Compare commits

..

21 Commits
main ... main

Author SHA1 Message Date
Danhia f1b1214291 Merge pull request 'New permissions to allow a group of user to manage event-related objects' (#89) from Danhia/website:admin/events-permissions into main
Reviewed-on: 42CTF/website#89
2023-09-24 15:25:41 +02:00
Danhia 8b28f73bdb added special permissions to allow a group of user to manage event-related objects 2023-09-24 15:17:49 +02:00
Danhia c8adc6caf9 Merge pull request 'Added speed bonus points for events' (#88) from Danhia/website:events/bonus-points into main
Reviewed-on: 42CTF/website#88
2023-09-17 20:43:42 +02:00
Danhia 6ecb94eab5 added speed bonus points for events 2023-09-17 20:39:13 +02:00
Danhia 44897411f5 Merge pull request 'Fix invalid characters in team name that causes error 500' (#87) from Danhia/website:events/fix-teamname into main
Reviewed-on: 42CTF/website#87
2023-09-01 11:10:54 +02:00
Danhia 5a10e033a2 Merge pull request 'fix(api): Check if user has campus before add to response' (#85) from Starthur/website:main into main
Reviewed-on: 42CTF/website#85
Reviewed-by: Danhia <danhia@protonmail.com>
2023-09-01 11:09:53 +02:00
Danhia 3d86f21ba2 add forbidden characters in teamname to avoir error 500 2023-09-01 11:07:13 +02:00
Starthur 691c53e110
fix(api): Check if user has campus before add to response 2023-02-07 10:15:30 +01:00
Starthur 2d4816e78f Merge pull request '[API][BOT] New endpoint to retrieve campus associated to discord id' (#84) from Danhia/website:api-campus into main
Reviewed-on: 42CTF/website#84
Reviewed-by: Starthur <contact+42ctf@arthur-trt.fr>
2023-02-07 09:43:57 +01:00
Danhia 5d84174db2 Added new endpoint to retrieve campus associated to discord id 2023-02-06 19:41:48 +01:00
Danhia 9ad64e72bc Merge pull request 'doc(tools): Broken link GEF' (#83) from Starthur/website:main into main
Reviewed-on: 42CTF/website#83
Reviewed-by: Danhia <danhia@protonmail.com>
2023-02-05 23:20:19 +01:00
Danhia 9d0a420cac Merge pull request 'Separate profile page for events' (#69) from Danhia/website:event/fix-chall-slug into main
Reviewed-on: 42CTF/website#69
Reviewed-by: Starthur <contact+42ctf@arthur-trt.fr>
2023-02-05 23:13:44 +01:00
Starthur 7120a80c1d
doc(tools): Broken link GEF 2023-02-01 18:41:53 +01:00
Starthur fe71460537 Merge branch 'main' into event/fix-chall-slug 2022-10-13 20:23:21 +02:00
Danhia 32bbc392d6 Merge pull request 'Facilitate access to the user's profile' (#82) from UncleReaton/website:main into main
Reviewed-on: 42CTF/website#82
Reviewed-by: Danhia <danhia@protonmail.com>
2022-10-10 21:03:09 +02:00
UncleReaton acf306097a Change user.userprofileinfo.user to user 2022-10-10 21:01:31 +02:00
UncleReaton dc955fc189 Add a button to view the user's profile by clicking on their score on the navbar 2022-10-10 20:37:11 +02:00
UncleReaton e304f7cd15 Add a button to view the user's profile from their edit page 2022-10-10 20:27:31 +02:00
Danhia 73cf94515d Merge pull request 'Added command to prune users who never logged in' (#80) from Danhia/website:management/prune-users into main
Well maybe it will remove all users from the db but we can't know until we try it, can we ?
2022-09-30 16:24:18 +02:00
Danhia 94237bd9b6 Added command to prune users who never logged in 2022-09-30 16:20:17 +02:00
Danhia 00acec6fdb separate profile page for events 2022-08-16 18:03:39 +02:00
21 changed files with 548 additions and 82 deletions

View File

@ -0,0 +1,24 @@
from collections import defaultdict
from django.core.management.base import BaseCommand, CommandError
from accounts import models as acc_models
from django.contrib.auth import models as auth_models
from django.contrib.auth.models import timezone
from datetime import timedelta
class Command(BaseCommand):
help = 'Remove all users who never logged in'
def handle(self, *args, **options):
all_users = acc_models.UserProfileInfo.objects.filter(score=0).select_related()
to_remove = []
for elem in all_users:
user = elem.user
if user.last_login is None and user.date_joined < timezone.now() - timedelta(hours=72):
to_remove.append(user)
print("You are going to remove {} users.".format(len(to_remove)))
answer = input("Continue ? [y/N] ")
if answer.lower() in ["y","yes"]:
for elem in to_remove:
elem.delete()
print("Users have been successfully pruned.")

View File

@ -92,6 +92,13 @@
{% endif %} {% endif %}
<li class="list-group-item">{% trans "Registered since" %} {{ user.date_joined|date:"Y-m-d" }}</li> <li class="list-group-item">{% trans "Registered since" %} {{ user.date_joined|date:"Y-m-d" }}</li>
</ul> </ul>
<ul class="list-group">
<form method='GET' action="{% url 'accounts:profile' user %}">
<li class="list-group-item">
<input class="form-control" type="submit" value="{% trans " View my profile" %}">
</li>
</form>
</ul>
<ul class="list-group"> <ul class="list-group">
<form method='GET' action="{% url 'accounts:delete_account' %}"> <form method='GET' action="{% url 'accounts:delete_account' %}">
{%csrf_token%} {%csrf_token%}

View File

@ -87,7 +87,6 @@ def connect_discord(request):
@login_required @login_required
def authorize_discord(request): def authorize_discord(request):
if request.user.userprofileinfo.discord_id: if request.user.userprofileinfo.discord_id:
print("Already")
return bad_request(request, "Already connected") return bad_request(request, "Already connected")
try: try:
token = oauth.discord.authorize_access_token(request) token = oauth.discord.authorize_access_token(request)

