Add connection_info to Challenges model #1965

ColdHeat · 2021-07-29T06:20:53Z

Closes Add connection info to challenges #1964
Adds connection_info to Challenges

codecov · 2021-07-29T06:28:41Z

Codecov Report

Merging #1965 (b74b149) into master (27d862a) will increase coverage by 0.00%.
The diff coverage is 100.00%.

@@           Coverage Diff           @@
##           master    #1965   +/-   ##
=======================================
  Coverage   88.82%   88.82%           
=======================================
  Files         138      138           
  Lines        8033     8034    +1     
=======================================
+ Hits         7135     7136    +1     
  Misses        898      898

Impacted Files	Coverage Δ
CTFd/plugins/challenges/__init__.py	`98.73% <ø> (ø)`
CTFd/plugins/dynamic_challenges/__init__.py	`100.00% <ø> (ø)`
CTFd/models/__init__.py	`96.49% <100.00%> (+<0.01%)`	⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 27d862a...b74b149. Read the comment docs.

This reverts commit c925b4e.

…nection-info

* Fix docker compose (#1708) Seems reasonable. Thanks for the PR! * fix link name (#1698) Co-authored-by: Kevin Chung <kchung@ctfd.io> * Set MAIL_SERVER during testing to use the TESTING_MAIL_SERVER envvar (#1709) * Override the `MAIL_SERVER` config with the `TESTING_MAIL_SERVER` envvar during tests * Rewrite the flag creation modal to be in vuejs (#1715) * Rewrite flag creation modal to VueJS * Rewrite flag edit modal to VueJS * Rewrite flag list tab in the Admin Panel challenge page to VueJS * Closes #1693 * Add examples for regex flags (#1716) * Adds examples for regex flags in the flag creation form * Remove psycopg2 dep and only use psycopg2-binary (#1720) * Remove `psycopg2` dep and only use `psycopg2-binary` * Update `psycopg2-binary` to 2.8.6 * Freeze python dependencies using pip-tools (#1722) * Rename `requirements.txt` to `requirements.in` * Generate `requirements.txt` using `pip-tools` under Python 3.6 * Add `pip-tools` to `development.txt` * Closes #1679 * Add import export commands to manage.py (#1723) * Add `import_ctf` and `export_ctf` commands to `manage.py` * Deprecate `import.py` and `export.py` * Works on #1629 * Max Attempts improvements in challenge.html (#1725) * Fixed issue where the current attempt count would have a typo * Fixed issue where the max attempts for a challenge would not show if it was set to 1 * Works on #1655 * Increase timeout for update check (#1726) * Increase timeout for update check from 0.1 seconds to 3 seconds * Closes #1678 * reduce ping events (Fix #1685) (#1699) Closes #1685 * Fix requirements for Python 3.7 because of https://github.com/ericvsmith/dataclasses/pull/161 (#1730) * Build `requirements.txt` on Python 3.7 to fix an issue with installing dataclasses. * Closes #1729 I tested that this works in Python 3.6, 3.7, and 3.8. A useful project would be to add installing deps to Github Actions. I'll subscribe to https://github.com/ericvsmith/dataclasses/pull/161 since this is IMO a bug in dataclasses. * No longer set "filesystem" as UPLOAD_PROVIDER in config.ini (#1728) * Remove the default `filesystem` setting for `UPLOAD_PROVIDER` in config.ini * `filesystem` is still the default via config.py * Improved Team Handling (#1713) * Prevent team joining while already on a team * Return 403 instead of 200 for team join/create errors * Allow team captains whose teams haven't done anything to disband their team * Closes #1588 * Fix issue where a user can't be found for creating an award (#1736) * Fix issue where a user can't be found for creating an award * Mark 3.2.0 (#1748) # 3.2.0 / unreleased **General** - Add Team invites. - Team invites are links containing a token that allow a user to join a team without knowing the team password - Captains can generate invite tokens for their teams - Admins can generate Team invite links as well - Improved Team handling - Prevent team joining while already on a team - Return 403 instead of 200 for team join/create errors - Allow team captains whose teams haven't done anything to disband their team - Allow for uploading navbar logo, favicon, and index page banner during initial setup - Fixed issue in teams mode where a user couldn't unlock a hint despite their team having enough points - The fix for this is essentially to allow the user's points to go negative - Imports have been made more stable - This is primarily done by killing MySQL processes that are locking metadta - This is a subpar approach but it seems to be the only solution to avoid a metadata lock in MySQL. This approach did not appear to be needed under Postgres or SQLite - Update some migrations to first check if a table already exists. **API** - Addition of `POST /api/v1/teams/me/members` to generate invite tokens for teams - Fixed an issue in `POST /api/v1/awards` where CTFd would 500 when a user could not be found by the provided `user_id` - `POST /api/v1/unlocks` in teams mode now uses the team's score to determine if a user can purchase a hint - Properly check for existing unlocks in teams mode in `POST /api/v1/unlocks` - `/api/v1/notifications` and `/api/v1/notifications/[notification_id]` now have an html parameter which specifies the rendered content of the notification content **Themes** - Added syntax highlighting to challenge descriptions, pages, hints, notifications, comments, and markdown editors - This is done with `highlight.js` which has been added to `package.json` - Fix notifications to properly fix/support Markdown and HTML notifications - Notifications SQL Model now has an html propery - Notifications API schemas now has an html field - Removed MomentJS (see https://momentjs.com/docs/#/-project-status/) in favor of dayjs - dayjs is mostly API compatible with MomentJS. The only major changes were: - dayjs always uses browser local time so you don't need to call `.local()` - dayjs segments out some MomentJS functionality into plugins which need to be imported in before using those features - Fixed issue in `challenge.html` where the current attempt count would have a typo - Fixed issue in `challenge.html` where the max attempts for a challenge would not show if it was set to 1 - Edit donut charts to have easier to read legends and labels - Make data zoom bars thinner and more transparent **Plugins** - Don't run `db.create_all()` as much during plugin upgrade or during imports - By avoiding this we can let alembic and migrations do more of the table creation work but this means that plugins specifically opt into `app.db.create_all()` and will not implicitly get it through `upgrade()`. - This means plugins that run `upgrade()` without a migrations folder (no idea who would do this really) will need to upgrade their code. **Admin Panel** - Add Favicon uploading to the Admin Panel - Move Logo uploading to the Theme tab in the Admin Panel - The challenge left side bar tabs have been rewritten into VueJS components. - This fixes a number of issues with the consistency of