + str(x) user_email = user + "@ctfd.io" user_obj = gen_user(app.db, name=user, email=user_email) gen_award(app.db, user_id=user_obj.id) gen_solve(app.db, user_id=user_obj.id, challenge_id=random.randint(1, 10)) gen_fail(app.db, user_id=user_obj.id, challenge_id=random.randint(1, 10)) gen_tracking(app.db, user_id=user_obj.id) # Add PageFiles for x in range(5): gen_file( app.db, location="page_file{name}/page_file{name}.file".format(name=x), page_id=1, ) assert Users.query.count() == 11 # 11 because of the first admin user assert Challenges.query.count() == 10 assert ( Files.query.count() == 15 ) # This should be 11 because ChallengeFiles=10 and PageFiles=5 assert Flags.query.count() == 10 assert Hints.query.count() == 10 assert Submissions.query.count() == 20 assert Pages.query.count() == 1 assert Tracking.query.count() == 10 client = login_as_user(app, name="admin", password="******") with client.session_transaction() as sess: data = {"nonce": sess.get("nonce"), "pages": "on"} r = client.post("/admin/reset", data=data) assert r.location.endswith("/admin/statistics") assert Pages.query.count() == 0 assert Users.query.count() == 11 assert Challenges.query.count() == 10 assert Tracking.query.count() == 11 assert Files.query.count() == 10 with client.session_transaction() as sess: data = {"nonce": sess.get("nonce"), "notifications": "on"} r = client.post("/admin/reset", data=data) assert r.location.endswith("/admin/statistics") assert Notifications.query.count() == 0 assert Users.query.count() == 11 assert Challenges.query.count() == 10 assert Tracking.query.count() == 11 with client.session_transaction() as sess: data = {"nonce": sess.get("nonce"), "challenges": "on"} r = client.post("/admin/reset", data=data) assert r.location.endswith("/admin/statistics") assert Challenges.query.count() == 0 assert Flags.query.count() == 0 assert Hints.query.count() == 0 assert Files.query.count() == 0 assert Tags.query.count() == 0 assert Users.query.count() == 11 assert Tracking.query.count() == 11 with client.session_transaction() as sess: data = {"nonce": sess.get("nonce"), "submissions": "on"} r = client.post("/admin/reset", data=data) assert r.location.endswith("/admin/statistics") assert Submissions.query.count() == 0 assert Solves.query.count() == 0 assert Fails.query.count() == 0 assert Awards.query.count() == 0 assert Unlocks.query.count() == 0 assert Users.query.count() == 11 assert Challenges.query.count() == 0 assert Flags.query.count() == 0 assert Tracking.query.count() == 0 with client.session_transaction() as sess: data = {"nonce": sess.get("nonce"), "accounts": "on"} r = client.post("/admin/reset", data=data) assert r.location.endswith("/setup") assert Users.query.count() == 0 assert Solves.query.count() == 0 assert Fails.query.count() == 0 assert Tracking.query.count() == 0 destroy_ctfd(app)