View File

@ -2,6 +2,8 @@ from django.urls import path
from . import views from . import views
urlpatterns = [ urlpatterns = [
path('bot/discord', views.discord_bot, name='discord_bot'), path('bot/discord', views.bot_discord_rank, name='bot_discord_rank'), # legacy, to remove when new bot is deployed
path('bot/discord/rank', views.bot_discord_rank, name='bot_discord_rank'), # use this
path('bot/discord/campus', views.bot_discord_campus, name='bot_discord_campus'),
path('events/<str:event_slug>', views.events_data, name='events_data'), path('events/<str:event_slug>', views.events_data, name='events_data'),
] ]

View File

@ -7,8 +7,7 @@ from django.shortcuts import get_object_or_404
# Create your views here. # Create your views here.
def bot_discord_rank(request):
def discord_bot(request):
if request.method != 'GET': if request.method != 'GET':
return JsonResponse({'error':'bad request'}) return JsonResponse({'error':'bad request'})
@ -28,6 +27,24 @@ def discord_bot(request):
return JsonResponse(data) return JsonResponse(data)
def bot_discord_campus(request):
if request.method != 'GET':
return JsonResponse({'error':'bad request'})
token = request.GET.get('token')
auth_token = os.getenv('BOT_TOKEN')
if (token != auth_token or not auth_token):
return JsonResponse({'error':'not authorized'})
all_users = UserProfileInfo.objects.select_related().order_by('-score', 'last_submission_date', 'user__username')
data = {}
for user in all_users:
if user.campus and user.discord_id:
data[user.discord_id] = user.campus.name
return JsonResponse(data)
def events_data(request, event_slug): def events_data(request, event_slug):
if request.method != 'GET': if request.method != 'GET':
return JsonResponse({'error':'bad request'}) return JsonResponse({'error':'bad request'})
@ -53,4 +70,3 @@ def events_data(request, event_slug):
return JsonResponse(data) return JsonResponse(data)

View File

@ -2,8 +2,6 @@ from django.contrib import admin
from .models import Category, CTF, CTF_flags from .models import Category, CTF, CTF_flags
admin.site.register(Category) admin.site.register(Category)
#admin.site.register(CTF)
#admin.site.register(CTF_flags)
@admin.register(CTF_flags) @admin.register(CTF_flags)
class ctf_flags(admin.ModelAdmin): class ctf_flags(admin.ModelAdmin):
@ -14,12 +12,61 @@ class ctf_flags(admin.ModelAdmin):
# search list # search list
search_fields = ['ctf__category__name', 'ctf__name', 'user__username'] search_fields = ['ctf__category__name', 'ctf__name', 'user__username']
def get_queryset(self, request):
qs = super().get_queryset(request)
if request.user.is_superuser:
return qs
groups = list(request.user.groups.values_list('name', flat=True))
return qs.filter(event__name__in=groups)
def has_view_permission(self, request, obj=None):
if request.user.is_superuser:
return True
if obj is not None:
return request.user.groups.filter(name=obj.event.name).exists()
return super().has_view_permission(request, obj)
def has_change_permission(self, request, obj=None):
if request.user.is_superuser:
return True
if obj is not None:
return request.user.groups.filter(name=obj.event.name).exists()
return super().has_change_permission(request, obj)
def has_delete_permission(self, request, obj=None):
if request.user.is_superuser:
return True
if obj is not None:
return request.user.groups.filter(name=obj.event.name).exists()
return super().has_delete_permission(request, obj)
@admin.register(CTF) @admin.register(CTF)
class ctf(admin.ModelAdmin): class ctf(admin.ModelAdmin):
#list display #list display
list_display = ['name', 'event', 'category'] list_display = ['name', 'event', 'category', 'points']
#list Filter #list Filter
list_filter = ('category', 'event') list_filter = ('category', 'event')
# search list # search list
search_fields = ['category__name', 'name', 'author__username'] search_fields = ['category__name', 'name', 'author__username']
# Register your models here.
def get_queryset(self, request):
qs = super().get_queryset(request)
if request.user.is_superuser:
return qs
groups = list(request.user.groups.values_list('name', flat=True))
return qs.filter(event__name__in=groups)
def has_view_permission(self, request, obj=None):
if request.user.is_superuser:
return True
if obj is not None:
return request.user.groups.filter(name=obj.event.name).exists()
return super().has_view_permission(request, obj)
def has_change_permission(self, request, obj=None):
if request.user.is_superuser:
return True
if obj is not None:
return request.user.groups.filter(name=obj.event.name).exists()
return super().has_change_permission(request, obj)

View File

@ -0,0 +1,18 @@
# Generated by Django 3.2.11 on 2023-09-17 17:57
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('ctfs', '0008_auto_20220215_1713'),
]
operations = [
migrations.AddField(
model_name='ctf_flags',
name='bonus',
field=models.PositiveSmallIntegerField(default=0),
),
]

View File

@ -45,6 +45,7 @@ class CTF_flags(models.Model):
user = models.ForeignKey(User, unique=False, on_delete=models.CASCADE) user = models.ForeignKey(User, unique=False, on_delete=models.CASCADE)
ctf = models.ForeignKey(CTF, unique=False, on_delete=models.CASCADE) ctf = models.ForeignKey(CTF, unique=False, on_delete=models.CASCADE)
flag_date = models.DateTimeField('Flag date') flag_date = models.DateTimeField('Flag date')
bonus = models.PositiveSmallIntegerField(default=0)
class Meta: class Meta:
ordering = ['-flag_date'] ordering = ['-flag_date']

