diff --git a/api/client.go b/api/client.go index 46d5093..22610a1 100644 --- a/api/client.go +++ b/api/client.go @@ -21,10 +21,10 @@ func NewClient(url, nonce, session, apiKey string) *Client { return &Client{ sub: &http.Client{ Jar: jar, - // Don't follow redirections - CheckRedirect: func(_ *http.Request, _ []*http.Request) error { - return http.ErrUseLastResponse - }, + // // Don't follow redirections + // CheckRedirect: func(_ *http.Request, _ []*http.Request) error { + // return http.ErrUseLastResponse + // }, }, url: url, nonce: nonce, diff --git a/api/login.go b/api/login.go index 411e8a5..b5f0f3b 100644 --- a/api/login.go +++ b/api/login.go @@ -5,8 +5,6 @@ import ( "fmt" "net/http" "net/url" - - "github.com/pkg/errors" ) type LoginParams struct { @@ -35,7 +33,7 @@ func (client *Client) Login(params *LoginParams, opts ...Option) error { } defer res.Body.Close() - if res.StatusCode != http.StatusFound { + if res.StatusCode != http.StatusOK { return fmt.Errorf("CTFd responded with status code %d", res.StatusCode) } @@ -45,12 +43,5 @@ func (client *Client) Login(params *LoginParams, opts ...Option) error { return err } client.nonce = nonce - - for _, cookie := range res.Cookies() { - if cookie.Name == "session" { - client.session = cookie.Value - return nil - } - } - return errors.New("session cookie not found") + return nil } diff --git a/api/logout.go b/api/logout.go index a60b508..caa64f7 100644 --- a/api/logout.go +++ b/api/logout.go @@ -3,8 +3,6 @@ package api import ( "fmt" "net/http" - - "github.com/pkg/errors" ) func (client *Client) Logout(opts ...Option) error { @@ -15,7 +13,7 @@ func (client *Client) Logout(opts ...Option) error { } defer res.Body.Close() - if res.StatusCode != http.StatusFound { + if res.StatusCode != http.StatusOK { return fmt.Errorf("CTFd responded with status code %d", res.StatusCode) } @@ -25,12 +23,5 @@ func (client *Client) Logout(opts ...Option) error { return err } client.nonce = nonce - - for _, cookie := range res.Cookies() { - if cookie.Name == "session" { - client.session = cookie.Value - break - } - } - return errors.New("session cookie not found") + return nil } diff --git a/api/register.go b/api/register.go index 793d6a2..574bdb5 100644 --- a/api/register.go +++ b/api/register.go @@ -2,7 +2,6 @@ package api import ( "bytes" - "errors" "fmt" "net/http" "net/url" @@ -30,22 +29,11 @@ func (client *Client) Register(params *RegisterParams, opts ...Option) error { } defer res.Body.Close() - if res.StatusCode != http.StatusFound { + if res.StatusCode != http.StatusOK { return fmt.Errorf("CTFd responded with status code %d, which could be due to email reuse", res.StatusCode) } // Update session to track user then fetch nonce for later API calls - cookieFound := false - for _, cookie := range res.Cookies() { - if cookie.Name == "session" { - client.session = cookie.Value - cookieFound = true - break - } - } - if !cookieFound { - return errors.New("session cookie not found, may be due to server misconfiguration (not setup yet) or API instability") - } req, _ = http.NewRequest(http.MethodGet, "/", nil) res, err = client.Do(req) if err != nil { diff --git a/api/reset.go b/api/reset.go index 5f5cf6d..8fcb717 100644 --- a/api/reset.go +++ b/api/reset.go @@ -45,7 +45,7 @@ func (client *Client) Reset(params *ResetParams, opts ...Option) error { } defer res.Body.Close() - if res.StatusCode != http.StatusFound { + if res.StatusCode != http.StatusOK { return fmt.Errorf("CTFd responded with status code %d", res.StatusCode) } diff --git a/api/setup_test.go b/api/setup_test.go index 98613a7..36fbe15 100644 --- a/api/setup_test.go +++ b/api/setup_test.go @@ -75,6 +75,21 @@ func Test_F_Setup(t *testing.T) { } client.SetAPIKey(*token.Value) + // 1d. Logout because we don't know what could happen with a mouse on the UI + err = client.Logout() + if !assert.Nil(err, "got error: %s", err) { + return + } + + // 1e. Relog :) + err = client.Login(&api.LoginParams{ + Name: "ctfer", + Password: "password", + }) + if !assert.Nil(err, "got error: %s", err) { + return + } + // 2. Create a challenge chall, err := client.PostChallenges(&api.PostChallengesParams{ Name: "Stealing data",