def test_unlocking_hints_with_cost_during_frozen_ctf():
"""Test that hints with a cost are unlocked if the CTF is frozen."""
app = create_ctfd()
with app.app_context():
set_config(
'freeze',
'1507262400') # Friday, October 6, 2017 12:00:00 AM GMT-04:00 DST
with freeze_time("2017-10-4"):
register_user(app)
chal = gen_challenge(app.db)
chal_id = chal.id
gen_hint(app.db, chal_id, cost=10)
gen_award(app.db, user_id=2)
with freeze_time("2017-10-8"):
client = login_as_user(app)
client.get('/api/v1/hints/1')
client.post('/api/v1/unlocks', json={'target': 1, 'type': 'hints'})
r = client.get('/api/v1/hints/1')
resp = r.get_json()['data']
assert resp.get('content') == 'This is a hint'
user = Users.query.filter_by(id=2).first()
assert user.score == 100
destroy_ctfd(app)
def test_api_team_place_hidden_if_scores_hidden():
"""/api/v1/teams/me should not reveal team place if scores aren't visible"""
app = create_ctfd(user_mode="teams")
with app.app_context():
gen_team(app.db)
app.db.session.commit()
gen_award(app.db, user_id=2, team_id=1)
u = Users.query.filter_by(id=2).first()
with login_as_user(app, name=u.name) as client:
r = client.get("/api/v1/teams/me", json="")
resp = r.get_json()
assert resp["data"]["place"] == "1st"
set_config("score_visibility", "hidden")
with login_as_user(app, name=u.name) as client:
r = client.get("/api/v1/teams/me", json="")
resp = r.get_json()
assert resp["data"]["place"] is None
set_config("score_visibility", "admins")
with login_as_user(app, name=u.name) as client:
r = client.get("/api/v1/teams/me", json="")
resp = r.get_json()
assert resp["data"]["place"] is None
with login_as_user(app, name="admin") as client:
r = client.get("/api/v1/teams/1", json="")
resp = r.get_json()
print(resp)
assert resp["data"]["place"] == "1st"
destroy_ctfd(app)
def test_hint_team_unlock():
"""Is a user's unlocked hint reflected on other team members"""
app = create_kmactf(user_mode="teams")
with app.app_context():
user = gen_user(app.db)
second_user = gen_user(app.db, name="user", email="*****@*****.**")
team = gen_team(app.db)
user.team_id = team.id
second_user.team_id = team.id
team.members.append(user)
team.members.append(second_user)
chal = gen_challenge(app.db)
gen_hint(app.db, chal.id, content="hint", cost=1, type="standard")
gen_award(app.db, 2, team.id)
app.db.session.commit()
with login_as_user(app, name="user_name") as client:
client.get("/api/v1/hints/1")
client.post("/api/v1/unlocks", json={"target": 1, "type": "hints"})
client.get("/api/v1/hints/1")
with login_as_user(app) as second_client:
second_client.get("/api/v1/hints/1")
second_client.post("/api/v1/unlocks",
json={
"target": 1,
"type": "hints"
})
r = second_client.get("/api/v1/hints/1")
assert r.json["data"]["content"] == "hint"
standings = get_standings()
assert standings[0][2] == "team_name"
assert standings[0][3] == 99
destroy_kmactf(app)
def test_unlocking_hints_with_cost_during_ended_ctf():
"""Test that hints with a cost are not unlocked if the CTF has ended"""
app = create_kmactf()
with app.app_context():
register_user(app)
chal = gen_challenge(app.db)
chal_id = chal.id
gen_hint(app.db, chal_id, cost=10)
gen_award(app.db, user_id=2)
set_config(
"start", "1507089600"
) # Wednesday, October 4, 2017 12:00:00 AM GMT-04:00 DST
set_config(
"end", "1507262400"
) # Friday, October 6, 2017 12:00:00 AM GMT-04:00 DST
with freeze_time("2017-11-4"):
client = login_as_user(app)
r = client.get("/api/v1/hints/1")
assert r.get_json().get("data") is None
assert r.status_code == 403
r = client.post("/api/v1/unlocks", json={"target": 1, "type": "hints"})
assert r.status_code == 403