View File

@ -1,5 +1,5 @@
from django.contrib import admin from django.contrib import admin
from .models import Event, EventPlayer, Team from .models import Event, EventPlayer, Team, Bonus
@admin.register(Event) @admin.register(Event)
class event(admin.ModelAdmin): class event(admin.ModelAdmin):
@ -8,6 +8,27 @@ class event(admin.ModelAdmin):
# search list # search list
search_fields = ['name', 'slug', 'description', 'password'] search_fields = ['name', 'slug', 'description', 'password']
def get_queryset(self, request):
qs = super().get_queryset(request)
if request.user.is_superuser:
return qs
groups = list(request.user.groups.values_list('name', flat=True))
return qs.filter(name__in=groups)
def has_view_permission(self, request, obj=None):
if request.user.is_superuser:
return True
if obj is not None:
return request.user.groups.filter(name=obj.name).exists()
return super().has_view_permission(request, obj)
def has_change_permission(self, request, obj=None):
if request.user.is_superuser:
return True
if obj is not None:
return request.user.groups.filter(name=obj.name).exists()
return super().has_change_permission(request, obj)
@admin.register(EventPlayer) @admin.register(EventPlayer)
class score(admin.ModelAdmin): class score(admin.ModelAdmin):
#list display #list display
@ -17,7 +38,33 @@ class score(admin.ModelAdmin):
# search list # search list
search_fields = ['user__username', 'score', 'event__name'] search_fields = ['user__username', 'score', 'event__name']
# Register your models here. def get_queryset(self, request):
qs = super().get_queryset(request)
if request.user.is_superuser:
return qs
groups = list(request.user.groups.values_list('name', flat=True))
return qs.filter(event__name__in=groups)
def has_view_permission(self, request, obj=None):
if request.user.is_superuser:
return True
if obj is not None:
return request.user.groups.filter(name=obj.event.name).exists()
return super().has_view_permission(request, obj)
def has_change_permission(self, request, obj=None):
if request.user.is_superuser:
return True
if obj is not None:
return request.user.groups.filter(name=obj.event.name).exists()
return super().has_change_permission(request, obj)
def has_delete_permission(self, request, obj=None):
if request.user.is_superuser:
return True
if obj is not None:
return request.user.groups.filter(name=obj.event.name).exists()
return super().has_delete_permission(request, obj)
@admin.register(Team) @admin.register(Team)
class team(admin.ModelAdmin): class team(admin.ModelAdmin):
@ -27,3 +74,36 @@ class team(admin.ModelAdmin):
list_filter = ('event',) list_filter = ('event',)
# search list # search list
search_fields = ['name'] search_fields = ['name']
def get_queryset(self, request):
qs = super().get_queryset(request)
if request.user.is_superuser:
return qs
groups = list(request.user.groups.values_list('name', flat=True))
return qs.filter(event__name__in=groups)
def has_view_permission(self, request, obj=None):
if request.user.is_superuser:
return True
if obj is not None:
return request.user.groups.filter(name=obj.event.name).exists()
return super().has_view_permission(request, obj)
def has_change_permission(self, request, obj=None):
if request.user.is_superuser:
return True
if obj is not None:
return request.user.groups.filter(name=obj.event.name).exists()
return super().has_change_permission(request, obj)
def has_delete_permission(self, request, obj=None):
if request.user.is_superuser:
return True
if obj is not None:
return request.user.groups.filter(name=obj.event.name).exists()
return super().has_delete_permission(request, obj)
@admin.register(Bonus)
class bonus(admin.ModelAdmin):
#list display
list_display = ['points', 'absolute']

View File

@ -0,0 +1,28 @@
# Generated by Django 3.2.11 on 2023-09-17 17:00
import django.core.validators
from django.db import migrations, models
import django.db.models.deletion
class Migration(migrations.Migration):
dependencies = [
('events', '0010_event_campus'),
]
operations = [
migrations.CreateModel(
name='Bonus',
fields=[
('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('absolute', models.BooleanField(default=True)),
('points', models.CharField(max_length=100, validators=[django.core.validators.int_list_validator])),
],
),
migrations.AddField(
model_name='event',
name='bonus',
field=models.ForeignKey(null=True, on_delete=django.db.models.deletion.SET_NULL, to='events.bonus'),
),
]

View File

@ -0,0 +1,24 @@
# Generated by Django 3.2.11 on 2023-09-17 18:38
from django.db import migrations, models
import django.db.models.deletion
class Migration(migrations.Migration):
dependencies = [
('events', '0011_bonus_points'),
]
operations = [
migrations.AlterField(
model_name='event',
name='bonus',
field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, to='events.bonus'),
),
migrations.AlterField(
model_name='eventplayer',
name='team',
field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, to='events.team'),
),
]

View File

@ -1,10 +1,17 @@
from django.db import models from django.db import models
from django.contrib.auth.models import User from django.contrib.auth.models import User
from django.contrib.auth.models import timezone from django.contrib.auth.models import timezone
from django.core.validators import int_list_validator
import uuid import uuid
from accounts.models import Campus from accounts.models import Campus
# Create your models here. # Create your models here.
class Bonus(models.Model):
absolute = models.BooleanField(default=True)
points = models.CharField(validators=[int_list_validator], max_length=100)
def __str__(self):
return self.points
class Event(models.Model): class Event(models.Model):
id = models.UUIDField(primary_key=True, default=uuid.uuid4, editable=False) id = models.UUIDField(primary_key=True, default=uuid.uuid4, editable=False)
name = models.CharField(max_length=200) name = models.CharField(max_length=200)
@ -19,6 +26,7 @@ class Event(models.Model):
auto_match = models.BooleanField(default=False) auto_match = models.BooleanField(default=False)
dynamic = models.BooleanField(default=False) dynamic = models.BooleanField(default=False)
campus = models.ManyToManyField(Campus, blank=True) campus = models.ManyToManyField(Campus, blank=True)
bonus = models.ForeignKey(Bonus, null=True, on_delete=models.SET_NULL, blank=True)
def __str__(self): def __str__(self):
return self.name return self.name
@ -37,8 +45,6 @@ class EventPlayer(models.Model):
event = models.ForeignKey(Event, on_delete=models.CASCADE) event = models.ForeignKey(Event, on_delete=models.CASCADE)
score = models.PositiveIntegerField(default=0, db_index=True) score = models.PositiveIntegerField(default=0, db_index=True)
last_submission_date = models.DateTimeField('Last Submission Date', default=timezone.now) last_submission_date = models.DateTimeField('Last Submission Date', default=timezone.now)
team = models.ForeignKey(Team, on_delete=models.CASCADE, null=True) team = models.ForeignKey(Team, on_delete=models.CASCADE, null=True, blank=True)
class Meta: class Meta:
ordering = ['-score', 'last_submission_date', 'user__username'] ordering = ['-score', 'last_submission_date', 'user__username']

