def test_sendmail_with_smtp_from_db_config(mock_smtp): """Does sendmail work properly with simple SMTP mail servers using database configuration""" app = create_ctfd() with app.app_context(): set_config("mail_server", "localhost") set_config("mail_port", 25) set_config("mail_useauth", True) set_config("mail_username", "username") set_config("mail_password", "password") ctf_name = get_config("ctf_name") from_addr = get_config("mailfrom_addr") or app.config.get( "MAILFROM_ADDR") from_addr = "{} <{}>".format(ctf_name, from_addr) to_addr = "*****@*****.**" msg = "this is a test" sendmail(to_addr, msg) ctf_name = get_config("ctf_name") email_msg = MIMEText(msg) email_msg["Subject"] = "Message from {0}".format(ctf_name) email_msg["From"] = from_addr email_msg["To"] = to_addr mock_smtp.return_value.sendmail.assert_called_once_with( from_addr, [to_addr], email_msg.as_string()) destroy_ctfd(app)
def test_sendmail_with_smtp_from_config_file(mock_smtp): """Does sendmail work properly with simple SMTP mail servers using file configuration""" app = create_ctfd() with app.app_context(): app.config["MAIL_SERVER"] = "localhost" app.config["MAIL_PORT"] = "25" app.config["MAIL_USEAUTH"] = "True" app.config["MAIL_USERNAME"] = "******" app.config["MAIL_PASSWORD"] = "******" ctf_name = get_config("ctf_name") from_addr = get_config("mailfrom_addr") or app.config.get( "MAILFROM_ADDR") from_addr = "{} <{}>".format(ctf_name, from_addr) to_addr = "*****@*****.**" msg = "this is a test" sendmail(to_addr, msg) ctf_name = get_config("ctf_name") email_msg = MIMEText(msg) email_msg["Subject"] = "Message from {0}".format(ctf_name) email_msg["From"] = from_addr email_msg["To"] = to_addr mock_smtp.return_value.sendmail.assert_called_once_with( from_addr, [to_addr], email_msg.as_string()) destroy_ctfd(app)
def test_sendmail_with_smtp_from_config_file(mock_smtp): """Does sendmail work properly with simple SMTP mail servers using file configuration""" app = create_ctfd() with app.app_context(): app.config['MAIL_SERVER'] = 'localhost' app.config['MAIL_PORT'] = '25' app.config['MAIL_USEAUTH'] = 'True' app.config['MAIL_USERNAME'] = '******' app.config['MAIL_PASSWORD'] = '******' from_addr = get_config('mailfrom_addr') or app.config.get( 'MAILFROM_ADDR') to_addr = '*****@*****.**' msg = 'this is a test' sendmail(to_addr, msg) ctf_name = get_config('ctf_name') email_msg = MIMEText(msg) email_msg['Subject'] = "Message from {0}".format(ctf_name) email_msg['From'] = from_addr email_msg['To'] = to_addr mock_smtp.return_value.sendmail.assert_called_once_with( from_addr, [to_addr], email_msg.as_string()) destroy_ctfd(app)
def test_sendmail_with_mailgun_from_config_file(fake_post_request): """Does sendmail work properly with Mailgun using file configuration""" app = create_ctfd() with app.app_context(): app.config["MAILGUN_API_KEY"] = "key-1234567890-file-config" app.config[ "MAILGUN_BASE_URL"] = "https://api.mailgun.net/v3/file.faked.com" to_addr = "*****@*****.**" msg = "this is a test" sendmail(to_addr, msg) fake_response = Mock() fake_post_request.return_value = fake_response fake_response.status_code = 200 status, message = sendmail(to_addr, msg) args, kwargs = fake_post_request.call_args assert args[0] == "https://api.mailgun.net/v3/file.faked.com/messages" assert kwargs["auth"] == ("api", u"key-1234567890-file-config") assert kwargs["timeout"] == 1.0 assert kwargs["data"] == { "to": ["*****@*****.**"], "text": "this is a test", "from": "CTFd <*****@*****.**>", "subject": "Message from CTFd", } assert fake_response.status_code == 200 assert status is True assert message == "Email sent" destroy_ctfd(app)
def test_sendmail_with_smtp_from_db_config(mock_smtp): """Does sendmail work properly with simple SMTP mail servers using database configuration""" app = create_ctfd() with app.app_context(): set_config('mail_server', 'localhost') set_config('mail_port', 25) set_config('mail_useauth', True) set_config('mail_username', 'username') set_config('mail_password', 'password') from_addr = get_config('mailfrom_addr') or app.config.get( 'MAILFROM_ADDR') to_addr = '*****@*****.**' msg = 'this is a test' sendmail(to_addr, msg) ctf_name = get_config('ctf_name') email_msg = MIMEText(msg) email_msg['Subject'] = "Message from {0}".format(ctf_name) email_msg['From'] = from_addr email_msg['To'] = to_addr mock_smtp.return_value.sendmail.assert_called_once_with( from_addr, [to_addr], email_msg.as_string()) destroy_ctfd(app)
