def submit_candidate(): now = int(time.time()) if now < app.config['STARTING_DATE']: return render_template('submit_candidate_before_starting_date.html', active_page='submit_candidate', starting_date=format_timestamp( app.config['STARTING_DATE'])) if now > app.config['POSTING_DEADLINE']: return render_template('submit_candidate_deadline_exceeded.html', active_page='submit_candidate', posting_deadline=format_timestamp( app.config['POSTING_DEADLINE'])) form = WhiteboxSubmissionForm() if request.method != 'POST': return render_template('submit_candidate.html', form=form, active_page='submit_candidate', testing=app.testing) elif not form.validate_on_submit(): crx_flash("CHALLENGE_INVALID") return render_template('submit_candidate.html', form=form, active_page='submit_candidate', testing=app.testing), 400 else: upload_folder = app.config['UPLOAD_FOLDER'] basename = ''.join( random.SystemRandom().choice(string.ascii_lowercase + string.digits) for _ in range(32)) filename = basename + '.c' pubkey = form.pubkey.data proof_of_knowledge = form.proof_of_knowledge.data form_data = form.program.data form_data.save(os.path.join(upload_folder, filename)) Program.create(basename=basename, pubkey=pubkey, proof_of_knowledge=proof_of_knowledge, user=current_user) try: db.session.commit() except sqlalchemy.exc.IntegrityError as e: db.session.rollback() crx_flash("DUPLICATE_KEY") app.logger.error(e) new_form = WhiteboxSubmissionForm() return render_template('submit_candidate.html', form=new_form, active_page='submit_candidate', testing=app.testing), 400 else: return redirect(url_for('submit_candidate_ok'))
def break_candidate(identifier): now = int(time.time()) if now < app.config['STARTING_DATE']: crx_flash('BEFORE_STARTING_DATE') return redirect(url_for('index')) if now > app.config['FINAL_DEADLINE']: crx_flash('EXCEED_DEADLINE') return render_template('break_candidate_deadline_exceeded.html', final_deadline=format_timestamp( app.config['FINAL_DEADLINE'])) # Only published programs can be broken program = Program.get_unbroken_or_broken_by_id(identifier) if program is None or not program.is_published: return redirect(url_for('index')) # If the current user is the one who submitted the program, redirect to index if program.user == current_user: crx_flash('CANNOT_BREAK_OWN') return redirect(url_for('index')) # A user cannot break the same challenge twice wb_break = WhiteboxBreak.get(current_user, program) if wb_break is not None: crx_flash('CANNOT_BREAK_TWICE') return redirect(url_for('index')) form = WhiteboxBreakForm() if request.method != 'POST' or not form.validate_on_submit(): return render_template('break_candidate.html', form=form, strawberries=program.strawberries_last, identifier=identifier, testing=app.testing) submitted_prikey = form.prikey.data if program.pubkey is None: return redirect(url_for('index')) if validate_private_key(submitted_prikey, program.pubkey): app.logger.info(f"Implementation is broken at {now}") program.set_status_to_broken(current_user, now) db.session.commit() return redirect(url_for('break_candidate_ok', identifier=identifier)) else: app.logger.info("Invalid private key") return render_template('challenge_break_ko.html', identifier=identifier, current_user=current_user, submitted_prikey=submitted_prikey, pubkey=program.pubkey)
def user_register(): if current_user.is_authenticated: return redirect(url_for('index')) form = UserRegisterForm() if not form.validate_on_submit(): return render_template('register.html', form=form, testing=app.testing) else: username = form.username.data nickname = form.nickname.data password = form.password1.data email = form.email1.data print(username, nickname, password, email, flush=True) try: User.create(username=username, nickname=nickname, password=password, email=email) except IntegrityError as e: app.logger.warning(f"Integrity Error: {e}") crx_flash('ERROR_USER_EXISTS') return redirect(url_for('user_register')) except Exception as e: app.logger.warning(f"Unknown Error: {e}") crx_flash('ERROR_UNKNOWN') return redirect(url_for('user_register')) app.logger.info(f"User created: {username}, {nickname}, {email}") crx_flash('ACCOUNT_CREATED', username) return redirect(url_for('user_login'))
def user_login(): if current_user.is_authenticated: return redirect(url_for('user_show')) form = LoginForm() if not form.validate_on_submit(): return render_template('login.html', form=form, testing=app.testing) else: username = form.username.data password = form.password.data user = User.validate(username, password) if user is None: crx_flash('BAD_USERNAME_OR_PWD') return render_template('login.html', form=form, testing=app.testing) else: login_user(user, remember=False) crx_flash('WELCOME_BACK', user.username) next = request.args.get('next') if next is not None and is_safe_url(request, next): return redirect(next) else: return redirect(url_for('user_show'))
def logout(): logout_user() crx_flash('LOGOUT') return redirect(url_for('index'))
def unauthorized_handler(): crx_flash('PLEASE_SIGN_IN') try: return redirect(url_for('user_login', next=url_for(request.endpoint))) except: return redirect(url_for('index'))
def submit_candidate_ok(): """ This route is called directly when the user has js activated (see file-progress.js)""" crx_flash('CHALLENGE_SUBMITTED') return redirect(url_for('user_show'))