def reset_password(data=None):
if data is not None and request.method == "GET":
return render_template("reset_password.html", mode="set")
if data is not None and request.method == "POST":
try:
s = TimedSerializer(app.config["SECRET_KEY"])
name = s.loads(data.decode("base64"), max_age=1800)
except BadTimeSignature:
return render_template("reset_password.html", errors=["Your link has expired"])
team = Teams.query.filter_by(name=name).first()
team.password = bcrypt_sha256.encrypt(request.form["password"].strip())
db.session.commit()
db.session.close()
return redirect(url_for("auth.login"))
if request.method == "POST":
email = request.form["email"].strip()
team = Teams.query.filter_by(email=email).first()
if not team:
return render_template("reset_password.html", errors=["Check your email"])
s = TimedSerializer(app.config["SECRET_KEY"])
token = s.dumps(team.name)
text = """
Did you initiate a password reset?
{0}/reset_password/{1}
""".format(
url_for("auth.reset_password", _external=True), token.encode("base64")
)
sendmail(email, text)
return render_template("reset_password.html", errors=["Check your email"])
return render_template("reset_password.html")
def reset_password(data=None):
if data is not None and request.method == "GET":
return render_template('reset_password.html', mode='set')
if data is not None and request.method == "POST":
try:
s = TimedSerializer(app.config['SECRET_KEY'])
name = s.loads(urllib.unquote_plus(data.decode('base64')), max_age=1800)
except BadTimeSignature:
return render_template('reset_password.html', errors=['Your link has expired'])
except:
return render_template('reset_password.html', errors=['Your link appears broken, please try again.'])
team = Teams.query.filter_by(name=name).first_or_404()
team.password = bcrypt_sha256.encrypt(request.form['password'].strip())
db.session.commit()
db.session.close()
return redirect(url_for('auth.login'))
if request.method == 'POST':
email = request.form['email'].strip()
team = Teams.query.filter_by(email=email).first()
if not team:
return render_template('reset_password.html', errors=['If that account exists you will receive an email, please check your inbox'])
s = TimedSerializer(app.config['SECRET_KEY'])
token = s.dumps(team.name)
text = """
Did you initiate a password reset?
{0}/{1}
""".format(url_for('auth.reset_password', _external=True), urllib.quote_plus(token.encode('base64')))
utils.sendmail(email, text)
return render_template('reset_password.html', errors=['If that account exists you will receive an email, please check your inbox'])
return render_template('reset_password.html')
def reset_password(data=None):
if data is not None and request.method == "GET":
return render_template('reset_password.html', mode='set')
if data is not None and request.method == "POST":
try:
s = TimedSerializer(app.config['SECRET_KEY'])
name = s.loads(data.decode('base64'), max_age=1800)
except BadTimeSignature:
return render_template('reset_password.html', errors=['Your link has expired'])
team = Teams.query.filter_by(name=name).first()
team.password = bcrypt_sha256.encrypt(request.form['password'].strip())
db.session.commit()
db.session.close()
return redirect(url_for('auth.login'))
if request.method == 'POST':
email = request.form['email'].strip()
team = Teams.query.filter_by(email=email).first()
if not team:
return render_template('reset_password.html', errors=['Check your email'])
s = TimedSerializer(app.config['SECRET_KEY'])
token = s.dumps(team.name)
text = """
Did you initiate a password reset?