def post(self, user_id): req = request.get_json() text = req.get("text", "").strip() user = Users.query.filter_by(id=user_id).first_or_404() if get_mail_provider() is None: return ( { "success": False, "errors": { "": ["Email settings not configured"] } }, 400, ) if not text: return ( { "success": False, "errors": { "text": ["Email text cannot be empty"] } }, 400, ) result, response = sendmail(addr=user.email, text=text) return {"success": result}
def test_sendmail_with_mailgun_from_db_config(fake_post_request): """Does sendmail work properly with Mailgun using database configuration""" app = create_ctfd() with app.app_context(): app.config["MAILGUN_API_KEY"] = "key-1234567890-file-config" app.config[ "MAILGUN_BASE_URL"] = "https://api.mailgun.net/v3/file.faked.com" # db values should take precedence over file values set_config("mailgun_api_key", "key-1234567890-db-config") set_config("mailgun_base_url", "https://api.mailgun.net/v3/db.faked.com") from_addr = get_config("mailfrom_addr") or app.config.get( "MAILFROM_ADDR") to_addr = "*****@*****.**" msg = "this is a test" sendmail(to_addr, msg) ctf_name = get_config("ctf_name") email_msg = MIMEText(msg) email_msg["Subject"] = "Message from {0}".format(ctf_name) email_msg["From"] = from_addr email_msg["To"] = to_addr fake_response = Mock() fake_post_request.return_value = fake_response fake_response.status_code = 200 status, message = sendmail(to_addr, msg) args, kwargs = fake_post_request.call_args assert args[0] == "https://api.mailgun.net/v3/db.faked.com/messages" assert kwargs["auth"] == ("api", u"key-1234567890-db-config") assert kwargs["timeout"] == 1.0 assert kwargs["data"] == { "to": ["*****@*****.**"], "text": "this is a test", "from": "CTFd <*****@*****.**>", "subject": "Message from CTFd", } assert fake_response.status_code == 200 assert status is True assert message == "Email sent" destroy_ctfd(app)
def test_sendmail_with_mailgun_from_db_config(fake_post_request): """Does sendmail work properly with Mailgun using database configuration""" app = create_ctfd() with app.app_context(): app.config['MAILGUN_API_KEY'] = 'key-1234567890-file-config' app.config[ 'MAILGUN_BASE_URL'] = 'https://api.mailgun.net/v3/file.faked.com' # db values should take precedence over file values set_config('mailgun_api_key', 'key-1234567890-db-config') set_config('mailgun_base_url', 'https://api.mailgun.net/v3/db.faked.com') from_addr = get_config('mailfrom_addr') or app.config.get( 'MAILFROM_ADDR') to_addr = '*****@*****.**' msg = 'this is a test' sendmail(to_addr, msg) ctf_name = get_config('ctf_name') email_msg = MIMEText(msg) email_msg['Subject'] = "Message from {0}".format(ctf_name) email_msg['From'] = from_addr email_msg['To'] = to_addr fake_response = Mock() fake_post_request.return_value = fake_response fake_response.status_code = 200 status, message = sendmail(to_addr, msg) args, kwargs = fake_post_request.call_args assert args[0] == 'https://api.mailgun.net/v3/db.faked.com/messages' assert kwargs['auth'] == ('api', u'key-1234567890-db-config') assert kwargs['timeout'] == 1.0 assert kwargs['data'] == { 'to': ['*****@*****.**'], 'text': 'this is a test', 'from': 'CTFd Admin <*****@*****.**>', 'subject': 'Message from CTFd' } assert fake_response.status_code == 200 assert status is True assert message == "Email sent" destroy_ctfd(app)
def post(self): req = request.get_json() schema = NotificationSchema() result = schema.load(req) if result.errors: return {"success": False, "errors": result.errors}, 400 db.session.add(result.data) db.session.commit() response = schema.dump(result.data) users = Users.query.all() for user in users: email.sendmail(user.email, response.data['content']) current_app.events_manager.publish(data=response.data, type="notification") return {"success": True, "data": response.data}