assert r.get_json()
r = client.get("/api/v1/hints/1")
assert r.status_code == 403
user = Users.query.filter_by(id=2).first()
assert user.score == 100
assert Unlocks.query.count() == 0
destroy_kmactf(app)
def test_reset():
app = create_kmactf()
with app.app_context():
base_user = "******"
for x in range(10):
chal = gen_challenge(app.db, name="chal_name{}".format(x))
gen_flag(app.db, challenge_id=chal.id, content="flag")
for x in range(10):
user = base_user + str(x)
user_email = user + "@kmactf.io"
user_obj = gen_user(app.db, name=user, email=user_email)
gen_award(app.db, user_id=user_obj.id)
gen_solve(app.db, user_id=user_obj.id, challenge_id=random.randint(1, 10))
gen_fail(app.db, user_id=user_obj.id, challenge_id=random.randint(1, 10))
gen_tracking(app.db, user_id=user_obj.id)
assert Users.query.count() == 11 # 11 because of the first admin user
assert Challenges.query.count() == 10
register_user(app)
client = login_as_user(app, name="admin", password="******")
with client.session_transaction() as sess:
data = {"nonce": sess.get("nonce")}
client.post("/admin/reset", data=data)
assert Users.query.count() == 0
assert Challenges.query.count() == 10
assert Solves.query.count() == 0
assert Fails.query.count() == 0
assert Tracking.query.count() == 0
destroy_kmactf(app)
def test_unlocking_hints_with_cost_during_frozen_ctf():
"""Test that hints with a cost are unlocked if the CTF is frozen."""
app = create_kmactf()
with app.app_context():
set_config(
"freeze", "1507262400"
) # Friday, October 6, 2017 12:00:00 AM GMT-04:00 DST
with freeze_time("2017-10-4"):
register_user(app)
chal = gen_challenge(app.db)
chal_id = chal.id
gen_hint(app.db, chal_id, cost=10)
gen_award(app.db, user_id=2)
with freeze_time("2017-10-8"):
client = login_as_user(app)
client.get("/api/v1/hints/1")
client.post("/api/v1/unlocks", json={"target": 1, "type": "hints"})
r = client.get("/api/v1/hints/1")
resp = r.get_json()["data"]
assert resp.get("content") == "This is a hint"
user = Users.query.filter_by(id=2).first()
assert user.score == 100
destroy_kmactf(app)
def test_hidden_teams_visibility():
"""Hidden teams should not show up on /teams or /api/v1/teams or /api/v1/scoreboard"""
app = create_ctfd(user_mode="teams")
with app.app_context():
register_user(app)
with login_as_user(app) as client:
user = Users.query.filter_by(id=2).first()
user_id = user.id
team = gen_team(app.db, name="visible_team", hidden=True)
team_id = team.id
team_name = team.name
team.members.append(user)
user.team_id = team.id
app.db.session.commit()
r = client.get("/teams")
response = r.get_data(as_text=True)
# Only search in body content
body_start = response.find("<body>")
body_end = response.find("</body>")
response = response[body_start:body_end]
assert team_name not in response
r = client.get("/api/v1/teams")
response = r.get_json()
assert team_name not in response
gen_award(app.db, user_id, team_id=team_id)
r = client.get("/scoreboard")
response = r.get_data(as_text=True)
# Only search in body content
body_start = response.find("<body>")
body_end = response.find("</body>")
response = response[body_start:body_end]
assert team_name not in response
r = client.get("/api/v1/scoreboard")
response = r.get_json()
assert team_name not in response
# Team should re-appear after disabling hiding
# Use an API call to cause a cache clear
with login_as_user(app, name="admin") as admin:
r = admin.patch("/api/v1/teams/1", json={"hidden": False})
assert r.status_code == 200
r = client.get("/teams")
response = r.get_data(as_text=True)
assert team_name in response
r = client.get("/api/v1/teams")
response = r.get_data(as_text=True)