{0}/reset_password/{1}
""".format(app.config['HOST'], token.encode('base64'))
sendmail(email, text)
return render_template('reset_password.html', errors=['Check your email'])
return render_template('reset_password.html')
def register():
if not can_register():
return redirect(url_for('auth.login'))
if request.method == 'POST':
errors = []
name = request.form['name']
email = request.form['email']
schoolCode = request.form['schoolCode']
password = request.form['password']
name_len = len(name) == 0
names = Teams.query.add_columns('name', 'id').filter_by(name=name).first()
emails = Teams.query.add_columns('email', 'id').filter_by(email=email).first()
pass_short = len(password) == 0
pass_long = len(password) > 128
valid_email = re.match("[^@]+@[^@]+\.[^@]+", request.form['email'])
if not valid_email:
errors.append("That email doesn't look right")
if names:
errors.append('That team name is already taken')
if emails:
errors.append('That email has already been used')
if pass_short:
errors.append('Pick a longer password')
if pass_long:
errors.append('Pick a shorter password')
if name_len:
errors.append('Pick a longer team name')
if len(errors) > 0:
return render_template('register.html', errors=errors, name=request.form['name'], email=request.form['email'], schoolCode=request.form['schoolCode'], password=request.form['password'])
else:
with app.app_context():
team = Teams(name, email.lower(), schoolCode, password)
db.session.add(team)
db.session.commit()
db.session.flush()
session['username'] = team.name
session['id'] = team.id
session['admin'] = team.admin
session['nonce'] = sha512(os.urandom(10))
if mailserver() and get_config('verify_emails'):
verify_email(team.email)
else:
if mailserver():
sendmail(request.form['email'], "You've successfully registered for {}".format(get_config('ctf_name')))
db.session.close()
logger = logging.getLogger('regs')
logger.warn("[{0}] {1} registered with {2}".format(time.strftime("%m/%d/%Y %X"), request.form['name'].encode('utf-8'), request.form['email'].encode('utf-8')))
return redirect(url_for('challenges.challenges_view'))
else:
return render_template('register.html')
def email_user(teamid):
message = request.form.get('msg', None)
team = Teams.query.filter(Teams.id == teamid).first()
if message and team:
if sendmail(team.email, message):
return "1"
return "0"
def register():
if not can_register():
return redirect('/login')
if request.method == 'POST':
errors = []
name = request.form['name']
email = request.form['email']
password = request.form['password']
name_len = len(name) == 0
names = Teams.query.add_columns('name', 'id').filter_by(name=name).first()
emails = Teams.query.add_columns('email', 'id').filter_by(email=email).first()
pass_short = len(password) == 0
pass_long = len(password) > 128
valid_email = re.match("[^@]+@[^@]+\.[^@]+", request.form['email'])
if not valid_email:
errors.append("That email doesn't look right")
if names:
errors.append('That team name is already taken')
if emails:
errors.append('That email has already been used')
if pass_short:
errors.append('Pick a longer password')
if pass_long:
errors.append('Pick a shorter password')
if name_len:
errors.append('Pick a longer team name')
if len(errors) > 0:
return render_template('register.html', errors=errors, name=request.form['name'], email=request.form['email'], password=request.form['password'])
else:
with app.app_context():
team = Teams(name, email, password)
db.session.add(team)
db.session.commit()
if mailserver():
sendmail(request.form['email'], "You've successfully registered for the CTF")
db.session.close()
logger = logging.getLogger('regs')
logger.warn("[{0}] {1} registered with {2}".format(time.strftime("%m/%d/%Y %X"), request.form['name'].encode('utf-8'), request.form['email'].encode('utf-8')))
return redirect('/login')
else:
return render_template('register.html')
def test_sendmail_with_smtp(mock_smtp):
"""Does sendmail work properly with simple SMTP mail servers"""
from email.mime.text import MIMEText
app = create_ctfd()
with app.app_context():
set_config('mail_server', 'localhost')
set_config('mail_port', 25)
set_config('mail_username', 'username')
set_config('mail_password', 'password')
from_addr = get_config('mailfrom_addr') or app.config.get('MAILFROM_ADDR')
to_addr = '*****@*****.**'
msg = 'this is a test'
sendmail(to_addr, msg)
ctf_name = get_config('ctf_name')
email_msg = MIMEText(msg)
email_msg['Subject'] = "Message from {0}".format(ctf_name)
email_msg['From'] = from_addr
email_msg['To'] = to_addr
mock_smtp.return_value.sendmail.assert_called_once_with(from_addr, [to_addr], email_msg.as_string())
def register():
logger = logging.getLogger('regs')
if not utils.can_register():
return redirect(url_for('auth.login'))
if request.method == 'POST':
errors = []
name = request.form['name']
email = request.form['email']
password = request.form['password']
name_len = len(name) == 0
names = Teams.query.add_columns('name',
'id').filter_by(name=name).first()
emails = Teams.query.add_columns('email',
'id').filter_by(email=email).first()
pass_short = len(password) == 0
pass_long = len(password) > 128
valid_email = utils.check_email_format(request.form['email'])
team_name_email_check = utils.check_email_format(name)
if not valid_email:
errors.append(get_tip('INVIDE_EMAIL'))
if names:
errors.append(get_tip('TEAM_EXIST'))
if team_name_email_check is True:
errors.append(get_tip('EMAIL_NOT_TEAM'))
if emails:
errors.append(get_tip('EMAIL_HAVE_USE'))
if pass_short:
errors.append(get_tip('TOO_SHORT_PASS'))
if pass_long:
errors.append(get_tip('TOO_LONG_PASS'))
if name_len:
errors.append(get_tip('TOO_SHORT_TEAM'))
if len(errors) > 0:
return render_template('register.html',
errors=errors,
name=request.form['name'],
email=request.form['email'],
password=request.form['password'])
else:
with app.app_context():
token = os.urandom(16).encode('hex')
team = Teams(name, email.lower(), password, token.lower())
db.session.add(team)
db.session.commit()
db.session.flush()
session['username'] = team.name
session['id'] = team.id
session['admin'] = team.admin
session['nonce'] = utils.sha512(os.urandom(10))
if utils.can_send_mail() and utils.get_config(
'verify_emails'
): # Confirming users is enabled and we can send email.
