def test_sendmail_with_smtp_from_db_config(mock_smtp):
"""Does sendmail work properly with simple SMTP mail servers using database configuration"""
app = create_ctfd()
with app.app_context():
set_config("mail_server", "localhost")
set_config("mail_port", 25)
set_config("mail_useauth", True)
set_config("mail_username", "username")
set_config("mail_password", "password")
ctf_name = get_config("ctf_name")
from_addr = get_config("mailfrom_addr") or app.config.get(
"MAILFROM_ADDR")
from_addr = "{} <{}>".format(ctf_name, from_addr)
to_addr = "*****@*****.**"
msg = "this is a test"
sendmail(to_addr, msg)
ctf_name = get_config("ctf_name")
email_msg = MIMEText(msg)
email_msg["Subject"] = "Message from {0}".format(ctf_name)
email_msg["From"] = from_addr
email_msg["To"] = to_addr
mock_smtp.return_value.sendmail.assert_called_once_with(
from_addr, [to_addr], email_msg.as_string())
destroy_ctfd(app)
def test_sendmail_with_smtp_from_config_file(mock_smtp):
"""Does sendmail work properly with simple SMTP mail servers using file configuration"""
app = create_ctfd()
with app.app_context():
app.config["MAIL_SERVER"] = "localhost"
app.config["MAIL_PORT"] = "25"
app.config["MAIL_USEAUTH"] = "True"
app.config["MAIL_USERNAME"] = "******"
app.config["MAIL_PASSWORD"] = "******"
ctf_name = get_config("ctf_name")
from_addr = get_config("mailfrom_addr") or app.config.get(
"MAILFROM_ADDR")
from_addr = "{} <{}>".format(ctf_name, from_addr)
to_addr = "*****@*****.**"
msg = "this is a test"
sendmail(to_addr, msg)
ctf_name = get_config("ctf_name")
email_msg = MIMEText(msg)
email_msg["Subject"] = "Message from {0}".format(ctf_name)
email_msg["From"] = from_addr
email_msg["To"] = to_addr
mock_smtp.return_value.sendmail.assert_called_once_with(
from_addr, [to_addr], email_msg.as_string())
destroy_ctfd(app)
def test_sendmail_with_smtp_from_config_file(mock_smtp):
"""Does sendmail work properly with simple SMTP mail servers using file configuration"""
app = create_ctfd()
with app.app_context():
app.config['MAIL_SERVER'] = 'localhost'
app.config['MAIL_PORT'] = '25'
app.config['MAIL_USEAUTH'] = 'True'
app.config['MAIL_USERNAME'] = '******'
app.config['MAIL_PASSWORD'] = '******'
from_addr = get_config('mailfrom_addr') or app.config.get(
'MAILFROM_ADDR')
to_addr = '*****@*****.**'
msg = 'this is a test'
sendmail(to_addr, msg)
ctf_name = get_config('ctf_name')
email_msg = MIMEText(msg)
email_msg['Subject'] = "Message from {0}".format(ctf_name)
email_msg['From'] = from_addr
email_msg['To'] = to_addr
mock_smtp.return_value.sendmail.assert_called_once_with(
from_addr, [to_addr], email_msg.as_string())
destroy_ctfd(app)
def test_sendmail_with_mailgun_from_config_file(fake_post_request):
"""Does sendmail work properly with Mailgun using file configuration"""
app = create_ctfd()
with app.app_context():
app.config["MAILGUN_API_KEY"] = "key-1234567890-file-config"
app.config[
"MAILGUN_BASE_URL"] = "https://api.mailgun.net/v3/file.faked.com"
to_addr = "*****@*****.**"
msg = "this is a test"
sendmail(to_addr, msg)
fake_response = Mock()
fake_post_request.return_value = fake_response
fake_response.status_code = 200
status, message = sendmail(to_addr, msg)
args, kwargs = fake_post_request.call_args
assert args[0] == "https://api.mailgun.net/v3/file.faked.com/messages"
assert kwargs["auth"] == ("api", u"key-1234567890-file-config")
assert kwargs["timeout"] == 1.0
assert kwargs["data"] == {
"to": ["*****@*****.**"],
"text": "this is a test",
"from": "CTFd <*****@*****.**>",
"subject": "Message from CTFd",
}
assert fake_response.status_code == 200
