def submit_candidate():
now = int(time.time())
if now < app.config['STARTING_DATE']:
return render_template('submit_candidate_before_starting_date.html',
active_page='submit_candidate',
starting_date=format_timestamp(
app.config['STARTING_DATE']))
if now > app.config['POSTING_DEADLINE']:
return render_template('submit_candidate_deadline_exceeded.html',
active_page='submit_candidate',
posting_deadline=format_timestamp(
app.config['POSTING_DEADLINE']))
form = WhiteboxSubmissionForm()
if request.method != 'POST':
return render_template('submit_candidate.html',
form=form,
active_page='submit_candidate',
testing=app.testing)
elif not form.validate_on_submit():
crx_flash("CHALLENGE_INVALID")
return render_template('submit_candidate.html',
form=form,
active_page='submit_candidate',
testing=app.testing), 400
else:
upload_folder = app.config['UPLOAD_FOLDER']
basename = ''.join(
random.SystemRandom().choice(string.ascii_lowercase +
string.digits) for _ in range(32))
filename = basename + '.c'
pubkey = form.pubkey.data
proof_of_knowledge = form.proof_of_knowledge.data
form_data = form.program.data
form_data.save(os.path.join(upload_folder, filename))
Program.create(basename=basename,
pubkey=pubkey,
proof_of_knowledge=proof_of_knowledge,
user=current_user)
try:
db.session.commit()
except sqlalchemy.exc.IntegrityError as e:
db.session.rollback()
crx_flash("DUPLICATE_KEY")
app.logger.error(e)
new_form = WhiteboxSubmissionForm()
return render_template('submit_candidate.html',
form=new_form,
active_page='submit_candidate',
testing=app.testing), 400
else:
return redirect(url_for('submit_candidate_ok'))
def break_candidate(identifier):
now = int(time.time())
if now < app.config['STARTING_DATE']:
crx_flash('BEFORE_STARTING_DATE')
return redirect(url_for('index'))
if now > app.config['FINAL_DEADLINE']:
crx_flash('EXCEED_DEADLINE')
return render_template('break_candidate_deadline_exceeded.html',
final_deadline=format_timestamp(
app.config['FINAL_DEADLINE']))
# Only published programs can be broken
program = Program.get_unbroken_or_broken_by_id(identifier)
if program is None or not program.is_published:
return redirect(url_for('index'))
# If the current user is the one who submitted the program, redirect to index
if program.user == current_user:
crx_flash('CANNOT_BREAK_OWN')
return redirect(url_for('index'))
# A user cannot break the same challenge twice
wb_break = WhiteboxBreak.get(current_user, program)
if wb_break is not None:
crx_flash('CANNOT_BREAK_TWICE')
return redirect(url_for('index'))
form = WhiteboxBreakForm()
if request.method != 'POST' or not form.validate_on_submit():
return render_template('break_candidate.html',
form=form,
strawberries=program.strawberries_last,
identifier=identifier,
testing=app.testing)
submitted_prikey = form.prikey.data
if program.pubkey is None:
return redirect(url_for('index'))
if validate_private_key(submitted_prikey, program.pubkey):
app.logger.info(f"Implementation is broken at {now}")
program.set_status_to_broken(current_user, now)
db.session.commit()
return redirect(url_for('break_candidate_ok', identifier=identifier))
else:
app.logger.info("Invalid private key")
return render_template('challenge_break_ko.html',
identifier=identifier,
current_user=current_user,
submitted_prikey=submitted_prikey,
pubkey=program.pubkey)
def user_register():
if current_user.is_authenticated:
return redirect(url_for('index'))
form = UserRegisterForm()
if not form.validate_on_submit():
return render_template('register.html', form=form, testing=app.testing)
else:
username = form.username.data
nickname = form.nickname.data
password = form.password1.data
email = form.email1.data
print(username, nickname, password, email, flush=True)
try:
User.create(username=username,
nickname=nickname,
password=password,
email=email)
except IntegrityError as e:
app.logger.warning(f"Integrity Error: {e}")
crx_flash('ERROR_USER_EXISTS')
return redirect(url_for('user_register'))
except Exception as e:
app.logger.warning(f"Unknown Error: {e}")
crx_flash('ERROR_UNKNOWN')
return redirect(url_for('user_register'))
app.logger.info(f"User created: {username}, {nickname}, {email}")
crx_flash('ACCOUNT_CREATED', username)
return redirect(url_for('user_login'))
def user_login():
if current_user.is_authenticated:
return redirect(url_for('user_show'))
form = LoginForm()
if not form.validate_on_submit():
return render_template('login.html', form=form, testing=app.testing)
else:
username = form.username.data
password = form.password.data
user = User.validate(username, password)
if user is None:
crx_flash('BAD_USERNAME_OR_PWD')
return render_template('login.html',
form=form,
testing=app.testing)
else:
login_user(user, remember=False)
crx_flash('WELCOME_BACK', user.username)
next = request.args.get('next')
if next is not None and is_safe_url(request, next):
return redirect(next)
else:
return redirect(url_for('user_show'))
def logout():
logout_user()
crx_flash('LOGOUT')
return redirect(url_for('index'))
def unauthorized_handler():
crx_flash('PLEASE_SIGN_IN')
try:
return redirect(url_for('user_login', next=url_for(request.endpoint)))
except:
return redirect(url_for('index'))
def submit_candidate_ok():
""" This route is called directly when the user has js activated (see file-progress.js)"""
crx_flash('CHALLENGE_SUBMITTED')
return redirect(url_for('user_show'))