Add initial tests

.github/workflows/notify.yml

@@ -15,8 +15,7 @@ jobs:
           nodetail: true
           title: ${{ github.actor }} pushed to `${{ github.ref }}`
           description: |
-            **Commit delta**: `${{ github.event.before }}` → `${{ github.event.after }}`
-            ---
+           ---
             **Changes**: ${{ github.event.compare }}
             ---
             **Commits**:

.github/workflows/test.yml

@@ -0,0 +1,74 @@
+name: "Run tests"
+
+on:
+  workflow_dispatch:
+  push:
+
+
+jobs:
+  test:
+    name: "Run tests"
+    runs-on: ubuntu-latest
+    services:
+      postgres:
+        image: postgres
+        env:
+          POSTGRES_DB: ctfhub
+          POSTGRES_USER: ctfhub
+          POSTGRES_PASSWORD: ctfhub
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        ports:
+          - 5432:5432
+
+      hedgedoc:
+        image: quay.io/hedgedoc/hedgedoc:alpine
+        env:
+          CMD_DB_URL: postgres://ctfhub:ctfhub@postgres:5432/ctfhub
+          CMD_ALLOW_ANONYMOUS: false
+          CMD_ALLOW_FREEURL: true
+          CMD_IMAGE_UPLOAD_TYPE: filesystem
+          CMD_DOMAIN: localhost
+          CMD_PORT: 3000
+          CMD_URL_ADDPORT: true
+          CMD_PROTOCOL_USESSL: false
+        ports:
+          - 3000:3000
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Setup environment vars
+        run: |
+          echo CTFPAD_PROTOCOL=http >> $GITHUB_ENV
+          echo CTFPAD_DOMAIN=localhost >> $GITHUB_ENV
+          echo CTFPAD_PORT=8000 >> $GITHUB_ENV
+          echo CTFPAD_DB_NAME=ctfhub >> $GITHUB_ENV
+          echo CTFPAD_DB_USER=ctfhub >> $GITHUB_ENV
+          echo CTFPAD_DB_PASSWORD=ctfhub >> $GITHUB_ENV
+          echo CTFPAD_DB_HOST=localhost >> $GITHUB_ENV
+          echo CTFPAD_DB_PORT=5432 >> $GITHUB_ENV
+          echo CTFPAD_HEDGEDOC_URL=http://localhost:3000 >> $GITHUB_ENV
+          echo CTFPAD_HEDGEDOC_IS_INTERNAL=0 >> $GITHUB_ENV
+
+      - name: Setup Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.10'
+
+      - name: Python pre-requisites
+        run: |
+          python -m pip install pip --user --upgrade
+          python -m pip install -r requirements.txt --user --upgrade
+
+      - name: Migrate DB
+        run: |
+          python manage.py migrate
+
+      - name: Execute Tests
+        run: |
+          py.test

Dockerfile

@@ -1,24 +1,20 @@
 # https://hub.docker.com/_/python?tab=description
-FROM python:3.11-buster
+FROM python:3.10-buster
 
 ENV PYTHONUNBUFFERED 1
 ENV PYTHONDONTWRITEBYTECODE 1
 ENV DEBUG 0
 
 RUN \
- apt-get update && \
- apt-get upgrade -y && \
- apt-get install -y libpq-dev python3-dev postgresql-client && \
- apt-get autoclean && \
- apt-get autoremove
+    apt-get update && apt-get upgrade -y && \
+    apt-get install -y libpq-dev python3-dev postgresql-client && \
+    apt-get autoclean && apt-get autoremove
 
 WORKDIR /code
-COPY requirements.txt .
 
+COPY requirements.txt .
 RUN \
- python3 -m pip install --upgrade pip && \
- python3 -m pip install -r requirements.txt --no-cache-dir
-
-COPY . .
+    python3 -m pip install --upgrade pip && \
+    python3 -m pip install -r requirements.txt --no-cache-dir
 
 ENTRYPOINT ["bash", "/code/docker-entrypoint.sh"]

ctfhub/admin.py

@@ -1,3 +1 @@
-from django.contrib import admin
-
 # Register your models here.