def post(self, user_id): req = request.get_json() text = req.get('text', '').strip() user = Users.query.filter_by(id=user_id).first_or_404() if get_mail_provider() is None: return { 'success': False, 'errors': { "": ["Email settings not configured"] } }, 400 if not text: return { 'success': False, 'errors': { "text": ["Email text cannot be empty"] } }, 400 result, response = sendmail(addr=user.email, text=text) return {'success': result, 'data': {}}
def register(): errors = get_errors() if request.method == "POST": name = request.form["name"] email_address = request.form["email"] password = request.form["password"] name_len = len(name) == 0 names = Users.query.add_columns("name", "id").filter_by(name=name).first() emails = (Users.query.add_columns( "email", "id").filter_by(email=email_address).first()) pass_short = len(password) == 0 pass_long = len(password) > 128 valid_email = validators.validate_email(request.form["email"]) team_name_email_check = validators.validate_email(name) if not valid_email: errors.append("Please enter a valid email address") if email.check_email_is_whitelisted(email_address) is False: errors.append( "Only email addresses under {domains} may register".format( domains=get_config("domain_whitelist"))) if names: errors.append("That user name is already taken") if team_name_email_check is True: errors.append("Your user name cannot be an email address") if emails: errors.append("That email has already been used") if pass_short: errors.append("Pick a longer password") if pass_long: errors.append("Pick a shorter password") if name_len: errors.append("Pick a longer user name") if len(errors) > 0: return render_template( "register.html", errors=errors, name=request.form["name"], email=request.form["email"], password=request.form["password"], ) else: with app.app_context(): user = Users( name=name.strip(), email=email_address.lower(), password=password.strip(), ) db.session.add(user) db.session.commit() db.session.flush() login_user(user) if config.can_send_mail() and get_config( "verify_emails" ): # Confirming users is enabled and we can send email. log( "registrations", format= "[{date}] {ip} - {name} registered (UNCONFIRMED) with {email}", ) email.verify_email_address(user.email) db.session.close() return redirect(url_for("auth.confirm")) else: # Don't care about confirming users if ( config.can_send_mail() ): # We want to notify the user that they have registered. email.sendmail( request.form["email"], "You've successfully registered for {}".format( get_config("ctf_name")), ) log("registrations", "[{date}] {ip} - {name} registered with {email}") db.session.close() if is_teams_mode(): return redirect(url_for("teams.private")) return redirect(url_for("challenges.listing")) else: return render_template("register.html", errors=errors)
def register(): errors = get_errors() if request.method == 'POST': name = request.form['name'] email_address = request.form['email'] password = request.form['password'] name_len = len(name) == 0 names = Users.query.add_columns('name', 'id').filter_by(name=name).first() emails = Users.query.add_columns('email', 'id').filter_by(email=email_address).first() pass_short = len(password) == 0 pass_long = len(password) > 128 valid_email = validators.validate_email(request.form['email']) team_name_email_check = validators.validate_email(name) local_id, _, domain = email_address.partition('@') domain_whitelist = get_config('domain_whitelist') if not valid_email: errors.append("Please enter a valid email address") if domain_whitelist: domain_whitelist = domain_whitelist.split(',') if domain not in domain_whitelist: errors.append( "Only email addresses under {domains} may register".format( domains=', '.join(domain_whitelist)) ) if names: errors.append('That team name is already taken') if team_name_email_check is True: errors.append('Your team name cannot be an email