logger = logging.getLogger('regs')
logger.warn(
get_tip('USER_REG_WARN').format(
date=time.strftime("%m/%d/%Y %X"),
ip=utils.get_ip(),
username=request.form['name'].encode('utf-8'),
email=request.form['email'].encode('utf-8')))
utils.verify_email(team.email)
db.session.close()
return redirect(url_for('auth.confirm_user'))
else: # Don't care about confirming users
if utils.can_send_mail(
): # We want to notify the user that they have registered.
utils.sendmail(
request.form['email'],
get_tip('USER_REG_SUCCESS').format(
utils.get_config('ctf_name')))
logger.warn(
get_tip('USER_REGISTRED').format(
date=time.strftime("%m/%d/%Y %X"),
ip=utils.get_ip(),
username=request.form['name'].encode('utf-8'),
email=request.form['email'].encode('utf-8')))
db.session.close()
return redirect(url_for('challenges.challenges_view'))
else:
return render_template('register.html')
def reset_password(data=None):
if data is not None and request.method == "GET":
return render_template('reset_password.html', mode='set')
if data is not None and request.method == "POST":
try:
s = TimedSerializer(app.config['SECRET_KEY'])
name = s.loads(urllib.unquote_plus(data.decode('base64')),
max_age=1800)
except BadTimeSignature:
return render_template('reset_password.html',
errors=['Your link has expired'])
except:
return render_template(
'reset_password.html',
errors=['Your link appears broken, please try again.'])
if not request.form.get('password'):
return render_template('reset_password.html',
mode='set',
errors=['Pick a longer password'])
elif len(request.form['password']) > 128:
return render_template('reset_password.html',
mode='set',
errors=['Pick a shorter password'])
elif request.form['password'] != request.form.get('password-confirm'):
return render_template('reset_password.html',
mode='set',
errors=["These passwords don't match"])
team = Teams.query.filter_by(name=name).first_or_404()
team.password = bcrypt_sha256.encrypt(request.form['password'].strip())
db.session.commit()
db.session.close()
return redirect(url_for('auth.login'))
if request.method == 'POST':
email = request.form['email'].strip()
team = Teams.query.filter_by(email=email).first()
if not team:
return render_template(
'reset_password.html',
errors=[
'If that account exists you will receive an email, please check your inbox'
])
s = TimedSerializer(app.config['SECRET_KEY'])
token = s.dumps(team.name)
text = """
Did you initiate a password reset?