what data is deleted/edited in the challenge editor - This also prevents having to refresh the page in most challenge editing situations - Fixed a possible bug where the update available alert wouldn't go away on server restart - Examples for regex flags are now provided - Wrong submissions has been renamed to Incorrect Submissions - Graphs in the Admin Statistics page will now scroll with mouse wheel to improve browsing large datasets **Deployment** - A restart policy set to `always` has been added to nginx in docker-compose - Rename `requirements.txt` to `requirements.in` and generate `requirements.txt` using `pip-tools` under Python 3.6 - `UPLOAD_PROVIDER` no longer has a default `filesystem` set in config.ini. Instead it is defaulted through `config.py` **Miscellaneous** - The `psycopg2` dependency in development.txt has been removed in favor of `psycopg2-binary` which was updated to 2.8.6 - The `moto` dependency in development.txt has been updated to 1.3.16 - Add `pip-tools` to `development.txt` - Add `import_ctf` and `export_ctf` commands to `manage.py` and deprecate `import.py` and `export.py` - Override the `MAIL_SERVER` config with the `TESTING_MAIL_SERVER` envvar during tests - `ping` events in the notification event handler have been fixed to not send duplicates * Miscellaneous Fixes (#1752) * Update CHANGELOG * Add `registered_only` decorator * Make team invites redirect to `/register` if you're unauthed * Require passwords on accounts (#1754) - Fixed an issue where Users/Teams could be created with a null password through the Admin Panel * Add a lower parameter to the plugin upgrade() function to help importing (#1755) - The plugin `upgrade()` function now accepts a `lower` parameter which specifies what lower revision should be used to start from. - This is used to support plugin migrations during import so that we can import data directly at the point that the import was taken from - `lower="current"` means to use the current revision and `lower=None` would mean to use the absolute base revision (e.g. plugin's first installation) - By default this doesn't change `upgrade()` behavior * Mark 3.2.0 release date in CHANGELOG (#1756) # 3.2.0 / 2020-12-07 **General** - Add Team invites. - Team invites are links containing a token that allow a user to join a team without knowing the team password - Captains can generate invite tokens for their teams - Admins can generate Team invite links as well - Improved Team handling - Prevent team joining while already on a team - Return 403 instead of 200 for team join/create errors - Allow team captains whose teams haven't done anything to disband their team - Allow for uploading navbar logo, favicon, and index page banner during initial setup - Fixed issue in teams mode where a user couldn't unlock a hint despite their team having enough points - The fix for this is essentially to allow the user's points to go negative - Imports have been made more stable - This is primarily done by killing MySQL processes that are locking metadta - This is a subpar approach but it seems to be the only solution to avoid a metadata lock in MySQL. This approach did not appear to be needed under Postgres or SQLite **API** - Addition of `POST /api/v1/teams/me/members` to generate invite tokens for teams - Fixed an issue in `POST /api/v1/awards` where CTFd would 500 when a user could not be found by the provided `user_id` - `POST /api/v1/unlocks` in teams mode now uses the team's score to determine if a user can purchase a hint - Properly check for existing unlocks in teams mode in `POST /api/v1/unlocks` - `/api/v1/notifications` and `/api/v1/notifications/[notification_id]` now have an html parameter which specifies the rendered content of the notification content **Themes** - Add Team Invite icon and Disband Team icon to teams/private.html - Add teams/invite.html file to handle team joining with invites - Added syntax highlighting to challenge descriptions, pages, hints, notifications, comments, and markdown editors - This is done with `highlight.js` which has been added to `package.json` - Fix notifications to properly fix/support Markdown and HTML notifications - Notifications SQL Model now has an html propery - Notifications API schemas now has an html field - Removed MomentJS (see https://momentjs.com/docs/#/-project-status/) in favor of dayjs - dayjs is mostly API compatible with MomentJS. The only major changes were: - dayjs always uses browser local time so you don't need to call `.local()` - dayjs segments out some MomentJS functionality into plugins which need to be imported in before using those features - Fixed issue in `challenge.html` where the current attempt count would have a typo - Fixed issue in `challenge.html` where the max attempts for a challenge would not show if it was set to 1 - Edit donut charts to have easier to read legends and labels - Make data zoom bars thinner and more transparent - Add logo, banner, and favicon settings to the setup.html **Plugins** - The `auth.register` (`/register`) endpoint now accepts a `?next=` parameter to define where to redirect to after registration - There is now a `registered_only` decorator to redirect users to `auth.register` (`/register`) instead of `auth.login` (`/login`) - Don't run `db.create_all()` as much during plugin upgrade or during imports - By avoiding this we can let alembic and migrations do more of the table creation work but this means that plugins specifically opt into `app.db.create_all()` and will not implicitly get it through `upgrade()`. - This means plugins that run `upgrade()` without a migrations folder (no idea who would do this really) will need to upgrade their code. - The plugin `upgrade()` function now accepts a `lower` parameter which specifies what lower revision should be used to start from. - This is used to support plugin migrations during import so that we can import data directly at the point that the import was taken from - `lower="current"` means to use the current revision and `lower=None` would mean to use the absolute base revision (e.g. plugin's first installation) - By default this doesn't change `upgrade()` behavior **Admin Panel** - Add Favicon uploading to the Admin Panel - Move Logo uploading to the Theme tab in the Admin Panel - The challenge left side bar tabs have been rewritten into VueJS components. - This fixes a number of issues with the consistency of what data is deleted/edited in the challenge editor - This also prevents having to refresh the page in most challenge editing situations - Fixed a possible bug where the update available alert wouldn't go away on server restart - Examples for regex flags are now provided - Wrong submissions has been renamed to Incorrect Submissions - Graphs in the Admin Statistics page will now scroll with mouse wheel to improve browsing large datasets - Fixed an issue where Users/Teams could be created with a null password **Deployment** - A restart policy set to `always` has been