def post_player(self, data):
answer = utils.normalize_input(data['answer'])
try:
points = controllers.submit_answer(data['cid'], answer)
except errors.IntegrityError:
raise errors.AccessDeniedError(
'Previously solved or flag already used.')
try:
models.commit()
except (errors.IntegrityError, errors.FlushError):
models.db.session.rollback()
raise errors.AccessDeniedError("You've already solved that one!")
cache.delete_team('cats/%d')
cache.delete('scoreboard')
return dict(points=points)
def post_admin(self, data):
cid = data.get('cid', None)
tid = data.get('tid', None)
if not cid or not tid:
raise errors.ValidationError('Requires team and challenge.')
challenge = models.Challenge.query.get(data['cid'])
team = models.Team.query.get(data['tid'])
if not challenge or not team:
raise errors.ValidationError('Requires team and challenge.')
user = models.User.current()
app.challenge_log.info(
'Admin %s <%s> submitting flag for challenge %s <%d>, '
'team %s <%d>', user.nick, user.email, challenge.name,
challenge.cid, team.name, team.tid)
try:
points = controllers.save_team_answer(challenge, team, None)
except (errors.IntegrityError, errors.FlushError) as ex:
app.logger.exception('Unable to save answer for %s/%s: %s',
str(data['tid']), str(data['tid']), str(ex))
models.db.session.rollback()
raise errors.AccessDeniedError(
'Unable to save answer for team. See log for details.')
cache.delete('cats/%d' % tid)
cache.delete('scoreboard')
return dict(points=points)
def put(self, user_id):
if not flask.g.uid == user_id and not flask.g.admin:
raise errors.AccessDeniedError('No access to that user.')
user = models.User.query.get_or_404(user_id)
data = flask.request.get_json()
if utils.is_admin() and 'admin' in data:
if data['admin'] and not user.admin:
try:
user.promote()
except AssertionError:
raise errors.ValidationError(
'Error promoting. Has player solved challenges?')
else:
user.admin = False
if data.get('password'):
user.set_password(data['password'])
if utils.is_admin():
user.nick = data['nick']
if not app.config.get('TEAMS') and user.team:
user.team.name = data['nick']
try:
models.commit()
except AssertionError:
raise errors.ValidationError(
'Error in updating user. Details are logged.')
return user
def submit_answer(cid, answer):
"""Submits an answer.
Returns:
Number of points awarded for answer.
"""
try:
challenge = models.Challenge.query.get(cid)
if not challenge.unlocked:
raise errors.AccessDeniedError('Challenge is locked!')
if challenge.verify_answer(answer):
# Deductions for hints
hints = models.UnlockedHint.query.filter(
models.UnlockedHint.team == flask.g.team).all()
deduction = sum(
h.hint.cost for h in hints if h.hint.challenge_cid == cid)
points = challenge.points - deduction
flask.g.team.score += points
models.Answer.create(challenge, flask.g.team, answer)
correct = 'CORRECT'
return points
else:
correct = 'WRONG'
raise errors.InvalidAnswerError('Really? Haha no....')
finally:
app.challenge_log.info(
'[%s] Player %s <%s>(%d)/Team %s(%d) submitted "%s" for Challenge '
'%s<%d>: %s', flask.request.access_route[0],
flask.g.user.nick, flask.g.user.email, flask.g.user.uid,
flask.g.team.name, flask.g.team.tid, answer, challenge.name,
challenge.cid, correct)
def submit_answer(cid, answer):
"""Submits an answer.
Returns:
Number of points awarded for answer.
"""
correct = 'WRONG'
team = models.Team.current()
if not team:
raise errors.AccessDeniedError('No team!')
try:
challenge = models.Challenge.query.get(cid)
if not challenge.unlocked_for_team(team):
raise errors.AccessDeniedError('Challenge is locked!')
validator = validators.GetValidatorForChallenge(challenge)
if validator.validate_answer(answer, team):
ans = models.Answer.create(challenge, team, answer)
if utils.GameTime.over():
correct = 'CORRECT (Game Over)'
else:
team.score += ans.current_points
correct = 'CORRECT'
team.last_solve = datetime.datetime.utcnow()
models.ScoreHistory.add_entry(team)
challenge.update_answers(exclude_team=team)
if utils.GameTime.over():
return 0
else:
return ans.current_points
else:
raise errors.InvalidAnswerError('Really? Haha no....')
except errors.IntegrityError:
models.db.session.rollback()
raise
finally:
user = models.User.current()
app.challenge_log.info(
'Player %s <%s>(%d)/Team %s(%d) submitted '
'"%s" for Challenge %s<%d>: %s', user.nick, user.email, user.uid,
team.name, team.tid, answer, challenge.name, challenge.cid,
correct)
def submit_answer(cid, answer, token):
"""Submits an answer.
Args:
cid: The ID of the challenge.
answer: The answer to check.
token: Provided proof of work token.
Returns:
Number of points awarded for answer.