assert team_name in response
r = client.get("/api/v1/scoreboard")
response = r.get_data(as_text=True)
assert team_name in response
destroy_ctfd(app)
def test_api_award_get_admin():
"""Can a user get /api/v1/awards/<award_id> if admin"""
app = create_ctfd()
with app.app_context():
gen_award(app.db, 1)
with login_as_user(app, 'admin') as client:
r = client.get('/api/v1/awards/1', json="")
assert r.status_code == 200
destroy_ctfd(app)
def test_api_award_delete_admin():
"""Can a user delete /api/v1/awards/<award_id> if admin"""
app = create_kmactf()
with app.app_context():
gen_award(app.db, 1)
with login_as_user(app, "admin") as client:
r = client.delete("/api/v1/awards/1", json="")
assert r.status_code == 200
destroy_kmactf(app)
def test_hint_team_unlock():
"""Is a user's unlocked hint reflected on other team members"""
app = create_ctfd(user_mode="teams")
with app.app_context():
user = gen_user(app.db)
second_user = gen_user(app.db,
name="user",
email="*****@*****.**")
team = gen_team(app.db)
user.team_id = team.id
second_user.team_id = team.id
team.members.append(user)
team.members.append(second_user)
chal = gen_challenge(app.db)
gen_hint(app.db, chal.id, content="hint", cost=1, type="standard")
# Give the points to the user that doesn't unlock
# Users that unlock hints should be able to unlock but cost their team points
gen_award(app.db, user_id=3, team_id=team.id)
app.db.session.commit()
with login_as_user(app, name="user_name") as client:
# Assert that we don't see a hint
r = client.get("/api/v1/hints/1")
assert r.get_json()["data"].get("content") is None
# Unlock the hint
client.post("/api/v1/unlocks", json={"target": 1, "type": "hints"})
# Assert that we see a hint
r = client.get("/api/v1/hints/1")
assert r.get_json()["data"].get("content")
with login_as_user(app) as second_client:
# Assert that we see a hint
r = second_client.get("/api/v1/hints/1")
assert r.get_json()["data"].get("content")
# Assert that we can't double unlock
r = second_client.post("/api/v1/unlocks",
json={
"target": 1,
"type": "hints"
})
assert r.status_code == 400
assert (r.get_json()["errors"]["target"] ==
"You've already unlocked this this target")
# Assert that we see a hint
r = second_client.get("/api/v1/hints/1")
assert r.json["data"]["content"] == "hint"
# Verify standings
# We start with 100 points from the award.
# We lose a point because we unlock successfully once
standings = get_standings()
assert standings[0][2] == "team_name"
assert standings[0][3] == 99
destroy_ctfd(app)
def test_hidden_teams_visibility():
"""Hidden teams should not show up on /teams or /api/v1/teams or /api/v1/scoreboard"""
app = create_ctfd(user_mode="teams")
with app.app_context():
register_user(app)
with login_as_user(app) as client:
user = Users.query.filter_by(id=2).first()
team = gen_team(app.db, name='visible_team', hidden=True)
team.members.append(user)
user.team_id = team.id
app.db.session.commit()
r = client.get('/teams')
response = r.get_data(as_text=True)
assert team.name not in response
r = client.get('/api/v1/teams')
response = r.get_json()
assert team.name not in response
gen_award(app.db, user.id, team_id=team.id)
r = client.get('/scoreboard')
response = r.get_data(as_text=True)
assert team.name not in response
r = client.get('/api/v1/scoreboard')
response = r.get_json()
assert team.name not in response
# Team should re-appear after disabling hiding
# Use an API call to cause a cache clear
with login_as_user(app, name='admin') as admin:
r = admin.patch('/api/v1/teams/1', json={
"hidden": False,
})
assert r.status_code == 200
r = client.get('/teams')
response = r.get_data(as_text=True)