added to nginx in docker-compose - Rename `requirements.txt` to `requirements.in` and generate `requirements.txt` using `pip-tools` under Python 3.6 - `UPLOAD_PROVIDER` no longer has a default `filesystem` set in config.ini. Instead it is defaulted through `config.py` **Miscellaneous** - The `psycopg2` dependency in development.txt has been removed in favor of `psycopg2-binary` which was updated to 2.8.6 - The `moto` dependency in development.txt has been updated to 1.3.16 - Add `pip-tools` to `development.txt` - Add `import_ctf` and `export_ctf` commands to `manage.py` and deprecate `import.py` and `export.py` - Override the `MAIL_SERVER` config with the `TESTING_MAIL_SERVER` envvar during tests - `ping` events in the notification event handler have been fixed to not send duplicates * Mark 3.2.1 (#1757) # 3.2.1 / 2020-12-09 - Fixed an issue where Users could not unlock hints * Don't allow admins to delete themselves (#1759) * Don't allow admins to accidentally delete themselves * Fix issue where you can't remove a time set in Configs (#1760) * Fix issue where config times (start, end, freeze times) could not be removed * Speed up docker builds (#1767) * Copy over `requirements.txt` first in Dockerfile to cache Python dependencies * Update docker (#1773) * Install `python3-dev` dependency instead of `python-dev` * Bump some Python dependencies (#1784) * Bump lxml to 4.6.2 * Bump pip-compile to 5.4.0 * Bump ini from 1.3.5 to 1.3.7 (#1761) Bumps [ini](https://github.com/isaacs/ini) from 1.3.5 to 1.3.7. - [Release notes](https://github.com/isaacs/ini/releases) - [Commits](https://github.com/isaacs/ini/compare/v1.3.5...v1.3.7) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Kevin Chung <kchung@ctfd.io> * Bump highlight.js from 10.3.1 to 10.4.1 (#1753) * Bump highlight.js from 10.3.1 to 10.4.1 Bumps [highlight.js](https://github.com/highlightjs/highlight.js) from 10.3.1 to 10.4.1. - [Release notes](https://github.com/highlightjs/highlight.js/releases) - [Changelog](https://github.com/highlightjs/highlight.js/blob/master/CHANGES.md) - [Commits](https://github.com/highlightjs/highlight.js/compare/10.3.1...10.4.1) Signed-off-by: dependabot[bot] <support@github.com> * Run yarn build Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Kevin Chung <kchung@ctfd.io> Co-authored-by: Kevin Chung <kchung@nyu.edu> * Add a temporary fix/hack for running scripts in flag editor templates (#1783) * Works on #1779 * Adds a temporary hack for re-enabling Javascript snippets in Flag editor templates. * In the future this will probably be separated out into a separate scripts file or something like using web components * Add length error content that is too long (#1787) * Add length checking to some sensitive fields in Pages and Challenges. * Works on #1786 This is enough to fix most of the issues but this is really a systemic problem for most of the API endpoints. We should have something that verifies data consistency. Marshmallow is not good enough at this. Pydantic seems like it would be superior here. * field based schema validation (#1789) * Clean up Page and Challenges schema validation * Fix incorrect schema validator (#1790) * Use right length in Page title validator * Fix typo in FlagEditForm.vue (#1793) Fix typo in FlagEditForm.vue Related to #1779 * Fix issue where page URLs were relative (#1798) * Fix issue where Page URLs were relative in the navbar * Closes #1797 * Fix exception occuring on Admin demotion (#1799) * Fix an exception that occurred when demoting an Admin user * Fix the response from the above request from returning a list instead of a dict * Closes #1794 * Allow time format to be overriden by data attribute (#1801) * Allow for the `data-time` format to be overridden by `data-time-format` attribute. * Closes #1776 * Fix scoreboard identifier to switch between User/Team depending on mode (#1800) * Fix scoreboard table identifier to switch between User/Team depending on mode * Closes #1777 * Add team creation disable configuration (#1802) * Add ability for admins to disable public team creation * Closes #1364 * Fix default team_creation representation value in the config page (#1803) * Fix default team_creation representation value in the config page * 1002 improve email content (#1804) * Change the default emails slightly and rework confirmation email page to make some recommendations clearer * Works a little more on #1002 * Switch default testing/development domain name to examplectf.com (#1807) * Use `examplectf.com` as testing/development domain instead of `ctfd.io` * Fixed registration and confirmation logs (#1734) * Fixes issue where user's name and email would not appear in logs properly * Closes #1706 * Bump elliptic from 6.5.3 to 6.5.4 (#1818) Bumps [elliptic](https://github.com/indutny/elliptic) from 6.5.3 to 6.5.4. - [Release notes](https://github.com/indutny/elliptic/releases) - [Commits](https://github.com/indutny/elliptic/compare/v6.5.3...v6.5.4) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Fix some template issues reported by curlylint (#1822) * Fixes some issues reported by [curlylint](https://github.com/thibaudcolas/curlylint). * Link directly to users from the submissions page in teams mode (#1823) * Links directly to users who submitted something in the submissions page if the CTF is in teams mode. * Closes #1813 * Add styling for blockquotes. Switch to using Bootstrap's scss for main.scss. (#1826) * Add styling for blockquotes. Closes #1814 * Switch to using Bootstrap's scss in main.scss to allow using Bootstrap variables * Set plugin migration version after a successful migration (#1827) * Set plugin migration version after successful migrations * Closes #1763 * Fix frontend UI where empty/null requirements could be added (#1824) * Fix Challenge Requirements interface in Admin Panel to not allow empty/null requirements to be added * Closes #1809 * Relax team requirement when challenges are publicly visible (#1832) * Don't require a team for viewing challenges if Challenge visibility is set to public * Closes #1831 * 3.3.0 (#1833) # 3.3.0 / UNRELEASED **General** - Don't require a team for viewing challenges if Challenge visibility is set to public - Add a `THEME_FALLBACK` config to help develop themes. See **Themes** section for details. **API** - Implement a faster `/api/v1/scoreboard` endpoint in Teams Mode - Add the `solves` item to both `/api/v1/challenges` and `/api/v1/challenges/[challenge_id]` to more easily determine how many solves a challenge has - Add the `solved_by_me` item to both `/api/v1/challenges` and `/api/v1/challenges/[challenge_id]` to more easily determine if the current account has solved the challenge - Prevent admins from deleting themselves through `DELETE /api/v1/users/[user_id]` - Add length checking to some sensitive fields in the Pages and Challenges schemas - Fix issue where `PATCH /api/v1/users[user_id]` returned a list instead of a dict - Fix exception that occured on demoting admins through `PATCH /api/v1/users[user_id]` - Add `team_id` to `GET /api/v1/users` to determine if a user is already in a team **Themes** - Add a `THEME_FALLBACK` config to help develop themes. - `THEME_FALLBACK` will configure CTFd to try to find missing theme files in the default built-in `core` theme. - This makes it easier to develop themes or use incomplete themes. - Allow for one theme to reference and inherit from another theme through approaches like `{% extends "core/page.html" %}` - Allow for the automatic date rendering format to be overridden by specifying a `data-time-format` attribute. - Add styling for the `<blockquote>` element. - Fix scoreboard table identifier to switch between User/Team depending on configured user mode - Switch to using Bootstrap's scss in `core/main.scss` to allow using Bootstrap variables - Consolidate Jinja error handlers into a single function and better handle issues where error templates can't be found **Plugins** - Set plugin migration version after successful migrations - Fix issue where Page URLs injected into the navbar were relative instead of absolute **Admin Panel** - Add User standings as well as Teams standings to the admin scoreboard when in Teams Mode - Add a UI for adding members to a team from the team's admin page - Add ability for admins to disable public team creation - Link directly to users who submitted something in the submissions page if the CTF is in Teams Mode - Fix Challenge Requirements interface in Admin Panel to not allow empty/null requirements to be added - Fixed an issue where config times (start, end, freeze times) could not be removed - Fix an exception that occurred when demoting an Admin user - Adds a temporary hack for re-enabling Javascript snippets in Flag editor templates. (See #1779) **Deployment** - Install `python3-dev` instead of `python-dev` in apt - Bump lxml to 4.6.2 - Bump pip-compile to 5.4.0 **Miscellaneous** - Cache Docker builds more by copying and installing Python dependencies before copying CTFd - Change the default emails slightly and rework confirmation email page to make some recommendations clearer - Use `examplectf.com` as testing/development domain instead of `ctfd.io` - Fixes issue where user's name and email would not appear in logs properly - Add more linting by also linting with `flake8-comprehensions` and `flake8-bugbear` * Use pybluemonday instead of lxml for html sanitization (#1837) * Use `pybluemonday` instead of `lxml` for html sanitization * Fix boolean optional configs in `config.py` * Closes #1835 * Change colorHash function to use HSL values (#1843) * Change `colorHash` function to use HSL values to avoid too dark/light colors * Closes #1842 * Use new properties in /api/v1/challenges (#1844) - Switch the challenges page in core to use the new API information in `/api/v1/challenges` to mark solves and display solve counts - Closes #1811 * Fix for hidden users seeing their graphing data (#1845) * Fix an issue where hidden users couldn't see their graphing data on their private user page (i.e. `/user`) * fix: Ensure hidden users see their own solves (#1840) (#1846) * Closes #1839 Co-authored-by: maybe-sybr <58414429+maybe-sybr@users.noreply.github.com> * Bump jinja2 from 2.11.2 to 2.11.3 (#1838) * Bump jinja2 from 2.11.2 to 2.11.3 Bumps [jinja2](https://github.com/pallets/jinja) from 2.11.2 to 2.11.3. - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/master/CHANGES.rst) - [Commits](https://github.com/pallets/jinja/compare/2.11.2...2.11.3) Signed-off-by: dependabot[bot] <support@github.com> * Run pip-compile our way * Add newline * Update CHANGELOG Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Kevin Chung <kchung@nyu.edu> Co-authored-by: Kevin Chung <kchung@ctfd.io> * Fix user profiles not showing awards before an account gets a solve (#1848) - Change users/private.html, users/public.html to show awards before a user gets a solve - Change teams/private.html, teams/public.html to show awards before a team gets a solve * Add files and to (#1850) - Add `.pyc` files and `__pycache__` to `.dockerignore` * Make expired token error message more useful (#1851) * Make expired token error message more useful * Update CHANGELOG and add release date (#1852) # 3.3.0 / 2020-03-26 **General** - Don't require a team for viewing challenges if Challenge visibility is set to public - Add a `THEME_FALLBACK` config to help develop themes. See **Themes** section for details. **API** - Implement a faster `/api/v1/scoreboard` endpoint in Teams Mode - Add the `solves` item to both `/api/v1/challenges` and `/api/v1/challenges/[challenge_id]` to more easily determine how many solves a challenge has - Add the `solved_by_me` item to both `/api/v1/challenges` and `/api/v1/challenges/[challenge_id]` to more easily determine if the current account has solved the challenge - Prevent admins from deleting themselves through `DELETE /api/v1/users/[user_id]` - Add length checking to some sensitive fields in the Pages and Challenges schemas - Fix issue where `PATCH /api/v1/users[user_id]` returned a list instead of a dict - Fix exception that occured on demoting admins through `PATCH /api/v1/users[user_id]` - Add `team_id` to `GET /api/v1/users` to determine if a user is already in a team - Provide a more useful error message when using an expired token **Themes** - Add a `THEME_FALLBACK` config to help develop themes. - `THEME_FALLBACK` will configure CTFd to try to find missing theme files in the default built-in `core` theme. - This makes it easier to develop themes or use incomplete themes. - Allow for one theme to reference and inherit from another theme through approaches like `{% extends "core/page.html" %}` - Allow for the automatic date rendering format to be overridden by specifying a `data-time-format` attribute. - Add styling for the `<blockquote>` element. - Change `users/private.html`, `users/public.html` to show awards before a user gets a solve - Change `teams/private.html`, `teams/public.html` to show awards before a team gets a solve - Change `colorHash` function to use HSL color values to avoid generating too light/dark colors - Fix an issue where hidden users couldn't see their graphing data on their private user page (`/user`) - Fix scoreboard table identifier to switch between User/Team depending on configured user mode - Switch the challenges page in core to use the new API information in `/api/v1/challenges` to mark solves and display solve counts - Switch to using Bootstrap's scss in `core/main.scss` to allow using Bootstrap variables - Consolidate Jinja error handlers into a single function and better handle issues where error templates can't be found **Plugins** - Set plugin migration version after successful migrations - Fix issue where Page URLs injected into the navbar were relative instead of absolute **Admin Panel** - Add User standings as well as Teams standings to the admin scoreboard when in Teams Mode - Add a UI for adding members to a team from the