assert status is True
assert message == "Email sent"
destroy_ctfd(app)
def test_sendmail_with_smtp_from_db_config(mock_smtp):
"""Does sendmail work properly with simple SMTP mail servers using database configuration"""
app = create_ctfd()
with app.app_context():
set_config('mail_server', 'localhost')
set_config('mail_port', 25)
set_config('mail_useauth', True)
set_config('mail_username', 'username')
set_config('mail_password', 'password')
from_addr = get_config('mailfrom_addr') or app.config.get(
'MAILFROM_ADDR')
to_addr = '*****@*****.**'
msg = 'this is a test'
sendmail(to_addr, msg)
ctf_name = get_config('ctf_name')
email_msg = MIMEText(msg)
email_msg['Subject'] = "Message from {0}".format(ctf_name)
email_msg['From'] = from_addr
email_msg['To'] = to_addr
mock_smtp.return_value.sendmail.assert_called_once_with(
from_addr, [to_addr], email_msg.as_string())
destroy_ctfd(app)
def post(self, user_id):
req = request.get_json()
text = req.get("text", "").strip()
user = Users.query.filter_by(id=user_id).first_or_404()
if get_mail_provider() is None:
return (
{
"success": False,
"errors": {
"": ["Email settings not configured"]
}
},
400,
)
if not text:
return (
{
"success": False,
"errors": {
"text": ["Email text cannot be empty"]
}
},
400,
)
result, response = sendmail(addr=user.email, text=text)
return {"success": result}
def test_sendmail_with_mailgun_from_db_config(fake_post_request):
"""Does sendmail work properly with Mailgun using database configuration"""
app = create_ctfd()
with app.app_context():
app.config["MAILGUN_API_KEY"] = "key-1234567890-file-config"
app.config[
"MAILGUN_BASE_URL"] = "https://api.mailgun.net/v3/file.faked.com"
# db values should take precedence over file values
set_config("mailgun_api_key", "key-1234567890-db-config")
set_config("mailgun_base_url",
"https://api.mailgun.net/v3/db.faked.com")
from_addr = get_config("mailfrom_addr") or app.config.get(
"MAILFROM_ADDR")
to_addr = "*****@*****.**"
msg = "this is a test"
sendmail(to_addr, msg)
ctf_name = get_config("ctf_name")
email_msg = MIMEText(msg)
email_msg["Subject"] = "Message from {0}".format(ctf_name)
email_msg["From"] = from_addr
email_msg["To"] = to_addr
fake_response = Mock()
fake_post_request.return_value = fake_response
fake_response.status_code = 200
status, message = sendmail(to_addr, msg)
args, kwargs = fake_post_request.call_args
assert args[0] == "https://api.mailgun.net/v3/db.faked.com/messages"
assert kwargs["auth"] == ("api", u"key-1234567890-db-config")
assert kwargs["timeout"] == 1.0
assert kwargs["data"] == {
"to": ["*****@*****.**"],
"text": "this is a test",
"from": "CTFd <*****@*****.**>",
"subject": "Message from CTFd",
}
assert fake_response.status_code == 200
assert status is True
assert message == "Email sent"
destroy_ctfd(app)
def test_sendmail_with_mailgun_from_db_config(fake_post_request):
"""Does sendmail work properly with Mailgun using database configuration"""
app = create_ctfd()
with app.app_context():
app.config['MAILGUN_API_KEY'] = 'key-1234567890-file-config'
app.config[
'MAILGUN_BASE_URL'] = 'https://api.mailgun.net/v3/file.faked.com'
# db values should take precedence over file values
set_config('mailgun_api_key', 'key-1234567890-db-config')
set_config('mailgun_base_url',
'https://api.mailgun.net/v3/db.faked.com')
from_addr = get_config('mailfrom_addr') or app.config.get(
'MAILFROM_ADDR')
to_addr = '*****@*****.**'
msg = 'this is a test'
sendmail(to_addr, msg)
ctf_name = get_config('ctf_name')
email_msg = MIMEText(msg)
email_msg['Subject'] = "Message from {0}".format(ctf_name)
