[BUG FIX REPORT] Advanced badge training module challenge "Add new user" not being flagged correctly after completion. #3390
UsrBern
started this conversation in
Show and tell
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
As the title says, I noticed that even after creating the test user specified in the challenge I was not getting my flag, even after making sure that that I shut down the server appropriately before creating the user and avoiding the
--freshflag.Because I'm stubborn and wanted my damn badge I started digging and noticed that in the
conf/local.ymlfile, the test user's entry had changed fromtest: testtotest: $argon2id$v=19$m=65536,t=3,p=4$JlJcXtH7b9JxC6rHFJ7Wjw$fiektvVik+afQPvKWlRBqaQXWSkEjDtHWWLC73zljBI.So I dug further to find wherever the flag checker is and found
/plugins/training/app/flags/advanced/flag_2.py:I wondered if
user.passwordwasn't simply retrieving the hash and comparing it to 'test' thus always returning false. So I modified the script to this:After adding passlib and argon2-cffi to requirements.txt, and restarting the server again I finally got my flag.
Figured I should report this as a bug and explain. Thanks for reading!
PS: yes I know it would have been enough and easier to just compare
user.passwordto both 'test' and the hash. I literally just realized that.... Whoops.
Beta Was this translation helpful? Give feedback.
All reactions