team's admin page - Add ability for admins to disable public team creation - Link directly to users who submitted something in the submissions page if the CTF is in Teams Mode - Fix Challenge Requirements interface in Admin Panel to not allow empty/null requirements to be added - Fixed an issue where config times (start, end, freeze times) could not be removed - Fix an exception that occurred when demoting an Admin user - Adds a temporary hack for re-enabling Javascript snippets in Flag editor templates. (See #1779) **Deployment** - Fix boolean configs from the `config.ini` optional section - Install `python3-dev` instead of `python-dev` in apt - Require `pybluemonday` as pip dependency - Remove `lxml` and `html5lib` from pip dependencies - Bump `Jinja2` to 2.11.3 - Bump `pip-tools` to 5.4.0 **Miscellaneous** - Rewrite the HTML santiziation feature (controlled by `HTML_SANITIZATION`) to use the `pybluemonday` library instead of `lxml`/`html5lib` - Note that this feature is still in beta - Cache Docker builds more by copying and installing Python dependencies before copying CTFd - Change the default emails slightly and rework confirmation email page to make some recommendations clearer - Use `examplectf.com` as testing/development domain instead of `ctfd.io` - Fix issue where user's name and email would not appear in logs properly - Add more linting by also linting with `flake8-comprehensions` and `flake8-bugbear` - Add `.pyc` files and `__pycache__` to `.dockerignore` * Fix issue where admins couldn't see some challenges in the add requirements interface (#1853) - Fix an issue where admins couldn't see challenges which had requirements in the add requirements interface * Fix wrong date for v3.3.0 changelog. (#1856) It's 2021 now, time flies haha * Ignore node_modules in any subdirectory for Docker (#1857) - Make `node_modules` in `.dockerignore` recursive to not add any `node_modules` folders into the build context * Put up a fix for challenges whose requirements were deleted (#1861) * Works on #1860 * Don't consider deleted challenges when evaluating challenge prereqs * use different directories for different tests (#1864) * ping database with python instead of mysql client (#1862) * Replaces `mysqladmin ping` with a custom script * Closes #725 * Bump pybluemonday version (#1869) * Bump version of pybluemonday * Pydantic documentation Fixes #1829 (#1871) - Improved the `sqlalchemy_to_pydantic` function to accept additional schema fields on top of the SQLAlchemy model fields - Added the solves and solved_by_me fields to the Swagger documentation (Closes #1829) * Ctftime test context #928 (#1866) Works on #928 * Update geoip.py (#1896) Added error handling in case `IP_ADDR_LOOKUP.get(addr)` fails. * Beta challenge sorting interface (#1900) * Add a beta way to sort challenges in the core theme through `window.BETA_sortChallenges()` * Widen the challenge creation form to make it easier to show longer challenge types (#1901) * Handle edge case where users have a null password (#1902) * Handle an edge case where users try to login but were logged in through an authentication provider * Confirmed REST API does delete directories in s3 bucket. The local filesystem didn't though and that was updated. Closes #1758 (#1876) - Deleting uploads under the Filesystem upload provider will now delete the parent folder as well as the target file - Closes #1758 * Bump pybluemonday version to 0.0.6 and allow HTML comments in sanitized output (#1908) * Bump pybluemonday version to 0.0.6 * Allow HTML comments in sanitized output * Closes #1906 * Add fix for MLC configs in config.ini (#1909) * Bump pydantic from 1.5.1 to 1.6.2 (#1890) * Bump pydantic from 1.5.1 to 1.6.2 Bumps [pydantic](https://github.com/samuelcolvin/pydantic) from 1.5.1 to 1.6.2. - [Release notes](https://github.com/samuelcolvin/pydantic/releases) - [Changelog](https://github.com/samuelcolvin/pydantic/blob/master/HISTORY.md) - [Commits](https://github.com/samuelcolvin/pydantic/compare/v1.5.1...v1.6.2) Signed-off-by: dependabot[bot] <support@github.com> * Update requirements.txt Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Kevin Chung <kchung@ctfd.io> Co-authored-by: Kevin Chung <kchung@nyu.edu> * Switch python-geoacumen to python-geoacumen-city (#1911) * Closes #1872 * IP Addresses in the Admin Panel will now show the city of the IP address as well as the country * Show a team member's individual score in the admin panel (#1912) * Show a team member's individual score in the admin panel * Sort challenges by id (#1914) * Sort challenges by ID as well as value in `/api/v1/challenges` to better standardize API output * Bump all the JS dependencies from dependabot (#1919) * Bump ssri from 6.0.1 to 6.0.2 (#1870) Bumps [ssri](https://github.com/npm/ssri) from 6.0.1 to 6.0.2. - [Release notes](https://github.com/npm/ssri/releases) - [Changelog](https://github.com/npm/ssri/blob/v6.0.2/CHANGELOG.md) - [Commits](https://github.com/npm/ssri/compare/v6.0.1...v6.0.2) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Kevin Chung <kchung@ctfd.io> * Bump lodash from 4.17.20 to 4.17.21 (#1884) Bumps [lodash](https://github.com/lodash/lodash) from 4.17.20 to 4.17.21. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](https://github.com/lodash/lodash/compare/4.17.20...4.17.21) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump hosted-git-info from 2.8.8 to 2.8.9 (#1885) Bumps [hosted-git-info](https://github.com/npm/hosted-git-info) from 2.8.8 to 2.8.9. - [Release notes](https://github.com/npm/hosted-git-info/releases) - [Changelog](https://github.com/npm/hosted-git-info/blob/v2.8.9/CHANGELOG.md) - [Commits](https://github.com/npm/hosted-git-info/compare/v2.8.8...v2.8.9) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump codemirror from 5.42.2 to 5.58.2 (#1886) Bumps [codemirror](https://github.com/codemirror/CodeMirror) from 5.42.2 to 5.58.2. - [Release notes](https://github.com/codemirror/CodeMirror/releases) - [Changelog](https://github.com/codemirror/CodeMirror/blob/master/CHANGELOG.md) - [Commits](https://github.com/codemirror/CodeMirror/compare/5.42.2...5.58.2) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump browserslist from 4.14.3 to 4.16.6 (#1894) Bumps [browserslist](https://github.com/browserslist/browserslist) from 4.14.3 to 4.16.6. - [Release notes](https://github.com/browserslist/browserslist/releases) - [Changelog](https://github.com/browserslist/browserslist/blob/main/CHANGELOG.md) - [Commits](https://github.com/browserslist/browserslist/compare/4.14.3...4.16.6) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump postcss from 7.0.34 to 7.0.36 (#1917) Bumps [postcss](https://github.com/postcss/postcss) from 7.0.34 to 7.0.36. - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/postcss/postcss/compare/7.0.34...7.0.36) --- updated-dependencies: - dependency-name: postcss dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Run yarn build Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Show