def test_fields_required_on_register(): app = create_ctfd() with app.app_context(): gen_field(app.db) with app.app_context(): with app.test_client() as client: client.get("/register") with client.session_transaction() as sess: data = { "name": "user", "email": "*****@*****.**", "password": "******", "nonce": sess.get("nonce"), } client.post("/register", data=data) with client.session_transaction() as sess: assert sess.get("id") is None with client.session_transaction() as sess: data = { "name": "user", "email": "*****@*****.**", "password": "******", "fields[1]": "custom_field_value", "nonce": sess.get("nonce"), } client.post("/register", data=data) with client.session_transaction() as sess: assert sess["id"] destroy_ctfd(app)
def test_team_partial_field_update(): app = create_ctfd(user_mode="teams") with app.app_context(): register_user(app) team = gen_team(app.db) user = Users.query.filter_by(id=2).first() user.team_id = team.id team = Teams.query.filter_by(id=1).first() team.captain_id = 2 app.db.session.commit() gen_field(app.db, name="CustomField1", type="team") gen_field(app.db, name="CustomField2", type="team") with login_as_user(app) as user: r = user.patch( "/api/v1/teams/me", json={ "fields": [ {"field_id": 1, "value": "CustomValue1"}, {"field_id": 2, "value": "CustomValue2"}, ] }, ) assert r.status_code == 200 assert TeamFieldEntries.query.count() == 2 r = user.patch( "/api/v1/teams/me", json={"fields": [{"field_id": 2, "value": "NewCustomValue2"}]}, ) assert r.status_code == 200 assert TeamFieldEntries.query.count() == 2 assert ( TeamFieldEntries.query.filter_by(field_id=1, team_id=1).first().value == "CustomValue1" ) assert ( TeamFieldEntries.query.filter_by(field_id=2, team_id=1).first().value == "NewCustomValue2" ) with login_as_user(app, name="admin") as admin: r = admin.patch( "/api/v1/teams/1", json={"fields": [{"field_id": 2, "value": "AdminNewCustomValue2"}]}, ) assert r.status_code == 200 assert TeamFieldEntries.query.count() == 2 assert ( TeamFieldEntries.query.filter_by(field_id=1, team_id=1).first().value == "CustomValue1" ) assert ( TeamFieldEntries.query.filter_by(field_id=2, team_id=1).first().value == "AdminNewCustomValue2" ) destroy_ctfd(app)
def test_partial_field_update(): app = create_ctfd() with app.app_context(): register_user(app) gen_field(app.db, name="CustomField1") gen_field(app.db, name="CustomField2") with login_as_user(app) as user: r = user.patch( "/api/v1/users/me", json={ "fields": [ { "field_id": 1, "value": "CustomValue1" }, { "field_id": 2, "value": "CustomValue2" }, ] }, ) assert r.status_code == 200 assert UserFieldEntries.query.count() == 2 r = user.patch( "/api/v1/users/me", json={"fields": [{ "field_id": 2, "value": "NewCustomValue2" }]}, ) assert r.status_code == 200 assert UserFieldEntries.query.count() == 2 assert (UserFieldEntries.query.filter_by( field_id=1, user_id=2).first().value == "CustomValue1") assert (UserFieldEntries.query.filter_by( field_id=2, user_id=2).first().value == "NewCustomValue2") with login_as_user(app, name="admin") as admin: r = admin.patch( "/api/v1/users/2", json={ "fields": [{ "field_id": 2, "value": "AdminNewCustomValue2" }] }, ) assert r.status_code == 200 assert UserFieldEntries.query.count() == 2 assert (UserFieldEntries.query.filter_by( field_id=1, user_id=2).first().value == "CustomValue1") assert (UserFieldEntries.query.filter_by( field_id=2, user_id=2).first().value == "AdminNewCustomValue2") destroy_ctfd(app)
def test_admin_view_fields(): app = create_ctfd() with app.app_context(): register_user(app) gen_field(app.db, name="CustomField1", required=True, public=True, editable=True) gen_field(app.db, name="CustomField2", required=False, public=True, editable=True) gen_field(app.db, name="CustomField3", required=False, public=False, editable=True) gen_field(app.db, name="CustomField4", required=False, public=False, editable=False) with login_as_user(app, name="admin") as admin: # Admins should see all user fields regardless of public or editable r = admin.get("/admin/users/2") resp = r.get_data(as_text=True) assert "CustomField1" in resp assert "CustomField2" in resp assert "CustomField3" in resp assert "CustomField4" in resp destroy_ctfd(app)
