merge gssoc20-dev into master (abs0lut3pwn4g3#53)

* update to conform with flake8/PEP8 | abs0lut3pwn4g3#47

* Update README.md

* Create CODE_OF_CONDUCT.md (abs0lut3pwn4g3#51)

* 1. psf/black formatting with travis checks, 2. adjust docs, create CONTRIBUTING.md, 3. helper fns for creating admin pass and secret key by itself on run

create admin pass and secret key by itself on run

* Update README.md

Co-authored-by: Aman-Codes <[email protected]>
Co-authored-by: Ankur Chattopadhyay <[email protected]>

Author: 3 people

.travis.yml

@@ -21,5 +21,7 @@ install:
   - "pip install -r src/requirements.txt"
   - "python src/create_db.py"
 
+before_script:
+  - black . --check
 script:
-  - pytest --flake8
+  - flake8 . --count --max-line-length=88 --show-source --statistics

CODE_OF_CONDUCT.md

@@ -0,0 +1,71 @@
+# Code of Conduct
+
+## Our Pledge
+
+As contributors and maintainers of the RTB-CTF-Framework project, and in the interest
+of fostering an open and welcoming community, we pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, sex characteristics, gender identity and expression,
+level of experience, education, socio-economic status, nationality, personal
+appearance, race, religion, or sexual identity and orientation.
+ 
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+ advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+ address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+ professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at our Slack channel. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see
+https://www.contributor-covenant.org/faq

CONTRIBUTING.md

@@ -0,0 +1,83 @@
+
+# Contributing to RTB-CTF-Framework
+
+<p align="center">
+  <a href="https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/graphs/contributors">
+    <img alt="GitHub contributors" src="https://img.shields.io/github/contributors-anon/abs0lut3pwn4g3/RTB-CTF-Framework?color=red&logo=github&style=for-the-badge">
+  </a>
+  <a href="https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues?q=is%3Aopen+is%3Aissue+label%3Agssoc20">
+  	<img alt="GitHub issues by-label" src="https://img.shields.io/github/issues/abs0lut3pwn4g3/RTB-CTF-Framework/gssoc20?color=deeppink&style=for-the-badge">
+  </a>
+</p>
+
+<p align="center">
+  <a href="https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues?q=is%3Aopen+is%3Aissue+label%3Aeasy">
+    <img alt="GitHub issues by-label" src="https://img.shields.io/github/issues/abs0lut3pwn4g3/RTB-CTF-Framework/easy?color=seagreen&style=for-the-badge">
+  </a>
+  <a href="https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues?q=is%3Aopen+is%3Aissue+label%3Amedium">
+    <img alt="GitHub issues by-label" src="https://img.shields.io/github/issues/abs0lut3pwn4g3/RTB-CTF-Framework/medium?color=%23e99695&style=for-the-badge">
+  </a>
+  <a href="https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues?q=is%3Aopen+is%3Aissue+label%3Ahard">
+    <img alt="GitHub issues by-label" src="https://img.shields.io/github/issues/abs0lut3pwn4g3/RTB-CTF-Framework/hard?color=%23cc317c%09&style=for-the-badge">
+  </a>
+</p>
+
+## This project makes use of the following Flask libraries
+
+* Flask-blueprints for modularity and clean codebase,
+* Flask-admin for Admin views and easy realtime management,
+* Flask-SQLAlchemy for SQL models, 
+* Flask-login for session handling,
+* Flask-wtf for responsive forms,
+* Flask-mail for mail service,
+* Flask-bcrypt for password hashing and security,
+
+## Style Guide
+
+Keeping to a consistent code style throughout the project makes it easier to contribute and collaborate. Please stick to the guidelines in PEP8, [![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black) and the Google Style Guide unless there’s a very good reason not to.
+
+## Contact
+
+##### 👨 Project Owner
+
+- Eshaan Bansal ([github](https://github.com/eshaan7),[linkedin](https://www.linkedin.com/in/eshaan7/))
+
+##### 👬 Mentors
+
+- Sombuddha Chakravarty ([github](https://github.com/sammy1997),[linkedin](https://www.linkedin.com/in/sombuddha-chakravarty-9482b5131/))
+
+Feel free to ask your queries!! 🙌
+
+##### Slack Channel
+
+- [#proj_root-the-box-ctf-framework](https://app.slack.com/client/TRN1H1V43/CUC71PDD2)
+
+## Where to start ? 
+
+See: [Issues](https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues) and the following To-do list. Or just ping one of the mentors with new ideas.
+
+> Note: All PRs within the GSSoC'20 period will be merged in the `gssoc20-dev` branch.
+
+## To-do
+
+- [ ] Ideas for additional logging techniques to prevent flag sharing, cheating and such. (Issue: [#7](https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues/7))
+- [ ] Support for *n* number of boxes (accordions? seperate route?). (Issue: [#17](https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues/17))
+- [ ] Rating system: Average Box rating - input, calculate, output. (Issue: [#14](https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues/14))
+- [ ] Dark theme for `admin control` panel. (Issue: [#16](https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues/16))
+- [ ] Testing Password reset functionality, the mail-server setup, etc.
+- [ ] More info on `home.html`
+- [ ] Need to implement `account.html`
+- [ ] Support for more hashes per box (not a priority)
+
+<hr/>
+
+- [x] Freeze Scoreboard automatically past running time specified (Issue: [#3](https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues/3))
+- [x] Adding a `Deploy to Heroku` button. (Issue: [#15](https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues/15))
+- [x] Adding CI, Linting, Formatting specs. (Issue: [#18](https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues/18))
+- [x] db relationship between User and Score Tables (priority | issue: #5)
+- [x] isAdmin column in User table and Admin views (priority)
+- [x] Notifications
+- [x] Use Flask Blueprints
+- [x] Finalize black theme?
+- [x] Error messages not appearing in `/submit`
+- [x] Implement `machine.html` to server a page where one can download/serve machines

