Add API interface to mark submissions as correct (CTFd#2350)

* Add the `discard` type for submissions
* Add `PATCH /api/v1/submissions/[submission_id]` to mark submissions as correct
* Closes CTFd#181

Author: ColdHeat

CTFd/api/v1/statistics/challenges.py

@@ -80,7 +80,12 @@ class ChallengeSolvePercentages(Resource):
     @admins_only
     def get(self):
         challenges = (
-            Challenges.query.add_columns("id", "name", "state", "max_attempts")
+            Challenges.query.add_columns(
+                Challenges.id,
+                Challenges.name,
+                Challenges.state,
+                Challenges.max_attempts,
+            )
             .order_by(Challenges.value)
             .all()
         )

CTFd/api/v1/submissions.py

@@ -1,5 +1,6 @@
 from typing import List
 
+from flask import request
 from flask_restx import Namespace, Resource
 
 from CTFd.api.v1.helpers.request import validate_args
@@ -10,7 +11,7 @@
 )
 from CTFd.cache import clear_challenges, clear_standings
 from CTFd.constants import RawEnum
-from CTFd.models import Submissions, db
+from CTFd.models import Solves, Submissions, db
 from CTFd.schemas.submissions import SubmissionSchema
 from CTFd.utils.decorators import admins_only
 from CTFd.utils.helpers.models import build_model_filters
@@ -152,7 +153,7 @@ def post(self, json_args):
 class Submission(Resource):
     @admins_only
     @submissions_namespace.doc(
-        description="Endpoint to get submission objects in bulk",
+        description="Endpoint to get a submission object",
         responses={
             200: ("Success", "SubmissionDetailedSuccessResponse"),
             400: (
@@ -173,7 +174,51 @@ def get(self, submission_id):
 
     @admins_only
     @submissions_namespace.doc(
-        description="Endpoint to get submission objects in bulk",
+        description="Endpoint to edit a submission object",
+        responses={
+            200: ("Success", "SubmissionDetailedSuccessResponse"),
+            400: (
+                "An error occured processing the provided or stored data",
+                "APISimpleErrorResponse",
+            ),
+        },
+    )
+    def patch(self, submission_id):
+        submission = Submissions.query.filter_by(id=submission_id).first_or_404()
+
+        req = request.get_json()
+        submission_type = req.get("type")
+
+        if submission_type == "correct":
+            solve = Solves(
+                user_id=submission.user_id,
+                challenge_id=submission.challenge_id,
+                team_id=submission.team_id,
+                ip=submission.ip,
+                provided=submission.provided,
+                date=submission.date,
+            )
+            db.session.add(solve)
+            submission.type = "discard"
+            db.session.commit()
+
+            # Delete standings cache
+            clear_standings()
+            clear_challenges()
+
+            submission = solve
+
+        schema = SubmissionSchema()
+        response = schema.dump(submission)
+
+        if response.errors:
+            return {"success": False, "errors": response.errors}, 400
+
+        return {"success": True, "data": response.data}
+
+    @admins_only
+    @submissions_namespace.doc(
+        description="Endpoint to delete a submission object",
         responses={
             200: ("Success", "APISimpleSuccessResponse"),
             400: (

CTFd/models/__init__.py

@@ -849,6 +849,10 @@ class Fails(Submissions):
     __mapper_args__ = {"polymorphic_identity": "incorrect"}
 
 
+class Discards(Submissions):
+    __mapper_args__ = {"polymorphic_identity": "discard"}
+
+
 class Unlocks(db.Model):
     __tablename__ = "unlocks"
     id = db.Column(db.Integer, primary_key=True)