def test_boolean_checkbox_field(): app = create_ctfd() with app.app_context(): gen_field(app.db, name="CustomField1", field_type="boolean", required=False) with app.test_client() as client: r = client.get("/register") resp = r.get_data(as_text=True) # We should have rendered a checkbox input assert "checkbox" in resp with client.session_transaction() as sess: data = { "name": "user", "email": "*****@*****.**", "password": "******", "nonce": sess.get("nonce"), "fields[1]": "y", } client.post("/register", data=data) with client.session_transaction() as sess: assert sess["id"] assert UserFieldEntries.query.count() == 1 assert UserFieldEntries.query.filter_by(id=1).first().value is True with login_as_user(app) as client: r = client.get("/settings") resp = r.get_data(as_text=True) assert "CustomField1" in resp assert "checkbox" in resp r = client.patch( "/api/v1/users/me", json={"fields": [{ "field_id": 1, "value": False }]}) assert r.status_code == 200 assert UserFieldEntries.query.count() == 1 assert UserFieldEntries.query.filter_by( id=1).first().value is False destroy_ctfd(app)
def test_api_self_fields_permissions(): app = create_ctfd() with app.app_context(): gen_field(app.db, name="CustomField1", public=False, editable=False) gen_field(app.db, name="CustomField2", public=True, editable=True) with app.test_client() as client: client.get("/register") with client.session_transaction() as sess: data = { "name": "user", "email": "*****@*****.**", "password": "******", "nonce": sess.get("nonce"), "fields[1]": "CustomValue1", "fields[2]": "CustomValue2", } r = client.post("/register", data=data) with client.session_transaction() as sess: assert sess["id"] with login_as_user(app) as user, login_as_user(app, name="admin") as admin: r = user.get("/api/v1/users/me") resp = r.get_json() assert resp["data"]["fields"] == [ { "value": "CustomValue2", "name": "CustomField2", "description": "CustomFieldDescription", "type": "text", "field_id": 2, } ] r = admin.get("/api/v1/users/2") resp = r.get_json() assert len(resp["data"]["fields"]) == 2 field = Fields.query.filter_by(id=1).first() field.public = True app.db.session.commit() r = user.get("/api/v1/users/me") resp = r.get_json() assert len(resp["data"]["fields"]) == 2 destroy_ctfd(app)
def test_teams_boolean_checkbox_field(): app = create_ctfd(user_mode="teams") with app.app_context(): register_user(app) gen_field( app.db, name="CustomField1", type="team", field_type="boolean", required=False, ) with login_as_user(app) as client: r = client.get("/teams/new") resp = r.get_data(as_text=True) # We should have rendered a checkbox input assert "checkbox" in resp with client.session_transaction() as sess: data = { "name": "team", "password": "******", "nonce": sess.get("nonce"), "fields[1]": "y", } client.post("/teams/new", data=data) assert Teams.query.count() == 1 assert TeamFieldEntries.query.count() == 1 assert TeamFieldEntries.query.filter_by(id=1).first().value is True with login_as_user(app) as client: r = client.get("/team") resp = r.get_data(as_text=True) assert "CustomField1" in resp assert "checkbox" in resp r = client.patch( "/api/v1/teams/me", json={"fields": [{"field_id": 1, "value": False}]} ) assert r.status_code == 200 assert TeamFieldEntries.query.count() == 1 assert TeamFieldEntries.query.filter_by(id=1).first().value is False destroy_ctfd(app)
