def test_team_invite_codes(): app = create_ctfd(user_mode="teams") with app.app_context(): team1 = gen_team(app.db, name="team1", email="*****@*****.**") with freeze_time("2017-10-7 00:00:00"): invite_code = team1.get_invite_code() team = Teams.load_invite_code(invite_code) assert team.id == team1.id with freeze_time("2017-10-8 00:00:01"): try: team = Teams.load_invite_code(invite_code) except TeamTokenExpiredException: # This token should be expired and we shouldn't get a team object back pass else: print("Token should have expired") raise Exception # Change team's password team.password = "******" app.db.session.commit() with freeze_time("2017-10-7 00:00:00"): try: team = Teams.load_invite_code(invite_code) except TeamTokenInvalidException: pass else: print("Token should have been invalidated by password change") raise Exception destroy_ctfd(app)
def invite(): infos = get_infos() errors = get_errors() code = request.args.get("code") if code is None: abort(404) user = get_current_user_attrs() if user.team_id: errors.append("You are already in a team. You cannot join another.") try: team = Teams.load_invite_code(code) except TeamTokenExpiredException: abort(403, description="This invite URL has expired") except TeamTokenInvalidException: abort(403, description="This invite URL is invalid") team_size_limit = get_config("team_size", default=0) if request.method == "GET": if team_size_limit: infos.append( "Teams are limited to {limit} member{plural}".format( limit=team_size_limit, plural=pluralize(number=team_size_limit) ) ) return render_template( "teams/invite.html", team=team, infos=infos, errors=errors ) if request.method == "POST": if errors: return ( render_template( "teams/invite.html", team=team, infos=infos, errors=errors ), 403, ) if team_size_limit and len(team.members) >= team_size_limit: errors.append( "{name} has already reached the team size limit of {limit}".format( name=team.name, limit=team_size_limit ) ) return ( render_template( "teams/invite.html", team=team, infos=infos, errors=errors ), 403, ) user = get_current_user() user.team_id = team.id db.session.commit() clear_user_session(user_id=user.id) clear_team_session(team_id=team.id) return redirect(url_for("challenges.listing"))