{0}/{1}
""".format(url_for('auth.reset_password', _external=True),
urllib.quote_plus(token.encode('base64')))
sendmail(email, text)
return render_template(
'reset_password.html',
errors=[
'If that account exists you will receive an email, please check your inbox'
])
return render_template('reset_password.html')
def register():
if not can_register():
return redirect(url_for('auth.login'))
if request.method == 'POST':
errors = []
name = request.form.get('name', '')
email = request.form.get('email', '')
password = request.form.get('password', '')
password_confirm = request.form.get('password-confirm', '')
website = request.form.get('website', '')
affiliation = request.form.get('affiliation', '')
country = request.form.get('country', '')
if not name:
errors.append('Pick a longer team name')
else:
names = Teams.query.filter_by(name=name).first()
if names:
errors.append('That team name is already taken')
if not email:
errors.append('Pick a longer email')
elif not re.match(
r"(^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$)", email):
errors.append("That email doesn't look right")
else:
emails = Teams.query.filter_by(email=email).first()
if emails:
errors.append('That email has already been used')
if not password:
errors.append('Pick a longer password')
password = password_confirm = ''
elif len(password) > 128:
errors.append('Pick a shorter password')
password = password_confirm = ''
elif password != password_confirm:
errors.append("These passwords don't match")
password = password_confirm = ''
if website.strip() and not validate_url(website):
errors.append("That doesn't look like a valid URL")
if country not in countries.keys:
errors.append('Invalid country')
if len(errors) > 0:
return render_template('register.html',
errors=errors,
name=name,
email=email,
password=password,
password_confirm=password_confirm,
website=website,
affiliation=affiliation,
country=country,
countries=countries)
else:
with app.app_context():
team = Teams(name, email.lower(), password, website,
affiliation, country)
db.session.add(team)
db.session.commit()
db.session.flush()
session['username'] = team.name
session['id'] = team.id
session['admin'] = team.admin
session['nonce'] = sha512(os.urandom(10))
if can_send_mail() and get_config(
'verify_emails'
): # Confirming users is enabled and we can send email.
db.session.close()
logger = logging.getLogger('regs')
logger.warn(
"[{0}] {1} registered (UNCONFIRMED) with {2}".format(
time.strftime("%m/%d/%Y %X"),
request.form['name'].encode('utf-8'),
request.form['email'].encode('utf-8')))
return redirect(url_for('auth.confirm_user'))
else: # Don't care about confirming users
if can_send_mail(
): # We want to notify the user that they have registered.
sendmail(
request.form['email'],
"You've successfully registered for {}".format(
get_config('ctf_name')))
db.session.close()
logger = logging.getLogger('regs')
logger.warn("[{0}] {1} registered with {2}".format(
time.strftime("%m/%d/%Y %X"), request.form['name'].encode('utf-8'),
request.form['email'].encode('utf-8')))
return redirect(url_for('challenges.challenges_view'))
else:
return render_template(
'register.html',
country='wo', # default: Multiple Countries
countries=countries)
def register():
logger = logging.getLogger('regs')
if not utils.can_register():
return redirect(url_for('auth.login'))
if request.method == 'POST':
errors = []
name = request.form['name']
email = request.form['email']
password = request.form['password']
name_len = len(name) == 0
names = Teams.query.add_columns(
'name', 'id').filter_by(name=name).first()
emails = Teams.query.add_columns(
'email', 'id').filter_by(email=email).first()
pass_short = len(password) == 0
pass_long = len(password) > 128
valid_email = utils.check_email_format(request.form['email'])
team_name_email_check = utils.check_email_format(name)
if not valid_email:
errors.append("Please enter a valid email address")
if names:
errors.append('That team name is already taken')
if team_name_email_check is True:
errors.append('Your team name cannot be an email address')
if emails:
errors.append('That email has already been used')
if pass_short:
errors.append('Pick a longer password')
if pass_long:
errors.append('Pick a shorter password')
if name_len:
errors.append('Pick a longer team name')
if len(errors) > 0:
return render_template('register.html', errors=errors, name=request.form['name'], email=request.form['email'], password=request.form['password'])
else:
with app.app_context():
team = Teams(name, email.lower(), password)
db.session.add(team)
db.session.commit()
db.session.flush()
session['username'] = team.name
session['id'] = team.id
session['admin'] = team.admin
session['nonce'] = utils.sha512(os.urandom(10))
# Confirming users is enabled and we can send email.
if utils.can_send_mail() and utils.get_config('verify_emails'):
logger = logging.getLogger('regs')
logger.warn("[{date}] {ip} - {username} registered (UNCONFIRMED) with {email}".format(
date=time.strftime("%m/%d/%Y %X"),
ip=utils.get_ip(),
username=request.form['name'].encode('utf-8'),
email=request.form['email'].encode('utf-8')
))
utils.verify_email(team.email)
db.session.close()
return redirect(url_for('auth.confirm_user'))
else: # Don't care about confirming users
if utils.can_send_mail(): # We want to notify the user that they have registered.