README.md

@@ -1,50 +1,80 @@
 # RootTheBox CTF Framework
 
-<p align="center">
-  <a href="https://lgtm.com/projects/g/abs0lut3pwn4g3/RTB-CTF-Framework/context:python">
-  	<img alt="Language grade: Python" src="https://img.shields.io/lgtm/grade/python/g/abs0lut3pwn4g3/RTB-CTF-Framework.svg?logo=lgtm&logoWidth=18"/>
+<p >
+  <a href="https://inventory.rawsec.ml/" target="_blank">
+    <img height="26px" alt="Rawsec's CyberSecurity Inventory" src="https://inventory.rawsec.ml/img/badges/Rawsec-inventoried-FF5050_for-the-badge.svg">
   </a>
-  <a href="https://travis-ci.com/abs0lut3pwn4g3/RTB-CTF-Framework">
+  <img height="26px" src="https://forthebadge.com/images/badges/made-with-python.svg">
+</p>
+<p style="height:18px">
+  <a href="https://travis-ci.com/abs0lut3pwn4g3/RTB-CTF-Framework" target="_blank">
     <img alt="Build Status" src="https://travis-ci.com/abs0lut3pwn4g3/RTB-CTF-Framework.svg?branch=gssoc20-dev"/>
   </a>
-</p>
-
-<p align="center">
-  <a href="https://inventory.rawsec.ml/">
-    <img alt="Rawsec's CyberSecurity Inventory" src="https://inventory.rawsec.ml/img/badges/Rawsec-inventoried-FF5050_for-the-badge.svg">
+  <!-- <a href="https://lgtm.com/projects/g/abs0lut3pwn4g3/RTB-CTF-Framework/context:python">
+  	<img alt="Language grade: Python" src="https://img.shields.io/lgtm/grade/python/g/abs0lut3pwn4g3/RTB-CTF-Framework.svg?logo=lgtm&logoWidth=18"/>
+  </a> -->
+  <a href="https://github.com/psf/black" target="_blank">
+    <img alt="Code style: black" src="https://img.shields.io/badge/code%20style-black-000000.svg"/>
   </a>
 </p>
 
-<p align="center">
-  <img src="https://forthebadge.com/images/badges/made-with-python.svg">
-</p>
-
-A lightweight, easy to deploy CTF framework(in Flask) for HackTheBox style machines.
+A lightweight, easy to deploy CTF framework (in Flask) for HackTheBox style machines.
 
 The main purpose of this project is to serve as a scoring engine and CTF manager.
 
 **Want to see it in action?**
 
    A live demo of the app is available at: <https://rtblivedemo.herokuapp.com/>.
 
