Merge pull request 'Fix invalid characters in team name that causes error 500' (#87) from Danhia/website:events/fix-teamname into main

Reviewed-on: 42CTF/website#87

src/api/urls.py

@@ -2,6 +2,8 @@ from django.urls import path
 from . import views
 
 urlpatterns = [
-        path('bot/discord', views.discord_bot, name='discord_bot'),
+        path('bot/discord', views.bot_discord_rank, name='bot_discord_rank'), # legacy, to remove when new bot is deployed
+        path('bot/discord/rank', views.bot_discord_rank, name='bot_discord_rank'), # use this
+        path('bot/discord/campus', views.bot_discord_campus, name='bot_discord_campus'),
         path('events/<str:event_slug>', views.events_data, name='events_data'),
 ]

src/api/views.py

@@ -7,17 +7,16 @@ from django.shortcuts import get_object_or_404
 
 # Create your views here.
 
-
+def bot_discord_rank(request):
-def discord_bot(request):
 	if request.method != 'GET':
 		return JsonResponse({'error':'bad request'})
-	
+
 	token = request.GET.get('token')
 	auth_token = os.getenv('BOT_TOKEN')
 
 	if (token != auth_token or not auth_token):
 		return JsonResponse({'error':'not authorized'})
-	
+
 	all_users	  = UserProfileInfo.objects.select_related().order_by('-score', 'last_submission_date', 'user__username')
 	data = {}
 	rank = 1
@@ -28,15 +27,33 @@ def discord_bot(request):
 
 	return JsonResponse(data)
 
+def bot_discord_campus(request):
+	if request.method != 'GET':
+		return JsonResponse({'error':'bad request'})
+
+	token = request.GET.get('token')
+	auth_token = os.getenv('BOT_TOKEN')
+
+	if (token != auth_token or not auth_token):
+		return JsonResponse({'error':'not authorized'})
+
+	all_users	  = UserProfileInfo.objects.select_related().order_by('-score', 'last_submission_date', 'user__username')
+	data = {}
+	for user in all_users:
+		if user.campus and user.discord_id:
+			data[user.discord_id] = user.campus.name
+
+	return JsonResponse(data)
+
 def events_data(request, event_slug):
 	if request.method != 'GET':
 		return JsonResponse({'error':'bad request'})
-	
+
 	event_info = get_object_or_404(Event, slug=event_slug)
-	
+
 	if event_info.password and request.GET.get('password') != event_info.password:
 		return JsonResponse({'error':'not authorized'})
-	
+
 	players = EventPlayer.objects.filter(event=event_info)
 
 	data = {}
@@ -50,7 +67,6 @@ def events_data(request, event_slug):
 	else:
 		for player in players:
 			data[player.user.username] = player.score
-	
+
 	return JsonResponse(data)
 
-	

src/events/templates/events/create_team.html

@@ -16,6 +16,9 @@
                     {% if registered == False %}
                     <span class="message error-msg">{% trans "You need to be registered to the event." %}</span>
                     {% else %}
+                    {% if invalid == True %}
+                    <span class="message error-msg">{% trans "Invalid characters in name" %}</span>
+                    {% endif %}
                     {% if exist == True %}
                     <span class="message error-msg">{% trans "Name already taken." %}</span>
                     {% endif %}

src/events/views/teams.py

@@ -13,10 +13,13 @@ from random import randint
 def create_team(request, event_slug):
 	ev			=   get_object_or_404(Event, slug=event_slug)
 	if request.method == 'POST':
+		teamname = request.POST.get('teamname')
 		if request.user.is_authenticated and ev.team_size > 1:
-			if Team.objects.filter(name=request.POST.get('teamname'), event=ev).exists():
+			if any(c in set('./') for c in teamname):
+				return render(request, 'events/create_team.html', {'event' : ev, 'logged': True, 'wrongpwd': False, 'registered' : True, 'exist' : False, 'invalid' : True})
+			if Team.objects.filter(name=teamname, event=ev).exists():
 				return render(request, 'events/create_team.html', {'event' : ev, 'logged': True, 'wrongpwd': False, 'registered' : True, 'exist' : True})
-			new = Team(name=request.POST.get('teamname'), password=request.POST.get('password'), event=ev)
+			new = Team(name=teamname, password=request.POST.get('password'), event=ev)
 			new.save()
 			player = EventPlayer.objects.get(user=request.user, event=ev)
 			player.team = new
@@ -115,9 +118,10 @@ def manage_team(request, event_slug):
 			pname = p_form.cleaned_data['name']
 			if pname == tname:
 				pass
-			else:
+			elif any(c in set('./') for c in pname):
-				if Team.objects.filter(name=pname, event=event_info).exists():
+				error = _("Invalid characters in name")
-					error = _("Name already taken.")
+			elif Team.objects.filter(name=pname, event=event_info).exists():
+				error = _("Name already taken.")
 			ppassword = p_form.cleaned_data['password']
 			if error is None:
 				p_form.save()
@@ -137,18 +141,20 @@ def leave_team(request, event_slug):
 	player		= 	EventPlayer.objects.get(user=request.user, event=event_info)
 	team		=	Team.objects.get(event=event_info, name=player.team.name)
 
-	team.score -= player.score
-	team.save()
 	player.team = None
+	player.save()
+	members		=	EventPlayer.objects.filter(team=team, event=event_info)
+	if members.count() == 0:
+		team.delete()
+	else:
+		team.score -= player.score
+		team.save()
+	
 	solved = CTF_flags.objects.filter(user=player.user, ctf__event=event_info)
 	player.score = 0
 	solved.delete()
 	player.save()
 
-	members		=	EventPlayer.objects.filter(team=team, event=event_info)
-	if members.count() == 0:
-		team.delete()
-
 	return redirect('events:event_info', event_slug=event_slug)
 
 @login_required