address') if emails: errors.append('That email has already been used') if pass_short: errors.append('Pick a longer password') if pass_long: errors.append('Pick a shorter password') if name_len: errors.append('Pick a longer team name') if len(errors) > 0: return render_template( 'register.html', errors=errors, name=request.form['name'], email=request.form['email'], password=request.form['password'] ) else: with app.app_context(): user = Users( name=name.strip(), email=email_address.lower(), password=password.strip() ) db.session.add(user) db.session.commit() db.session.flush() login_user(user) if config.can_send_mail() and get_config('verify_emails'): # Confirming users is enabled and we can send email. log('registrations', format="[{date}] {ip} - {name} registered (UNCONFIRMED) with {email}") email.verify_email_address(user.email) db.session.close() return redirect(url_for('auth.confirm')) else: # Don't care about confirming users if config.can_send_mail(): # We want to notify the user that they have registered. email.sendmail( request.form['email'], "You've successfully registered for {}".format(get_config('ctf_name')) ) log('registrations', "[{date}] {ip} - {name} registered with {email}") db.session.close() return redirect(url_for('challenges.listing')) else: return render_template('register.html', errors=errors)
def register(): errors = get_errors() if request.method == 'POST': name = request.form['name'] email_address = request.form['email'] password = request.form['password'] name_len = len(name) == 0 names = Users.query.add_columns('name', 'id').filter_by(name=name).first() emails = Users.query.add_columns( 'email', 'id').filter_by(email=email_address).first() pass_short = len(password) == 0 pass_long = len(password) > 128 valid_email = validators.validate_email(request.form['email']) team_name_email_check = validators.validate_email(name) if not valid_email: errors.append("Please enter a valid email address") if email.check_email_is_whitelisted(email_address) is False: errors.append( "Only email addresses under {domains} may register".format( domains=get_config('domain_whitelist'))) if names: errors.append('That team name is already taken') if team_name_email_check is True: errors.append('Your team name cannot be an email address') if emails: errors.append('That email has already been used') if pass_short: errors.append('Pick a longer password') if pass_long: errors.append('Pick a shorter password') if name_len: errors.append('Pick a longer team name') if ' ' in name: errors.append('Your User name should not contain space') if len(errors) > 0: return render_template('register.html', errors=errors, name=request.form['name'], email=request.form['email'], password=request.form['password']) else: with app.app_context(): user = Users(name=name.strip(), email=email_address.lower(), password=password.strip()) db.session.add(user) db.session.commit() db.session.flush() login_user(user) # system("docker exec server-skr useradd -m %s -s /bin/bash" % name.strip()) # system('''docker exec server-skr bash -c 'echo "%s:%s" | chpasswd' ''' % (name.strip(),password.strip())) # system("docker exec server-skr chmod 700 /home/%s" % name.strip()) # system("docker exec server-skr cp -r /home/user/. /home/%s/" % name.strip()) # system("docker exec server-skr chmod 4755 /home/%s/challenges/binary1/overflow" % name.strip()) # system("docker exec server-skr chmod 4755 /home/%s/challenges/binary2/overflow2" % name.strip()) # system("docker exec server-skr chmod 4755 /home/%s/challenges/format-string/format-string" % name.strip()) if config.can_send_mail() and get_config( 'verify_emails' ): # Confirming users is enabled and we can send email. log('registrations', format= "[{date}] {ip} - {name} registered (UNCONFIRMED) with {email}" ) email.verify_email_address(user.email) db.session.close() return redirect(url_for('auth.confirm')) else: # Don't care about confirming users if config.can_send_mail( ): # We want to notify the user that they have registered. email.sendmail( request.form['email'], "You've successfully registered for {}".format( get_config('ctf_name'))) log('registrations', "[{date}] {ip} - {name} registered with {email}") db.session.close() return redirect(url_for('challenges.listing')) else: return render_template('register.html', errors=errors)
