diff --git a/server/api/decorators.py b/server/api/decorators.py index 385eeb8..07fd3f8 100644 --- a/server/api/decorators.py +++ b/server/api/decorators.py @@ -40,7 +40,7 @@ def api_wrapper(f): response = make_response(result) # Setting CSRF token - if "token" not in session: + if "csrf_token" not in session: token = utils.generate_string() response.set_cookie("csrf_token", token) session["csrf_token"] = token diff --git a/server/api/problem.py b/server/api/problem.py index 88c436f..bbea4d3 100644 --- a/server/api/problem.py +++ b/server/api/problem.py @@ -7,7 +7,7 @@ from flask import current_app as app from werkzeug import secure_filename from models import db, Files, Problems, Solves, Teams -from decorators import admins_only, api_wrapper, login_required +from decorators import admins_only, api_wrapper, login_required, WebException blueprint = Blueprint("problem", __name__) @@ -24,7 +24,7 @@ def problem_add(): name_exists = Problems.query.filter_by(name=name).first() if name_exists: - return { "success": 0, "message": "Problem name already taken." } + raise WebException("Problem name already taken.") problem = Problems(name, category, description, hint, flag, value) db.session.add(problem) db.session.commit() @@ -57,7 +57,7 @@ def problem_delete(): Problems.query.filter_by(pid=pid).delete() db.session.commit() return { "success": 1, "message": "Success!" } - return { "success": 0, "message": "Problem does not exist!" } + raise WebException("Problem does not exist!") @blueprint.route("/update", methods=["POST"]) @admins_only @@ -86,7 +86,7 @@ def problem_update(): db.session.commit() return { "success": 1, "message": "Success!" } - return { "success": 0, "message": "Problem does not exist!" } + raise WebException("Problem does not exist!") @blueprint.route("/submit", methods=["POST"]) @api_wrapper @@ -113,10 +113,10 @@ def problem_submit(): else: logger.log("submissions.log", logger.WARNING, "%s has incorrectly submitted %s to %s" % (team.name, flag, problem.name)) - return { "success": 0, "message": "Incorrect." } + raise WebException("Incorrect.") else: - return { "success": 0, "message": "Problem does not exist!" } + raise WebException("Problem does not exist!") @blueprint.route("/data", methods=["POST"]) #@api_wrapper # Disable atm due to json serialization issues: will fix diff --git a/server/api/user.py b/server/api/user.py index 2eff859..4b57ede 100644 --- a/server/api/user.py +++ b/server/api/user.py @@ -27,7 +27,7 @@ def user_forgot_password(token=None): if token is not None: user = get_user(reset_token=token).first() if user is None: - return { "success": 0, "message": "Invalid reset token"} + raise WebException("Invalid reset token.") # We are viewing the actual reset form if request.method == "GET": @@ -38,7 +38,7 @@ def user_forgot_password(token=None): password = params.get("password") confirm_password = params.get("confirm_password") if password != confirm_password: - return { "success": 0, "message": "Passwords do not match." } + raise WebException("Passwords do not match.") else: user.password = utils.hash_password(password) user.reset_token = None @@ -51,7 +51,7 @@ def user_forgot_password(token=None): user = get_user(email=email).first() if user is None: - return { "success": 0, "message": "User with that email does not exist." } + raise WebException("User with that email does not exist.") token = utils.generate_string(length=64) user.reset_token = token @@ -66,7 +66,7 @@ def user_forgot_password(token=None): if "Queued" in response["message"]: return { "success": 1, "message": "Email sent to %s" % email } else: - return { "success": 0, "message": response["message"] } + raise WebException(response["message"]) @blueprint.route("/register", methods=["POST"]) @api_wrapper