the team's score & place when viewing a team member (#1918) * Closes #1881 * Show the team's score & place when viewing a team member * Allow Page editor to write HTML directly (#1915) * Works on #1493 * Adds a new column for Pages to specify format * Separate out `build_html` into `build_html` and `build_markdown` * Add config variables into pages: `ctf_name`, `ctf_description`, `ctf_start`, `ctf_end`, `ctf_freeze` * The time variables are represented as ISO8601 timestamps * Flip value and initial for dynamic challenges to better support ctfcli (#1921) * Makes the initial value for a dynamic challenge provided by the `initial` argument instead of the `value` argument. This makes it easier to support ctfcli. Refer to https://github.com/CTFd/ctfcli/issues/13. * Closes #1875 * Limit total number of teams (#1867) * Adds support for a total teams limit * Show length error when Configs provided are too long (#1920) * Show an error when a config is too long * Clean up label for num_teams (#1923) * Add a way to access the challenge plugin class from the Challenges model (#1925) * Add a way to access the challenge plugin class from the Challenges model * Allows templates to access the plugin class more easily * Allows plugins to access the plugin class without having to load the class explicitly * Closes #1879 * Add CSV importing feature (#1922) * Closes #1888 * Adds code to import CSVs for challenges, users, and teams * Add a fix for receiving non-string Config values (#1931) * Properly receive non-string config values (None, bool, integers, etc) in /api/v1/config * Closes #1928 * Fix the response schema for `PATCH /api/v1/configs/<config_key>` in error situations Overall we weren't particularly strict before and we should try to stay a little lax so we don't break anything. * Fix issue where admins can't load a user's admin panel page when in teams mode (#1934) * Closes #1932 * Create SECURITY.md (#1942) Closes #1941 * Send title of Page to view (#1944) * Add ability to use page title from template * Hide token type in user settings (#1945) * Works on #1891 * Hides token type from user settings because it's currently unused * Validate that a user can't patch their team id (#1947) * Prevent users from PATCH'ing their team id * Mark 3.3.1 (#1948) # 3.3.1 / 2021-07-15 **Security** - Fixes an issue where users could join teams without knowing the team password or having a team invite * Add text to make it clearer what each user mode is (#1950) * Closes #1935 * Add text to make it clearer what each user mode is during setup * Add time to export filename (#1949) * Add time to export filename * Only allow team members to be promoted to captain (#1943) * Only allow team members to be promoted to captain * fix #1949 not add time to all place (#1951) * WIP: Add registration password (#1946) * Closes #1895 * Add a registration password to account creation (ignoring SSO or API based account creation) * Rework requirements UI and officially support anonymized challenges (#1954) * Rework Requirements UI to make it easier to bulk set requirements * Officially support anonymized challenges * Closes #1825 * Fix simple css issue (#1955) * Make user mode easier to change without having to reset accounts (#1956) * Closes #1889 * Makes user mode easier to change without having to reset accounts. Submissions are still required to be deleted. * Add update scoreboard and challenge board functions to window global (#1957) * Closes #1841 * Adds update scoreboard and challenge board functions to window global * This is a stop gap measure before we start using CTFd.js more heavily * Bump pybluemonday to 0.0.7 (#1959) * Bump pybluemonday to 0.0.7 * Improved CSV exports (#1960) * Closes #1940 * Create Scoreboard CSV export with support for custom fields * Create Users CSV export with support for custom fields * Create Teams CSV export with support for custom fields * Small fixes from making CSV examples (#1963) * Closes #1958 * Add a decorator for redirecting users if their profile isn't complete (#1933) * Redirect users and teams whose profiles are incomplete to complete their profile * Closes #1926 * Challenge Topics (#1966) * Closes #1897 * Adds Topics to Challenges where Topics are admin-only visible tags about challenges * Adds `/api/v1/topics` and `/api/v1/challenges/[challenge_id]/topics` to API * Challenge comments have been moved into a modal * Add connection_info to Challenges model (#1965) * Closes #1964 * Adds connection_info to Challenges * Add 3.4.0 CHANGELOG as unreleased (#1970) * Simplify view.html in provided challenge types to support core-beta (#1969) * Simplify view.html in the provided challenge plugins to better support the eventual core-beta theme * Set THEME_FALLBACK to default to true (#1971) * CTFd now has the `THEME_FALLBACK` option enabled by default. This allows users to provide incomplete themes. Missing theme files will be provided from the built-in core theme * Closes #1967 * Fix typo under Admin Config > Accounts > Team Disbanding (#1973) Changed `capatins` to `captains` * Add guidance for CSV imports (#1975) * Mark v3.4.0 (#1976) # 3.4.0 / 2021-08-11 **General** - Added the ability to have Challenge Topics - Challenge Topics are small topic strings which are only visible to Admins - They should denote what topics a given challenge involves - Added `connection_info` to Challenges to allow Admins to more easily specify the connection info for a challenge - Added ability to import CSVs of users, teams, and challenges - Added ability to limit the total number of teams - Pages now have access to variables `ctf_name`, `ctf_description`, `ctf_start`, `ctf_end`, `ctf_freeze`. (e.g. `{{ ctf_name }}`) - IP Addresses in the Admin Panel will now show the city of the IP address as well as the country - Make User Mode it's own dedicated tab in the setup flow and more clearly explain what each user mode does - Added the ability to have a registration password - Does not currently apply to SSO/auth provider or API based account creation - Prevent users from participating with challenges if their profile is not complete (i.e. haven't filled out all required custom fields) - Fixed an issue where admins couldn't see some challenges in the add requirements interface - Fixed an issue where a challenge couldn't be accessed beacuse it had prerequisites on a deleted challenge - Fixed an issue where User profiles could not be loaded in the Admin Panel due to missing/invalid Tracking IP addresses - Fixed an issue where users with authentication provider accoutns would get an error when attempting to login - Fixed an issue where MajorLeagueCyber config from config.ini was not being respected **API** - Added `connection_info` field to `/api/v1/challenges/[challenge_id]` - Added `/api/v1/topics` for admins to create/delete topics - Added `/api/v1/challenges/[challenge_id]/topics` for admins to list the topics on a challenge - `/api/v1/challenges` will now sort by ID as value to