utils.sendmail(request.form['email'], "You've successfully registered for {}".format(
utils.get_config('ctf_name')))
logger.warn("[{date}] {ip} - {username} registered with {email}".format(
date=time.strftime("%m/%d/%Y %X"),
ip=utils.get_ip(),
username=request.form['name'].encode('utf-8'),
email=request.form['email'].encode('utf-8')
))
db.session.close()
return redirect(url_for('challenges.challenges_view'))
else:
return render_template('register.html')
def register():
if not can_register():
return redirect(url_for('auth.login', _external=True))
if request.method == 'POST':
errors = []
name = request.form['name']
email = request.form['email']
password = request.form['password']
name_len = len(name) == 0
names = Teams.query.add_columns('name',
'id').filter_by(name=name).first()
emails = Teams.query.add_columns('email',
'id').filter_by(email=email).first()
pass_short = len(password) == 0
pass_long = len(password) > 128
valid_email = re.match("[^@]+@[^@]+\.[^@]+", request.form['email'])
if not valid_email:
errors.append("That email doesn't look right")
if names:
errors.append('That team name is already taken')
if emails:
errors.append('That email has already been used')
if pass_short:
errors.append('Pick a longer password')
if pass_long:
errors.append('Pick a shorter password')
if name_len:
errors.append('Pick a longer team name')
if len(errors) > 0:
return render_template('register.html',
errors=errors,
name=request.form['name'],
email=request.form['email'],
password=request.form['password'])
else:
with app.app_context():
team = Teams(name, email.lower(), password)
db.session.add(team)
db.session.commit()
db.session.flush()
session['username'] = team.name
session['id'] = team.id
session['admin'] = team.admin
session['nonce'] = sha512(os.urandom(10))
if can_send_mail() and get_config('verify_emails'):
verify_email(team.email)
else:
if can_send_mail():
sendmail(
request.form['email'],
"You've successfully registered for {}".format(
get_config('ctf_name')))
db.session.close()
logger = logging.getLogger('regs')
logger.warn("[{0}] {1} registered with {2}".format(
time.strftime("%m/%d/%Y %X"), request.form['name'].encode('utf-8'),
request.form['email'].encode('utf-8')))
return redirect(url_for('challenges.challenges_view', _external=True))
else:
return render_template('register.html')
def register():
if not utils.can_register():
return redirect(url_for('auth.login'))
if request.method == 'POST':
errors = []
name = request.form['name']
email = request.form['email']
password = request.form['password']
name_len = len(name) == 0
names = Teams.query.add_columns('name', 'id').filter_by(name=name).first()
emails = Teams.query.add_columns('email', 'id').filter_by(email=email).first()
pass_short = len(password) == 0
pass_long = len(password) > 128
valid_email = re.match(r"(^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$)", request.form['email'])
if not valid_email:
errors.append("That email doesn't look right")
if names:
errors.append('That team name is already taken')
if emails:
errors.append('That email has already been used')
if pass_short:
errors.append('Pick a longer password')
if pass_long:
errors.append('Pick a shorter password')
if name_len:
errors.append('Pick a longer team name')
if len(errors) > 0:
return render_template('register.html', errors=errors, name=request.form['name'], email=request.form['email'], password=request.form['password'])
else:
with app.app_context():
team = Teams(name, email.lower(), password)
db.session.add(team)
db.session.commit()
db.session.flush()
session['username'] = team.name
session['id'] = team.id
session['admin'] = team.admin
session['nonce'] = utils.sha512(os.urandom(10))
if utils.can_send_mail() and utils.get_config('verify_emails'): # Confirming users is enabled and we can send email.
db.session.close()
logger = logging.getLogger('regs')
logger.warn("[{0}] {1} registered (UNCONFIRMED) with {2}".format(time.strftime("%m/%d/%Y %X"),
request.form['name'].encode('utf-8'),
request.form['email'].encode('utf-8')))
utils.verify_email(team.email)
return redirect(url_for('auth.confirm_user'))
else: # Don't care about confirming users
if utils.can_send_mail(): # We want to notify the user that they have registered.
