From a292f5d73e7b7e3f69b992a79f6a089bf42f8a0e Mon Sep 17 00:00:00 2001
From: James Wang <jameswang9909@hotmail.com>
Date: Sun, 17 Jan 2016 02:39:25 +0000
Subject: [PATCH 1/2] Properly implement ajax fail callback

---
 web/js/easyctf.js | 69 ++++++++++++++++++++++-------------------------
 1 file changed, 32 insertions(+), 37 deletions(-)

diff --git a/web/js/easyctf.js b/web/js/easyctf.js
index 4e8c03e..8e1d4ed 100644
--- a/web/js/easyctf.js
+++ b/web/js/easyctf.js
@@ -180,7 +180,7 @@ function display_message(containerId, alertType, message, callback) {
 	});
 };
 
-function api_call(method, url, data, callback) {
+function api_call(method, url, data, callback_success, callback_fail) {
 	if (method.toLowerCase() == "post") {
 		data["csrf_token"] = $.cookie("csrf_token");
 	}
@@ -189,7 +189,7 @@ function api_call(method, url, data, callback) {
 		"datatype": "json",
 		"data": data,
 		"url": url
-	}).done(callback);
+	}).done(callback_success).fail(callback_fail);
 }
 
 $.fn.serializeObject = function() {
@@ -224,9 +224,9 @@ var register_form = function() {
 			    button.removeAttr("disabled");
 			});
 		}
-	}).fail(function(jqXHR, status, error) {
-		var result = JSON.parse(jqXHR["responseText"]);
-		display_message("register_msg", "danger", "Error " + jqXHR["status"] + ": " + result["message"], function() {
+	}, function(jqXHR, status, error) {
+		var result = jqXHR["responseText"];
+		display_message("register_msg", "danger", "Failed to connect to the API.", function() {
 		    button.removeAttr("disabled");
 		});
 	});
@@ -245,9 +245,9 @@ var request_reset_form = function() {
                 button.removeAttr("disabled");
             });
         }
-    }).fail(function(jqXHR, status, error) {
-		var result = JSON.parse(jqXHR["responseText"]);
-		display_message("reset_msg", "danger", "Error " + jqXHR["status"] + ": " + result["message"], function() {
+    }, function(jqXHR, status, error) {
+		var result = jqXHR["responseText"];
+		display_message("reset_msg", "danger", "Failed to connect to the API.", function() {
 		    button.removeAttr("disabled");
 		});
     });
@@ -270,9 +270,9 @@ var reset_form = function() {
                 button.removeAttr("disabled");
             });
         }
-    }).fail(function(jqXHR, status, error) {
-		var result = JSON.parse(jqXHR["responseText"]);
-		display_message("reset_msg", "danger", "Error " + jqXHR["status"] + ": " + result["message"], function() {
+    }, function(jqXHR, status, error) {
+		var result = jqXHR["responseText"];
+		display_message("reset_msg", "danger", "Failed to connect to the API.", function() {
 		    button.removeAttr("disabled");
 		});
     });
@@ -281,23 +281,23 @@ var reset_form = function() {
 // login page
 
 var login_form = function() {
-	var input = "#login_form input";
-	var data = $("#login_form").serializeObject();
-	var button = $("#login_form").find(":submit");
-	button.prop("disabled", true);
-	api_call("POST", "/api/user/login", data, function(result) {
-		if (result["success"] == 1) {
-			location.href = "/profile";
-		} else {
-			display_message("login_msg", "danger", result["message"], function() {
-			    button.removeAttr("disabled");
-			});
-		}
-	}).fail(function(jqXHR, status, error) {
-		var result = JSON.parse(jqXHR["responseText"]);
-		display_message("login_msg", "danger", "Error " + jqXHR["status"] + ": " + result["message"], function() {
+    var input = "#login_form input";
+    var data = $("#login_form").serializeObject();
+    var button = $("#login_form").find(":submit");
+    button.prop("disabled", true);
+    api_call("POST", "/api/user/login", data, function(result) {
+        if (result["success"] == 1) {
+            location.href = "/profile";
+        } else {
+            display_message("login_msg", "danger", result["message"], function() {
+                button.removeAttr("disabled");
+            });
+        }
+    }, function(jqXHR, status, error) {
+	    var result = jqXHR["responseText"];
+        display_message("login_msg", "danger", "Failed to connect to the API.", function() {
             button.removeAttr("disabled");
-		});
+        });
 	});
 };
 
@@ -316,9 +316,9 @@ var create_team = function() {
 			    button.removeAttr("disabled");
 			});
 		}
-	}).fail(function(jqXHR, status, error) {
-		var result = JSON.parse(jqXHR["responseText"]);
-		display_message("create_team_msg", "danger", "Error " + jqXHR["status"] + ": " + result["message"], function() {
+	}, function(jqXHR, status, error) {
+		var result = jqXHR["responseText"];
+		display_message("create_team_msg", "danger", "Failed to connect to the API.", function() {
 		    button.removeAttr("disabled");
 		});
 	});
@@ -333,13 +333,8 @@ var add_member = function() {
 		if (result["success"] == 1) {
 			location.reload(true);
 		} else {
-		    button.removeAtr("disabled");
-		}
-	}).fail(function(jqXHR, status, error) {
-		var result = JSON.parse(jqXHR["responseText"]);
-		display_message("create_team_msg", "danger", "Error " + jqXHR["status"] + ": " + result["message"], function() {
 		    button.removeAttr("disabled");
-		});
+		}
 	});
 };
 
@@ -361,4 +356,4 @@ var request_invitation = function(tid) {
 			location.reload(true);
 		}
 	});
-};
\ No newline at end of file
+};

From 1956c14721761d1c5d656b5bd38b48cdce1df697 Mon Sep 17 00:00:00 2001
From: James Wang <jameswang9909@hotmail.com>
Date: Sun, 17 Jan 2016 17:44:44 +0000
Subject: [PATCH 2/2] Add function for removing individual members

---
 server/api/team.py | 27 +++++++++++++++++++++++++--
 1 file changed, 25 insertions(+), 2 deletions(-)

diff --git a/server/api/team.py b/server/api/team.py
index fc8c663..26f0e67 100644
--- a/server/api/team.py
+++ b/server/api/team.py
@@ -49,9 +49,12 @@ def team_delete():
     usr = Users.query.filter_by(username=username).first()
     owner = team.owner
     if usr.uid == owner or usr.admin:
-        usr.tid = -1
+        for member in Users.query.filter_by(tid=tid).all():
+            member.tid = -1
+            with app.app_context():
+                db.session.add(member)
+
         with app.app_context():
-            db.session.add(usr)
             db.session.delete(team)
             db.session.commit()
             session.pop("tid")
@@ -59,6 +62,26 @@ def team_delete():
     else:
         raise WebException("Not authorized.")
 
+@blueprint.route("/remove_member", methods=["POST"])
+@api_wrapper
+@login_required
+def team_remove_member():
+    username = session["username"]
+    tid = session["tid"]
+    team = Teams.query.filter_by(tid=tid).first()
+    usr = Users.query.filter_by(username=username).first()
+    owner = team.owner
+    if usr.uid == owner or usr.admin:
+        params = utils.flat_multi(request.form)
+        user_to_remove = Users.query.filter_by(username=params.get("user"))
+        user_to_remove.tid = -1
+        with app.app_context():
+            db.session.add(user_to_remove)
+            db.session.commit()
+        return { "success": 1, "message": "Success!" }
+    else:
+        raise WebException("Not authorized.")
+
 @blueprint.route("/invite", methods=["POST"])
 @api_wrapper
 @login_required