View File

@ -16,6 +16,9 @@
{% if registered == False %} {% if registered == False %}
<span class="message error-msg">{% trans "You need to be registered to the event." %}</span> <span class="message error-msg">{% trans "You need to be registered to the event." %}</span>
{% else %} {% else %}
{% if invalid == True %}
<span class="message error-msg">{% trans "Invalid characters in name" %}</span>
{% endif %}
{% if exist == True %} {% if exist == True %}
<span class="message error-msg">{% trans "Name already taken." %}</span> <span class="message error-msg">{% trans "Name already taken." %}</span>
{% endif %} {% endif %}

View File

@ -21,7 +21,10 @@
<div class="ctf-footer"> <div class="ctf-footer">
{% if request.user.is_authenticated %} {% if request.user.is_authenticated %}
{% if congrat == True %} {% if congrat == True %}
<p>{% trans "Congratulation !" %}</p> <p>{% trans "Congratulation !" %}</p>
{% if bonus|add:"0" > 0 %}
<p>{% trans "Bonus points awarded" %} : {{ bonus }}</p>
{% endif %}
{% elif alreadyflag == True %} {% elif alreadyflag == True %}
<p>{% trans "Already flagged" %}</p> <p>{% trans "Already flagged" %}</p>
{% elif eventisover == True %} {% elif eventisover == True %}
@ -96,6 +99,9 @@
<ul class="list-group"> <ul class="list-group">
<li class="list-group-item">{% trans "Author" %} : <a style="position:absolute;right: 15px;" class="profile_link {{is_member}}" href="{% url 'accounts:profile' user_name=ctf.author.username %}">{{ ctf.author.username }}</a></li> <li class="list-group-item">{% trans "Author" %} : <a style="position:absolute;right: 15px;" class="profile_link {{is_member}}" href="{% url 'accounts:profile' user_name=ctf.author.username %}">{{ ctf.author.username }}</a></li>
<li class="list-group-item">{% trans "Point reward" %} : <span style="position:absolute;right: 15px;">{{ ctf.points }}</span></li> <li class="list-group-item">{% trans "Point reward" %} : <span style="position:absolute;right: 15px;">{{ ctf.points }}</span></li>
{% if ctf.event.bonus %}
<li class="list-group-item">{% trans "Speed Bonuses" %} : <span style="position:absolute;right: 15px;">{{ bonus_points }}</span></li>
{% endif %}
</ul> </ul>
</div> </div>

View File

@ -26,7 +26,7 @@
{% endif %} {% endif %}
</div> </div>
<div class="event-footer"> <div class="event-footer">
{% if begun == True %} {% if begun == True or is_event_manager == True %}
<h4>{% trans "Challenges" %}</h4> <h4>{% trans "Challenges" %}</h4>
{% if ctfs %} {% if ctfs %}