-   You can login and mess around as 2 users: `admin:admin` and `test:test`(i.e. username:password combinations)
+   You can login and mess around as 2 users: `admin:admin` and `test:test` (i.e. username:password combinations)
 
 ## Features
 
+##### For CTF hosters
+* A page to show relevant details about the machine such as name, IP, OS, points and difficulty level. 
+* Automatic strong password for administrator
+* Well implemented controls for administrators providing features such as issuing notifications, database CRUD operations, full fledged logging,
+* Simple User Registration/login process, account management, Forgot password functionalities,
+* Flag submission (currently 2 flags: user and root),
+* Real time scoreboard tracking,
+* Easily deployable on Heroku. 
+
 ##### For Developers & Contributors
 * Flask-blueprints for modularity and clean codebase,
 * Flask-admin for Admin views and easy realtime management,
 * Flask-SQLAlchemy for SQL models, 
 * Flask-wtf for forms,
 * Flask-mail for mail service.
 
-##### For CTF hosters
-* A page to show relevant details about the machine such as name, IP, OS, points and difficulty level. 
-* Well implemented controls for administrators providing features such as issuing notifications, database CRUD operations, full fledged logging,
-* Simple User Registration/login process, account management, Forgot password functionalities,
-* Flag submission (currently 2 hashes: user and root),
-* Real time scoreboard tracking,
-* Easily deployable on Heroku. 
+## Deployment 
+
+### Heroku
+
+[![Deploy](https://www.herokucdn.com/deploy/button.svg)](https://heroku.com/deploy)
+
+or do it manually,
+
+1. Create your heroku app using `heroku` cli tool.
+   
+   Follow the official guide by Heroku: https://devcenter.heroku.com/articles/getting-started-with-python#prepare-the-app
+
+2. Provision Database add-on.
+   
+   Add the following add on to your new app: https://elements.heroku.com/addons/heroku-postgresql
+   
+3. Creating database instance. In your heroku app directory,
+
+   ```bash
+   $ heroku run bash
+   [heroku]$ python create_db.py
+   ```
+4. Your app should be live now. You can run `heroku open` to open it in browser.
+
+### Docker
+
+```bash
+$ docker-compose up
+```
 