email_msg['From'] = from_addr
email_msg['To'] = to_addr
fake_response = Mock()
fake_post_request.return_value = fake_response
fake_response.status_code = 200
status, message = sendmail(to_addr, msg)
args, kwargs = fake_post_request.call_args
assert args[0] == 'https://api.mailgun.net/v3/db.faked.com/messages'
assert kwargs['auth'] == ('api', u'key-1234567890-db-config')
assert kwargs['timeout'] == 1.0
assert kwargs['data'] == {
'to': ['*****@*****.**'],
'text': 'this is a test',
'from': 'CTFd Admin <*****@*****.**>',
'subject': 'Message from CTFd'
}
assert fake_response.status_code == 200
assert status is True
assert message == "Email sent"
destroy_ctfd(app)
def post(self):
req = request.get_json()
schema = NotificationSchema()
result = schema.load(req)
if result.errors:
return {"success": False, "errors": result.errors}, 400
db.session.add(result.data)
db.session.commit()
response = schema.dump(result.data)
users = Users.query.all()
for user in users:
email.sendmail(user.email, response.data['content'])
current_app.events_manager.publish(data=response.data,
type="notification")
return {"success": True, "data": response.data}
def post(self, user_id):
req = request.get_json()
text = req.get('text', '').strip()
user = Users.query.filter_by(id=user_id).first_or_404()
if get_mail_provider() is None:
return {
'success': False,
'errors': {
"": ["Email settings not configured"]
}
}, 400
if not text:
return {
'success': False,
'errors': {
"text": ["Email text cannot be empty"]
}
}, 400
result, response = sendmail(addr=user.email, text=text)
return {'success': result, 'data': {}}
def register():
errors = get_errors()
if request.method == "POST":
name = request.form["name"]
email_address = request.form["email"]
password = request.form["password"]
name_len = len(name) == 0
names = Users.query.add_columns("name",
"id").filter_by(name=name).first()
emails = (Users.query.add_columns(
"email", "id").filter_by(email=email_address).first())
pass_short = len(password) == 0
pass_long = len(password) > 128
valid_email = validators.validate_email(request.form["email"])
team_name_email_check = validators.validate_email(name)
if not valid_email:
errors.append("Please enter a valid email address")
if email.check_email_is_whitelisted(email_address) is False:
errors.append(
"Only email addresses under {domains} may register".format(
domains=get_config("domain_whitelist")))
if names:
errors.append("That user name is already taken")
if team_name_email_check is True:
errors.append("Your user name cannot be an email address")
if emails:
errors.append("That email has already been used")
if pass_short:
errors.append("Pick a longer password")
if pass_long:
errors.append("Pick a shorter password")
if name_len:
errors.append("Pick a longer user name")
if len(errors) > 0:
return render_template(
"register.html",
errors=errors,
name=request.form["name"],
email=request.form["email"],
password=request.form["password"],
)
else:
with app.app_context():
user = Users(
name=name.strip(),
email=email_address.lower(),
password=password.strip(),
)
db.session.add(user)
db.session.commit()
db.session.flush()
login_user(user)
if config.can_send_mail() and get_config(
"verify_emails"
): # Confirming users is enabled and we can send email.
log(
"registrations",
format=
"[{date}] {ip} - {name} registered (UNCONFIRMED) with {email}",
)
email.verify_email_address(user.email)
db.session.close()
return redirect(url_for("auth.confirm"))
else: # Don't care about confirming users
if (
config.can_send_mail()
): # We want to notify the user that they have registered.