ctfhub/apps.py

@@ -7,4 +7,4 @@ class CtfhubConfig(AppConfig):
     verbose_name = _("ctfhub")
 
     def ready(self):
-        import ctfhub.signals
+        pass

ctfhub/context_processors.py

@@ -1,9 +1,35 @@
 import django.http
 from django.conf import settings
 
+from ctfhub.models import Member
 
-def add_debug_context(request: django.http.HttpRequest) -> dict:
+
+def add_debug_context(request: django.http.HttpRequest) -> dict[str, str]:
+    """Adds some CTFHub environment information to every context
+
+    Args:
+        request (django.http.HttpRequest): _description_
+
+    Returns:
+        dict[str, str]: _description_
+    """
     return {
         "DEBUG": settings.DEBUG,
         "VERSION": settings.VERSION,
     }
+
+
+def add_timezone_context(request: django.http.HttpRequest) -> dict[str, str]:
+    """Add the client timezone information to the HTTP context
+
+    Args:
+        request (django.http.HttpRequest): _description_
+
+    Returns:
+        dict: _description_
+    """
+    try:
+        member = Member.objects.get(user=request.user)
+        return {"TZ": member.timezone}
+    except Exception:
+        return {"TZ": "UTC"}

ctfhub/exceptions.py

@@ -0,0 +1,8 @@
+class ExternalError(Exception):
+    """Used for reporting exceptions from non-builtin components, for instance hedgedoc
+
+    Args:
+        Exception (_type_): _description_
+    """
+
+    pass

ctfhub/forms.py

@@ -13,7 +13,6 @@
 from django.contrib.auth.forms import UserChangeForm
 from django.contrib.auth.models import User
 from django.core.exceptions import ValidationError
-from django.forms import widgets
 
 
 class UserUpdateForm(UserChangeForm):
@@ -87,9 +86,13 @@ class Meta:
     has_superpowers = forms.BooleanField(required=False, label="Has Super-Powers?")
 
     def clean(self):
-        status = self.cleaned_data["status"].strip().lower()
-        if status == "guest" and not self.cleaned_data["selected_ctf"]:
-            raise ValidationError("Guests MUST have a selected_ctf")
+        if "status" in self.cleaned_data:
+            status = self.cleaned_data["status"]
+            if (
+                status == Member.StatusType.GUEST.value
+                and not self.cleaned_data["selected_ctf"]
+            ):
+                raise ValidationError("Guests MUST have a selected_ctf")
         return super(MemberUpdateForm, self).clean()
 
 
@@ -111,8 +114,8 @@ class Meta:
             "visibility",
         ]
 
-    weight = forms.FloatField(min_value=0.0)
-    rating = forms.FloatField(min_value=0.0, required=False)
+    weight = forms.FloatField(min_value=1.0, required=True)
+    rating = forms.FloatField(min_value=0.0, required=True)
 
 
 class ChallengeCreateForm(forms.ModelForm):

ctfhub/helpers.py

@@ -1,11 +1,12 @@
 import io
 import os
+import pathlib
 import smtplib
 import time
 import uuid
 from datetime import datetime
 from functools import lru_cache
-from typing import Any, TYPE_CHECKING
+from typing import TYPE_CHECKING, Any, Union
 
 import django.core.mail
 import django.utils.crypto
@@ -14,7 +15,6 @@
 from django.conf import settings
 from django.core.files.storage import get_storage_class
 
-
 from ctfhub_project.settings import (
     CTFHUB_ACCEPTED_IMAGE_EXTENSIONS,
     CTFHUB_DEFAULT_CTF_LOGO,
@@ -33,13 +33,12 @@
     EXCALIDRAW_ROOM_KEY_CHARSET,
     EXCALIDRAW_ROOM_KEY_LENGTH,
     HEDGEDOC_URL,
-    STATIC_URL,
+    IMAGE_URL,
     USE_INTERNAL_HEDGEDOC,
 )
 
-
 if TYPE_CHECKING:
-    from ctfhub.models import Challenge
+    from ctfhub.models import ChallengeFile
 
 
 @lru_cache(maxsize=1)
@@ -110,24 +109,39 @@ def check_note_id(id: str) -> bool:
     return res.status_code == requests.codes.found
 
 
-def get_file_magic(challenge_file: io.BufferedReader) -> str:
+def get_file_magic(
+    challenge_file: Union[io.BufferedReader, pathlib.Path], use_mime: bool = False
+) -> str:
     """
-    Returns the file description from its magic number (ex. 'PE32+ executable (console) x86-64, for MS Windows' )
+    Returns the file description from its magic number (ex. 'PE32+ executable (console) x86-64, for MS Windows' ), or a
+    MIME type if `use_mime` is True
 
     Args:
-        challenge_file: File-like object
+        challenge_file: File-like object or a pathlib.Path
+        use_mime: specifies whether to get the output string as a MIME type
+
+    Raises:
+        TypeError if `challenge_file` has an invalid type
 