def register(): errors = get_errors() if request.method != "POST": return render_template("register.html", errors=errors) else: name = request.form['name'] email_address = request.form['email'] password = request.form['password'] fname = request.form['fname'] lname = request.form['lname'] name_len = len(name) == 0 fname_len = len(fname) == 0 lname_len = len(lname) == 0 names = Users.query.add_columns('name', 'id').filter_by(name=name).first() emails = Users.query.add_columns( 'email', 'id').filter_by(email=email_address).first() pass_short = len(password) == 0 pass_long = len(password) > 128 valid_email = validators.validate_email(request.form['email']) team_name_email_check = validators.validate_email(name) if email.check_email_is_whitelisted(email_address) is False: errors.append( "Only email addresses under {domains} may register".format( domains=get_config('domain_whitelist'))) if names: errors.append('That user name is already taken') if team_name_email_check is True: errors.append('Your user name cannot be an email address') if emails: errors.append('That email has already been used') if pass_short: errors.append('Pick a longer password') if pass_long: errors.append('Pick a shorter password') if name_len: errors.append('Pick a longer user name') if fname_len: errors.append('Pick a longer user first name') if lname_len: errors.append('Pick a longer last name') if len(errors) > 0: return render_template('register.html', errors=errors, fname=request.form['fname'], lname=request.form['lname'], name=request.form['name'], email=request.form['email'], password=request.form['password']) else: with app.app_context(): user = Users(name=name.strip(), email=email_address.lower(), password=password.strip()) db.session.add(user) db.session.commit() db.session.flush() login_user(user) # do custom registration work here fname = fname.strip() lname = lname.strip() user_email = email_address.lower() # end custom registration work if config.can_send_mail() and get_config( 'verify_emails' ): # Confirming users is enabled and we can send email. log('registrations', format= "[{date}] {ip} - {name} registered (UNCONFIRMED) with {email}" ) email.verify_email_address(user.email) db.session.close() return redirect(url_for('auth.confirm')) else: # Don't care about confirming users if config.can_send_mail( ): # We want to notify the user that they have registered. email.sendmail( request.form['email'], "You've successfully registered for {}".format( get_config('ctf_name'))) log('registrations', "[{date}] {ip} - {name} registered with {email}") db.session.close() return redirect(request.url_root + "getStarted" + "?result=" + urllib.parse.quote_plus(web_request.text))
def register(): errors = get_errors() if request.method == 'POST': name = request.form['name'] email_address = request.form['email'] password = request.form['password'] name_len = len(name) == 0 names = Users.query.add_columns('name', 'id').filter_by(name=name).first() emails = Users.query.add_columns('email', 'id').filter_by(email=email_address).first() pass_short = len(password) == 0 pass_long = len(password) > 128 valid_email = validators.validate_email(request.form['email']) team_name_email_check = validators.validate_email(name) local_id, _, domain = email_address.partition('@') domain_whitelist = get_config('domain_whitelist') if not valid_email: errors.append("Пожалуйста, введите действующий адрес электронной почты") if domain_whitelist: domain_whitelist = [d.strip() for d in domain_whitelist.split(',')] if domain not in domain_whitelist: errors.append( "Only email addresses under {domains} may register".format( domains=', '.join(domain_whitelist)) ) if names: errors.append('Это название команды уже занято') if team_name_email_check is True: errors.append('Название команды не может быть адресом электронной почты') if emails: errors.append('Эта почта уже используется') if pass_short: errors.append('Выберите пароль подлиннее') if pass_long: errors.append('Выберите пароль покороче') if name_len: errors.append('Выберите более длинное название команды') if len(errors) > 0: return render_template( 'register.html', errors=errors, name=request.form['name'], email=request.form['email'], password=request.form['password'] ) else: with app.app_context(): user = Users( name=name.strip(), email=email_address.lower(), password=password.strip() ) db.session.add(user) db.session.commit() db.session.flush() login_user(user) if config.can_send_mail() and get_config('verify_emails'): # Confirming users is enabled and we can send email. log('registrations', format="[{date}] {ip} - {name} registered (UNCONFIRMED) with {email}") email.verify_email_address(user.email) db.session.close() return redirect(url_for('auth.confirm')) else: # Don't care about confirming users if config.can_send_mail(): # We want to notify the user that they have registered. email.sendmail( request.form['email'], "You've successfully registered for {}".format(get_config('ctf_name')) ) log('registrations', "[{date}] {ip} - {name} registered with {email}") db.session.close() return redirect(url_for('challenges.listing')) else: return render_template('register.html', errors=errors)
def register(): errors = get_errors() if request.method == 'POST': name = request.form['name'] email_address = request.form['email'] password = request.form['password'] name_len = len(name) == 0 names = Users.query.add_columns('name', 'id').filter_by(name=name).first() emails = Users.query.add_columns('email', 'id').filter_by(email=email_address).first() pass_short = len(password) == 0 pass_long = len(password) > 128 valid_email = validators.validate_email(request.form['email']) team_name_email_check = validators.validate_email(name) #accepted_rules = request.form.get("accept") local_id, _, domain = email_address.partition('@') domain_whitelist = get_config('domain_whitelist') if not valid_email: errors.append("Veuillez entrer un courriel valide") if domain_whitelist: domain_whitelist = [d.strip() for d in domain_whitelist.split(',')] if domain not in domain_whitelist: errors.append( "Seuls les addresses sous {domains} peuvent s'enregistrer".format( domains=', '.join(domain_whitelist)) ) if names: errors.append('Ce nom d\'équipe est pris') if team_name_email_check is True: errors.append('Votre nom d\'équipe ne peut être une addresse courriel') if emails: errors.append('Cette addresse courriel est déjà utilisée') if pass_short: errors.append('Votre mot de passe est trop petit') if pass_long: errors.append('Votre mot de passe est trop long') if name_len: errors.append('Votre nom d\'équipe est trop petit') #if not accepted_rules: # errors.append("Vous devez lire et accepter le règlement & code de conduite") if len(errors) > 0: return render_template( 'register.html', errors=errors, name=request.form['name'], email=request.form['email'], password=request.form['password'] ) else: with app.app_context(): user = Users( name=name.strip(), email=email_address.lower(), password=password.strip() ) db.session.add(user) db.session.commit() db.session.flush() login_user(user) if config.can_send_mail() and get_config('verify_emails'): # Confirming users is enabled and we can send email. log('registrations', format="[{date}] {ip} - {name} registered (UNCONFIRMED) with {email}") email.verify_email_address(user.email) db.session.close() return redirect(url_for('auth.confirm')) else: # Don't care about confirming users if config.can_send_mail(): # We want to notify the user that they have registered. email.sendmail( request.form['email'], "You've successfully registered for {}".format(get_config('ctf_name')) ) log('registrations', "[{date}] {ip} - {name} registered with {email}") db.session.close() return redirect(url_for('challenges.listing')) else: return render_template('register.html', errors=errors)