def post_player(self, data): answer = utils.normalize_input(data['answer']) try: points = controllers.submit_answer(data['cid'], answer) except errors.IntegrityError: raise errors.AccessDeniedError( 'Previously solved or flag already used.') try: models.commit() except (errors.IntegrityError, errors.FlushError): models.db.session.rollback() raise errors.AccessDeniedError("You've already solved that one!") cache.delete_team('cats/%d') cache.delete('scoreboard') return dict(points=points)
def post_admin(self, data): cid = data.get('cid', None) tid = data.get('tid', None) if not cid or not tid: raise errors.ValidationError('Requires team and challenge.') challenge = models.Challenge.query.get(data['cid']) team = models.Team.query.get(data['tid']) if not challenge or not team: raise errors.ValidationError('Requires team and challenge.') user = models.User.current() app.challenge_log.info( 'Admin %s <%s> submitting flag for challenge %s <%d>, ' 'team %s <%d>', user.nick, user.email, challenge.name, challenge.cid, team.name, team.tid) try: points = controllers.save_team_answer(challenge, team, None) except (errors.IntegrityError, errors.FlushError) as ex: app.logger.exception('Unable to save answer for %s/%s: %s', str(data['tid']), str(data['tid']), str(ex)) models.db.session.rollback() raise errors.AccessDeniedError( 'Unable to save answer for team. See log for details.') cache.delete('cats/%d' % tid) cache.delete('scoreboard') return dict(points=points)
def put(self, user_id): if not flask.g.uid == user_id and not flask.g.admin: raise errors.AccessDeniedError('No access to that user.') user = models.User.query.get_or_404(user_id) data = flask.request.get_json() if utils.is_admin() and 'admin' in data: if data['admin'] and not user.admin: try: user.promote() except AssertionError: raise errors.ValidationError( 'Error promoting. Has player solved challenges?') else: user.admin = False if data.get('password'): user.set_password(data['password']) if utils.is_admin(): user.nick = data['nick'] if not app.config.get('TEAMS') and user.team: user.team.name = data['nick'] try: models.commit() except AssertionError: raise errors.ValidationError( 'Error in updating user. Details are logged.') return user
def submit_answer(cid, answer): """Submits an answer. Returns: Number of points awarded for answer. """ try: challenge = models.Challenge.query.get(cid) if not challenge.unlocked: raise errors.AccessDeniedError('Challenge is locked!') if challenge.verify_answer(answer): # Deductions for hints hints = models.UnlockedHint.query.filter( models.UnlockedHint.team == flask.g.team).all() deduction = sum( h.hint.cost for h in hints if h.hint.challenge_cid == cid) points = challenge.points - deduction flask.g.team.score += points models.Answer.create(challenge, flask.g.team, answer) correct = 'CORRECT' return points else: correct = 'WRONG' raise errors.InvalidAnswerError('Really? Haha no....') finally: app.challenge_log.info( '[%s] Player %s <%s>(%d)/Team %s(%d) submitted "%s" for Challenge ' '%s<%d>: %s', flask.request.access_route[0], flask.g.user.nick, flask.g.user.email, flask.g.user.uid, flask.g.team.name, flask.g.team.tid, answer, challenge.name, challenge.cid, correct)
def submit_answer(cid, answer): """Submits an answer. Returns: Number of points awarded for answer. """ correct = 'WRONG' team = models.Team.current() if not team: raise errors.AccessDeniedError('No team!') try: challenge = models.Challenge.query.get(cid) if not challenge.unlocked_for_team(team): raise errors.AccessDeniedError('Challenge is locked!') validator = validators.GetValidatorForChallenge(challenge) if validator.validate_answer(answer, team): ans = models.Answer.create(challenge, team, answer) if utils.GameTime.over(): correct = 'CORRECT (Game Over)' else: team.score += ans.current_points correct = 'CORRECT' team.last_solve = datetime.datetime.utcnow() models.ScoreHistory.add_entry(team) challenge.update_answers(exclude_team=team) if utils.GameTime.over(): return 0 else: return ans.current_points else: raise errors.InvalidAnswerError('Really? Haha no....') except errors.IntegrityError: models.db.session.rollback() raise finally: user = models.User.current() app.challenge_log.info( 'Player %s <%s>(%d)/Team %s(%d) submitted ' '"%s" for Challenge %s<%d>: %s', user.nick, user.email, user.uid, team.name, team.tid, answer, challenge.name, challenge.cid, correct)
