This repository has been archived by the owner on Sep 30, 2020. It is now read-only.
test #13
Open
test #13
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Fix user and admin panel user/team graphs * Closes CTFd#682 * Unify login and logout under specific functions * Closes CTFd#659 * Rename Challenges.hidden to Challenges.state * Start to clean up API and front end integration starting with profile updating * Slightly cleaner code * Clean API to respond with success, data, and status codes * Simpler COUNTRIES_LIST and update profile to use COUNTRIES_LIST * Lookup country code in users page. Update front end calls to get API data properly * Fix some API endpoints and fix JS to process new responses * Update config.py to support new values * Closes CTFd#635 * Update some code to handle user types, add email domain whitelisting * Write a logging wrapper * Use logging wrapper for submissions * Close CTFd#656 * Break up config.html to make it easier to maintain * Fix logging, domain_whitelist, and config * Improving views.py, starting to add Announcements * Starting announcements front end * Make it easier to see large images, clean up some more REST API differences * Closes CTFd#668 * Update Proxyfix config to REVERSE_PROXY * Add announcements front end * Move creation/edit modals into seperate files. Start moving user updating into their admin profile pages. * Update font-awesome to 5.4.1 * Switch to user-edit icon * Update the update_check function to send up more anonymous data for statistics purposes. * Start work on CTFd#640 * Add the user action modals and update API to fix responses * Fix admin teams page * Add challenge requirements * Implement anonymous locked challenges * Team editting from admin panel * Switch from simple cache to filesystem cache * Implements a Cache backed server side session (CTFd#658) and fixes Users editting endpoint * Add our messaging for docs * Closes CTFd#700 * Remove invalid import * Move challenge enditting around a whole lot and probably break a bunch of things * Show challenge names in prerequisites instead of challenge IDs * Closes CTFd#661 * Change user templates to use url_for * Remove extra function * Rewrite admin panel to use url_for * Fix events to work under subdirectories * Start cleaning up config panel * Fix filesystem uploader; deprecate view_challenges_unregistered, view_scoreboard_if_authed, prevent_registration, view_after_ctf; implement new visibility decorators * Remove workshop mode, fix some glitches with the new visibility settings * Fix ctf_logo on core theme * Fix setup errors * Removing default from get_config b/c of memoization issues and getting some tests working * Relax email regex validation rule (CTFd#693) * Update to pycodestyle and fix new lint errors * Add a ctf_id to update_check * Change challenge plugin layout. Rename mailgun configs to be more descriptive (Closes CTFd#702) * Detect if people try to set routes with '/' to simplify CTFd#690 * Closes CTFd#690 * Clean up some code * Clean up challenge submit to rate limit * Fix js version compatability issue * Close some TODOs * Hide challenges if not authenticated * Make set_config reset the cache for those config values * Return 404 on empty challenges for /api/v1/<challenge_id>/solves * Fix setting boolean configs * Properly change account config settings * Move datetimes to isoformat (Closes CTFd#703) * Remove all .isoformat() calls because it isn't UTC aware (ends in Z). Switch to isoformat function & filter * Make /v1/submissions endpoint work for admin submission creation * Make oauth_id unique for Users and Teams * Move challenge submission endpoint and implement mark solved. Fix some isoformat issues. * Only show team's missing challenges if in team mode * Adding support for Hints & Unlocks * Update challenge submission url * Fix encoding functions in Python3 * Fix hexencode in Python3 * Added functional tests for challenges API for non-admin users (CTFd#705) * Set hint default type to be standard * Fix some JS issues. Closes CTFd#704 * Implement session.regenerate on top of the CachingSessionInterface * Challenge challenge attempt responses from numbers to strings * Fix password updating for UserSchema * Remove leftover challenge submission code * Remove old migrations :(, resolve challenge requirements not loading correctly, move migration functions * Added functional tests for challenges/hints/admin API (CTFd#710) * Fix helpers and re-add JSONLite * Install MySQL 5.7 * Try more mysql * Update password for mysql * Fixing issuse in Users.get_solves * Add new import/export code * Switch to CTFdSerializer for Python 3 * Re-implement import exports and add a very flaky test * Redesign submissions API response * Get export to roundtrip in tests * Int score b/c Decimal is not JSON serializeable * Remove unused route methods * Fix POST /api/v1/configs and start adding admin tests * Add user_id and team_id to top/10 * Fix admin creating Teams * Fix Team website validation * Change admins_only to reply with a 403 if the request is JSON * Organize admin tests and fix authed_only to return 403 on unauthed * Adding check_account_visibility, check_score_visibility for /api/v1/teams/<team_id>/(solves|awards|fails) * Fix teams/me endpoints again * Fix users/me endpoints to return 403 if unauthed * Fix Python 3 config API * Add fetch and promise polyfills. (CTFd#712) * Add exec to docker-entrypoint.sh (CTFd#713) * Display import_ctf Exceptions via repr (CTFd#651) - Wraps exceptions on `/admin/import` returned to users in a `repr()`, making debugging easier. * Add error messages to the admin panel, fix schemas for users, start working on UI for imports/exports * Make unauthed challenge submission attempt return 403 instead of 302, Fix user deletion, fix associated tests, remove TODOs * Remove old means of creating solves * Remove most of the content from teams.js and users.js * Remove extra code from /challenges.js * Fix POST'ing & PATCH'ing pages * Make (users|teams)/fails return only count to users. Fix public score graphs to factor in awards * Fix admin side scoregraphs. Fix Awardschemas for admins * Add requirements to db migration * Adding some team decorators * Fix require_team_mode decorator * Make verified emails decorator return 403 on JSON requests * Redo initial revision * Add SQLiteJSON back * Adding ratelimit to /redirect and removing POST from /oauth * Fix PATCH tags * Actually fix PATCH tags * Simplify 500.html * Added tests for challenges, awards, files, flags, hints ... (CTFd#723) * Added tests for challenges, awards, files, flags, hints, notifications, pages, submissions, tags * Fix user data validation functions, Fix hidden challenges and include test * Add a locked state to attempt * OAuth teams get verified, use logging functions in redirect route * Removing extra print call * Update requirements.txt * Fix possible AttributeError * Start work on CTFd#716 * Closes CTFd#717 * Fix issue patching teams * Rename .j2 to .html, implement preview for challenges if admin * Move admin/challenge.html to admin/challenges/challenge.html * Remove old modals * Add Reset CTF button (CTFd#639) * Add Reset link to config.html * Delete Tracking * files handler should return a 404 on files it cant find * Denote official teams (CTFd#729), make scoregraph fill to zero * Remove old javascript files, make some challenge elements refresh by reloading * Fix team editting modals to work more reliably * Fix rendering of CTF paused * Remove hide_scores funtion and roll it into scores visibility * Log to stdout/stderr by default (CTFd#719) * Fix user searching * Remove searching for users/teams by country * Add badges to admin team and user pages, implement user banning (CTFd#643) * Remove shell.py, clean up admin team.html, add tests for banned users, teams * Start cleaning up dynamic_challenges to meet new challenge type plugin format * Remove POST method from teams.public * Add credentials: 'same-origin' to all fetch calls (CTFd#734) * Add challenge preview, add challenge deletion, fix file deletions when deleting challenges * Fix imports UI (CTFd#735) * Show prerequisites before adding a blank one (CTFd#738), Refresh all challenges after a submission (CTFd#739) * Admins can see hidden challenges * Fix some UI elements, fix loading location hash, set version to be 2.0.0 * Clean up some challenge plugin pages * Add default for flag type * Fix Python3 bytes/str issues * Add in MLC urls and support user mode for oauth * Fix seeing user graphs when scores are hidden, clean up setup.html, add links to MLC oauth * Add state parameter support * Use URLSafeTimedSerializer wrapper for sending token based emails * setting APPLICATION_ROOT from env var (CTFd#732) * Rearrange config.py and update README * Updating README
* Clean up models a little * Add 1.2.0 migration script * Add 2.0.0 CHANGELOG * Fix S3 uploader * Update config.py to grab S3 settings from envvars
* Upgrade 1.2.0 migration script to properly import plugin tables
* Create generic get_errors, get_infos; add MLC OAuth settings in config * Use new get_errors function
* Update CHANGELOG * Default config.py values to load from envvars
* Refactor Uploaders to work better with imports/exports * Get S3 uploader working properly with imports/exports * cache pip in travis
* Fix Font-Awesome running offline and use minified Font-Awesome * Rename chal-* classes/ids to challenge-* * Fix admins changing their password
* Rename flag files to simplify naming * Fix update.html loading from custom folder in update view
* Adds a `SAFE_MODE` config to disable the loading of plugins.