"""
correct = 'WRONG'
nbits = app.config.get('PROOF_OF_WORK_BITS', 0)
if nbits and not utils.validate_proof_of_work(answer, token, nbits):
raise errors.InvalidAnswerError('Bad proof of work token!')
team = models.Team.current()
if not team:
raise errors.AccessDeniedError('No team!')
try:
challenge = models.Challenge.query.get(cid)
if not challenge.unlocked_for_team(team):
raise errors.AccessDeniedError('Challenge is locked!')
validator = validators.GetValidatorForChallenge(challenge)
if validator.validate_answer(answer, team):
points = save_team_answer(challenge, team, answer)
if utils.GameTime.over():
correct = 'CORRECT (Game Over)'
else:
correct = 'CORRECT'
return points
else:
raise errors.InvalidAnswerError('Really? Haha no....')
except (errors.IntegrityError, errors.FlushError) as exc:
app.logger.exception('Error saving flag: %s', exc)
models.db.session.rollback()
raise
finally:
user = models.User.current()
app.challenge_log.info(
'Player %s <%s>(%d)/Team %s(%d) submitted '
'"%s" for Challenge %s<%d>: %s', user.nick, user.email, user.uid,
team.name, team.tid, answer, challenge.name, challenge.cid,
correct)
def delete(self, keyid=None):
if keyid is None:
return self._delete_all()
user = models.User.current()
if keyid != user.api_key:
raise errors.AccessDeniedError('Cannot delete that key.')
user.api_key = None
user.api_key_updated = datetime.datetime.now()
models.commit()
return dict(status='OK')
def put(self, team_id):
if not utils.access_team(team_id):
raise errors.AccessDeniedError('No access to that team.')
team = models.Team.query.get_or_404(team_id)
data = flask.request.get_json()
# Writable fields
for field in ('name', 'score'):
setattr(team, field, data.get(field, getattr(team, field)))
models.commit()
return self._marshal_team(team)
def post(self):
data = flask.request.get_json()
answer = utils.normalize_input(data['answer'])
points = controllers.submit_answer(data['cid'], answer)
try:
models.commit()
except (errors.IntegrityError, errors.FlushError):
models.db.session.rollback()
raise errors.AccessDeniedError("You've already solved that one!")
cache.delete_team('cats/%d')
cache.delete('scoreboard')
return dict(points=points)
def post_player(self, data):
answer = utils.normalize_input(data['answer'])
try:
points = controllers.submit_answer(data['cid'], answer,
data.get('token'))
except (errors.IntegrityError, errors.FlushError) as exc:
app.logger.exception('Exception when saving answer: %s', exc)
models.db.session.rollback()
raise errors.AccessDeniedError(
'Previously solved or flag already used.')
cache.delete_team('cats/%d')
cache.delete('scoreboard')
return dict(points=points)
def submit_answer(cid, answer):
"""Submits an answer.
Args:
cid: The ID of the challenge.
answer: The answer to check.
Returns:
Number of points awarded for answer.
"""
correct = 'WRONG'
team = models.Team.current()
if not team:
raise errors.AccessDeniedError('No team!')
try:
challenge = models.Challenge.query.get(cid)
if not challenge.unlocked_for_team(team):
raise errors.AccessDeniedError('Challenge is locked!')
validator = validators.GetValidatorForChallenge(challenge)
if validator.validate_answer(answer, team):
points = save_team_answer(challenge, team, answer)
if utils.GameTime.over():
correct = 'CORRECT (Game Over)'
else:
correct = 'CORRECT'
return points
else:
raise errors.InvalidAnswerError('Really? Haha no....')
except errors.IntegrityError:
models.db.session.rollback()
raise
finally:
user = models.User.current()
app.challenge_log.info(
'Player %s <%s>(%d)/Team %s(%d) submitted '
'"%s" for Challenge %s<%d>: %s', user.nick, user.email, user.uid,
team.name, team.tid, answer, challenge.name, challenge.cid,
correct)
def post(self, email):
"""Verify reset and set new password."""
# TODO: Move to controller
data = flask.request.get_json()
user = models.User.get_by_email(email)
if not user:
flask.abort(404)
if not user.verify_token(data.get('token', '')):
raise errors.AccessDeniedError('Invalid token.')
if data['password'] != data['password2']:
raise errors.ValidationError("Passwords don't match.")
user.set_password(data['password'])
models.commit()
controllers.user_login(email, data['password'])
return {'message': 'Password reset.'}
def put(self):
current = models.User.current()
if not (current.admin or current.uid == get_field('uid')):
raise errors.AccessDeniedError('Cannot Modify this User')
controllers.change_user_team(
get_field('uid'), get_field('team_tid'), get_field('code'))
def get(self, team_id):
if not utils.access_team(team_id):
raise errors.AccessDeniedError('No access to that team.')
team = models.Team.query.get_or_404(team_id)
return self._marshal_team(team)
def get(self, user_id):
if not flask.g.uid == user_id and not flask.g.admin:
raise errors.AccessDeniedError('No access to that user.')
return models.User.query.get_or_404(user_id)
def wrapper(*args, **kwargs):
if not is_logged_in():
raise errors.AccessDeniedError('You must be logged in.')
return f(*args, **kwargs)
def wrapper(*args, **kwargs):
if cls.state() == "BEFORE":
return f(*args, **kwargs)
raise errors.AccessDeniedError(cls.message())
def wrapper(*args, **kwargs):
if (cls.open(after_end) or
(or_admin and flask.g.admin)):
return f(*args, **kwargs)
raise errors.AccessDeniedError(cls.message())
