def api_add_group(api, sess, args): http = args['http_handler'] request = json.loads(http.request.body) name = request['name'] parent = request['parent'] seed = request['seed'] try: parent = int(parent) except (ValueError, TypeError) as e: raise Exception( lc.get('api_invalid_data_type').format( expected=lc.get('int'), param='parent', ) ) if (type(seed) is not str or len(seed) != 16) and seed != 'inherit': raise ApiArgumentError(lc.get('api_argument_error').format(argument='seed')) elif parent == 0 and seed == 'inherit': raise InvalidInheritError() if name == '': raise EmptyGroupNameError() if parent != 0: read_group(parent) group_id = allocate_group_id() logger.info('Creating group {} ({})', name, group_id) write_group(group_id, {'name': name, 'parent': parent, 'seed': seed}) http.write(json.dumps({'success': True}))
def post(self): with locks.global_lock: username = self.get_argument('username', None) password = self.get_argument('password', None) if username is None: self.write( render_template('auth_error.html', error=lc.get('no_username'))) return if password is None: self.write( render_template('auth_error.html', error=lc.get('no_password'))) return try: session = auth.authenticate_user(username, password) except auth.BaseAuthenticationError as e: self.write( render_template('auth_error.html', error=lc.get(e.text))) return self.set_cookie('session_id', session.id, expires=session.expires_at) self.redirect('/')
def post(self, *a): with locks.global_lock: session = auth.load_session(self.get_cookie('session_id')) path = self.request.path path_parts = list(filter(lambda s: s != '', path.split('/'))) if len(path_parts) != 2: self.write( json.dumps({ 'success': False, 'error_message': lc.get('invalid_api_call') })) return api_function = path_parts[-1] try: api.handle(api_function, session=session, args={'http_handler': self}) except ApiKeyError: self.write( json.dumps({ 'success': False, 'error_message': lc.get('no_such_api_function') })) return except BaseException as e: self.write( json.dumps({ 'success': False, 'error_message': lc.get(str(e)) })) logger.error('Exception occured while serving an API call: {}', repr(e)) print_exc() return
def post(self): with locks.global_lock: session_id = self.get_cookie('session_id') session = auth.load_session(session_id) if session is None: self.redirect('/login') return old_password = self.get_argument('old_password', None) password = self.get_argument('password', None) password_c = self.get_argument('password_c', None) if old_password is None or old_password == '': self.write( render_template( 'change_password_error.html', error_message=lc.get('no_old_password'), session=session, )) return if not auth.verify_password(session.username, old_password): self.write( render_template( 'change_password_error.html', error_message=lc.get('invalid_old_password'), session=session, )) return if password is None or password == '': self.write( render_template( 'change_password_error.html', error_message=lc.get('no_password'), session=session, )) return if password != password_c: self.write( render_template( 'change_password_error.html', error_message=lc.get('password_c_failed'), session=session, )) return auth.update_password(session.username, password) self.write( render_template('change_password_ok.html', session=session))
def api_delete_group(api, sess, args): http = args['http_handler'] request = json.loads(http.request.body) group_id = request['group_id'] try: group_id = int(group_id) except (ValueError, TypeError) as e: raise Exception( lc.get('api_invalid_data_type').format( expected=lc.get('int'), param='group_id', ) ) logger.info("Deleting group ({})", group_id) delete_group(group_id) http.write(json.dumps({'success': True}))
def api_get_task(api, sess, args): http = args['http_handler'] request = json.loads(http.request.body) task_id = request['task_id'] try: task_id = int(task_id) except (ValueError, TypeError) as e: raise Exception( lc.get('api_invalid_data_type').format( expected=lc.get('int'), param='task_id', ) ) try: task = read_task(task_id) except TaskNotFoundError: raise Exception(lc.get('task_does_not_exist').format(task_id=task_id)) http.write(json.dumps({'success': True, 'task': task.to_dict()}))
def get(self): with locks.global_lock: session_id = self.get_cookie('session_id') if auth.load_session(session_id) is None: self.write( render_template('auth_error.html', error=lc.get('logout_no_session'))) return auth.logout(session_id) self.clear_cookie('session_id') self.redirect('/')
def get(self): with locks.global_lock: session_id = self.get_cookie('session_id') session = auth.load_session(session_id) if session is None or not session.is_admin: self.write( render_template('admin_error.html', error=lc.get('not_admin'))) return self.write(render_template('admin_new_team.html', session=session))
def get(self): with locks.global_lock: session_id = self.get_cookie('session_id') if auth.load_session(session_id) is not None: self.redirect('/') return if not competition.allow_team_self_registration: self.write( render_template('reg_error.html', error=lc.get('registration_disabled'))) return self.write(render_template('register.html'))