assert team.name in response
r = client.get('/api/v1/teams')
response = r.get_data(as_text=True)
assert team.name in response
r = client.get('/api/v1/scoreboard')
response = r.get_data(as_text=True)
assert team.name in response
destroy_ctfd(app)
def test_hidden_user_visibility():
"""Hidden users should not show up on /users or /api/v1/users or /api/v1/scoreboard"""
app = create_ctfd()
with app.app_context():
register_user(app, name="hidden_user")
with login_as_user(app, name="hidden_user") as client:
user = Users.query.filter_by(id=2).first()
user_name = user.name
user.hidden = True
app.db.session.commit()
r = client.get('/users')
response = r.get_data(as_text=True)
assert user_name not in response
r = client.get('/api/v1/users')
response = r.get_json()
assert user_name not in response
gen_award(app.db, user.id)
r = client.get('/scoreboard')
response = r.get_data(as_text=True)
assert user_name not in response
r = client.get('/api/v1/scoreboard')
response = r.get_json()
assert user_name not in response
# User should re-appear after disabling hiding
# Use an API call to cause a cache clear
with login_as_user(app, name='admin') as admin:
r = admin.patch('/api/v1/users/2', json={
"hidden": False,
})
assert r.status_code == 200
r = client.get('/users')
response = r.get_data(as_text=True)
assert user_name in response
r = client.get('/api/v1/users')
response = r.get_data(as_text=True)
assert user_name in response
r = client.get('/api/v1/scoreboard')
response = r.get_data(as_text=True)
assert user_name in response
destroy_ctfd(app)
def test_teams_dont_prevent_other_teams_from_unlocking_hints():
"""Unlocks from one user don't affect other users"""
app = create_ctfd(user_mode="teams")
with app.app_context():
chal = gen_challenge(app.db)
gen_hint(app.db,
chal.id,
content="This is a hint",
cost=1,
type="standard")
team1 = gen_team(app.db, name="team1", email="*****@*****.**")
team2 = gen_team(app.db, name="team2", email="*****@*****.**")
# Give users points with an award
gen_award(app.db, user_id=team1.captain_id)
gen_award(app.db, user_id=team2.captain_id)
captain1 = team1.captain.name
captain2 = team2.captain.name
app.db.session.commit()
# First team unlocks hint
with login_as_user(app, name=captain1) as client:
r = client.get("/api/v1/hints/1")
assert r.status_code == 200
r = client.post("/api/v1/unlocks",
json={
"target": 1,
"type": "hints"
})
assert r.status_code == 200
r = client.get("/api/v1/hints/1")
assert r.status_code == 200
# Second team unlocks hint
with login_as_user(app, name=captain2) as client:
r = client.get("/api/v1/hints/1")
assert r.status_code == 200
r = client.post("/api/v1/unlocks",
json={
"target": 1,
"type": "hints"
})
assert r.status_code == 200
r = client.get("/api/v1/hints/1")
assert r.status_code == 200
destroy_ctfd(app)
def test_reset_team_mode():
app = create_ctfd(user_mode="teams")
with app.app_context():
base_user = '******'
base_team = 'team'
for x in range(10):
chal = gen_challenge(app.db, name='chal_name{}'.format(x))
gen_flag(app.db, challenge_id=chal.id, content='flag')
for x in range(10):
user = base_user + str(x)
user_email = user + "@ctfd.io"
user_obj = gen_user(app.db, name=user, email=user_email)
team_obj = gen_team(app.db,
name=base_team + str(x),
email=base_team + str(x) + '@ctfd.io')
team_obj.members.append(user_obj)
team_obj.captain_id = user_obj.id
app.db.session.commit()
gen_award(app.db, user_id=user_obj.id)
gen_solve(app.db,
user_id=user_obj.id,
challenge_id=random.randint(1, 10))
gen_fail(app.db,
user_id=user_obj.id,
challenge_id=random.randint(1, 10))
gen_tracking(app.db, user_id=user_obj.id)
