From 9397e564ef266ac7b6bb77409c6158aee978a3df Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Roberto=20Guill=C3=A9n?= <robertoguillen@me.com>
Date: Sat, 5 Feb 2022 19:47:59 +0100
Subject: [PATCH] Added TryIT custom challenges

---
 CTFd/api/v1/challenges.py                     | 13 +++++++
 CTFd/plugins/daetsiinf_tryit_flag/__init__.py | 27 ++++++++++++++
 .../daetsiinf_tryit_flag/assets/create.html   |  9 +++++
 .../daetsiinf_tryit_flag/assets/edit.html     | 14 +++++++
 .../themes/core/assets/js/pages/challenges.js |  5 ++-
 CTFd/themes/core/templates/challenge.html     | 37 +++++++++++++------
 6 files changed, 92 insertions(+), 13 deletions(-)
 create mode 100644 CTFd/plugins/daetsiinf_tryit_flag/__init__.py
 create mode 100644 CTFd/plugins/daetsiinf_tryit_flag/assets/create.html
 create mode 100644 CTFd/plugins/daetsiinf_tryit_flag/assets/edit.html

diff --git a/CTFd/api/v1/challenges.py b/CTFd/api/v1/challenges.py
index e5594999c..c0deb0b02 100644
--- a/CTFd/api/v1/challenges.py
+++ b/CTFd/api/v1/challenges.py
@@ -473,8 +473,19 @@ def get(self, challenge_id):
             attempts = Submissions.query.filter_by(
                 account_id=user.account_id, challenge_id=challenge_id
             ).count()
+
+            is_tryit_challenge = len(Flags.query.filter_by(
+                challenge_id=chal.id,
+                type="TryIT").all()) > 0
+
+            user_id = user.id
+
+
         else:
             attempts = 0
+            is_tryit_challenge = False
+            user_id = 0
+
 
         response["solves"] = solve_count
         response["solved_by_me"] = solved_by_user
@@ -493,6 +504,8 @@ def get(self, challenge_id):
             max_attempts=chal.max_attempts,
             attempts=attempts,
             challenge=chal,
+            is_tryit_challenge=is_tryit_challenge,
+            user_id=user_id
         )
 
         db.session.close()
diff --git a/CTFd/plugins/daetsiinf_tryit_flag/__init__.py b/CTFd/plugins/daetsiinf_tryit_flag/__init__.py
new file mode 100644
index 000000000..64fec91a1
--- /dev/null
+++ b/CTFd/plugins/daetsiinf_tryit_flag/__init__.py
@@ -0,0 +1,27 @@
+from CTFd.plugins import register_plugin_assets_directory
+from CTFd.plugins.flags import FLAG_CLASSES, BaseFlag
+from CTFd.utils.user import get_current_user
+import hashlib
+
+
+# Represents a flag about
+class TryITFlag(BaseFlag):
+    name = "TryIT"
+    templates = {  # Nunjucks templates used for key editing & viewing
+        "create": "/plugins/daetsiinf_tryit_flag/assets/create.html",
+        "update": "/plugins/daetsiinf_tryit_flag/assets/edit.html",
+    }
+
+
+    @staticmethod
+    def compare(chal_key_obj, provided):
+        saved = chal_key_obj.content
+
+        expected_flag_content = "%d:%s" % (get_current_user().id, saved)
+        expected_input = "tryIT{%s}" % hashlib.md5(expected_flag_content.encode('utf-8')).hexdigest()
+        return expected_input == provided
+
+
+def load(app):
+    FLAG_CLASSES["TryIT"] = TryITFlag
+    register_plugin_assets_directory(app, base_path="/plugins/daetsiinf_tryit_flag/assets/")
diff --git a/CTFd/plugins/daetsiinf_tryit_flag/assets/create.html b/CTFd/plugins/daetsiinf_tryit_flag/assets/create.html
new file mode 100644
index 000000000..d60957b5f
--- /dev/null
+++ b/CTFd/plugins/daetsiinf_tryit_flag/assets/create.html
@@ -0,0 +1,9 @@
+<label>
+	TryIT Flag<br>
+	<small>Enter the value for the TryIT flag. If you type "foo" as the value of the flag,
+	players will need to type <code>TryIT{md5("playerid:foo")}</code> in order to solve it</small>
+</label>
+<div class="form-group">
+	<input type="text" class="form-control" name="content" value="{{ content }}">
+</div>
+<input type="hidden" name="type" value="TryIT">
diff --git a/CTFd/plugins/daetsiinf_tryit_flag/assets/edit.html b/CTFd/plugins/daetsiinf_tryit_flag/assets/edit.html
new file mode 100644
index 000000000..24c727937
--- /dev/null
+++ b/CTFd/plugins/daetsiinf_tryit_flag/assets/edit.html
@@ -0,0 +1,14 @@
+<label>
+	TryIT Flag<br>
+	<small>Enter the value for the TryIT flag. If you type "foo" as the value of the flag,
+	players will need to type <code>TryIT{md5("playerid:foo")}</code> in order to solve it</small>
+</label>
+<div class="form-group">
+	<input type="text" class="form-control" name="content" value="{{ content }}">
+</div>
+<input type="hidden" name="type" value="TryIT">
+<input type="hidden" name="id" value="{{ id }}">
+<hr>
+<div class="form-group">
+	<button class="btn btn-success float-right">Update</button>
+</div>
diff --git a/CTFd/themes/core/assets/js/pages/challenges.js b/CTFd/themes/core/assets/js/pages/challenges.js
index 27014b6e8..5532a7dd2 100644
--- a/CTFd/themes/core/assets/js/pages/challenges.js
+++ b/CTFd/themes/core/assets/js/pages/challenges.js
@@ -106,7 +106,10 @@ const displayChal = chal => {
     });
 