utils.sendmail(request.form['email'], "You've successfully registered for {}".format(utils.get_config('ctf_name')))
db.session.close()
logger = logging.getLogger('regs')
logger.warn("[{0}] {1} registered with {2}".format(time.strftime("%m/%d/%Y %X"), request.form['name'].encode('utf-8'), request.form['email'].encode('utf-8')))
return redirect(url_for('challenges.challenges_view'))
else:
return render_template('register.html')
def reset_password(data=None):
logger = logging.getLogger('logins')
if data is not None and request.method == "GET":
return render_template('reset_password.html', mode='set')
if data is not None and request.method == "POST":
try:
s = TimedSerializer(app.config['SECRET_KEY'])
name = s.loads(utils.base64decode(data, urldecode=True),
max_age=1800)
except BadTimeSignature:
return render_template('reset_password.html',
errors=['Your link has expired'])
except:
return render_template(
'reset_password.html',
errors=['Your link appears broken, please try again'])
team = Teams.query.filter_by(name=name).first_or_404()
team.password = bcrypt_sha256.encrypt(request.form['password'].strip())
db.session.commit()
logger.warn(
"[{date}] {ip} - successful password reset for {username}".format(
date=time.strftime("%m/%d/%Y %X"),
ip=utils.get_ip(),
username=team.name.encode('utf-8')))
db.session.close()
return redirect(url_for('auth.login'))
if request.method == 'POST':
email = request.form['email'].strip()
team = Teams.query.filter_by(email=email).first()
errors = []
if utils.can_send_mail() is False:
return render_template(
'reset_password.html',
errors=[
'Email could not be sent due to server misconfiguration'
])
if not team:
return render_template(
'reset_password.html',
errors=[
'If that account exists you will receive an email, please check your inbox'
])
s = TimedSerializer(app.config['SECRET_KEY'])
token = s.dumps(team.name)
text = """
Did you initiate a password reset?
{0}/{1}
""".format(url_for('auth.reset_password', _external=True),
utils.base64encode(token, urlencode=True))
utils.sendmail(email, text)
return render_template(
'reset_password.html',
errors=[
'If that account exists you will receive an email, please check your inbox'
])
return render_template('reset_password.html')
def reset_password(data=None):
if data is not None and request.method == "GET":
return render_template('reset_password.html', mode='set')
if data is not None and request.method == "POST":
try:
s = TimedSerializer(app.config['SECRET_KEY'])
name = s.loads(urllib.unquote_plus(data.decode('base64')),
max_age=1800)
except BadTimeSignature:
return render_template('reset_password.html',
errors=['Your link has expired'])
except:
return render_template(
'reset_password.html',
errors=['Your link appears broken, please try again.'])
team = Teams.query.filter_by(name=name).first_or_404()
password = request.form['password'].strip()
name = team.name
pass_short = len(password) == 0
pass_long = len(password) > 32
#http://stackoverflow.com/questions/19605150/regex-for-password-must-be-contain-at-least-8-characters-least-1-number-and-bot
errors = []
if pass_short:
errors.append('Pick a longer password')
if pass_long:
errors.append('Pick a shorter password')
if len(errors) > 0:
return render_template('reset_password.html', errors=errors)
shell = xmlrpclib.ServerProxy('http://localhost:8000',
allow_none=True)
shell.change_user(name, password)
team.password = bcrypt_sha256.encrypt(password)
db.session.commit()
db.session.close()
return redirect(url_for('auth.login'))
if request.method == 'POST':
email = request.form['email'].strip()
team = Teams.query.filter_by(email=email).first()
if not team:
return render_template(
'reset_password.html',
errors=[
'If that account exists you will receive an email, please check your inbox'
])
s = TimedSerializer(app.config['SECRET_KEY'])
token = s.dumps(team.name)
text = """
Did you initiate a password reset?
{0}/{1}
""".format(url_for('auth.reset_password', _external=True),
urllib.quote_plus(token.encode('base64')))
sendmail(email, text)
return render_template(
'reset_password.html',
errors=[
'If that account exists you will receive an email, please check your inbox'
])
return render_template('reset_password.html')
def register():
if not utils.can_register():
return redirect(url_for('auth.login'))
if request.method == 'POST':
errors = []
name = request.form['name']
email = request.form['email']
password = request.form['password']
name_len = len(name) == 0
names = Teams.query.add_columns('name',
'id').filter_by(name=name).first()
emails = Teams.query.add_columns('email',
'id').filter_by(email=email).first()
pass_short = len(password) == 0
pass_long = len(password) > 128
valid_email = re.match(
r"(^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$)",
request.form['email'])
if not valid_email:
errors.append("That email doesn't look right")
if names:
errors.append('That team name is already taken')
if emails:
errors.append('That email has already been used')
if pass_short:
errors.append('Pick a longer password')
if pass_long:
errors.append('Pick a shorter password')
if name_len:
errors.append('Pick a longer team name')
if len(errors) > 0:
return render_template('register.html',
errors=errors,
name=request.form['name'],
email=request.form['email'],
password=request.form['password'])
else:
with app.app_context():
team = Teams(name, email.lower(), password)
db.session.add(team)
db.session.commit()
db.session.flush()
session['username'] = team.name
session['id'] = team.id
session['admin'] = team.admin
session['nonce'] = utils.sha512(os.urandom(10))
if utils.can_send_mail() and utils.get_config(
'verify_emails'
): # Confirming users is enabled and we can send email.