def test_new_fields_show_on_pages(): app = create_ctfd() with app.app_context(): register_user(app) gen_field(app.db) with app.test_client() as client: r = client.get("/register") assert "CustomField" in r.get_data(as_text=True) assert "CustomFieldDescription" in r.get_data(as_text=True) with login_as_user(app) as client: r = client.get("/settings") assert "CustomField" in r.get_data(as_text=True) assert "CustomFieldDescription" in r.get_data(as_text=True) r = client.patch( "/api/v1/users/me", json={ "fields": [{ "field_id": 1, "value": "CustomFieldEntry" }] }, ) resp = r.get_json() assert resp["success"] is True assert resp["data"]["fields"][0]["value"] == "CustomFieldEntry" assert resp["data"]["fields"][0][ "description"] == "CustomFieldDescription" assert resp["data"]["fields"][0]["name"] == "CustomField" assert resp["data"]["fields"][0]["field_id"] == 1 r = client.get("/user") resp = r.get_data(as_text=True) assert "CustomField" in resp assert "CustomFieldEntry" in resp r = client.get("/users/2") resp = r.get_data(as_text=True) assert "CustomField" in resp assert "CustomFieldEntry" in resp destroy_ctfd(app)
def test_new_fields_show_on_pages(): app = create_ctfd(user_mode="teams") with app.app_context(): register_user(app) team = gen_team(app.db) user = Users.query.filter_by(id=2).first() user.team_id = team.id team = Teams.query.filter_by(id=1).first() team.captain_id = 2 app.db.session.commit() gen_field(app.db, name="CustomField1", type="team") with login_as_user(app) as client: r = client.get("/teams/new") assert "CustomField1" in r.get_data(as_text=True) assert "CustomFieldDescription" in r.get_data(as_text=True) r = client.get("/team") assert "CustomField1" in r.get_data(as_text=True) assert "CustomFieldDescription" in r.get_data(as_text=True) r = client.patch( "/api/v1/teams/me", json={"fields": [{"field_id": 1, "value": "CustomFieldEntry"}]}, ) resp = r.get_json() assert resp["success"] is True assert resp["data"]["fields"][0]["value"] == "CustomFieldEntry" assert resp["data"]["fields"][0]["description"] == "CustomFieldDescription" assert resp["data"]["fields"][0]["name"] == "CustomField1" assert resp["data"]["fields"][0]["field_id"] == 1 r = client.get("/team") resp = r.get_data(as_text=True) assert "CustomField1" in resp assert "CustomFieldEntry" in resp r = client.get("/teams/1") resp = r.get_data(as_text=True) assert "CustomField1" in resp assert "CustomFieldEntry" in resp destroy_ctfd(app)
def test_admin_view_team_fields(): app = create_ctfd(user_mode="teams") with app.app_context(): register_user(app) team = gen_team(app.db) user = Users.query.filter_by(id=2).first() user.team_id = team.id app.db.session.commit() gen_field( app.db, name="CustomField1", type="team", required=True, public=True, editable=True, ) gen_field( app.db, name="CustomField2", type="team", required=False, public=True, editable=True, ) gen_field( app.db, name="CustomField3", type="team", required=False, public=False, editable=True, ) gen_field( app.db, name="CustomField4", type="team", required=False, public=False, editable=False, ) with login_as_user(app, name="admin") as admin: # Admins should see all team fields regardless of public or editable r = admin.get("/admin/teams/1") resp = r.get_data(as_text=True) assert "CustomField1" in resp assert "CustomField2" in resp assert "CustomField3" in resp assert "CustomField4" in resp destroy_ctfd(app)
def test_team_fields_required_on_creation(): app = create_ctfd(user_mode="teams") with app.app_context(): register_user(app) gen_field(app.db, type="team") with app.app_context(): with login_as_user(app) as client: assert Teams.query.count() == 0 r = client.get("/teams/new") resp = r.get_data(as_text=True) assert "CustomField" in resp assert "CustomFieldDescription" in resp with client.session_transaction() as sess: data = { "name": "team", "password": "******", "nonce": sess.get("nonce"), } r = client.post("/teams/new", data=data) assert "Please provide all required fields" in r.get_data(as_text=True) assert Teams.query.count() == 0 with client.session_transaction() as sess: data = { "name": "team", "password": "******", "fields[1]": "CustomFieldEntry", "nonce": sess.get("nonce"), } r = client.post("/teams/new", data=data) assert r.status_code == 302 assert Teams.query.count() == 1 entry = TeamFieldEntries.query.filter_by(id=1).first() assert entry.team_id == 1 assert entry.value == "CustomFieldEntry" destroy_ctfd(app)