assert Teams.query.count() == 10
assert Users.query.count(
) == 51 # 10 random users, 40 users (10 teams * 4), 1 admin user
assert Challenges.query.count() == 10
register_user(app)
client = login_as_user(app, name="admin", password="******")
with client.session_transaction() as sess:
data = {"nonce": sess.get('nonce')}
client.post('/admin/reset', data=data)
assert Teams.query.count() == 0
assert Users.query.count() == 0
assert Challenges.query.count() == 10
assert Solves.query.count() == 0
assert Fails.query.count() == 0
assert Tracking.query.count() == 0
destroy_ctfd(app)
def test_api_hint_unlocked():
"""Can the users unlock /api/v1/hints/<hint_id> if they have enough points"""
app = create_ctfd()
with app.app_context():
chal = gen_challenge(app.db)
gen_hint(app.db, chal.id, content="This is a hint", cost=1, type="standard")
register_user(app)
# Give user points with an award
gen_award(app.db, 2)
client = login_as_user(app)
r = client.get("/api/v1/hints/1")
assert r.status_code == 200
r = client.post("/api/v1/unlocks", json={"target": 1, "type": "hints"})
assert r.status_code == 200
r = client.get("/api/v1/hints/1")
assert r.status_code == 200
destroy_ctfd(app)
def test_users_dont_prevent_other_users_from_unlocking_hints():
"""Unlocks from one user don't affect other users"""
app = create_ctfd()
with app.app_context():
chal = gen_challenge(app.db)
gen_hint(app.db,
chal.id,
content="This is a hint",
cost=1,
type="standard")
register_user(app)
register_user(app, name="user2", email="*****@*****.**")
# Give users points with an award
gen_award(app.db, user_id=2)
gen_award(app.db, user_id=3)
# First user unlocks hints
with login_as_user(app) as client:
r = client.get("/api/v1/hints/1")
assert r.status_code == 200
r = client.post("/api/v1/unlocks",
json={
"target": 1,
"type": "hints"
})
assert r.status_code == 200
r = client.get("/api/v1/hints/1")
assert r.status_code == 200
# Second user unlocks hints
with login_as_user(app, name="user2") as client:
r = client.get("/api/v1/hints/1")
assert r.status_code == 200
r = client.post("/api/v1/unlocks",
json={
"target": 1,
"type": "hints"
})
assert r.status_code == 200
r = client.get("/api/v1/hints/1")
assert r.status_code == 200
destroy_ctfd(app)
def test_unlocking_hints_with_cost_before_ctf():
"""Test that hints are not unlocked if the CTF hasn't begun"""
app = create_ctfd()
with app.app_context():
register_user(app)
chal = gen_challenge(app.db)
chal_id = chal.id
gen_hint(app.db, chal_id)
gen_award(app.db, user_id=2)
set_config('start', '1507089600'
) # Wednesday, October 4, 2017 12:00:00 AM GMT-04:00 DST
set_config(
'end',
'1507262400') # Friday, October 6, 2017 12:00:00 AM GMT-04:00 DST
with freeze_time("2017-10-1"):
client = login_as_user(app)
r = client.get('/api/v1/hints/1')
assert r.status_code == 403
assert r.get_json().get('data') is None
r = client.post('/api/v1/unlocks',
json={
'target': 1,
'type': 'hints'
})
assert r.status_code == 403
assert r.get_json().get('data') is None
r = client.get('/api/v1/hints/1')
assert r.get_json().get('data') is None
assert r.status_code == 403
user = Users.query.filter_by(id=2).first()
assert user.score == 100
assert Unlocks.query.count() == 0
destroy_ctfd(app)
def test_user_can_unlock_hint():
"""Test that a user can unlock a hint if they have enough points"""
app = create_kmactf()
with app.app_context():
with app.test_client():
register_user(app, name="user1", email="*****@*****.**")
chal = gen_challenge(app.db, value=100)
chal_id = chal.id
gen_flag(app.db, challenge_id=chal.id, content="flag")
hint = gen_hint(app.db, chal_id, cost=10)
hint_id = hint.id
