forked from CTFd/CTFd
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix admin cannot modify verified status in Edit User (CTFd#777)
* Grant admin write access to verified field in UserSchema. * Add test admin can view and modify verified status * Add test for creating users with settings * Add codecov threshold for test failures
- Loading branch information
Showing
3 changed files
with
42 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| coverage: | ||
| status: | ||
| project: | ||
| default: | ||
| # Fail the status if coverage drops by >= 1% | ||
| threshold: 1 | ||
| patch: | ||
| default: | ||
| threshold: 1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -92,6 +92,32 @@ def test_api_users_post_admin(): | |
| destroy_ctfd(app) | ||
|
|
||
|
|
||
| def test_api_users_post_admin_with_attributes(): | ||
| """Can a user post /api/v1/users with user settings""" | ||
| app = create_ctfd() | ||
| with app.app_context(): | ||
| with login_as_user(app, 'admin') as client: | ||
| # Create user | ||
| r = client.post('/api/v1/users', json={ | ||
| "name": "user", | ||
| "email": "[email protected]", | ||
| "password": "password", | ||
| "banned": True, | ||
| "hidden": True, | ||
| "verified": True | ||
| }) | ||
| assert r.status_code == 200 | ||
|
|
||
| # Make sure password was hashed properly | ||
| user = Users.query.filter_by(email='[email protected]').first() | ||
| assert user | ||
| assert verify_password('password', user.password) | ||
| assert user.banned | ||
| assert user.hidden | ||
| assert user.verified | ||
| destroy_ctfd(app) | ||
|
|
||
|
|
||
| def test_api_team_get_public(): | ||
| """Can a user get /api/v1/team/<user_id> if users are public""" | ||
| app = create_ctfd() | ||
|
|
@@ -168,10 +194,13 @@ def test_api_user_patch_admin(): | |
| "name": "user", | ||
| "email": "[email protected]", | ||
| "password": "password", | ||
| "country": "US" | ||
| "country": "US", | ||
| "verified": True | ||
| }) | ||
| assert r.status_code == 200 | ||
| assert r.get_json()['data'][0]['country'] == 'US' | ||
| user_data = r.get_json()['data'][0] | ||
| assert user_data['country'] == 'US' | ||
| assert user_data['verified'] is True | ||
| destroy_ctfd(app) | ||
|
|
||
|
|
||
|
|
||