def test_api_team_self_fields_permissions(): app = create_ctfd(user_mode="teams") with app.app_context(): register_user(app) team = gen_team(app.db) user = Users.query.filter_by(id=2).first() user.team_id = team.id app.db.session.commit() team = Teams.query.filter_by(id=1).first() team.captain_id = 2 app.db.session.commit() gen_field( app.db, name="CustomField1", type="team", public=False, editable=False ) gen_field(app.db, name="CustomField2", type="team", public=True, editable=True) app.db.session.add( TeamFieldEntries(type="team", value="CustomValue1", team_id=1, field_id=1) ) app.db.session.add( TeamFieldEntries(type="team", value="CustomValue2", team_id=1, field_id=2) ) app.db.session.commit() assert len(team.field_entries) == 2 with login_as_user(app) as user, login_as_user(app, name="admin") as admin: r = user.get("/api/v1/teams/me") resp = r.get_json() assert resp["data"]["fields"] == [ { "value": "CustomValue2", "name": "CustomField2", "description": "CustomFieldDescription", "type": "text", "field_id": 2, } ] assert len(resp["data"]["fields"]) == 1 # Admin gets data and should see all fields r = admin.get("/api/v1/teams/1") resp = r.get_json() assert len(resp["data"]["fields"]) == 2 r = user.patch( "/api/v1/teams/me", json={ "fields": [ {"field_id": 1, "value": "NewCustomValue1"}, {"field_id": 2, "value": "NewCustomValue2"}, ] }, ) assert r.get_json() == { "success": False, "errors": {"fields": ["Field 'CustomField1' cannot be editted"]}, } assert r.status_code == 400 assert ( TeamFieldEntries.query.filter_by(id=1).first().value == "CustomValue1" ) assert ( TeamFieldEntries.query.filter_by(id=2).first().value == "CustomValue2" ) # After making the field public the user should see both fields field = Fields.query.filter_by(id=1).first() field.public = True app.db.session.commit() r = user.get("/api/v1/teams/me") resp = r.get_json() assert len(resp["data"]["fields"]) == 2 # Captain should be able to edit their values after it's made editable field = Fields.query.filter_by(id=1).first() field.editable = True app.db.session.commit() r = user.patch( "/api/v1/teams/me", json={ "fields": [ {"field_id": 1, "value": "NewCustomValue1"}, {"field_id": 2, "value": "NewCustomValue2"}, ] }, ) print(r.get_json()) assert r.status_code == 200 assert ( TeamFieldEntries.query.filter_by(id=1).first().value == "NewCustomValue1" ) assert ( TeamFieldEntries.query.filter_by(id=2).first().value == "NewCustomValue2" ) destroy_ctfd(app)
def test_team_needs_all_required_fields(): """Test that teams need to complete profiles before seeing challenges""" app = create_ctfd(user_mode="teams") with app.app_context(): # Create a user and team who haven't filled any of their fields register_user(app) team = gen_team(app.db) user = Users.query.filter_by(id=2).first() user.team_id = team.id team = Teams.query.filter_by(id=1).first() team.captain_id = 2 app.db.session.commit() gen_field( app.db, name="CustomField1", type="team", required=True, public=True, editable=True, ) gen_field( app.db, name="CustomField2", type="team", required=False, public=True, editable=True, ) gen_field( app.db, name="CustomField3", type="team", required=False, public=False, editable=True, ) gen_field( app.db, name="CustomField4", type="team", required=False, public=False, editable=False, ) with login_as_user(app) as client: r = client.get("/teams/new") resp = r.get_data(as_text=True) assert "CustomField1" in resp assert "CustomField2" in resp assert "CustomField3" in resp assert "CustomField4" in resp # We can't view challenges because we have an incomplete team profile r = client.get("/challenges") assert r.status_code == 403 # When we go to our profile we should see all fields r = client.get("/team") resp = r.get_data(as_text=True) assert "CustomField1" in resp assert "CustomField2" in