def test_bypass_csrf_protection():
    """
    Test that the bypass_csrf_protection decorator functions properly
    """
    app = create_ctfd()

    with app.app_context():
        with app.test_client() as client:
            r = client.post("/login")
            output = r.get_data(as_text=True)
            assert r.status_code == 403

        def bypass_csrf_protection_test_route():
            return "Success", 200

        # Hijack an existing route to avoid any kind of hacks to create a test route
        app.view_functions["auth.login"] = bypass_csrf_protection(
            bypass_csrf_protection_test_route)

        with app.test_client() as client:
            r = client.post("/login")
            output = r.get_data(as_text=True)
            assert r.status_code == 200
            assert output == "Success"
    destroy_ctfd(app)
예제 #2
0
파일: views.py 프로젝트: nus-ncl/CTFd
            session['id'] = admin.id
            session['admin'] = admin.admin
            session['nonce'] = utils.sha512(os.urandom(10))

            db.session.close()
            app.setup = False
            with app.app_context():
                cache.clear()

            return redirect(url_for('views.static_html'))
        return render_template('setup.html', nonce=session.get('nonce'))
    return redirect(url_for('views.static_html'))


# For deployment scripts to work, allow POST to /setup without nonce
app.view_functions['views.setup'] = bypass_csrf_protection(setup)


# Custom CSS handler
@views.route('/static/user.css')
def custom_css():
    return Response(utils.get_config('css'), mimetype='text/css')


# Static HTML files
@views.route("/", defaults={'template': 'index'})
@views.route("/<path:template>")
def static_html(template):
    page = utils.get_page(template)
    if page is None:
        abort(404)