View File

@ -0,0 +1,168 @@
{% extends 'base.html' %}
{% block content %}
{% load i18n %}
{% load key_value %}
{% load is_member %}
{% ismember user.userprofileinfo as is_member %}
<div class="row">
<div class="col-sm-12 col-md-9">
<a href="{% url 'events:event_info' event_slug=event.slug %}">< Back to event</a>
<div>
<h4>{% trans "Challenges Solved by" %} <span class="{{ is_member }}">{{ user.username }} - {{ event.name }}</span></h4>
{% if solves%}
<div class="table table-dark">
<div class="card-body">
<div id="time-chart"></div>
</div>
</div>
<table class="table table-dark">
<thead>
<tr>
<th scope="col">{% trans "Challenge Name" %}</th>
<th scope="col">{% trans "Category" %}</th>
<th scope="col">{% trans "Points" %}</th>
<th scope="col">{% trans "Bonus" %}</th>
<th scope="col">{% trans "Date" %}</th>
</tr>
</thead>
<tbody>
{% for s in solves %}
<tr>
<th scope="row"><a href="{% url 'events:event_chall_info' event_slug=event.slug chall_slug=s.ctf.slug %}">{{ s.ctf.name }}</a></th>
<td>{{ s.ctf.category.name}}</td>
<td>{{ s.ctf.points }}</td>
<td>{{ s.bonus }}</td>
<td>{{ s.flag_date|date:"Y-m-d H:i:s" }}</td>
</tr>
{% endfor %}
</tbody>
</table>
{% else %}
<p>{% trans "It seems that this user has not solved any challenge yet..." %}</p>
{% endif %}
</div>
</div>
<div class="d-none d-md-block col-10 col-md-3 right-sidebar">
<ul class="list-group">
<li class="list-group-item {{ is_member }}">{{ user.username }}</li>
<li class="list-group-item">{% trans "Score" %} : {{ score }}</li>
<li class="list-group-item">{% trans "Rank" %} : {{ rank }}</li>
{% if user.userprofileinfo.portfolio_site %}
<li class="list-group-item">
<a href="{{ user.userprofileinfo.portfolio_site }}" target="_blank">
{{ user.userprofileinfo.portfolio_site }}
</a>
</li>
{% endif %}
{% if member %}
<li class="list-group-item is-member">{% trans "Status: Member" %}</li>
{% else %}
<li class="list-group-item">{% trans "Status: Visitor" %}</li>
{% endif %}
<li class="list-group-item">{% trans "Registered since" %} {{ user.date_joined|date:"d-m-Y" }}</li>
</ul>
<ul class="list-group">
<li class="list-group-item">{% trans "Categories stats" %}</li>
{% for cat in catsDatas %}
<li class="list-group-item" style="padding-bottom: 3;padding-top: 0;">
<span>{{ cat.0 }}</span>
<div class="progress">
{% if cat.3 == '0' %}
<div class="progress-bar bg-success" role="progressbar" style="width: 0%;color:#d9d9d9;" aria-valuenow="0" aria-valuemin="0" aria-valuemax="100">0 %</div>
{% else %}
<div class="progress-bar bg-success" role="progressbar" style="width: {{ cat.3 }}%" aria-valuenow="{{ cat.3 }}" aria-valuemin="0" aria-valuemax="100">{{ cat.3 }} %</div>
{% endif %}
</div>
</li>
{% endfor %}
</ul>
<ul class="list-group">
<ul class="list-group">
<li class="list-group-item">{% trans "Challenges created" %}</li>
{% if created %}
{% for creat in created %}
<li class="list-group-item"><a href="{% url 'ctf' cat_slug=creat.category.slug ctf_slug=creat.slug %}">{{ creat.name }}</a></li>
{% endfor %}
{% else %}
<li class="list-group-item">{% trans "It seems that this user has not created any challenge yet..." %}</li>
{% endif %}
</ul>
</ul>
</div>
</div>
<script src="https://code.highcharts.com/highcharts.src.js"></script>
<script>
Highcharts.theme={colors:["#2b908f","#90ee7e","#f45b5b","#7798BF","#aaeeee","#ff0066","#eeaaee","#55BF3B","#DF5353","#7798BF","#aaeeee"],chart:{backgroundColor:{linearGradient:{x1:0,y1:0,x2:1,y2:1},stops:[[0,"#1D1D1D"],[1,"#1D1D1D"]]},style:{fontFamily:"'Unica One', sans-serif"},plotBorderColor:"#606063"},title:{style:{color:"#E0E0E3",textTransform:"uppercase",fontSize:"20px"}},subtitle:{style:{color:"#E0E0E3",textTransform:"uppercase"}},xAxis:{gridLineColor:"#707073",labels:{style:{color:"#E0E0E3"}},lineColor:"#707073",minorGridLineColor:"#505053",tickColor:"#707073",title:{style:{color:"#A0A0A3"}}},yAxis:{gridLineColor:"#707073",labels:{style:{color:"#E0E0E3"}},lineColor:"#707073",minorGridLineColor:"#505053",tickColor:"#707073",tickWidth:1,title:{style:{color:"#A0A0A3"}}},tooltip:{backgroundColor:"rgba(0, 0, 0, 0.85)",style:{color:"#F0F0F0"}},plotOptions:{series:{dataLabels:{color:"#F0F0F3",style:{fontSize:"13px"}},marker:{lineColor:"#333"}},boxplot:{fillColor:"#505053"},candlestick:{lineColor:"white"},errorbar:{color:"white"}},legend:{backgroundColor:"#1D1D1D",itemStyle:{color:"#E0E0E3"},itemHoverStyle:{color:"#FFF"},itemHiddenStyle:{color:"#606063"},title:{style:{color:"#C0C0C0"}}},credits:{style:{color:"#666"}},labels:{style:{color:"#707073"}},drilldown:{activeAxisLabelStyle:{color:"#F0F0F3"},activeDataLabelStyle:{color:"#F0F0F3"}},navigation:{buttonOptions:{symbolStroke:"#DDDDDD",theme:{fill:"#505053"}}},rangeSelector:{buttonTheme:{fill:"#505053",stroke:"#000000",style:{color:"#CCC"},states:{hover:{fill:"#707073",stroke:"#000000",style:{color:"white"}},select:{fill:"#000003",stroke:"#000000",style:{color:"white"}}}},inputBoxBorderColor:"#505053",inputStyle:{backgroundColor:"#333",color:"silver"},labelStyle:{color:"silver"}},navigator:{handles:{backgroundColor:"#666",borderColor:"#AAA"},outlineColor:"#CCC",maskFill:"rgba(255,255,255,0.1)",series:{color:"#7798BF",lineColor:"#A6C7ED"},xAxis:{gridLineColor:"#505053"}},scrollbar:{barBackgroundColor:"#808083",barBorderColor:"#808083",buttonArrowColor:"#CCC",buttonBackgroundColor:"#606063",buttonBorderColor:"#606063",rifleColor:"#FFF",trackBackgroundColor:"#404043",trackBorderColor:"#404043"}};
Highcharts.setOptions(Highcharts.theme);
Highcharts.chart('time-chart', {
title: {
text: 'Points earned for each category'
},
yAxis: {
title: {
text: 'Points earned'
}
},
xAxis: {
type: 'datetime',
labels: {
formatter: function() {
return Highcharts.dateFormat('%d.%b %Y',
this.value);
}
}
},
legend: {
layout: 'vertical',
align: 'right',
verticalAlign: 'middle'
},
plotOptions: {
pointStart: {{ user.date_joined|timestamp_fromdate }},
series: {
label: {
connectorAllowed: false
},
allowPointSelect: true,
marker: {
enabled: true
}
}
},
series: [
{
name: 'Total',
data: {{ solved|safe }}
},
{% for cat in cats %}
{
name: '{{ cat.name }}',
data: {{ pointDatas|keyvalue:cat.name|safe }},
visible: false,
},
{% endfor %}
],
responsive: {
rules: [{
condition: {
maxWidth: 500
},
chartOptions: {
legend: {
layout: 'horizontal',
align: 'center',
verticalAlign: 'bottom'
}
}
}]
}
});
</script>
{% endblock %}