     $("#challenge-submit").click(function(event) {
-      event.preventDefault();
+      if (!document.getElementById("challenge-form").checkValidity()) {
+	return;
+      }
+
       $("#challenge-submit").addClass("disabled-button");
       $("#challenge-submit").prop("disabled", true);
       CTFd._internal.challenge
diff --git a/CTFd/themes/core/templates/challenge.html b/CTFd/themes/core/templates/challenge.html
index d89e95212..459c2e65c 100644
--- a/CTFd/themes/core/templates/challenge.html
+++ b/CTFd/themes/core/templates/challenge.html
@@ -105,21 +105,34 @@ <h3 class="challenge-value text-center">
 						</div>
 						{% endif %}
 
-						<div class="row submit-row">
-							<div class="col-md-9 form-group">
-								{% block input %}
+						{% if is_tryit_challenge %}
+						<div class="row">
+							<div class="col-md-12 form-group">
+								Remember to hash your answer with your user id ({{user_id}})! If you think the answer is <code>emacs_is_awesome</code>, then you have to type <code>tryIT{md5({{user_id}}:emacs_is_awesome)}</code>. <a href="#">More information</a>.<br /><br />
+								Example: <code>tryIT{39d85f9f34b1a4c512dd834925d329ae}</code>
+							</div>
+						</div>
+						{% endif %}
+
+						<form id="challenge-form">
+							<div class="row submit-row">
+								<div class="col-md-9 form-group">
+									{% block input %}
 									<input id="challenge-id" class="challenge-id" type="hidden" value="{{ challenge.id }}">
+									{% if is_tryit_challenge %}
+									<input id="challenge-input" class="challenge-input" type="text" name="answer" pattern="tryIT\{[0-9a-f]{32}\}" placeholder="Flag" required title="The flag must be something like: tryIT{39d85f9f34b1a4c512dd834925d329ae}" />
+									{% else %}
 									<input id="challenge-input" class="challenge-input" type="text" name="answer" placeholder="Flag"/>
-								{% endblock %}
-							</div>
-							<div class="col-md-3 form-group key-submit">
-								{% block submit %}
-								<button id="challenge-submit" class="challenge-submit" type="submit">
-									Submit
-								</button>
-								{% endblock %}
+									{% endif %}
+									{% endblock %}
+								</div>
+								<div class="col-md-3 form-group key-submit">
+									{% block submit %}
+									<input id="challenge-submit" class="challenge-submit" type="submit" />
+									{% endblock %}
+								</div>
 							</div>
-						</div>
+						</form>
 
 						<div class="row notification-row">
 							<div class="col-md-12">