better standardize API output with different databases - `/api/v1/configs` will now provide an error message when provided Config values are too long - `PATCH /api/v1/teams/[team_id]` will now only let team members be team captain - No security issues here, it would just be invalid data. **Themes** - CTFd now has the `THEME_FALLBACK` option enabled by default. This allows users to provide incomplete themes. Missing theme files will be provided from the built-in core theme - CTFd will now pass the title of a Page over to the template when rendering - No longer show the token type in user settings - Added `window.BETA_sortChallenges` to `/challenges` so that theme code can more easily define how to sort challenges - Note that this functionality is beta because we expect to revamp the entire themes system - Added `window.updateChallengeBoard` to `/challenges` so that theme code can more easily define when to update challenges - Note that this functionality is beta because we expect to revamp the entire themes system - Added `window.updateScoreboard` to `/scoreboard` so that theme code can more easily define when to update the scoreboard - Note that this functionality is beta because we expect to revamp the entire themes system **Plugins** - Added `Challenges.plugin_class` to the Challenges model to access the challenge type plugin class from the Model - Allows templates to access the plugin class more easily - Allows plugins to access the plugin class without having to load the class explicitly **Admin Panel** - Reworked the Challenge Requirements UI - Officially support the concept of anonymized challenges if prerequisites aren't met - Added ability for Pages to be written in direct HTML instead of Markdown - Pages now have access to variables `ctf_name`, `ctf_description`, `ctf_start`, `ctf_end`, `ctf_freeze` - `ctf_start`, `ctf_end`, `ctf_freeze` are represented as ISO8601 timestamps - Make it easier to change the user mode without having to delete all accounts. Instead we will only delete all submissions. - When in team mode, user pages will now show their team's score instead of their own personal score - Show a team member's individual score on their team's page - Made the challenge creation form wider **Deployment** - The `THEME_FALLBACK` config is now set to true by default - Replace installation and usage of `mysqladmin` (specifically `mysqladmin ping`) with a custom Python script - Bump version of `pybluemonday` to 0.0.7 (fixes HTML sanitization bypasses and allows comments in HTML) - Bump `pydantic` from 1.5.1 to 1.6.2 **Miscellaneous** - Make `.dockerignore` ignore `node_modules` in any subdirectory - Added `solves` and `solved_by_me` fields to the Swagger documentation for Challenges - Dynamic challenges will now take their initial valuation from the `inital` keyword instead of the previous `value` keyword. - This allows ctfcli to manage dynamic challenges. See https://github.com/CTFd/CTFd/issues/1875 - Added a timestamp to a CTFd export's filename - Deleting uploads under the Filesystem upload provider will now delete the parent folder as well as the target file * Improve validation and error reporting during CSV import (#1979) * Improve validation during CSV import process by using existing Marshmallow Schemas * Return CSV import errors from import functions to render out to the user * Ignore invalid fields that we can't use in Challenge CSV import * Fix non-clickable checkbox label in user creation form in Admin side (#1986) Co-authored-by: SpeedX <> * Make login sessions permanent (#1991) * Closes #1990 * Make session cookies persist in the browser after close * Bump flask-restx from 0.2.0 to 0.5.1 (#1984) Bumps [flask-restx](https://github.com/python-restx/flask-restx) from 0.2.0 to 0.5.1. - [Release notes](https://github.com/python-restx/flask-restx/releases) - [Changelog](https://github.com/python-restx/flask-restx/blob/master/CHANGELOG.rst) - [Commits](https://github.com/python-restx/flask-restx/compare/0.2.0...0.5.1) --- updated-dependencies: - dependency-name: flask-restx dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Kevin Chung <kchung@ctfd.io> * Bump path-parse from 1.0.6 to 1.0.7 (#1977) Bumps [path-parse](https://github.com/jbgutierrez/path-parse) from 1.0.6 to 1.0.7. - [Release notes](https://github.com/jbgutierrez/path-parse/releases) - [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7) --- updated-dependencies: - dependency-name: path-parse dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Kevin Chung <kchung@ctfd.io> * #2003 - All numeric registration codes (#2004) * fix: cast registration_code to string during register * test: add test to confirm numeric registration codes * fix regression in REVERSE_PROXY to allow comma seperated integers (#1999) Co-authored-by: Kevin Chung <kchung@ctfd.io> * Fix issue with REVERSE_PROXY comma separated string configuration * Closes #1993 * Attempt to fix builds (#2012) * Update pipdeptree version to 2.2.0 * Fixed documentation links in README.md (#2010) Co-authored-by: Csaba Peter <cpeter@atlassian.com> Co-authored-by: Kevin Chung <kchung@ctfd.io> * Bump pybluemonday from 0.0.7 to 0.0.8 (#2009) Bumps [pybluemonday](https://github.com/ColdHeat/pybluemonday) from 0.0.7 to 0.0.8. - [Release notes](https://github.com/ColdHeat/pybluemonday/releases) - [Changelog](https://github.com/ColdHeat/pybluemonday/blob/master/CHANGELOG.md) - [Commits](https://github.com/ColdHeat/pybluemonday/compare/0.0.7...0.0.8) --- updated-dependencies: - dependency-name: pybluemonday dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Kevin Chung <kchung@ctfd.io> Co-authored-by: Nir <nir61202@gmail.com> Co-authored-by: n01e0 <47088622+n01e0@users.noreply.github.com> Co-authored-by: Kevin Chung <kchung@ctfd.io> Co-authored-by: Frank <frankli0324@hotmail.com> Co-authored-by: Laurent Jalbert-Simard <laurent_js@hotmail.com> Co-authored-by: Ace Pace <acepace@users.noreply.github.com> Co-authored-by: Khiem Doan <doankhiem.crazy@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Kevin Chung <kchung@nyu.edu> Co-authored-by: Alper Berber <berber@sabanciuniv.edu> Co-authored-by: maybe-sybr <58414429+maybe-sybr@users.noreply.github.com> Co-authored-by: Ben Woo <30431861+benwoo1110@users.noreply.github.com> Co-authored-by: Ife Lawal <il693@nyu.edu> Co-authored-by: Mike Merrill <linted@users.noreply.github.com> Co-authored-by: Connor Nelson <Connor@ConnorNelson.com> Co-authored-by: Chris Frohoff <cfrohoff@qualcomm.com> Co-authored-by: Kevin Bayer <kevinjbayer@me.com> Co-authored-by: Allen Guan <me@nella17.tw> Co-authored-by: Jordan Bertasso <36979824+jordanbertasso@users.noreply.github.com> Co-authored-by: SpeedX <ggspeedx29@gmail.com> Co-authored-by: Nick Frost <42555217+nickfrost-asana@users.noreply.github.com> Co-authored-by: Connor Tumbleson <iBotPeaches@users.noreply.github.com> Co-authored-by: tom <tom@tomn.me> Co-authored-by: cpeter <peter_csaba@yahoo.com> Co-authored-by: Csaba Peter <cpeter@atlassian.com>