email.sendmail(
request.form["email"],
"You've successfully registered for {}".format(
get_config("ctf_name")),
)
log("registrations", "[{date}] {ip} - {name} registered with {email}")
db.session.close()
if is_teams_mode():
return redirect(url_for("teams.private"))
return redirect(url_for("challenges.listing"))
else:
return render_template("register.html", errors=errors)
def register():
errors = get_errors()
if request.method == 'POST':
name = request.form['name']
email_address = request.form['email']
password = request.form['password']
name_len = len(name) == 0
names = Users.query.add_columns('name', 'id').filter_by(name=name).first()
emails = Users.query.add_columns('email', 'id').filter_by(email=email_address).first()
pass_short = len(password) == 0
pass_long = len(password) > 128
valid_email = validators.validate_email(request.form['email'])
team_name_email_check = validators.validate_email(name)
local_id, _, domain = email_address.partition('@')
domain_whitelist = get_config('domain_whitelist')
if not valid_email:
errors.append("Please enter a valid email address")
if domain_whitelist:
domain_whitelist = domain_whitelist.split(',')
if domain not in domain_whitelist:
errors.append(
"Only email addresses under {domains} may register".format(
domains=', '.join(domain_whitelist))
)
if names:
errors.append('That team name is already taken')
if team_name_email_check is True:
errors.append('Your team name cannot be an email address')
if emails:
errors.append('That email has already been used')
if pass_short:
errors.append('Pick a longer password')
if pass_long:
errors.append('Pick a shorter password')
if name_len:
errors.append('Pick a longer team name')
if len(errors) > 0:
return render_template(
'register.html',
errors=errors,
name=request.form['name'],
email=request.form['email'],
password=request.form['password']
)
else:
with app.app_context():
user = Users(
name=name.strip(),
email=email_address.lower(),
password=password.strip()
)
db.session.add(user)
db.session.commit()
db.session.flush()
login_user(user)
if config.can_send_mail() and get_config('verify_emails'): # Confirming users is enabled and we can send email.
log('registrations', format="[{date}] {ip} - {name} registered (UNCONFIRMED) with {email}")
email.verify_email_address(user.email)
db.session.close()
return redirect(url_for('auth.confirm'))
else: # Don't care about confirming users
if config.can_send_mail(): # We want to notify the user that they have registered.
email.sendmail(
request.form['email'],
"You've successfully registered for {}".format(get_config('ctf_name'))
)
log('registrations', "[{date}] {ip} - {name} registered with {email}")
db.session.close()
return redirect(url_for('challenges.listing'))
else:
return render_template('register.html', errors=errors)
def register():
errors = get_errors()
if request.method == 'POST':
name = request.form['name']
email_address = request.form['email']
password = request.form['password']
name_len = len(name) == 0
names = Users.query.add_columns('name',
'id').filter_by(name=name).first()
emails = Users.query.add_columns(
'email', 'id').filter_by(email=email_address).first()
pass_short = len(password) == 0
pass_long = len(password) > 128
valid_email = validators.validate_email(request.form['email'])
team_name_email_check = validators.validate_email(name)
if not valid_email:
errors.append("Please enter a valid email address")
if email.check_email_is_whitelisted(email_address) is False:
errors.append(
"Only email addresses under {domains} may register".format(
domains=get_config('domain_whitelist')))
if names:
errors.append('That team name is already taken')
if team_name_email_check is True:
errors.append('Your team name cannot be an email address')
if emails:
errors.append('That email has already been used')
if pass_short:
errors.append('Pick a longer password')
if pass_long:
errors.append('Pick a shorter password')
if name_len:
errors.append('Pick a longer team name')
if ' ' in name:
errors.append('Your User name should not contain space')
if len(errors) > 0:
return render_template('register.html',
errors=errors,
name=request.form['name'],
email=request.form['email'],
password=request.form['password'])
else:
with app.app_context():
user = Users(name=name.strip(),
email=email_address.lower(),
password=password.strip())
db.session.add(user)
db.session.commit()
db.session.flush()
login_user(user)
# system("docker exec server-skr useradd -m %s -s /bin/bash" % name.strip())
# system('''docker exec server-skr bash -c 'echo "%s:%s" | chpasswd' ''' % (name.strip(),password.strip()))
# system("docker exec server-skr chmod 700 /home/%s" % name.strip())
# system("docker exec server-skr cp -r /home/user/. /home/%s/" % name.strip())
# system("docker exec server-skr chmod 4755 /home/%s/challenges/binary1/overflow" % name.strip())
# system("docker exec server-skr chmod 4755 /home/%s/challenges/binary2/overflow2" % name.strip())
# system("docker exec server-skr chmod 4755 /home/%s/challenges/format-string/format-string" % name.strip())
if config.can_send_mail() and get_config(
'verify_emails'
): # Confirming users is enabled and we can send email.