View File

@ -41,6 +41,31 @@ def actualize_points(ctf):
player.team.score -= diff player.team.score -= diff
player.team.save() player.team.save()
def compute_bonus_points(ctf):
if not ctf.event.bonus:
return 0
solves = CTF_flags.objects.filter(ctf=ctf)
bonuses = ctf.event.bonus.points.split(',')
if len(solves) >= len(bonuses):
return 0
else:
if ctf.event.bonus.absolute == True:
return int(bonuses[len(solves)])
else:
return int(bonuses[len(solves)]) * ctf.points // 100
def format_bonus_points(ctf):
if not ctf.event.bonus:
return None
bonuses = ctf.event.bonus.points.split(',')
if ctf.event.bonus.absolute == True:
return ''.join([b + ', ' for b in bonuses])[:-2]
return ''.join([str(ctf.points * int(b) // 100) + ', ' for b in bonuses])[:-2]
# Create your views here. # Create your views here.
def events(request): def events(request):
list_events = Event.objects.filter().order_by('-end_date', 'start_date') list_events = Event.objects.filter().order_by('-end_date', 'start_date')
@ -50,7 +75,8 @@ def chall_event_info(request, event_slug, chall_slug):
event_info = get_object_or_404(Event, slug=event_slug) event_info = get_object_or_404(Event, slug=event_slug)
ctf_info = get_object_or_404(CTF, event__slug=event_info.slug, slug=chall_slug) ctf_info = get_object_or_404(CTF, event__slug=event_info.slug, slug=chall_slug)
if timezone.now() < ctf_info.pub_date: is_event_manager = request.user.groups.filter(name=event_info.name).exists() or request.user.is_superuser
if timezone.now() < ctf_info.pub_date and not is_event_manager:
return redirect('events:event_info', event_slug=event_slug) return redirect('events:event_info', event_slug=event_slug)
eventisover = False eventisover = False
alreadyflag = False alreadyflag = False
@ -60,6 +86,7 @@ def chall_event_info(request, event_slug, chall_slug):
notsub = False notsub = False
noteam = False noteam = False
player = None player = None
bonus = 0
if request.user.is_authenticated and not request.user.is_staff: if request.user.is_authenticated and not request.user.is_staff:
player = EventPlayer.objects.filter(event=event_info, user=request.user) player = EventPlayer.objects.filter(event=event_info, user=request.user)
if not player: if not player:
@ -80,6 +107,8 @@ def chall_event_info(request, event_slug, chall_slug):
notsub = True notsub = True
if request.GET.get('NoTeam'): if request.GET.get('NoTeam'):
noteam = True noteam = True
bonus = request.GET.get('Bonus')
bonus_points = format_bonus_points(ctf_info)
solved_challs = CTF_flags.objects.filter(ctf=ctf_info).order_by('flag_date') solved_challs = CTF_flags.objects.filter(ctf=ctf_info).order_by('flag_date')
solved_list = [] solved_list = []
for s in solved_challs: for s in solved_challs:
@ -89,57 +118,59 @@ def chall_event_info(request, event_slug, chall_slug):
solved_list.append([s.user, s.flag_date]) solved_list.append([s.user, s.flag_date])
description = get_description_by_lang(ctf_info) description = get_description_by_lang(ctf_info)
return render(request, 'events/ctf_info.html', { 'ctf' : ctf_info, 'event':event_info, 'solved_list': solved_list, 'description': description, 'eventisover': eventisover, 'alreadyflag': alreadyflag, return render(request, 'events/ctf_info.html', { 'ctf' : ctf_info, 'event':event_info, 'solved_list': solved_list, 'description': description, 'eventisover': eventisover, 'alreadyflag': alreadyflag,
'congrat': congrat, 'wrongflag': wrongflag, 'errorform': errorform, 'notsub': notsub, 'noteam':noteam}) 'congrat': congrat, 'wrongflag': wrongflag, 'errorform': errorform, 'notsub': notsub, 'noteam':noteam, 'bonus':bonus, 'bonus_points':bonus_points})
def event(request, event_slug): def event(request, event_slug):
event_info = get_object_or_404(Event, slug=event_slug) event_info = get_object_or_404(Event, slug=event_slug)
IsRegistered = False
wrongpwd = False wrongpwd = False
alreadyregistered = False alreadyregistered = False
subisover = False subisover = False
is_event_manager = request.user.groups.filter(name=event_info.name).exists() or request.user.is_superuser
ended = (timezone.now() >= event_info.end_date)
begun = (timezone.now() >= event_info.start_date)
if is_event_manager: # we want to see all the challenges
challenges = CTF.objects.filter(event=event_info).order_by('category', 'points')
else:
challenges = CTF.objects.filter(event=event_info, pub_date__lte=timezone.now()).order_by('category', 'points')
if event_info.team_size == 1:
solved_list = EventPlayer.objects.filter(event=event_info).order_by('-score', 'last_submission_date', 'user__username')
else:
solved_list = Team.objects.filter(event=event_info).order_by('-score', 'last_submission_date', 'name')
if request.GET.get('WrongPassword'): if request.GET.get('WrongPassword'):
wrongpwd = True wrongpwd = True
if request.GET.get('AlreadyRegistered'): if request.GET.get('AlreadyRegistered'):
alreadyregistered = True alreadyregistered = True
if request.GET.get('SubscriptionIsOver'): if request.GET.get('SubscriptionIsOver'):
subisover = True subisover = True
if request.user.is_authenticated: if request.user.is_authenticated:
try: try:
player = EventPlayer.objects.get(event=event_info, user=request.user) EventPlayer.objects.get(event=event_info, user=request.user)
return render(request, 'events/event_info.html', {'event' : event_info, 'IsRegistered': True, 'ctfs': challenges, 'solved_list':solved_list,
'ended': ended, 'begun': begun, 'wrongpwd': wrongpwd, 'alreadyregistered': alreadyregistered, 'subisover': subisover, 'is_event_manager':is_event_manager})
except: except:
player = None pass
if player:
IsRegistered = True if (event_info.campus.all() or event_info.password) and request.user.is_authenticated is False:
if event_info.campus.all(): return render(request, 'events/event_pwd.html', {'event' : event_info, 'logged': False})
if request.user.is_authenticated:
if request.user.is_staff is False: if event_info.campus.all() and is_event_manager is False:
user = UserProfileInfo.objects.get(user=request.user) user = UserProfileInfo.objects.get(user=request.user)