Add connection_info to Challenges model

d80264b

ColdHeat changed the title ~~Add connection_info to Challenges model~~ WIP: Add connection_info to Challenges model Jul 29, 2021

ColdHeat added 7 commits July 29, 2021 02:47

Add connection_info to challenge.html

43660f3

Add connection_info to API response and update.html

2e5aeb7

Add migration for connection_info column

c925b4e

Revert "Add migration for connection_info column"

02e41a8

This reverts commit c925b4e.

Merge branch 'master' of github.com:CTFd/CTFd into 1964-challenge-con…

d8e43ef

…nection-info

Add migration properly

fc1c163

Add connection_info to dynamic challenges

f51867b

ColdHeat changed the title ~~WIP: Add connection_info to Challenges model~~ Add connection_info to Challenges model Jul 30, 2021

Clarify connection info

b74b149

ColdHeat merged commit c77a1c2 into master Jul 30, 2021

ColdHeat deleted the 1964-challenge-connection-info branch July 30, 2021 17:13

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add connection_info to Challenges model #1965

Add connection_info to Challenges model #1965

ColdHeat commented Jul 29, 2021

codecov bot commented Jul 29, 2021 •

edited

Loading

Add connection_info to Challenges model #1965

Add connection_info to Challenges model #1965

Conversation

ColdHeat commented Jul 29, 2021

codecov bot commented Jul 29, 2021 • edited Loading

Codecov Report

codecov bot commented Jul 29, 2021 •

edited

Loading