log('registrations',
format=
"[{date}] {ip} - {name} registered (UNCONFIRMED) with {email}"
)
email.verify_email_address(user.email)
db.session.close()
return redirect(url_for('auth.confirm'))
else: # Don't care about confirming users
if config.can_send_mail(
): # We want to notify the user that they have registered.
email.sendmail(
request.form['email'],
"You've successfully registered for {}".format(
get_config('ctf_name')))
log('registrations', "[{date}] {ip} - {name} registered with {email}")
db.session.close()
return redirect(url_for('challenges.listing'))
else:
return render_template('register.html', errors=errors)
def register():
errors = get_errors()
if request.method != "POST":
return render_template("register.html", errors=errors)
else:
name = request.form['name']
email_address = request.form['email']
password = request.form['password']
fname = request.form['fname']
lname = request.form['lname']
name_len = len(name) == 0
fname_len = len(fname) == 0
lname_len = len(lname) == 0
names = Users.query.add_columns('name',
'id').filter_by(name=name).first()
emails = Users.query.add_columns(
'email', 'id').filter_by(email=email_address).first()
pass_short = len(password) == 0
pass_long = len(password) > 128
valid_email = validators.validate_email(request.form['email'])
team_name_email_check = validators.validate_email(name)
if email.check_email_is_whitelisted(email_address) is False:
errors.append(
"Only email addresses under {domains} may register".format(
domains=get_config('domain_whitelist')))
if names:
errors.append('That user name is already taken')
if team_name_email_check is True:
errors.append('Your user name cannot be an email address')
if emails:
errors.append('That email has already been used')
if pass_short:
errors.append('Pick a longer password')
if pass_long:
errors.append('Pick a shorter password')
if name_len:
errors.append('Pick a longer user name')
if fname_len:
errors.append('Pick a longer user first name')
if lname_len:
errors.append('Pick a longer last name')
if len(errors) > 0:
return render_template('register.html',
errors=errors,
fname=request.form['fname'],
lname=request.form['lname'],
name=request.form['name'],
email=request.form['email'],
password=request.form['password'])
else:
with app.app_context():
user = Users(name=name.strip(),
email=email_address.lower(),
password=password.strip())
db.session.add(user)
db.session.commit()
db.session.flush()
login_user(user)
# do custom registration work here
fname = fname.strip()
lname = lname.strip()
user_email = email_address.lower()
# end custom registration work
if config.can_send_mail() and get_config(
'verify_emails'
): # Confirming users is enabled and we can send email.
log('registrations',
format=
"[{date}] {ip} - {name} registered (UNCONFIRMED) with {email}"
)
email.verify_email_address(user.email)
db.session.close()
return redirect(url_for('auth.confirm'))
else: # Don't care about confirming users
if config.can_send_mail(
): # We want to notify the user that they have registered.
email.sendmail(
request.form['email'],
"You've successfully registered for {}".format(
get_config('ctf_name')))
log('registrations', "[{date}] {ip} - {name} registered with {email}")
db.session.close()
return redirect(request.url_root + "getStarted" + "?result=" +
urllib.parse.quote_plus(web_request.text))
def register():
errors = get_errors()
if request.method == 'POST':
name = request.form['name']
email_address = request.form['email']
password = request.form['password']
name_len = len(name) == 0
names = Users.query.add_columns('name', 'id').filter_by(name=name).first()
emails = Users.query.add_columns('email', 'id').filter_by(email=email_address).first()
pass_short = len(password) == 0
pass_long = len(password) > 128
valid_email = validators.validate_email(request.form['email'])
team_name_email_check = validators.validate_email(name)
local_id, _, domain = email_address.partition('@')
domain_whitelist = get_config('domain_whitelist')
if not valid_email:
errors.append("Пожалуйста, введите действующий адрес электронной почты")
if domain_whitelist:
domain_whitelist = [d.strip() for d in domain_whitelist.split(',')]
if domain not in domain_whitelist:
errors.append(
"Only email addresses under {domains} may register".format(
domains=', '.join(domain_whitelist))
)
if names:
errors.append('Это название команды уже занято')
if team_name_email_check is True:
errors.append('Название команды не может быть адресом электронной почты')
if emails:
errors.append('Эта почта уже используется')
if pass_short:
errors.append('Выберите пароль подлиннее')
if pass_long:
errors.append('Выберите пароль покороче')
if name_len:
errors.append('Выберите более длинное название команды')
if len(errors) > 0:
return render_template(
'register.html',
errors=errors,
name=request.form['name'],
email=request.form['email'],
password=request.form['password']
)
else:
with app.app_context():
user = Users(
name=name.strip(),
email=email_address.lower(),
password=password.strip()
)
db.session.add(user)
db.session.commit()
db.session.flush()
login_user(user)
if config.can_send_mail() and get_config('verify_emails'): # Confirming users is enabled and we can send email.
