Пример #1
0
def test_oauth_login_upgrade():
    """Test that users who use MLC after having registered will be associated with their MLC account"""
    app = create_ctfd(user_mode="teams")
    app.config.update({
        "OAUTH_CLIENT_ID": "ctfd_testing_client_id",
        "OAUTH_CLIENT_SECRET": "ctfd_testing_client_secret",
        "OAUTH_AUTHORIZATION_ENDPOINT":
        "http://auth.localhost/oauth/authorize",
        "OAUTH_TOKEN_ENDPOINT": "http://auth.localhost/oauth/token",
        "OAUTH_API_ENDPOINT": "http://api.localhost/user",
    })
    with app.app_context():
        register_user(app)
        assert Users.query.count() == 2
        set_config("registration_visibility", "private")

        # Users should still be able to login
        client = login_as_user(app)
        client.get("/logout")

        user = Users.query.filter_by(id=2).first()
        assert user.oauth_id is None
        assert user.team_id is None

        login_with_mlc(app)

        assert Users.query.count() == 2

        # Logging in with MLC should insert an OAuth ID and team ID
        user = Users.query.filter_by(id=2).first()
        assert user.oauth_id
        assert user.verified
        assert user.team_id
    destroy_ctfd(app)
Пример #2
0
def test_team_size_limit():
    """Only team_size amount of members can join a team even via MLC"""
    app = create_kmactf(user_mode="teams")
    app.config.update({
        "OAUTH_CLIENT_ID": "kmactf_testing_client_id",
        "OAUTH_CLIENT_SECRET": "kmactf_testing_client_secret",
        "OAUTH_AUTHORIZATION_ENDPOINT":
        "http://auth.localhost/oauth/authorize",
        "OAUTH_TOKEN_ENDPOINT": "http://auth.localhost/oauth/token",
        "OAUTH_API_ENDPOINT": "http://api.localhost/user",
    })
    with app.app_context():
        set_config("team_size", 1)
        team = gen_team(app.db, member_count=1, oauth_id=1234)
        team_id = team.id
        login_with_mlc(app,
                       team_name="team_name",
                       team_oauth_id=1234,
                       raise_for_error=False)
        assert len(Teams.query.filter_by(id=team_id).first().members) == 1

        set_config("team_size", 2)
        login_with_mlc(app, team_name="team_name", team_oauth_id=1234)
        assert len(Teams.query.filter_by(id=team_id).first().members) == 2
    destroy_kmactf(app)
Пример #3
0
def test_oauth_configured_flow():
    """Test that MLC integration works properly but does not allow registration (account creation) if disabled"""
    app = create_ctfd(user_mode="teams")
    app.config.update(
        {
            "OAUTH_CLIENT_ID": "ctfd_testing_client_id",
            "OAUTH_CLIENT_SECRET": "ctfd_testing_client_secret",
            "OAUTH_AUTHORIZATION_ENDPOINT": "http://auth.localhost/oauth/authorize",
            "OAUTH_TOKEN_ENDPOINT": "http://auth.localhost/oauth/token",
            "OAUTH_API_ENDPOINT": "http://api.localhost/user",
        }
    )
    with app.app_context():
        set_config("registration_visibility", "private")
        assert Users.query.count() == 1
        assert Teams.query.count() == 0

        client = login_with_mlc(app, raise_for_error=False)

        assert Users.query.count() == 1

        # Users shouldn't be able to register because registration is disabled
        resp = client.get("http://localhost/login").get_data(as_text=True)
        assert "Public registration is disabled" in resp

        set_config("registration_visibility", "public")
        client = login_with_mlc(app)

        # Users should be able to register now
        assert Users.query.count() == 2
        user = Users.query.filter_by(email="*****@*****.**").first()
        assert user.oauth_id == 1337
        assert user.team_id == 1

        # Teams should be created
        assert Teams.query.count() == 1
        team = Teams.query.filter_by(id=1).first()
        assert team.oauth_id == 1234

        client.get("/logout")

        # Users should still be able to login if registration is disabled
        set_config("registration_visibility", "private")
        client = login_with_mlc(app)
        with client.session_transaction() as sess:
            assert sess["id"]
            assert sess["name"]
            assert sess["type"]
            assert sess["email"]
            assert sess["nonce"]
    destroy_ctfd(app)
Пример #4
0
def test_oauth_configured_flow():
    """Test that MLC integration works properly but does not allow registration (account creation) if disabled"""
    app = create_ctfd(user_mode="teams")
    app.config.update({
        'OAUTH_CLIENT_ID': 'ctfd_testing_client_id',
        'OAUTH_CLIENT_SECRET': 'ctfd_testing_client_secret',
        'OAUTH_AUTHORIZATION_ENDPOINT':
        'http://auth.localhost/oauth/authorize',
        'OAUTH_TOKEN_ENDPOINT': 'http://auth.localhost/oauth/token',
        'OAUTH_API_ENDPOINT': 'http://api.localhost/user',
    })
    with app.app_context():
        set_config('registration_visibility', 'private')
        assert Users.query.count() == 1
        assert Teams.query.count() == 0

        client = login_with_mlc(app, raise_for_error=False)

        assert Users.query.count() == 1

        # Users shouldn't be able to register because registration is disabled
        resp = client.get('http://localhost/login').get_data(as_text=True)
        assert 'Public registration is disabled' in resp

        set_config('registration_visibility', 'public')
        client = login_with_mlc(app)

        # Users should be able to register now
        assert Users.query.count() == 2
        user = Users.query.filter_by(email='*****@*****.**').first()
        assert user.oauth_id == 1337
        assert user.team_id == 1

        # Teams should be created
        assert Teams.query.count() == 1
        team = Teams.query.filter_by(id=1).first()
        assert team.oauth_id == 1234

        client.get('/logout')

        # Users should still be able to login if registration is disabled
        set_config('registration_visibility', 'private')
        client = login_with_mlc(app)
        with client.session_transaction() as sess:
            assert sess['id']
            assert sess['name']
            assert sess['type']
            assert sess['email']
            assert sess['nonce']
    destroy_ctfd(app)
Пример #5
0
def test_num_teams_limit():
    """Only num_teams teams can be created even via MLC"""
    app = create_ctfd(user_mode="teams")
    app.config.update(
        {
            "OAUTH_CLIENT_ID": "ctfd_testing_client_id",
            "OAUTH_CLIENT_SECRET": "ctfd_testing_client_secret",
            "OAUTH_AUTHORIZATION_ENDPOINT": "http://auth.localhost/oauth/authorize",
            "OAUTH_TOKEN_ENDPOINT": "http://auth.localhost/oauth/token",
            "OAUTH_API_ENDPOINT": "http://api.localhost/user",
        }
    )
    with app.app_context():
        set_config("num_teams", 1)
        gen_team(app.db, member_count=1, oauth_id=1234)
        login_with_mlc(
            app,
            name="foobar",
            email="*****@*****.**",
            oauth_id=111,
            team_name="foobar",
            team_oauth_id=1111,
            raise_for_error=False,
        )
        assert Teams.query.count() == 1

        set_config("num_teams", 2)
        login_with_mlc(
            app,
            name="foobarbaz",
            email="*****@*****.**",
            oauth_id=222,
            team_name="foobarbaz",
            team_oauth_id=2222,
        )
        assert Teams.query.count() == 2
    destroy_ctfd(app)