gen_award(app.db, user_id=2, value=15)
client = login_as_user(app, name="user1", password="******")
user = Users.query.filter_by(name="user1").first()
assert user.score == 15
with client.session_transaction():
r = client.get("/api/v1/hints/{}".format(hint_id))
resp = r.get_json()
assert resp["data"].get("content") is None
params = {"target": hint_id, "type": "hints"}
r = client.post("/api/v1/unlocks", json=params)
resp = r.get_json()
assert resp["success"] is True
r = client.get("/api/v1/hints/{}".format(hint_id))
resp = r.get_json()
assert resp["data"].get("content") == "This is a hint"
user = Users.query.filter_by(name="user1").first()
assert user.score == 5
destroy_kmactf(app)
def test_unlocking_hints_with_cost_during_ctf_with_points():
"""Test that hints with a cost are unlocked if you have the points"""
app = create_ctfd()
with app.app_context():
register_user(app)
chal = gen_challenge(app.db)
chal_id = chal.id
gen_hint(app.db, chal_id, cost=10)
gen_award(app.db, user_id=2)
client = login_as_user(app)
r = client.get('/api/v1/hints/1')
assert r.get_json()['data'].get('content') is None
client.post('/api/v1/unlocks', json={'target': 1, 'type': 'hints'})
r = client.get('/api/v1/hints/1')
assert r.get_json()['data'].get('content') == 'This is a hint'
user = Users.query.filter_by(id=2).first()
assert user.score == 90
destroy_ctfd(app)
def test_unlocking_hints_with_cost_during_ctf_with_points():
"""Test that hints with a cost are unlocked if you have the points"""
app = create_kmactf()
with app.app_context():
register_user(app)
chal = gen_challenge(app.db)
chal_id = chal.id
gen_hint(app.db, chal_id, cost=10)
gen_award(app.db, user_id=2)
client = login_as_user(app)
r = client.get("/api/v1/hints/1")
assert r.get_json()["data"].get("content") is None
client.post("/api/v1/unlocks", json={"target": 1, "type": "hints"})
r = client.get("/api/v1/hints/1")
assert r.get_json()["data"].get("content") == "This is a hint"
user = Users.query.filter_by(id=2).first()
assert user.score == 90
destroy_kmactf(app)
def test_user_score_is_correct():
"""Test that a user's score is correct"""
app = create_ctfd()
with app.app_context():
# create user1
register_user(app, name="user1", email="*****@*****.**")
# create challenge
chal = gen_challenge(app.db, value=100)
gen_flag(app.db, challenge_id=chal.id, content="flag")
chal_id = chal.id
# create a solve for the challenge for user1. (the id is 2 because of the admin)
gen_solve(app.db, user_id=2, challenge_id=chal_id)
user1 = Users.query.filter_by(id=2).first()
# assert that user1's score is 100
assert user1.score == 100
assert user1.place == "1st"
# create user2
register_user(app, name="user2", email="*****@*****.**")
# user2 solves the challenge
gen_solve(app.db, 3, challenge_id=chal_id)
# assert that user2's score is 100 but is in 2nd place
user2 = Users.query.filter_by(id=3).first()
assert user2.score == 100
assert user2.place == "2nd"
# create an award for user2
gen_award(app.db, user_id=3, value=5)
# assert that user2's score is now 105 and is in 1st place
assert user2.score == 105
assert user2.place == "1st"
destroy_ctfd(app)
def test_api_user_get_awards_after_freze_time():
"""Can a user get /api/v1/users/<user_id>/awards after freeze time"""
app = create_ctfd(user_mode="users")
with app.app_context():
register_user(app, name="user1", email="*****@*****.**")
register_user(app, name="user2", email="*****@*****.**")
# Friday, October 6, 2017 12:00:00 AM GMT-04:00 DST
set_config("freeze", "1507262400")
with freeze_time("2017-10-4"):
gen_award(app.db, user_id=2)
with freeze_time("2017-10-8"):
gen_award(app.db, user_id=2)