CTFd/themes/admin/assets/js/pages/submissions.js

@@ -61,6 +61,38 @@ function deleteSelectedSubmissions(_event) {
   });
 }
 
+function correctSubmissions(_event) {
+  let submissionIDs = $("input[data-submission-id]:checked").map(function() {
+    return $(this).data("submission-id");
+  });
+  let target = submissionIDs.length === 1 ? "submission" : "submissions";
+
+  ezQuery({
+    title: "Correct Submissions",
+    body: `Are you sure you want to mark ${
+      submissionIDs.length
+    } ${target} correct?`,
+    success: function() {
+      const reqs = [];
+      for (var subId of submissionIDs) {
+        let req = CTFd.fetch(`/api/v1/submissions/${subId}`, {
+          method: "PATCH",
+          credentials: "same-origin",
+          headers: {
+            Accept: "application/json",
+            "Content-Type": "application/json"
+          },
+          body: JSON.stringify({ type: "correct" })
+        });
+        reqs.push(req);
+      }
+      Promise.all(reqs).then(_responses => {
+        window.location.reload();
+      });
+    }
+  });
+}
+
 function showFlagsToggle(_event) {
   const urlParams = new URLSearchParams(window.location.search);
   if (urlParams.has("full")) {
@@ -110,6 +142,7 @@ $(() => {
   $("#show-short-flags-button").click(showFlagsToggle);
   $(".show-flag").click(showFlag);
   $(".copy-flag").click(copyFlag);
+  $("#correct-flags-button").click(correctSubmissions);
   $(".delete-correct-submission").click(deleteCorrectSubmission);
   $("#submission-delete-button").click(deleteSelectedSubmissions);
 });

CTFd/themes/admin/assets/js/pages/team.js

@@ -112,6 +112,39 @@ function updateTeam(event) {
     });
 }
 
+function correctSubmissions(_event) {
+  let submissions = $("input[data-submission-type=incorrect]:checked");
+  let submissionIDs = submissions.map(function() {
+    return $(this).data("submission-id");
+  });
+  let target = submissionIDs.length === 1 ? "submission" : "submissions";
+
+  ezQuery({
+    title: "Correct Submissions",
+    body: `Are you sure you want to mark ${
+      submissionIDs.length
+    } ${target} correct?`,
+    success: function() {
+      const reqs = [];
+      for (var subId of submissionIDs) {
+        let req = CTFd.fetch(`/api/v1/submissions/${subId}`, {
+          method: "PATCH",
+          credentials: "same-origin",
+          headers: {
+            Accept: "application/json",
+            "Content-Type": "application/json"
+          },
+          body: JSON.stringify({ type: "correct" })
+        });
+        reqs.push(req);
+      }
+      Promise.all(reqs).then(_responses => {
+        window.location.reload();
+      });
+    }
+  });
+}
+
 function deleteSelectedSubmissions(event, target) {
   let submissions;
   let type;
@@ -529,6 +562,8 @@ $(() => {
     deleteSelectedSubmissions(e, "solves");
   });
 
+  $("#correct-fail-button").click(correctSubmissions);
+
   $("#fails-delete-button").click(function(e) {
     deleteSelectedSubmissions(e, "fails");
   });

CTFd/themes/admin/assets/js/pages/user.js

@@ -225,6 +225,39 @@ function emailUser(event) {
     });
 }
 
+function correctSubmissions(_event) {
+  let submissions = $("input[data-submission-type=incorrect]:checked");
+  let submissionIDs = submissions.map(function() {
+    return $(this).data("submission-id");
+  });
+  let target = submissionIDs.length === 1 ? "submission" : "submissions";
+
+  ezQuery({
+    title: "Correct Submissions",
+    body: `Are you sure you want to mark ${
+      submissionIDs.length
+    } ${target} correct?`,
+    success: function() {
+      const reqs = [];
+      for (var subId of submissionIDs) {
+        let req = CTFd.fetch(`/api/v1/submissions/${subId}`, {
+          method: "PATCH",
+          credentials: "same-origin",
+          headers: {
+            Accept: "application/json",
+            "Content-Type": "application/json"
+          },
+          body: JSON.stringify({ type: "correct" })
+        });
+        reqs.push(req);
+      }
+      Promise.all(reqs).then(_responses => {
+        window.location.reload();
+      });
+    }
+  });
+}
+
 function deleteSelectedSubmissions(event, target) {
   let submissions;
   let type;
@@ -452,6 +485,8 @@ $(() => {
     deleteSelectedSubmissions(e, "solves");
   });
 
+  $("#correct-fail-button").click(correctSubmissions);
+
   $("#fails-delete-button").click(function(e) {
     deleteSelectedSubmissions(e, "fails");
   });