resp assert "CustomField3" in resp assert "CustomField4" in resp # Set all non-required fields r = client.patch( "/api/v1/teams/me", json={ "fields": [ # {"field_id": 1, "value": "CustomFieldEntry1"}, {"field_id": 2, "value": "CustomFieldEntry2"}, {"field_id": 3, "value": "CustomFieldEntry3"}, {"field_id": 4, "value": "CustomFieldEntry4"}, ] }, ) assert r.status_code == 200 # We can't view challenges because we have an incomplete team profile r = client.get("/challenges") assert r.status_code == 403 # Set required fields r = client.patch( "/api/v1/teams/me", json={"fields": [{"field_id": 1, "value": "CustomFieldEntry1"}]}, ) assert r.status_code == 200 # We can view challenges now r = client.get("/challenges") assert r.status_code == 200 # Attempts to edit a non-edittable field to field after completing profile r = client.patch( "/api/v1/teams/me", json={"fields": [{"field_id": 4, "value": "CustomFieldEntry4"}]}, ) resp = r.get_json() assert resp == { "success": False, "errors": {"fields": ["Field 'CustomField4' cannot be editted"]}, } # I can edit edittable fields r = client.patch( "/api/v1/teams/me", json={ "fields": [ {"field_id": 1, "value": "CustomFieldEntry1"}, {"field_id": 2, "value": "CustomFieldEntry2"}, {"field_id": 3, "value": "CustomFieldEntry3"}, ] }, ) assert r.status_code == 200 # I should see the correct fields in the private team profile r = client.get("/team") resp = r.get_data(as_text=True) assert "CustomField1" in resp assert "CustomField2" in resp assert ( "CustomField3" in resp ) # This is here because /team contains team settings assert "CustomField4" not in resp # I should see the correct fields in the public team profile r = client.get("/teams/1") resp = r.get_data(as_text=True) assert "CustomField1" in resp assert "CustomField2" in resp assert "CustomField3" not in resp assert "CustomField4" not in resp destroy_ctfd(app)
def test_team_fields_properties(): """Test that custom fields for team can be set and editted""" app = create_ctfd(user_mode="teams") with app.app_context(): gen_field( app.db, name="CustomField1", type="team", required=True, public=True, editable=True, ) gen_field( app.db, name="CustomField2", type="team", required=False, public=True, editable=True, ) gen_field( app.db, name="CustomField3", type="team", required=False, public=False, editable=True, ) gen_field( app.db, name="CustomField4", type="team", required=False, public=False, editable=False, ) register_user(app) with login_as_user(app) as client: r = client.get("/teams/new") resp = r.get_data(as_text=True) assert "CustomField1" in resp assert "CustomField2" in resp assert "CustomField3" in resp assert "CustomField4" in resp # Manually create team so that we can set the required profile field with client.session_transaction() as sess: data = { "name": "team", "password": "******", "fields[1]": "custom_field_value", "nonce": sess.get("nonce"), } r = client.post("/teams/new", data=data) assert r.status_code == 302 r = client.get("/team") resp = r.get_data(as_text=True) assert "CustomField1" in resp assert "CustomField2" in resp assert "CustomField3" in resp assert "CustomField4" not in resp r = client.patch( "/api/v1/teams/me", json={ "fields": [ {"field_id": 1, "value": "CustomFieldEntry1"}, {"field_id": 2, "value": "CustomFieldEntry2"}, {"field_id": 3, "value": "CustomFieldEntry3"}, {"field_id": 4, "value": "CustomFieldEntry4"}, ] }, ) resp = r.get_json() assert resp == { "success": False, "errors": {"fields": ["Field 'CustomField4' cannot be editted"]}, } r = client.patch( "/api/v1/teams/me", json={ "fields": [ {"field_id": 1, "value": "CustomFieldEntry1"}, {"field_id": 2, "value": "CustomFieldEntry2"}, {"field_id": 3, "value": "CustomFieldEntry3"}, ] }, ) assert r.status_code == 200 r = client.get("/team") resp = r.get_data(as_text=True) assert "CustomField1" in resp assert "CustomField2" in resp assert ( "CustomField3" in resp ) # This is here because /team contains team settings assert "CustomField4" not in resp r = client.get("/teams/1") resp = r.get_data(as_text=True) assert "CustomField1" in resp assert "CustomField2" in resp assert "CustomField3" not in resp assert "CustomField4" not in resp destroy_ctfd(app)