…; mark solves after loading chals (CTFd#755) * Fix challenge requirement visibility * Add challenge requirements test * Mark solves after loading chals
* Update CHANGELOG * Update README * Upgrade migration script to port visibility settings * Add message about visibility settings and port over visibility settings * Close CTFd#758 * Add tests for dynamic value challenges
* Fix dynamic challenges to work in user mode and team mode (Closes CTFd#759) * Add test for solving dynamic challenges and challenge de-valuation * Add missing oauth_login link to team_enrollment.html
* Fix /user page for users without teams (e.g. user mode)
* Update CHANGELOG
* Fix wrong column name in upgrade script * Properly grab configs as booleans
* Use tempfile.SpooledTemporaryFile() instead of raw BytesIO * Fix test to call .read() instead of .getvalue()
* Fix creating users, teams from the API, hash password in models vs in schemas, stop caching CSS at the decorator level, fix tests * Fix whitelisted emails and add test * Set proper defaults in accounts config
* Only call load_user_solves if authed * Fix user.html page links
* Update base.html to move custom_css precedence * Fix Page creation & caching * Add Page loading test * Fix creating Page with an invalid route * Don't call cache.clear() unless it's absolutely needed * Fix showing uploaded files after uploading to media library * Fix previewing challenges from the admin panel if it has requirements * Hardcode CACHE_THRESHOLD to 0 in FileSystemCache to prevent random sessions getting deleted (Closes CTFd#772)
* Allow setting SocketIO async mode from envvar or config.py
* Re-add view_after_ctf configuration * Add test for view_after_ctf functionality
* Grant admin write access to verified field in UserSchema. * Add test admin can view and modify verified status * Add test for creating users with settings * Add codecov threshold for test failures
* Challenges properly get solve count during freeze time * Closes CTFd#1092
2.1.4 / 2019-08-30 ================== **General** * Make user pages show the team's score and place information instead of the user's information if in team mode * Allow admins to search users by IP address * Require password for email address changes in the user profile * The place indicator in `Teams Mode` on the team pages and user pages now correctly excludes hidden teams * Fix scoreboard place ordinalization in Python 3 * Fix for a crash where imports will fail on SQLite due to lack of ALTER command support * Fix for an issue where files downloaded via S3 would have the folder name in the filename * Make `Users.get_place()` and `Teams.get_place()` for return None instead of 0 if the account has no rank/place * Properly redirect users or 403 if the endpoint requires a team but the user isn't in one * Show affiliation in user and team pages in the admin panel and public and private user and team pages **Themes** * Remove invalid `id='submit'` on submit buttons in various theme files * Set `tabindex` to 0 since we don't really care for forcing tab order * Rename `statistics.js` to `graphs.js` in the Admin Panel as it was identified that adblockers can sometimes block the file **API** * The team profile endpoint (`/api/v1/teams/me`) will now return 403 instead of 400 if the requesting user is not the captain * The Challenge API will now properly freeze the solve count to freeze time
* Fixes `flask run` debug server by not monkey patching in `wsgi.py` * Closes CTFd#1099
* Fixes to Vagrantfile
…d#1106) * Avoid exception on sessions without a valid user and force logout
* Prevent users from nulling out profile values
2.1.5 / 2019-10-2 ================= **General** * Fixes `flask run` debug server by not monkey patching in `wsgi.py` * Fix CSV exports in Python 3 by converting StringIO to BytesIO * Avoid exception on sessions without a valid user and force logout * Fix several issues in Vagrant provisioning **API** * Prevent users from nulling out profile values and breaking certain pages
* Detect `text/event-stream` in `authed_only` to prevent unnecessary redirects to `/login`
* Strip password before length check * Pin black to an older version
Fixes a NameError in `1_2_0_upgrade_2_0_0.py`
2.2.0 / 2019-12-22
==================
## Notice
2.2.0 focuses on updating the front end of CTFd to use more modern programming practices and changes some aspects of core CTFd design. If your current installation is using a custom theme or custom plugin with ***any*** kind of JavaScript, it is likely that you will need to upgrade that theme/plugin to be useable with v2.2.0.
**General**
* Team size limits can now be enforced from the configuration panel
* Access tokens functionality for API usage
* Admins can now choose how to deliver their notifications
* Toast (new default)
* Alert
* Background
* Sound On / Sound Off
* There is now a notification counter showing how many unread notifications were received
* Setup has been redesigned to have multiple steps
* Added Description
* Added Start time and End time,
* Added MajorLeagueCyber integration
* Added Theme and color selection
* Fixes issue where updating dynamic challenges could change the value to an incorrect value
* Properly use a less restrictive regex to validate email addresses
* Bump Python dependencies to latest working versions
* Admins can now give awards to team members from the team's admin panel page
**API**
* Team member removals (`DELETE /api/v1/teams/[team_id]/members`) from the admin panel will now delete the removed members's Submissions, Awards, Unlocks
**Admin Panel**
* Admins can now user a color input box to specify a theme color which is injected as part of the CSS configuration. Theme developers can use this CSS value to change colors and styles accordingly.