if user.campus is None: if user.campus is None:
return render(request, 'events/event_pwd.html', {'event' : event_info, 'logged': True, 'wrongpwd': wrongpwd, 'alreadyregistered': alreadyregistered, 'userHasCampus': False, 'campusCanJoin': True}) return render(request, 'events/event_pwd.html', {'event' : event_info, 'logged': True, 'wrongpwd': wrongpwd, 'alreadyregistered': alreadyregistered, 'userHasCampus': False, 'campusCanJoin': True})
elif user.campus not in event_info.campus.all(): elif user.campus not in event_info.campus.all():
return render(request, 'events/event_pwd.html', {'event' : event_info, 'logged': True, 'wrongpwd': wrongpwd, 'alreadyregistered': alreadyregistered, 'userHasCampus': True, 'campusCanJoin': False}) return render(request, 'events/event_pwd.html', {'event' : event_info, 'logged': True, 'wrongpwd': wrongpwd, 'alreadyregistered': alreadyregistered, 'userHasCampus': True, 'campusCanJoin': False})
else:
return render(request, 'events/event_pwd.html', {'event' : event_info, 'logged': False, 'wrongpwd': wrongpwd, 'alreadyregistered': alreadyregistered, 'userHasCampus': True, 'campusCanJoin': True}) if event_info.password and is_event_manager is False:
if event_info.password: return render(request, 'events/event_pwd.html', {'event' : event_info, 'logged': True, 'wrongpwd': wrongpwd, 'alreadyregistered': alreadyregistered, 'userHasCampus': True, 'campusCanJoin': True})
if request.user.is_authenticated:
if request.user.is_staff is False: return render(request, 'events/event_info.html', {'event' : event_info, 'ctfs': challenges, 'solved_list':solved_list, 'IsRegistered': False,
if not player: 'ended': ended, 'begun': begun, 'wrongpwd': wrongpwd, 'alreadyregistered': alreadyregistered, 'subisover': subisover, 'is_event_manager':is_event_manager})
return render(request, 'events/event_pwd.html', {'event' : event_info, 'logged': True, 'wrongpwd': wrongpwd, 'alreadyregistered': alreadyregistered, 'userHasCampus': True, 'campusCanJoin': True})
else:
return render(request, 'events/event_pwd.html', {'event' : event_info, 'logged': False, 'wrongpwd': wrongpwd, 'alreadyregistered': alreadyregistered, 'userHasCampus': True, 'campusCanJoin': True})
ended = False
if timezone.now() >= event_info.end_date:
ended = True
begun = False
if timezone.now() >= event_info.start_date:
begun = True
challenges = CTF.objects.filter(event=event_info, pub_date__lte=timezone.now()).order_by('category', 'points')
if event_info.team_size == 1:
solved_list = EventPlayer.objects.filter(event=event_info).order_by('-score', 'last_submission_date', 'user__username')
else:
solved_list = Team.objects.filter(event=event_info).order_by('-score', 'last_submission_date', 'name')
return render(request, 'events/event_info.html', {'event' : event_info, 'IsRegistered': IsRegistered, 'ctfs': challenges, 'solved_list':solved_list,
'ended': ended, 'begun': begun, 'wrongpwd': wrongpwd, 'alreadyregistered': alreadyregistered, 'subisover': subisover})
@login_required @login_required
def submit_event_flag(request, event_slug, chall_slug): def submit_event_flag(request, event_slug, chall_slug):
@ -183,20 +214,21 @@ def submit_event_flag(request, event_slug, chall_slug):
if form.is_valid(): if form.is_valid():
if ctf_info.flag == request.POST.get('flag'): if ctf_info.flag == request.POST.get('flag'):
new = CTF_flags(user = request.user, ctf = ctf_info, flag_date = timezone.now()) bonus = compute_bonus_points(ctf_info)
new = CTF_flags(user = request.user, ctf = ctf_info, flag_date = timezone.now(), bonus = bonus)
new.save() new.save()
if ctf_info.points > 0: if ctf_info.points > 0:
player.last_submission_date = timezone.now() player.last_submission_date = timezone.now()
player.score += ctf_info.points player.score += (ctf_info.points + bonus)
player.save() player.save()
if player.team: if player.team:
if ctf_info.points > 0: if ctf_info.points > 0:
player.team.last_submission_date = timezone.now() player.team.last_submission_date = timezone.now()
player.team.score += ctf_info.points player.team.score += (ctf_info.points + bonus)
player.team.save() player.team.save()
if ev.dynamic: if ev.dynamic:
actualize_points(ctf_info) actualize_points(ctf_info)
response['Location'] += '?Congrat=1' response['Location'] += '?Congrat=1&Bonus=' + str(bonus)
return response return response
else: else:
response['Location'] += '?WrongFlag=1' response['Location'] += '?WrongFlag=1'
@ -278,7 +310,7 @@ def profile(request, user_name, event_slug):
percent = (solved_count / max_count) * 100 percent = (solved_count / max_count) * 100
catsDatas.append([cat.name, solved_count, max_count, '{:.0f}'.format(percent)]) catsDatas.append([cat.name, solved_count, max_count, '{:.0f}'.format(percent)])
for flag in solved: for flag in solved:
somme += flag.ctf.points somme += (flag.ctf.points + flag.bonus)
pointDatas[cat.name].append([flag.flag_date.timestamp() * 1000, somme]) pointDatas[cat.name].append([flag.flag_date.timestamp() * 1000, somme])
solves = CTF_flags.objects.filter(user=user_obj, ctf__event=event_info).order_by('-flag_date') solves = CTF_flags.objects.filter(user=user_obj, ctf__event=event_info).order_by('-flag_date')
@ -286,10 +318,10 @@ def profile(request, user_name, event_slug):
somme = 0 somme = 0
solved.append([event_info.start_date.timestamp() * 1000, 0]) solved.append([event_info.start_date.timestamp() * 1000, 0])
for s in solves.reverse(): for s in solves.reverse():
somme += s.ctf.points somme += (s.ctf.points + s.bonus)
solved.append([s.flag_date.timestamp() * 1000,somme]) solved.append([s.flag_date.timestamp() * 1000,somme])
return render(request,'accounts/profile.html', {'user':user_obj, 'solves':solves,'solved':solved,'catsDatas': catsDatas, 'pointDatas': pointDatas, return render(request,'events/profile.html', {'user':user_obj, 'solves':solves,'solved':solved,'catsDatas': catsDatas, 'pointDatas': pointDatas,
'rank': rank, 'score' : somme, 'cats':cats}) 'rank': rank, 'score' : player.score, 'cats':cats, 'event': event_info})

