def send_email(recipient, subject, body):
data = {
"from": Config.get("mailgun_email"),
"subject": subject,
"html": body
}
data["to" if type(recipient) == str else "bcc"] = recipient
auth = ("api", Config.get("mailgun_apikey"))
return requests.post("{}/messages".format(Config.get("mailgun_domain")),
auth=auth, data=data)
def send_verification_email(username, email, link):
ctf_name = Config.get("ctf_name")
subject = "[ACTION REQUIRED] Email Verification - {}".format(ctf_name)
body = string.Template(Config.get("email_body")).substitute(
ctf_name=ctf_name,
link=link,
username=username,
)
response = send_email(email, subject, body)
if response.status_code != 200:
raise Exception("Failed: {}".format(response.text))
response = response.json()
if "Queued" in response["message"]:
return True
else:
raise Exception(response["message"])
def wrapper(*args, **kwargs):
start_time = Config.get("start_time")
if not start_time or not (
current_user.is_authenticated and current_user.admin) and \
datetime.now() < datetime.fromtimestamp(int(start_time)):
abort(403)
return f(*args, **kwargs)
def wrapper(*args, **kwargs):
end_time = Config.get("end_time")
if not end_time or not (
current_user.is_authenticated and current_user.admin) \
and datetime.now() > datetime.fromtimestamp(
int(end_time)):
abort(403)
return f(*args, **kwargs)
def settings():
settings_form = SettingsForm()
read_only(settings_form.public_key)
if settings_form.validate_on_submit():
pairs = dict()
for field in settings_form:
if field.short_name in ["csrf_token", "public_key", "submit"]:
continue
data = field.data
if type(data) == bool:
data = int(data)
pairs[field.short_name] = data
Config.set_many(pairs)
cache.delete_memoized(get_ctf_name)
cache.delete_memoized(get_allow_registrations)
cache.delete_memoized(get_require_email_verification)
flash("Settings saved!", "success")
return redirect(url_for("admin.settings"))
else:
keys = []
for field in settings_form:
if field.short_name == "csrf_token":
continue
if field.short_name == "public_key":
private_key, public_key = Config.get_ssh_keys()
field.data = public_key
else:
keys.append(field.short_name)
pairs = Config.get_many(keys)
for field in settings_form:
if field.short_name in ["csrf_token", "public_key"]:
continue
data = pairs.get(field.short_name)
if field.short_name in [
"allow_registrations", "require_email_verification"
]:
field.data = int(data)
elif field.short_name in ["start_time", "end_time"] and data:
field.data = datetime.strptime(data, "%Y-%m-%d %H:%M:%S")
else:
field.data = data
return render_template("admin/settings.j2", settings_form=settings_form)
def setup():
if setup_complete():
return abort(404)
if Config.get("setup_verification") is None:
# generate setup verification token
generate_verification_token()
setup_form = SetupForm()
setup_form.admin_user.data = "root"
if setup_form.validate_on_submit():
form_fields = ["ctf_name", "team_size", "admin_email"]
to_update = dict()
for field in setup_form:
if field.short_name in form_fields:
to_update[field.short_name] = field.data
admin_user = register_user("Administrator",
setup_form.admin_email.data,
"root",
setup_form.password.data,
0,
admin=True,
send_email=False)
login_user(admin_user, remember=True)
to_update.update(admin_uid=admin_user.id)
to_update.update(allow_registrations=0)
to_update.update(require_email_verification=0)
to_update.update(setup_complete=1)
now = datetime.now()
to_update.update(
start_time=(now +
timedelta(hours=1)).strftime("%Y-%m-%d %H:%M:%S"))
to_update.update(
end_time=(now + timedelta(hours=5)).strftime("%Y-%m-%d %H:%M:%S"))
Config.set_many(to_update)
cache.delete_memoized(get_ctf_name)
cache.delete_memoized(setup_complete)
return redirect(url_for("base.index"))
return render_template("base/setup.j2", setup_form=setup_form)
def get_ctf_name():
return _Config.get("ctf_name", "OpenCTF")
def setup_complete():
value = _Config.get("setup_complete")
return bool(value)
def generate_verification_token():
token = random_string()
sys.stdout.write("Your CTF verification token is: {}\n".format(token))
sys.stdout.flush()
_Config.set("setup_verification", value=token)
def get_allow_registrations():
value = _Config.get("allow_registrations", 0)
return bool(int(value))
def get_require_email_verification():
value = _Config.get("require_email_verification", 0)
return bool(int(value))
def validate_verification(self, field):
code = Config.get("setup_verification")
if code is None or code != field.data:
raise ValidationError("Verification failed.")