* Challenge updates will now alert you if the challenge doesn't have a flag
* Challenge entry now allows you to upload files and enter simple flags from the initial challenge creation page
**Themes**
* Significant JavaScript and CSS rewrite to use ES6, Webpack, yarn, and babel
* Theme asset specially generated URLs
* Static theme assets are now loaded with either .dev.extension or .min.extension depending on production or development (i.e. debug server)
* Static theme assets are also given a `d` GET parameter that changes per server start. Used to bust browser caches.
* Use `defer` for script tags to not block page rendering
* Only show the MajorLeagueCyber button if configured in configuration
* The admin panel now links to https://help.ctfd.io/ in the top right
* Create an `ezToast()` function to use [Bootstrap's toasts](https://getbootstrap.com/docs/4.3/components/toasts/)
* The user-facing navbar now features icons
* Awards shown on a user's profile can now have award icons
* The default MarkdownIt render created by CTFd will now open links in new tabs
* Country flags can now be shown on the user pages
**Deployment**
* Switch `Dockerfile` from `python:2.7-alpine` to `python:3.7-alpine`
* Add `SERVER_SENT_EVENTS` config value to control whether Notifications are enabled
* Challenge ID is now recorded in the submission log
**Plugins**
* Add an endpoint parameter to `register_plugin_assets_directory()` and `register_plugin_asset()` to control what endpoint Flask uses for the added route
**Miscellaneous**
* `CTFd.utils.email.sendmail()` now allows the caller to specify subject as an argument
* The subject allows for injecting custom variable via the new `CTFd.utils.formatters.safe_format()` function
* Admin user information is now error checked during setup
* Added yarn to the toolchain and the yarn dev, yarn build, yarn verify, and yarn clean scripts
* Prevent old CTFd imports from being imported
…Fd#1204) * Replace references to the CTFd Slack with MLC Discourse references
* Fixes issue with importing backups that contain invalid empty directories
2.2.1 / 2020-01-04 ================== **General** * Fix issue preventing admins from creating users or teams * Fix issue importing backups that contained empty directories
* Add jQuery, Moment, nunjucks, and Howl to window globals
* Fix an issue where CTF times could not be displayed in the admin panel because timezones weren't available
2.2.2 / 2020-01-09 ================== **General** * Add jQuery, Moment, nunjucks, and Howl to window globals to make it easier for plugins to access JS modules * Fix issue with timezone loading in config page which was preventing display of CTF times
…s instead of names (CTFd#1218) * Usernames are now properly stripped before being used in registration checks * Reset password function now uses email addresses instead of user names for tokens * Prevent MLC users from resetting their password
* Fix error when joining teams with a size limit
* Sign sessions using `SECRET_KEY` * Add `CTFd.utils.security.signing.sign` and `CTFd.utils.security.signing.unsign`
* Adds an email notification for password resets
2.2.3 / 2020-01-21 ================== ### This release includes a critical security fix for CTFd versions >= 2.0.0 All CTFd administrators are recommended to take the following steps: 1. Upgrade their installations to the latest version 2. Rotate the `SECRET_KEY` value 3. Reset the passwords for all administrator users **Security** * This release includes a fix for a vulnerability allowing an arbitrary user to take over other accounts given their username and a CTFd instance with emails enabled **General** * Users will receive an email notification when their passwords are reset * Fixed an error when users provided incorrect team join information
* Fixes hint loading for dynamic challenges
…TFd#1229) * Fix SMTP email From header and remove 'Admin' from the From header
* Adds `get_config` and `set_config` commands to `manage.py` to manipulate the Config table from a CLI * Closes CTFd#1226
2.3.0 / 2020-02-17
==================
**General**
* During setup, admins can register their email address with the CTFd LLC newsletter for news and updates
* Fix editting hints from the admin panel
* Allow admins to insert HTML code directly into the header and footer (end of body tag) of pages. This replaces and supercedes the custom CSS feature.
* The `views.custom_css` route has been removed.
* Admins can now customize the content of outgoing emails and inject certain variables into email content.
* The `manage.py` script can now manipulate the CTFd Configs table via the `get_config` and `set_config` commands. (e.g. `python manage.py get_config ctf_theme` and `python manage.py set_config ctf_theme core`)
**Themes**
* Themes should now reference the `theme_header` and `theme_footer` configs instead of the `views.custom_css` endpoint to allow for user customizations. See the `base.html` file of the core theme.
**Plugins**
* Make `ezq` functions available to `CTFd.js` under `CTFd.ui.ezq`
**Miscellaneous**
* Python imports sorted with `isort` and import order enforced
* Black formatter running on a majority of Python code
2.3.1 / 2020-02-17 ================== **General** * User confirmation emails now have the correct URL format
* Prevents user from confirming their account twice
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.