def api_delete_task(api, sess, args): http = args['http_handler'] request = json.loads(http.request.body) task_id = request['task_id'] try: task_id = int(task_id) except (ValueError, TypeError) as e: raise Exception( lc.get('api_invalid_data_type').format( expected=lc.get('int'), param='task_id', ) ) try: logger.info("Deleting task with id {}", task_id) delete_task(task_id) except TaskNotFoundError: raise Exception(lc.get('task_does_not_exist').format(task_id=task_id)) http.write(json.dumps({'success': True}))
def api_access_hint(api, sess, args): http = args['http_handler'] request = json.loads(http.request.body) task_id = request['task_id'] hint_hexid = request['hint_hexid'] team_name = sess.username if not competition.is_running() and not sess.is_admin: raise Exception(lc.get('competition_is_not_running')) try: task_id = int(task_id) except (ValueError, TypeError) as e: raise Exception( lc.get('api_invalid_data_type').format( expected=lc.get('int'), param='task_id', ) ) hint = access_hint(task_id=task_id, hint_hexid=hint_hexid, team_name=team_name) http.write(json.dumps({'success': True, 'hint': hint}))
def api_update_group_seed(api, sess, args): http = args['http_handler'] request = json.loads(http.request.body) group_id = request['group_id'] seed = request['new_seed'] try: group_id = int(group_id) except (ValueError, TypeError) as e: raise Exception( lc.get('api_invalid_data_type').format( expected=lc.get('int'), param='group_id', ) ) if (type(seed) is not str or len(seed) != 16) and seed != 'inherit': raise ApiArgumentError(lc.get('api_argument_error').format(argument='seed')) group = read_group(group_id) group['seed'] = seed get_group_seed(group) write_group(group_id, group) http.write(json.dumps({'success': True}))
def api_submit_flag(api, sess, args): http = args['http_handler'] request = json.loads(http.request.body) task_id = request['task_id'] flag_data = request['flag'] if not competition.is_running() and not sess.is_admin: raise Exception(lc.get('competition_is_not_running')) try: task_id = int(task_id) except (ValueError, TypeError) as e: raise Exception( lc.get('api_invalid_data_type').format( expected=lc.get('int'), param='task_id', ) ) cteam = team.read_team(sess.username) token = task_gen.get_token(sess.username, task_id) try: task = task_gen.get_generated_task(task_id, token, cteam) except TaskNotFoundError: raise Exception(lc.get('task_does_not_exist').format(task_id=task_id)) try: correct = bool(task.check_flag(flag_data, team_name=sess.username)) except TooFrequentSubmissions: logger.warning('Too frequent submissions from team {} for task with ID {}', sess.username, task_id) http.write(json.dumps({ 'success': False, 'error_message': lc.get('task_submission_too_frequent').format( time=configuration['min_submission_interval'] ) })) return try: team.add_submission( team_name = sess.username, task_id = task_id, flag = flag_data, is_correct = correct, points = task.value if correct else 0, ) except team.TaskAlreadySolved: logger.warning('Team {} submitted a flag for already solved task with ID {}', sess.username, task_id) http.write(json.dumps({'success': False, 'error_message': lc.get('task_already_solved')})) return logger.info('Flag submission from team {} for task with ID {} - {}'.format( sess.username, task_id, 'correct' if correct else 'wrong' )) http.write(json.dumps({'success': True, 'flag_correct': correct}))
def api_reparent_group(api, sess, args): http = args['http_handler'] request = json.loads(http.request.body) group_id = request['group_id'] new_parent = request['new_parent'] try: new_parent = int(new_parent) except (ValueError, TypeError) as e: raise Exception( lc.get('api_invalid_data_type').format( expected=lc.get('int'), param='new_parent', ) ) if may_reparent_group(group_id, new_parent): logger.info('Reparenting group ({}): new parent: ({})', group_id, new_parent) reparent_group(group_id, new_parent) else: logger.warning('Cannot reparent group ({}): new parent: ({})', group_id, new_parent) raise GroupReparentError() http.write(json.dumps({'success': True}))
def handle(self, name, session, args=None): if session is None: access_level = GUEST elif session.is_admin: access_level = ADMIN else: access_level = USER try: required_access_level, func = self.handlers[name] except KeyError: raise ApiKeyError(name) if access_level < required_access_level: raise ApiPermissionError( lc.get('api_call_not_allowed').format(api_func=name)) func(self, session, args)
def api_rename_group(api, sess, args): http = args['http_handler'] request = json.loads(http.request.body) group_id = request['group_id'] new_name = request['new_name'] try: group_id = int(group_id) except (ValueError, TypeError) as e: raise Exception( lc.get('api_invalid_data_type').format( expected=lc.get('int'), param='group_id', ) ) if new_name == '': raise EmptyGroupNameError() logger.info('Renaming group ({}) to {}', group_id, new_name) group = read_group(group_id) group['name'] = new_name write_group(group_id, group) http.write(json.dumps({'success': True}))
def post(self): with locks.global_lock: if not competition.allow_team_self_registration: self.write( render_template('reg_error.html', error=lc.get('registration_disabled'))) username = self.get_argument('username', None) password = self.get_argument('password', None) password_c = self.get_argument('password-c', None) disp_name = self.get_argument('disp-name', None) email = self.get_argument('email', None) if username is None or username == '': self.write( render_template('reg_error.html', error=lc.get('no_username'))) return if password is None or password == '': self.write( render_template('reg_error.html', error=lc.get('no_password'))) return if password != password_c: self.write( render_template('reg_error.html', error=lc.get('password_c_failed'))) return if disp_name is None or disp_name == '': self.write( render_template('reg_error.html', error=lc.get('no_disp_name'))) return if username in auth.get_user_list(): self.write( render_template('reg_error.html', error=lc.get('user_already_exists'))) return try: auth.register_user(username=username, password=password, disp_name=disp_name, email=email) except auth.BaseRegistrationError as e: self.write( render_template('reg_error.html', error=lc.get(e.text))) return self.redirect('/')