 ## How To Use
 
@@ -78,36 +108,13 @@ $ cd src/
 [venv]$ python run.py
 ```
 
-### Deployment using Heroku
+### Configuration For Your CTF
 
-[![Deploy](https://www.herokucdn.com/deploy/button.svg)](https://heroku.com/deploy)
-
-or do it manually,
-
-1. Create your heroku app using `heroku` cli tool.
-   
-   Follow the official guide by Heroku: https://devcenter.heroku.com/articles/getting-started-with-python#prepare-the-app
-
-2. Provision Database add-on.
-   
-   Add the following add on to your new app: https://elements.heroku.com/addons/heroku-postgresql
-   
-3. Creating database instance. In your heroku app directory,
-
-   ```bash
-   $ heroku run bash
-   [heroku]$ python create_db.py
-   ```
-4. Your app should be live now. You can run `heroku open` to open it in browser.
-
-
-## For Your CTF
-
-Using this as simple as anything. 
+Using this as simple as anything.
 
 1. Just configure your CTF settings in [`config.py`](https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/blob/master/src/FlaskRTBCTF/config.py).
 
-2. DO NOT FORGET to change admin credentials from [`create_db.py`](https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/blob/master/src/create_db.py)
+2. When you run [`create_db.py`](https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/blob/master/src/create_db.py), a strong and random 16 char password for the **admin** user is created and set in the environment variable `ADMIN_PASS`. On Heroku, you can reveal this password from your application's dashboard settings.
 
 3. See database instance creation steps under How To Use.
 
@@ -117,7 +124,7 @@ Bonus: You can manage the database CRUD operations from admin views GUI as well
 
 ## Contributing
 
-<p align="center">
+<p>
   <a href="https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/graphs/contributors">
     <img alt="GitHub contributors" src="https://img.shields.io/github/contributors-anon/abs0lut3pwn4g3/RTB-CTF-Framework?color=red&logo=github&style=for-the-badge">
   </a>
@@ -126,61 +133,20 @@ Bonus: You can manage the database CRUD operations from admin views GUI as well
   </a>
 </p>
 
-<p align="center">
-  <a href="https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues?q=is%3Aopen+is%3Aissue+label%3Aeasy">
-    <img alt="GitHub issues by-label" src="https://img.shields.io/github/issues/abs0lut3pwn4g3/RTB-CTF-Framework/easy?color=seagreen&style=for-the-badge">
-  </a>
-  <a href="https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues?q=is%3Aopen+is%3Aissue+label%3Amedium">
-    <img alt="GitHub issues by-label" src="https://img.shields.io/github/issues/abs0lut3pwn4g3/RTB-CTF-Framework/medium?color=%23e99695&style=for-the-badge">
-  </a>
-  <a href="https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues?q=is%3Aopen+is%3Aissue+label%3Ahard">
-    <img alt="GitHub issues by-label" src="https://img.shields.io/github/issues/abs0lut3pwn4g3/RTB-CTF-Framework/hard?color=%23cc317c%09&style=for-the-badge">
-  </a>
-</p>
-
-Keeping to a consistent code style throughout the project makes it easier to contribute and collaborate. Please stick to the guidelines in PEP8 and the Google Style Guide unless there’s a very good reason not to.
-Please see: [Issues](https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues) and the following To-do list.
-
-> Note: All PRs within the GSSoC'20 period will be merged in the `gssoc20-dev` branch.
 
 ##### 👨 Project Owner
 
-- Eshaan Bansal ([github](https://github.com/eshaan7),[linkedin](https://www.linkedin.com/in/eshaan7/))
+- Eshaan Bansal ([github](https://github.com/eshaan7), [linkedin](https://www.linkedin.com/in/eshaan7/))
 
 ##### 👬  Mentors
 
-- Sombuddha Chakravarty ([github](https://github.com/sammy1997),[linkedin](https://www.linkedin.com/in/sombuddha-chakravarty-9482b5131/))
+- Sombuddha Chakravarty ([github](https://github.com/sammy1997), [linkedin](https://www.linkedin.com/in/sombuddha-chakravarty-9482b5131/))
 
-Feel free to ask your queries!! 🙌
-
-##### Slack Channel
+##### Slack Channel for GSSoC 2020
 
 - [#proj_root-the-box-ctf-framework](https://app.slack.com/client/TRN1H1V43/CUC71PDD2)
 
-## To-do
-
-- [ ] Ideas for additional logging techniques to prevent flag sharing, cheating and such. (Issue: [#7](https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues/7))
-- [ ] Support for *n* number of boxes (accordions? seperate route?). (Issue: [#17](https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues/17))
-- [ ] Rating system: Average Box rating - input, calculate, output. (Issue: [#14](https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues/14))
-- [ ] Dark theme for `admin control` panel. (Issue: [#16](https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues/16))
-- [ ] Testing Password reset functionality, the mail-server setup, etc.
-- [ ] More info on `home.html`
-- [ ] Support for more hashes per box (not a priority)
-- [ ] Need to implement `account.html` (not a priority)
-
-<hr/>
-
-- [x] Freeze Scoreboard automatically past running time specified (Issue: [#3](https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues/3))
-- [x] Adding a `Deploy to Heroku` button. (Issue: [#15](https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues/15))
-- [x] Adding CI, Linting, Formatting specs. (Issue: [#18](https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues/18))
-- [x] db relationship between User and Score Tables (priority | issue: #5)
-- [x] isAdmin column in User table and Admin views (priority)
-- [x] Notifications
-- [x] Use Flask Blueprints
-- [x] Finalize black theme?
-- [x] Error messages not appearing in `/submit`
-- [x] Implement `machine.html` to server a page where one can download/serve machines
-
+For further guidelines, Please refer to [CONTRIBUTING.md](CONTRIBUTING.md)
 
 ## Screenshots
 

app.json

@@ -1,6 +1,6 @@
 {
   "name": "RootTheBox CTF Framework",
-  "description": "A lightweight, easy to deploy CTF framework(in Flask) for HackTheBox style machines.",
+  "description": "A lightweight, easy to deploy CTF framework (in Flask) for HackTheBox style machines.",
   "repository": "https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework",
   "addons": [
     {

setup.cfg

@@ -1,3 +1,3 @@
-# content of setup.cfg
+# content of setup.cfg (deprecated atm)
 [tool:pytest]
 flake8-ignore = W191