db.session.close()
logger = logging.getLogger('regs')
logger.warn(
"[{0}] {1} registered (UNCONFIRMED) with {2}".format(
time.strftime("%m/%d/%Y %X"),
request.form['name'].encode('utf-8'),
request.form['email'].encode('utf-8')))
return redirect(url_for('auth.confirm_user'))
else: # Don't care about confirming users
if utils.can_send_mail(
): # We want to notify the user that they have registered.
utils.sendmail(
request.form['email'],
"You've successfully registered for {}".format(
utils.get_config('ctf_name')))
db.session.close()
logger = logging.getLogger('regs')
logger.warn("[{0}] {1} registered with {2}".format(
time.strftime("%m/%d/%Y %X"), request.form['name'].encode('utf-8'),
request.form['email'].encode('utf-8')))
return redirect(url_for('challenges.challenges_view'))
else:
return render_template('register.html')
def register():
if not can_register():
return redirect(url_for("auth.login"))
if request.method == "POST":
errors = []
name = request.form["name"]
email = request.form["email"]
password = request.form["password"]
bracket = request.form["bracket"]
country = request.form["country"]
affiliation = request.form["affiliation"]
name_len = len(name) == 0
names = Teams.query.add_columns("name", "id").filter_by(name=name).first()
emails = Teams.query.add_columns("email", "id").filter_by(email=email).first()
pass_short = len(password) == 0
pass_long = len(password) > 128
valid_email = re.match("[^@]+@[^@]+\.[^@]+", request.form["email"])
bracket_exists = bracket in brackets
country_exists = country in countries
print country_exists
print country
if not valid_email:
errors.append("That email doesn't look right")
if names:
errors.append("That team name is already taken")
if emails:
errors.append("That email has already been used")
if pass_short:
errors.append("Pick a longer password")
if pass_long:
errors.append("Pick a shorter password")
if name_len:
errors.append("Pick a longer team name")
if not bracket_exists:
errors.append("Please select a valid bracket")
if not country_exists:
errors.append("Please select a valid country")
if len(errors) > 0:
return render_template(
"register.html",
errors=errors,
name=request.form["name"],
email=request.form["email"],
password=request.form["password"],
brackets=brackets,
countries=countries,
)
else:
with app.app_context():
team = Teams(name, email.lower(), password, bracket, country, affiliation)
db.session.add(team)
db.session.commit()
db.session.flush()
session["username"] = team.name
session["id"] = team.id
session["admin"] = team.admin
session["nonce"] = sha512(os.urandom(10))
if mailserver() and get_config("verify_emails"):
verify_email(team.email)
else:
if mailserver():
sendmail(
request.form["email"],
"You've successfully registered for {}".format(get_config("ctf_name")),
)
db.session.close()
logger = logging.getLogger("regs")
logger.warn(
"[{0}] {1} registered with {2}".format(
time.strftime("%m/%d/%Y %X"),
request.form["name"].encode("utf-8"),
request.form["email"].encode("utf-8"),
)
)
return redirect(url_for("challenges.challenges_view"))
else:
return render_template("register.html", brackets=brackets, countries=countries)
def view_admin_announcements():
msg = ''
msg_type = ''
if (request.form.get('action', '') == 'hide' or request.form.get(
'action', '') == 'show') and request.form.get('id', '') != '':
action = request.form['action']
id = int(request.form['id'])
announcements_obj = Announcements.query.get(id)
if announcements_obj:
if action == 'hide':
announcements_obj.hidden = True
elif action == 'show':
announcements_obj.hidden = False
db.session.commit()
elif request.form.get(
'action', '') == 'delete' and request.form.get('id', '') != '':
action = request.form['action']
id = int(request.form['id'])
announcements_obj = Announcements.query.get(id)
db.session.delete(announcements_obj)
db.session.commit()
msg = 'Message deleted.'