def get(self): with locks.global_lock: session = auth.load_session(self.get_cookie('session_id')) submissions = team.get_all_submissions() if session is None or not session.is_admin: self.write( render_template('admin_error.html', error=lc.get('not_admin'))) return self.write( render_template( 'admin.html', session=session, tasks=list(tasks.get_task_list()), submissions=list(submissions), teams=list(team.get_all_teams()), groups=dict(tasks.get_group_dict()), read_task=tasks.read_task, build_group_path=tasks.build_group_path, task_gen=task_gen, ))
def post(self): with locks.global_lock: session_id = self.get_cookie('session_id') session = auth.load_session(session_id) if session is None: self.redirect('/login') return disp_name = self.get_argument('disp_name', None) email = self.get_argument('email', None) if disp_name is None or disp_name == '': self.write( render_template( 'edit_team_info_error.html', error_message=lc.get('no_disp_name'), session=session, )) return tm = team.read_team(session.username) tm.full_name = disp_name tm.email = email if email != '' else None team.write_team(tm) self.write( render_template('edit_team_info_ok.html', session=session))
def post(self): with locks.global_lock: session_id = self.get_cookie('session_id') session = auth.load_session(session_id) if session is None or not session.is_admin: self.write( render_template('admin_error.html', error=lc.get('not_admin'))) return username = self.get_argument('username', None) password = self.get_argument('password', None) password_c = self.get_argument('password-c', None) disp_name = self.get_argument('disp-name', None) email = self.get_argument('email', None) is_admin = self.get_argument('is_admin', None) if is_admin is not None and is_admin not in ['on', 'off']: self.write( render_template( 'reg_error.html', error=lc.get('api_invalid_data_type').format( param='is_admin', expected=lc.get('bool'), ))) return if is_admin == 'on': is_admin = True else: is_admin = False if username is None or username == '': self.write( render_template('reg_error.html', error=lc.get('no_username'))) return if password is None or password == '': self.write( render_template('reg_error.html', error=lc.get('no_password'))) return if disp_name is None or disp_name == '': self.write( render_template('reg_error.html', error=lc.get('no_disp_name'))) return if password != password_c: self.write( render_template('reg_error.html', error=lc.get('password_c_failed'))) return if username in auth.get_user_list(): self.write( render_template('reg_error.html', error=lc.get('user_already_exists'))) return try: auth.register_user( username=username, password=password, disp_name=disp_name, email=email, is_admin=is_admin, ) except auth.BaseRegistrationError as e: self.write( render_template('reg_error.html', error=lc.get(e.text))) return self.redirect('/admin')
def api_add_or_update_task(api, sess, args): http = args['http_handler'] request = json.loads(http.request.body) task_id = request['task_id'] text = request['text'] title = request['title'] value = request['value'] labels = request['labels'] flags = request['flags'] group = request['group'] order = request['order'] seed = request['seed'] hints = request['hints'] if task_id is None or task_id == '': task_id = allocate_task_id() try: task_id = int(task_id) except (ValueError, TypeError) as e: raise Exception( lc.get('api_invalid_data_type').format( expected=lc.get('int'), param='task_id', ) ) try: value = int(value) except (ValueError, TypeError) as e: raise Exception( lc.get('api_invalid_data_type').format( expected=lc.get('int'), param='value', ) ) try: group = int(group) except (ValueError, TypeError) as e: raise Exception( lc.get('api_invalid_data_type').format( expected=lc.get('int'), param='group', ) ) try: order = int(order) except (ValueError, TypeError) as e: raise Exception( lc.get('api_invalid_data_type').format( expected=lc.get('int'), param='order', ) ) if (type(seed) is not str or len(seed) != 16) and seed != 'inherit': raise Exception( lc.get('api_argument_error').format( argument='seed', ) ) if title == '': raise EmptyTaskNameError() if task_exists(task_id): logger.info('Modifying task {}', task_id) task = read_task(task_id) task.text = text task.title = title task.value = value task.labels = labels task.flags = flags task.group = group task.order = order task.seed = seed task.hints = hints task.validate() write_task(task) else: logger.info('Creating task {}', task_id) try: task = Task( task_id, { 'title': title, 'text': text, 'value': value, 'labels': labels, 'flags': flags, 'group': group, 'order': order, 'seed': seed, 'hints': hints, } ) task.validate() except KeyError as e: raise ApiArgumentError(lc.get('api_argument_error').format(argument=str(e))) write_task(task) http.write(json.dumps({'success': True}))