def send_email(recipient, subject, body): data = { "from": Config.get("mailgun_email"), "subject": subject, "html": body } data["to" if type(recipient) == str else "bcc"] = recipient auth = ("api", Config.get("mailgun_apikey")) return requests.post("{}/messages".format(Config.get("mailgun_domain")), auth=auth, data=data)
def send_verification_email(username, email, link): ctf_name = Config.get("ctf_name") subject = "[ACTION REQUIRED] Email Verification - {}".format(ctf_name) body = string.Template(Config.get("email_body")).substitute( ctf_name=ctf_name, link=link, username=username, ) response = send_email(email, subject, body) if response.status_code != 200: raise Exception("Failed: {}".format(response.text)) response = response.json() if "Queued" in response["message"]: return True else: raise Exception(response["message"])
def wrapper(*args, **kwargs): start_time = Config.get("start_time") if not start_time or not ( current_user.is_authenticated and current_user.admin) and \ datetime.now() < datetime.fromtimestamp(int(start_time)): abort(403) return f(*args, **kwargs)
def wrapper(*args, **kwargs): end_time = Config.get("end_time") if not end_time or not ( current_user.is_authenticated and current_user.admin) \ and datetime.now() > datetime.fromtimestamp( int(end_time)): abort(403) return f(*args, **kwargs)
def settings(): settings_form = SettingsForm() read_only(settings_form.public_key) if settings_form.validate_on_submit(): pairs = dict() for field in settings_form: if field.short_name in ["csrf_token", "public_key", "submit"]: continue data = field.data if type(data) == bool: data = int(data) pairs[field.short_name] = data Config.set_many(pairs) cache.delete_memoized(get_ctf_name) cache.delete_memoized(get_allow_registrations) cache.delete_memoized(get_require_email_verification) flash("Settings saved!", "success") return redirect(url_for("admin.settings")) else: keys = [] for field in settings_form: if field.short_name == "csrf_token": continue if field.short_name == "public_key": private_key, public_key = Config.get_ssh_keys() field.data = public_key else: keys.append(field.short_name) pairs = Config.get_many(keys) for field in settings_form: if field.short_name in ["csrf_token", "public_key"]: continue data = pairs.get(field.short_name) if field.short_name in [ "allow_registrations", "require_email_verification" ]: field.data = int(data) elif field.short_name in ["start_time", "end_time"] and data: field.data = datetime.strptime(data, "%Y-%m-%d %H:%M:%S") else: field.data = data return render_template("admin/settings.j2", settings_form=settings_form)
def setup(): if setup_complete(): return abort(404) if Config.get("setup_verification") is None: # generate setup verification token generate_verification_token() setup_form = SetupForm() setup_form.admin_user.data = "root" if setup_form.validate_on_submit(): form_fields = ["ctf_name", "team_size", "admin_email"] to_update = dict() for field in setup_form: if field.short_name in form_fields: to_update[field.short_name] = field.data admin_user = register_user("Administrator", setup_form.admin_email.data, "root", setup_form.password.data, 0, admin=True, send_email=False) login_user(admin_user, remember=True) to_update.update(admin_uid=admin_user.id) to_update.update(allow_registrations=0) to_update.update(require_email_verification=0) to_update.update(setup_complete=1) now = datetime.now() to_update.update( start_time=(now + timedelta(hours=1)).strftime("%Y-%m-%d %H:%M:%S")) to_update.update( end_time=(now + timedelta(hours=5)).strftime("%Y-%m-%d %H:%M:%S")) Config.set_many(to_update) cache.delete_memoized(get_ctf_name) cache.delete_memoized(setup_complete) return redirect(url_for("base.index")) return render_template("base/setup.j2", setup_form=setup_form)
def get_ctf_name(): return _Config.get("ctf_name", "OpenCTF")
def setup_complete(): value = _Config.get("setup_complete") return bool(value)
def generate_verification_token(): token = random_string() sys.stdout.write("Your CTF verification token is: {}\n".format(token)) sys.stdout.flush() _Config.set("setup_verification", value=token)
def get_allow_registrations(): value = _Config.get("allow_registrations", 0) return bool(int(value))
def get_require_email_verification(): value = _Config.get("require_email_verification", 0) return bool(int(value))
def validate_verification(self, field): code = Config.get("setup_verification") if code is None or code != field.data: raise ValidationError("Verification failed.")