log('registrations', format="[{date}] {ip} - {name} registered (UNCONFIRMED) with {email}")
email.verify_email_address(user.email)
db.session.close()
return redirect(url_for('auth.confirm'))
else: # Don't care about confirming users
if config.can_send_mail(): # We want to notify the user that they have registered.
email.sendmail(
request.form['email'],
"You've successfully registered for {}".format(get_config('ctf_name'))
)
log('registrations', "[{date}] {ip} - {name} registered with {email}")
db.session.close()
return redirect(url_for('challenges.listing'))
else:
return render_template('register.html', errors=errors)
def register():
errors = get_errors()
if request.method == 'POST':
name = request.form['name']
email_address = request.form['email']
password = request.form['password']
name_len = len(name) == 0
names = Users.query.add_columns('name', 'id').filter_by(name=name).first()
emails = Users.query.add_columns('email', 'id').filter_by(email=email_address).first()
pass_short = len(password) == 0
pass_long = len(password) > 128
valid_email = validators.validate_email(request.form['email'])
team_name_email_check = validators.validate_email(name)
#accepted_rules = request.form.get("accept")
local_id, _, domain = email_address.partition('@')
domain_whitelist = get_config('domain_whitelist')
if not valid_email:
errors.append("Veuillez entrer un courriel valide")
if domain_whitelist:
domain_whitelist = [d.strip() for d in domain_whitelist.split(',')]
if domain not in domain_whitelist:
errors.append(
"Seuls les addresses sous {domains} peuvent s'enregistrer".format(
domains=', '.join(domain_whitelist))
)
if names:
errors.append('Ce nom d\'équipe est pris')
if team_name_email_check is True:
errors.append('Votre nom d\'équipe ne peut être une addresse courriel')
if emails:
errors.append('Cette addresse courriel est déjà utilisée')
if pass_short:
errors.append('Votre mot de passe est trop petit')
if pass_long:
errors.append('Votre mot de passe est trop long')
if name_len:
errors.append('Votre nom d\'équipe est trop petit')
#if not accepted_rules:
# errors.append("Vous devez lire et accepter le règlement & code de conduite")
if len(errors) > 0:
return render_template(
'register.html',
errors=errors,
name=request.form['name'],
email=request.form['email'],
password=request.form['password']
)
else:
with app.app_context():
user = Users(
name=name.strip(),
email=email_address.lower(),
password=password.strip()
)
db.session.add(user)
db.session.commit()
db.session.flush()
login_user(user)
if config.can_send_mail() and get_config('verify_emails'): # Confirming users is enabled and we can send email.
log('registrations', format="[{date}] {ip} - {name} registered (UNCONFIRMED) with {email}")
email.verify_email_address(user.email)
db.session.close()
return redirect(url_for('auth.confirm'))
else: # Don't care about confirming users
if config.can_send_mail(): # We want to notify the user that they have registered.
email.sendmail(
request.form['email'],
"You've successfully registered for {}".format(get_config('ctf_name'))
)
log('registrations', "[{date}] {ip} - {name} registered with {email}")
db.session.close()
return redirect(url_for('challenges.listing'))
else:
return render_template('register.html', errors=errors)