def test_fields_properties(): """Test that users can set and edit custom fields""" app = create_ctfd() with app.app_context(): gen_field( app.db, name="CustomField1", required=True, public=True, editable=True ) gen_field( app.db, name="CustomField2", required=False, public=True, editable=True ) gen_field( app.db, name="CustomField3", required=False, public=False, editable=True ) gen_field( app.db, name="CustomField4", required=False, public=False, editable=False ) with app.test_client() as client: r = client.get("/register") resp = r.get_data(as_text=True) assert "CustomField1" in resp assert "CustomField2" in resp assert "CustomField3" in resp assert "CustomField4" in resp # Manually register user so that we can populate the required field with client.session_transaction() as sess: data = { "name": "user", "email": "*****@*****.**", "password": "******", "fields[1]": "custom_field_value", "nonce": sess.get("nonce"), } client.post("/register", data=data) with client.session_transaction() as sess: assert sess["id"] with login_as_user(app) as client: r = client.get("/settings") resp = r.get_data(as_text=True) assert "CustomField1" in resp assert "CustomField2" in resp assert "CustomField3" in resp assert "CustomField4" not in resp r = client.patch( "/api/v1/users/me", json={ "fields": [ {"field_id": 1, "value": "CustomFieldEntry1"}, {"field_id": 2, "value": "CustomFieldEntry2"}, {"field_id": 3, "value": "CustomFieldEntry3"}, {"field_id": 4, "value": "CustomFieldEntry4"}, ] }, ) resp = r.get_json() assert resp == { "success": False, "errors": {"fields": ["Field 'CustomField4' cannot be editted"]}, } r = client.patch( "/api/v1/users/me", json={ "fields": [ {"field_id": 1, "value": "CustomFieldEntry1"}, {"field_id": 2, "value": "CustomFieldEntry2"}, {"field_id": 3, "value": "CustomFieldEntry3"}, ] }, ) assert r.status_code == 200 r = client.get("/user") resp = r.get_data(as_text=True) assert "CustomField1" in resp assert "CustomField2" in resp assert "CustomField3" not in resp assert "CustomField4" not in resp r = client.get("/users/2") resp = r.get_data(as_text=True) assert "CustomField1" in resp assert "CustomField2" in resp assert "CustomField3" not in resp assert "CustomField4" not in resp destroy_ctfd(app)
def test_api_custom_fields(): app = create_ctfd() with app.app_context(): register_user(app) gen_field(app.db, name="CustomField1") gen_field(app.db, name="CustomField2") with login_as_user(app) as user: r = user.get("/api/v1/configs/fields", json="") assert r.status_code == 403 with login_as_user(app, name="admin") as admin: r = admin.get("/api/v1/configs/fields", json="") resp = r.get_json() assert resp == { "success": True, "data": [ { "public": True, "required": True, "type": "user", "editable": True, "id": 1, "field_type": "text", "description": "CustomFieldDescription", "name": "CustomField1", }, { "public": True, "required": True, "type": "user", "editable": True, "id": 2, "field_type": "text", "description": "CustomFieldDescription", "name": "CustomField2", }, ], } r = admin.post( "/api/v1/configs/fields", json={ "public": True, "required": True, "editable": True, "id": 2, "type": "user", "field_type": "text", "description": "CustomFieldDescription", "name": "CustomField3", }, ) assert r.status_code == 200 r = admin.get("/api/v1/configs/fields", json="") resp = r.get_json() assert resp == { "success": True, "data": [ { "public": True, "required": True, "type": "user", "editable": True, "id": 1, "field_type": "text", "description": "CustomFieldDescription", "name": "CustomField1", }, { "public": True, "required": True, "type": "user", "editable": True, "id": 