def resolve_team(self, info): user = info.context.user validate_user_is_authenticated(user) if not user.team: raise Exception('User has not joined a team') return user.team
def mutate(self, info, password): user = info.context.user # Validate user is authenticated validate_user_is_authenticated(user) # validate_password(password) user.set_password(password) user.save() return ChangePassword(status='User password changed')
def mutate(self, info, flag): user = info.context.user # Validate user is authenticated validate_user_is_authenticated(user) # Sanitize flag input validate_flag(flag) # Validate active Ctf if Ctf.objects.filter(start__lt=timezone.now(), end__gt=timezone.now()): correct = False if Challenge.objects.filter(flag__iexact=flag).exists(): chal = Challenge.objects.get(flag__iexact=flag) if chal.id not in user.team.solved.all().values_list('challenge_id', flat=True): user.team.points += chal.points user.team.correct_flags += 1 sc = SolvedChallenge(challenge=chal) sc.save() user.team.solved.add(sc) user.team.save() correct = True else: user.team.wrong_flags += 1 user.team.save() correct = False # Create list of solved challenges solved = [] for sc in user.team.solved.all().order_by('timestamp'): solved.append({'id': sc.challenge.id, 'points': sc.challenge.points, 'timestamp': format(sc.timestamp, 'U')}) # Push the realtime data to rethinkdb connection = r.connect(host=RDB_HOST, port=RDB_PORT) try: r.db(CTF_DB).table('teams').filter({"sid": user.team.id}).update( {'points': user.team.points, 'correct_flags': user.team.correct_flags, 'wrong_flags': user.team.wrong_flags, 'solved': solved}).run(connection) if correct: r.db(CTF_DB).table('challenges').filter({"sid": chal.id}).update( {'solved_count': SolvedChallenge.objects.filter(challenge=chal).count()}).run(connection) except RqlRuntimeError as e: raise Exception( 'Error adding category to realtime database: %s' % (e)) finally: connection.close() if correct: return CheckFlag(status='Correct Flag') else: return CheckFlag(status='Wrong Flag') else: #no active ctf return CheckFlag(status='No currently active CTF')
def mutate(self, info, challenge_id): user = info.context.user # Validate user is authenticated validate_user_is_authenticated(user) # does challenge exist with passed in challenge id? try: chall_obj = Challenge.objects.get(id__exact=challenge_id) except: raise Exception('Invalid Challenge ID') # look up container that belongs to logged in user for the associated challenge try: cont_obj = Container.objects.get(challenge__id__exact=challenge_id, user__exact=user) except: print( 'Container does not exist for user and/or challenge. Attempt to create.' ) # if none exists create or assign one instead of raising exception try: try: assigned_cont_obj = assignContainerToUser( challenge_id, user.id) except: assigned_cont_obj = newContainer(challenge_id, user.id) print("############") print( "name: {0}, \nimage: {1}, \nlabels: {2}, \nshort_id: {3}, \nstatus: {4}" .format(assigned_cont_obj.name, assigned_cont_obj.image, assigned_cont_obj.labels, assigned_cont_obj.short_id, assigned_cont_obj.status)) print("############") except Exception as ex: raise Exception( 'Unable to create container. Exception info: ' + str(ex)) # return CREATED container name (image_header) so header can be parsed out & return path prefix (in challenge model) as a next_hop return GetUserContainer( containerName=assigned_cont_obj.name, nextHop=chall_obj.pathPrefix, status='New Container Created for - challenge_id: ' + str(challenge_id) + ', user: '******'Container Retrieved - challenge_id: ' + str(challenge_id) + ', container_id: ' + str(cont_obj.id) + ', user: ' + user.username)
def mutate(self, info, token): # Validate username and password user = info.context.user validate_user_is_authenticated(user) validate_token(token) if not Team.objects.filter(token__iexact=token).exists(): raise Exception('Invalid team token') team = Team.objects.get(token=token) user.team = team user.save() return JoinTeam(status='Join team successful')
def resolve_me(self, info): user = info.context.user validate_user_is_authenticated(user) return user