msg_type = 'info'
elif request.form.get('action', '') == 'add' and request.form.get(
'headline', '') != '' and request.form.get('body', '') != '':
if request.form.get('hidden', '') == 'on':
hidden = True
else:
hidden = False
announcements_obj = Announcements(
headline=request.form['headline'],
hidden=hidden,
body=request.form['body'],
date=datetime.datetime.now())
db.session.add(announcements_obj)
db.session.commit()
# send e-mail
if request.form.get('emailnotification', '') == 'on':
# get team emails
teams = Teams.query.filter_by()
body = request.form['headline'] + "\n\n" + request.form['body']
# send mails to all teams
if utils.can_send_mail():
for team in teams:
utils.sendmail(team.email, body)
msg += 'E-Mails sent.\n'
else:
msg += 'Can\'t send e-mails. Please check your configuration.\n'
msg += 'Message added.'
msg_type = 'info'
elif request.form.get('action', '') == 'update' and request.form.get(
'headline', '') != '' and request.form.get(
'body', '') != '' and request.form.get('id', '') != '':
if request.form.get('hidden', '') == 'on':
hidden = True
else:
hidden = False
if request.form.get('updateDate', '') == 'on':
update_date = True
else:
update_date = False
id = int(request.form['id'])
announcements_obj = Announcements.query.get(id)
if announcements_obj:
announcements_obj.headline = request.form['headline']
announcements_obj.hidden = hidden
announcements_obj.body = request.form['body']
if update_date:
announcements_obj.date = datetime.datetime.now()
db.session.commit()
msg = 'Message updated.'
msg_type = 'info'
announcements_res = Announcements.query.order_by(
Announcements.date.desc()).all()
return render_template('admin_announcements.html',
announcements_res=announcements_res,
msg=msg,
msg_type=msg_type)
def private_register():
if not utils.can_register():
return redirect(url_for('auth.login'))
if request.method == 'POST':
selected_option = utils.get_config('private_registration_option')
errors = []
if selected_option == 'token':
token = request.form['token']
invited_team = InvitedTeams.query.add_columns(
'name', 'email').filter_by(token=token).first()
if not invited_team:
errors.append('Invalid token')
elif selected_option == 'email':
email = request.form['email']
invited_team = InvitedTeams.query.add_columns(
'name', 'email').filter_by(email=email).first()
if not invited_team:
errors.append('Your email is not invited')
else:
errors.append('Something strange happened')
if len(errors) == 0:
team = Teams.query.add_columns('id').filter_by(
name=invited_team.name).first()
if team:
errors.append('Already registered')
password = request.form['password']
pass_short = len(password) == 0
pass_long = len(password) > 128
if pass_short:
errors.append('Pick a longer password')
if pass_long:
errors.append('Pick a shorter password')
if len(errors) > 0:
if selected_option == 'token':
return render_template('register.html',
errors=errors,
token=request.form['token'],
password=request.form['password'])
elif selected_option == 'email':
return render_template('register.html',
errors=errors,
email=request.form['email'],
password=request.form['password'])
else:
return render_template('register.html')
else:
with app.app_context():
name = invited_team.name
email = invited_team.email
team = Teams(name, email.lower(), password)
db.session.add(team)
db.session.commit()
db.session.flush()
session['username'] = team.name
session['id'] = team.id
session['admin'] = team.admin
session['nonce'] = utils.sha512(urandom(10))
if (utils.can_send_mail()
and utils.get_config('verify_emails')):
db.session.close()
logger = logging.getLogger('regs')
logger.warn('[{0}] {1} registered (UNCONFIRMED) ' \
'with {2}'.format(
time.strftime('%m/%d/%Y %X'),
name.encode('utf-8'),
email.encode('utf-8')))
utils.verify_email(team.email)
return redirect(url_for('auth.confirm_user'))
else:
if utils.can_send_mail():
utils.sendmail(email, "You've successfully " \
"registered for {}".format(
utils.get_config('ctf_name')))
db.session.close()
logger = logging.getLogger('regs')
logger.warn('[{0}] {1} registered with {2}'.format(
time.strftime('%m/%d/%Y %X'), name.encode('utf-8'),
email.encode('utf-8')))
return redirect(url_for('challenges.challenges_view'))
else:
return render_template('register.html')