     Returns:
         str: the file description, or "" if the file doesn't exist on FS
     """
+
+    if isinstance(challenge_file, io.BufferedReader):
+        challenge_file.seek(0)
+        challenge_file_data = challenge_file.read()
+    elif isinstance(challenge_file, pathlib.Path):
+        challenge_file_data = challenge_file.open("rb").read()
+    else:
+        raise TypeError("Invalid type for `challenge_file`")
+
     try:
-        challenge_file.seek(0)  # Ensure file is read from beginning
-        return magic.from_buffer(challenge_file.read())
+        return magic.from_buffer(challenge_file_data, mime=use_mime)
     except Exception:
-        return "Data"
+        return "Data" if not use_mime else "application/octet-stream"
 
 
-def get_file_mime(challenge_file: io.BufferedReader) -> str:
+def get_file_mime(challenge_file: Union[io.BufferedReader, pathlib.Path]) -> str:
     """
     Returns the mime type associated to the file (ex. 'appication/pdf')
 
@@ -137,11 +151,7 @@ def get_file_mime(challenge_file: io.BufferedReader) -> str:
     Returns:
         str: the file mime type, or "application/octet-stream" if the file doesn't exist on FS
     """
-    try:
-        challenge_file.seek(0)  # Ensure file is read from beginning
-        return magic.from_buffer(challenge_file.read(), mime=True)
-    except Exception:
-        return "application/octet-stream"
+    return get_file_magic(challenge_file, True)
 
 
 def ctftime_parse_date(date: str) -> datetime:
@@ -189,6 +199,7 @@ def ctftime_fetch_ctfs(limit=100) -> list:
     res = requests.get(
         f"{CTFTIME_API_EVENTS_URL}?limit={limit}&start={start:.0f}&finish={end:.0f}",
         headers={"user-agent": CTFTIME_USER_AGENT},
+        timeout=CTFHUB_HTTP_REQUEST_DEFAULT_TIMEOUT,
     )
     if res.status_code != requests.codes.ok:
         raise RuntimeError(
@@ -216,7 +227,11 @@ def ctftime_get_ctf_info(ctftime_id: int) -> dict:
         dict: JSON output from CTFTime
     """
     url = f"{CTFTIME_API_EVENTS_URL}{ctftime_id}/"
-    res = requests.get(url, headers={"user-agent": CTFTIME_USER_AGENT})
+    res = requests.get(
+        url,
+        headers={"user-agent": CTFTIME_USER_AGENT},
+        timeout=CTFHUB_HTTP_REQUEST_DEFAULT_TIMEOUT,
+    )
     if res.status_code != requests.codes.ok:
         raise RuntimeError(
             f"CTFTime service returned HTTP code {res.status_code} (expected {requests.codes.ok}): {res.reason}"
@@ -235,7 +250,7 @@ def ctftime_get_ctf_logo_url(ctftime_id: int) -> str:
     Returns:
         str: [description]
     """
-    default_logo = f"{STATIC_URL}images/{CTFHUB_DEFAULT_CTF_LOGO}"
+    default_logo = f"{IMAGE_URL}/{CTFHUB_DEFAULT_CTF_LOGO}"
     if ctftime_id != 0:
         try:
             ctf_info = ctftime_get_ctf_info(ctftime_id)
@@ -374,19 +389,22 @@ def export_challenge_note(member, note_id: uuid.UUID) -> str:
         str: The body of the note if successful; an empty string otherwise
     """
     result = ""
+    url = which_hedgedoc()
+    print(url)
     with requests.Session() as session:
         h = session.post(
-            f"{HEDGEDOC_URL}/login",
+            f"{url}/login",
             data={
                 "email": member.hedgedoc_username,
                 "password": member.hedgedoc_password,
             },
+            allow_redirects=False,
         )
         if h.status_code == requests.codes.ok:
-            h2 = session.get(f"{HEDGEDOC_URL}{note_id}/download")
+            h2 = session.get(f"{url}{note_id}/download")
             if h2.status_code == requests.codes.ok:
                 result = h2.text
-            session.post(f"{HEDGEDOC_URL}/logout")
+            session.post(f"{url}/logout")
     return result
 
 
@@ -396,5 +414,14 @@ def get_named_storage(name: str) -> Any:
     return storage_class(**config["OPTIONS"])
 
 
-def get_challenge_upload_path(instance: "Challenge", filename: str) -> str:
+def get_challenge_upload_path(instance: "ChallengeFile", filename: str) -> str:
+    """Custom helper to retrieve the upload path for a given challenge file.
+
+    Args:
+        instance (ChallengeFile): _description_
+        filename (str): _description_
+
+    Returns:
+        str: _description_
+    """
     return f"files/{instance.challenge.id}/{filename}"