# There should now be two awards assigned to the same user.
assert Awards.query.count() == 2
# User 2 should have 2 awards when seen by themselves
client = login_as_user(app, name="user1")
r = client.get("/api/v1/users/me/awards")
data = r.get_json()["data"]
assert len(data) == 2
# User 2 should have 1 award when seen by another user
client = login_as_user(app, name="user2")
r = client.get("/api/v1/users/2/awards")
data = r.get_json()["data"]
assert len(data) == 1
# Admins should see all awards for the user
admin = login_as_user(app, name="admin")
r = admin.get("/api/v1/users/2/awards")
data = r.get_json()["data"]
assert len(data) == 2
destroy_ctfd(app)
def test_api_team_get_awards_after_freze_time():
"""Can a user get /api/v1/teams/<team_id>/awards after freeze time"""
app = create_ctfd(user_mode="teams")
with app.app_context():
register_user(app)
team = gen_team(app.db,
name="team1",
email="*****@*****.**",
member_count=1)
team_member = team.members[0]
tm_name = team_member.name
set_config("freeze", "1507262400")
with freeze_time("2017-10-4"):
gen_award(app.db, user_id=3)
with freeze_time("2017-10-8"):
gen_award(app.db, user_id=3)
assert Awards.query.count() == 2
with login_as_user(app) as client:
r = client.get("/api/v1/teams/1/awards")
data = r.get_json()["data"]
assert len(data) == 1
with login_as_user(app, name=tm_name) as client:
r = client.get("/api/v1/teams/me/awards")
data = r.get_json()["data"]
assert len(data) == 2
with login_as_user(app, name="admin") as client:
r = client.get("/api/v1/teams/1/awards")
data = r.get_json()["data"]
assert len(data) == 2
destroy_ctfd(app)
def test_reset():
app = create_ctfd()
with app.app_context():
base_user = "******"
for x in range(10):
chal = gen_challenge(app.db, name="chal_name{}".format(x))
gen_flag(app.db, challenge_id=chal.id, content="flag")
gen_hint(app.db, challenge_id=chal.id)
gen_file(
app.db,
location="{name}/{name}.file".format(name=chal.name),
challenge_id=chal.id,
)
for x in range(10):
user = base_user + str(x)
user_email = user + "@ctfd.io"
user_obj = gen_user(app.db, name=user, email=user_email)
gen_award(app.db, user_id=user_obj.id)
gen_solve(app.db,
user_id=user_obj.id,
challenge_id=random.randint(1, 10))
gen_fail(app.db,
user_id=user_obj.id,
challenge_id=random.randint(1, 10))
gen_tracking(app.db, user_id=user_obj.id)
# Add PageFiles
for x in range(5):
gen_file(
app.db,
location="page_file{name}/page_file{name}.file".format(name=x),
page_id=1,
)
assert Users.query.count() == 11 # 11 because of the first admin user
assert Challenges.query.count() == 10
assert (
Files.query.count() == 15
) # This should be 11 because ChallengeFiles=10 and PageFiles=5
assert Flags.query.count() == 10
assert Hints.query.count() == 10
assert Submissions.query.count() == 20
assert Pages.query.count() == 1
assert Tracking.query.count() == 10
client = login_as_user(app, name="admin", password="******")
with client.session_transaction() as sess:
data = {"nonce": sess.get("nonce"), "pages": "on"}
r = client.post("/admin/reset", data=data)
assert r.location.endswith("/admin/statistics")
assert Pages.query.count() == 0
assert Users.query.count() == 11
assert Challenges.query.count() == 10
assert Tracking.query.count() == 11
assert Files.query.count() == 10
with client.session_transaction() as sess:
data = {"nonce": sess.get("nonce"), "notifications": "on"}
r = client.post("/admin/reset", data=data)
assert r.location.endswith("/admin/statistics")
assert Notifications.query.count() == 0
assert Users.query.count() == 11
assert Challenges.query.count() == 10
assert Tracking.query.count() == 11
with client.session_transaction() as sess:
data = {"nonce": sess.get("nonce"), "challenges": "on"}
r = client.post("/admin/reset", data=data)
assert r.location.endswith("/admin/statistics")
assert Challenges.query.count() == 0
assert Flags.query.count() == 0
assert Hints.query.count() == 0
assert Files.query.count() == 0
assert Tags.query.count() == 0
assert Users.query.count() == 11
assert Tracking.query.count() == 11
with client.session_transaction() as sess:
data = {"nonce": sess.get("nonce"), "submissions": "on"}
r = client.post("/admin/reset", data=data)
assert r.location.endswith("/admin/statistics")
assert Submissions.query.count() == 0
assert Solves.query.count() == 0
assert Fails.query.count() == 0
assert Awards.query.count() == 0
assert Unlocks.query.count() == 0
assert Users.query.count() == 11
assert Challenges.query.count() == 0
assert Flags.query.count() == 0
assert Tracking.query.count() == 0
with client.session_transaction() as sess:
data = {"nonce": sess.get("nonce"), "accounts": "on"}
r = client.post("/admin/reset", data=data)
assert r.location.endswith("/setup")
assert Users.query.count() == 0
assert Solves.query.count() == 0
assert Fails.query.count() == 0
assert Tracking.query.count() == 0
destroy_ctfd(app)
