Fix admin cannot modify verified status in Edit User (CTFd#777)

Raihan Ramadistra · ColdHeat · commit 64b96d9c1a76 · 2018-12-04T00:35:51.000-05:00
* Grant admin write access to verified field in UserSchema.
* Add test admin can view and modify verified status
* Add test for creating users with settings
* Add codecov threshold for test failures
diff --git a/.codecov.yml b/.codecov.yml
@@ -0,0 +1,9 @@
+coverage:
+  status:
+    project:
+      default:
+        # Fail the status if coverage drops by >= 1%
+        threshold: 1
+    patch:
+      default:
+        threshold: 1
diff --git a/CTFd/schemas/users.py b/CTFd/schemas/users.py
@@ -152,7 +152,8 @@ def validate_password_confirmation(self, data):
             'id',
             'oauth_id',
             'password',
-            'type'
+            'type',
+            'verified'
         ]
     }
 
diff --git a/tests/api/v1/test_users.py b/tests/api/v1/test_users.py
@@ -92,6 +92,32 @@ def test_api_users_post_admin():
     destroy_ctfd(app)
 
 
+def test_api_users_post_admin_with_attributes():
+    """Can a user post /api/v1/users with user settings"""
+    app = create_ctfd()
+    with app.app_context():
+        with login_as_user(app, 'admin') as client:
+            # Create user
+            r = client.post('/api/v1/users', json={
+                "name": "user",
+                "email": "user@user.com",
+                "password": "password",
+                "banned": True,
+                "hidden": True,
+                "verified": True
+            })
+            assert r.status_code == 200
+
+            # Make sure password was hashed properly
+            user = Users.query.filter_by(email='user@user.com').first()
+            assert user
+            assert verify_password('password', user.password)
+            assert user.banned
+            assert user.hidden
+            assert user.verified
+    destroy_ctfd(app)
+
+
 def test_api_team_get_public():
     """Can a user get /api/v1/team/<user_id> if users are public"""
     app = create_ctfd()
@@ -168,10 +194,13 @@ def test_api_user_patch_admin():
                 "name": "user",
                 "email": "user@ctfd.io",
                 "password": "password",
-                "country": "US"
+                "country": "US",
+                "verified": True
             })
             assert r.status_code == 200
-            assert r.get_json()['data'][0]['country'] == 'US'
+            user_data = r.get_json()['data'][0]
+            assert user_data['country'] == 'US'
+            assert user_data['verified'] is True
     destroy_ctfd(app)
 
 

Original file line number	Diff line number	Diff line change
`@@ -152,7 +152,8 @@ def validate_password_confirmation(self, data):`
`152`	`152`	`'id',`
`153`	`153`	`'oauth_id',`
`154`	`154`	`'password',`
`155`		`- 'type'`
	`155`	`+ 'type',`
	`156`	`+ 'verified'`
`156`	`157`	`]`
`157`	`158`	`}`
`158`	`159`