View File

@ -13,10 +13,13 @@ from random import randint
def create_team(request, event_slug): def create_team(request, event_slug):
ev = get_object_or_404(Event, slug=event_slug) ev = get_object_or_404(Event, slug=event_slug)
if request.method == 'POST': if request.method == 'POST':
teamname = request.POST.get('teamname')
if request.user.is_authenticated and ev.team_size > 1: if request.user.is_authenticated and ev.team_size > 1:
if Team.objects.filter(name=request.POST.get('teamname'), event=ev).exists(): if any(c in set('./') for c in teamname):
return render(request, 'events/create_team.html', {'event' : ev, 'logged': True, 'wrongpwd': False, 'registered' : True, 'exist' : False, 'invalid' : True})
if Team.objects.filter(name=teamname, event=ev).exists():
return render(request, 'events/create_team.html', {'event' : ev, 'logged': True, 'wrongpwd': False, 'registered' : True, 'exist' : True}) return render(request, 'events/create_team.html', {'event' : ev, 'logged': True, 'wrongpwd': False, 'registered' : True, 'exist' : True})
new = Team(name=request.POST.get('teamname'), password=request.POST.get('password'), event=ev) new = Team(name=teamname, password=request.POST.get('password'), event=ev)
new.save() new.save()
player = EventPlayer.objects.get(user=request.user, event=ev) player = EventPlayer.objects.get(user=request.user, event=ev)
player.team = new player.team = new
@ -115,9 +118,10 @@ def manage_team(request, event_slug):
pname = p_form.cleaned_data['name'] pname = p_form.cleaned_data['name']
if pname == tname: if pname == tname:
pass pass
else: elif any(c in set('./') for c in pname):
if Team.objects.filter(name=pname, event=event_info).exists(): error = _("Invalid characters in name")
error = _("Name already taken.") elif Team.objects.filter(name=pname, event=event_info).exists():
error = _("Name already taken.")
ppassword = p_form.cleaned_data['password'] ppassword = p_form.cleaned_data['password']
if error is None: if error is None:
p_form.save() p_form.save()
@ -137,18 +141,20 @@ def leave_team(request, event_slug):
player = EventPlayer.objects.get(user=request.user, event=event_info) player = EventPlayer.objects.get(user=request.user, event=event_info)
team = Team.objects.get(event=event_info, name=player.team.name) team = Team.objects.get(event=event_info, name=player.team.name)
team.score -= player.score
team.save()
player.team = None player.team = None
player.save()
members = EventPlayer.objects.filter(team=team, event=event_info)
if members.count() == 0:
team.delete()
else:
team.score -= player.score
team.save()
solved = CTF_flags.objects.filter(user=player.user, ctf__event=event_info) solved = CTF_flags.objects.filter(user=player.user, ctf__event=event_info)
player.score = 0 player.score = 0
solved.delete() solved.delete()
player.save() player.save()
members = EventPlayer.objects.filter(team=team, event=event_info)
if members.count() == 0:
team.delete()
return redirect('events:event_info', event_slug=event_slug) return redirect('events:event_info', event_slug=event_slug)
@login_required @login_required

View File

@ -35,7 +35,6 @@ def home(request):
lang_code = request.session[LANGUAGE_SESSION_KEY] lang_code = request.session[LANGUAGE_SESSION_KEY]
url_translated = translate_url(request.path, lang_code) url_translated = translate_url(request.path, lang_code)
if request.path != url_translated: if request.path != url_translated:
print("%s\n%s" % (request.path, url_translated))
response = HttpResponseRedirect(url_translated) response = HttpResponseRedirect(url_translated)
return response return response
news = new.objects.order_by('-pub_date')[:5] news = new.objects.order_by('-pub_date')[:5]

View File

@ -16,7 +16,7 @@
- <a href="https://cutter.re">cutter</a></br> - <a href="https://cutter.re">cutter</a></br>
- <a href="https://github.com/ReFirmLabs/binwalk">binwalk</a></br> - <a href="https://github.com/ReFirmLabs/binwalk">binwalk</a></br>
- <a href="https://rada.re">r2</a></br> - <a href="https://rada.re">r2</a></br>
- <a href="https://gef.readthedocs.io/en/master/">gdb/gef</a></br> - <a href="https://hugsy.github.io/gef/">gdb/gef</a></br>
- qemu-user</br> - qemu-user</br>
<br> <br>
{% trans "If you want to solve the challenges on your own machine, we recommend you to use a Linux operating system."%} {% trans "If you want to solve the challenges on your own machine, we recommend you to use a Linux operating system."%}

View File

@ -95,7 +95,7 @@
<a href="{% url 'accounts:edit' %}" class="nav-link">{{ request.user.username }}</a> <a href="{% url 'accounts:edit' %}" class="nav-link">{{ request.user.username }}</a>
</li> </li>
<li class="nav-item dropdown"> <li class="nav-item dropdown">
<span class="nav-link">{{ request.user.userprofileinfo.score }}</span> <a class="nav-link" href="{% url 'accounts:profile' user %}">{{ request.user.userprofileinfo.score }}</a>
</li> </li>
<li class="nav-item dropdown"> <li class="nav-item dropdown">
<a class="nav-link" href="{% url 'accounts:out' %}">{% translate "Logout" %}</a> <a class="nav-link" href="{% url 'accounts:out' %}">{% translate "Logout" %}</a>