def submit_answer(cid, answer, token): """Submits an answer. Args: cid: The ID of the challenge. answer: The answer to check. token: Provided proof of work token. Returns: Number of points awarded for answer. """ correct = 'WRONG' nbits = app.config.get('PROOF_OF_WORK_BITS', 0) if nbits and not utils.validate_proof_of_work(answer, token, nbits): raise errors.InvalidAnswerError('Bad proof of work token!') team = models.Team.current() if not team: raise errors.AccessDeniedError('No team!') try: challenge = models.Challenge.query.get(cid) if not challenge.unlocked_for_team(team): raise errors.AccessDeniedError('Challenge is locked!') validator = validators.GetValidatorForChallenge(challenge) if validator.validate_answer(answer, team): points = save_team_answer(challenge, team, answer) if utils.GameTime.over(): correct = 'CORRECT (Game Over)' else: correct = 'CORRECT' return points else: raise errors.InvalidAnswerError('Really? Haha no....') except (errors.IntegrityError, errors.FlushError) as exc: app.logger.exception('Error saving flag: %s', exc) models.db.session.rollback() raise finally: user = models.User.current() app.challenge_log.info( 'Player %s <%s>(%d)/Team %s(%d) submitted ' '"%s" for Challenge %s<%d>: %s', user.nick, user.email, user.uid, team.name, team.tid, answer, challenge.name, challenge.cid, correct)
def delete(self, keyid=None): if keyid is None: return self._delete_all() user = models.User.current() if keyid != user.api_key: raise errors.AccessDeniedError('Cannot delete that key.') user.api_key = None user.api_key_updated = datetime.datetime.now() models.commit() return dict(status='OK')
def put(self, team_id): if not utils.access_team(team_id): raise errors.AccessDeniedError('No access to that team.') team = models.Team.query.get_or_404(team_id) data = flask.request.get_json() # Writable fields for field in ('name', 'score'): setattr(team, field, data.get(field, getattr(team, field))) models.commit() return self._marshal_team(team)
def post(self): data = flask.request.get_json() answer = utils.normalize_input(data['answer']) points = controllers.submit_answer(data['cid'], answer) try: models.commit() except (errors.IntegrityError, errors.FlushError): models.db.session.rollback() raise errors.AccessDeniedError("You've already solved that one!") cache.delete_team('cats/%d') cache.delete('scoreboard') return dict(points=points)
def post_player(self, data): answer = utils.normalize_input(data['answer']) try: points = controllers.submit_answer(data['cid'], answer, data.get('token')) except (errors.IntegrityError, errors.FlushError) as exc: app.logger.exception('Exception when saving answer: %s', exc) models.db.session.rollback() raise errors.AccessDeniedError( 'Previously solved or flag already used.') cache.delete_team('cats/%d') cache.delete('scoreboard') return dict(points=points)
def submit_answer(cid, answer): """Submits an answer. Args: cid: The ID of the challenge. answer: The answer to check. Returns: Number of points awarded for answer. """ correct = 'WRONG' team = models.Team.current() if not team: raise errors.AccessDeniedError('No team!') try: challenge = models.Challenge.query.get(cid) if not challenge.unlocked_for_team(team): raise errors.AccessDeniedError('Challenge is locked!') validator = validators.GetValidatorForChallenge(challenge) if validator.validate_answer(answer, team): points = save_team_answer(challenge, team, answer) if utils.GameTime.over(): correct = 'CORRECT (Game Over)' else: correct = 'CORRECT' return points else: raise errors.InvalidAnswerError('Really? Haha no....') except errors.IntegrityError: models.db.session.rollback() raise finally: user = models.User.current() app.challenge_log.info( 'Player %s <%s>(%d)/Team %s(%d) submitted ' '"%s" for Challenge %s<%d>: %s', user.nick, user.email, user.uid, team.name, team.tid, answer, challenge.name, challenge.cid, correct)
def post(self, email): """Verify reset and set new password.""" # TODO: Move to controller data = flask.request.get_json() user = models.User.get_by_email(email) if not user: flask.abort(404) if not user.verify_token(data.get('token', '')): raise errors.AccessDeniedError('Invalid token.') if data['password'] != data['password2']: raise errors.ValidationError("Passwords don't match.") user.set_password(data['password']) models.commit() controllers.user_login(email, data['password']) return {'message': 'Password reset.'}
def put(self): current = models.User.current() if not (current.admin or current.uid == get_field('uid')): raise errors.AccessDeniedError('Cannot Modify this User') controllers.change_user_team( get_field('uid'), get_field('team_tid'), get_field('code'))
def get(self, team_id): if not utils.access_team(team_id): raise errors.AccessDeniedError('No access to that team.') team = models.Team.query.get_or_404(team_id) return self._marshal_team(team)
def get(self, user_id): if not flask.g.uid == user_id and not flask.g.admin: raise errors.AccessDeniedError('No access to that user.') return models.User.query.get_or_404(user_id)
def wrapper(*args, **kwargs): if not is_logged_in(): raise errors.AccessDeniedError('You must be logged in.') return f(*args, **kwargs)
def wrapper(*args, **kwargs): if cls.state() == "BEFORE": return f(*args, **kwargs) raise errors.AccessDeniedError(cls.message())
def wrapper(*args, **kwargs): if (cls.open(after_end) or (or_admin and flask.g.admin)): return f(*args, **kwargs) raise errors.AccessDeniedError(cls.message())