2, "field_type": "text", "description": "CustomFieldDescription", "name": "CustomField2", }, { "public": True, "required": True, "editable": True, "id": 3, "type": "user", "field_type": "text", "description": "CustomFieldDescription", "name": "CustomField3", }, ], } r = admin.patch( "/api/v1/configs/fields/3", json={ "public": False, "required": False, "editable": False, "id": 4, "type": "user", "field_type": "text", "description": "CustomFieldDescription", "name": "PatchedCustomField3", }, ) assert r.status_code == 200 assert r.get_json()["data"] == { "public": False, "required": False, "editable": False, "id": 3, "type": "user", "field_type": "text", "description": "CustomFieldDescription", "name": "PatchedCustomField3", } r = admin.get("/api/v1/configs/fields/3", json="") assert r.status_code == 200 assert r.get_json()["data"] == { "public": False, "required": False, "editable": False, "id": 3, "type": "user", "field_type": "text", "description": "CustomFieldDescription", "name": "PatchedCustomField3", } r = admin.delete("/api/v1/configs/fields/3", json="") assert r.status_code == 200 r = admin.get("/api/v1/configs/fields/3", json="") assert r.status_code == 404 destroy_ctfd(app)
def test_team_fields_properties(): app = create_ctfd(user_mode="teams") with app.app_context(): register_user(app) team = gen_team(app.db) user = Users.query.filter_by(id=2).first() user.team_id = team.id team = Teams.query.filter_by(id=1).first() team.captain_id = 2 app.db.session.commit() gen_field( app.db, name="CustomField1", type="team", required=True, public=True, editable=True, ) gen_field( app.db, name="CustomField2", type="team", required=False, public=True, editable=True, ) gen_field( app.db, name="CustomField3", type="team", required=False, public=False, editable=True, ) gen_field( app.db, name="CustomField4", type="team", required=False, public=False, editable=False, ) with login_as_user(app) as client: r = client.get("/teams/new") resp = r.get_data(as_text=True) assert "CustomField1" in resp assert "CustomField2" in resp assert "CustomField3" in resp assert "CustomField4" in resp r = client.get("/team") resp = r.get_data(as_text=True) assert "CustomField1" in resp assert "CustomField2" in resp assert "CustomField3" in resp assert "CustomField4" not in resp r = client.patch( "/api/v1/teams/me", json={ "fields": [ {"field_id": 1, "value": "CustomFieldEntry1"}, {"field_id": 2, "value": "CustomFieldEntry2"}, {"field_id": 3, "value": "CustomFieldEntry3"}, {"field_id": 4, "value": "CustomFieldEntry4"}, ] }, ) resp = r.get_json() assert resp == { "success": False, "errors": {"fields": ["Field 'CustomField4' cannot be editted"]}, } r = client.patch( "/api/v1/teams/me", json={ "fields": [ {"field_id": 1, "value": "CustomFieldEntry1"}, {"field_id": 2, "value": "CustomFieldEntry2"}, {"field_id": 3, "value": "CustomFieldEntry3"}, ] }, ) assert r.status_code == 200 r = client.get("/team") resp = r.get_data(as_text=True) assert "CustomField1" in resp assert "CustomField2" in resp assert ( "CustomField3" in resp ) # This is here because /team contains team settings assert "CustomField4" not in resp r = client.get("/teams/1") resp = r.get_data(as_text=True) assert "CustomField1" in resp assert "CustomField2" in resp assert "CustomField3" not in resp assert "CustomField4" not in resp destroy_ctfd(app)
def test_fields_properties(): app = create_ctfd() with app.app_context(): register_user(app) gen_field(app.db, name="CustomField1", required=True, public=True, editable=True) gen_field(app.db, name="CustomField2", required=False, public=True, editable=True) gen_field(app.db, name="CustomField3", required=False, public=False, editable=True) gen_field(app.db, name="CustomField4", required=False, public=False, editable=False) with app.test_client() as client: r = client.get("/register") resp = r.get_data(as_text=True) assert "CustomField1" in resp assert "CustomField2" in resp assert "CustomField3" in resp assert "CustomField4" in resp with login_as_user(app) as client: r = client.get("/settings") resp = r.get_data(as_text=True) assert "CustomField1" in resp assert "CustomField2" in resp assert "CustomField3" in resp assert "CustomField4" not in resp r = client.patch( "/api/v1/users/me", json={ "fields": [ { "field_id": 1, "value": "CustomFieldEntry1" }, { "field_id": 2, "value": "CustomFieldEntry2" }, { "field_id": 3, "value": "CustomFieldEntry3" }, { "field_id": 4, "value": "CustomFieldEntry4" }, ] }, ) resp = r.get_json() assert resp == { "success": False, "errors": { "fields": ["Field 'CustomField4' cannot be editted"] }, } r = client.patch( "/api/v1/users/me", json={ "fields": [ { "field_id": 1, "value": "CustomFieldEntry1" }, { "field_id": 2, "value": "CustomFieldEntry2" }, { "field_id": 3, "value": "CustomFieldEntry3" }, ] }, ) assert r.status_code == 200 r = client.get("/user") resp = r.get_data(as_text=True) assert "CustomField1" in resp assert "CustomField2" in resp assert "CustomField3" not in resp assert "CustomField4" not in resp r = client.get("/users/2") resp = r.get_data(as_text=True) assert "CustomField1" in resp assert "CustomField2" in resp assert "CustomField3" not in resp assert "CustomField4" not in resp destroy_ctfd(app)
def test_user_needs_all_required_fields(): """Test that users need to submit all required fields before viewing challenges""" app = create_ctfd() with app.app_context(): # Manually create a user who has no fields set register_user(app) # Create the fields that we want gen_field( app.db, name="CustomField1", required=True, public=True, editable=True ) gen_field( app.db, name="CustomField2", required=False, public=True, editable=True ) gen_field( app.db, name="CustomField3", required=False, public=False, editable=True ) gen_field( app.db, name="CustomField4", required=False, public=False, editable=False ) # We can see all fields when we try to register with app.test_client() as client: r = client.get("/register") resp = r.get_data(as_text=True) assert "CustomField1" in resp assert "CustomField2" in resp assert "CustomField3" in resp assert "CustomField4" in resp # When we login with our manually made user # we should see all fields because we are missing a required field with login_as_user(app) as client: r = client.get("/settings") resp = r.get_data(as_text=True) assert "CustomField1" in resp assert "CustomField2" in resp assert "CustomField3" in resp assert "CustomField4" in resp r = client.get("/challenges") assert r.status_code == 302 assert r.location.startswith("http://localhost/settings") # Populate the non-required fields r = client.patch( "/api/v1/users/me", json={ "fields": [ {"field_id": 2, "value": "CustomFieldEntry2"}, {"field_id": 3, "value": "CustomFieldEntry3"}, {"field_id": 4, "value": "CustomFieldEntry4"}, ] }, ) assert r.status_code == 200 # I should still be restricted from seeing challenges r = client.get("/challenges") assert r.status_code == 302 assert r.location.startswith("http://localhost/settings") # I should still see all fields b/c I don't have a complete profile r = client.get("/settings") resp = r.get_data(as_text=True) assert "CustomField1" in resp assert "CustomField2" in resp assert "CustomField3" in resp assert "CustomField4" in resp # Populate the required fields r = client.patch( "/api/v1/users/me", json={"fields": [{"field_id": 1, "value": "CustomFieldEntry1"}]}, ) assert r.status_code == 200 # I can now go to challenges r = client.get("/challenges") assert r.status_code == 200 # I should only see edittable fields r = client.get("/settings") resp = r.get_data(as_text=True) assert "CustomField1" in resp assert "CustomField2" in resp assert "CustomField3" in resp assert "CustomField4" not in resp # I can't edit a non-editable field r = client.patch( "/api/v1/users/me", json={"fields": [{"field_id": 4, "value": "CustomFieldEntry4"}]}, ) resp = r.get_json() assert resp == { "success": False, "errors": {"fields": ["Field 'CustomField4' cannot be editted"]}, } destroy_ctfd(app)