mitre-cyber-academy / ctf-scoreboard

This scoreboard allows you to host your own cybersecurity capture-the-flag (jeopardy-style or attack/defend) competition. Also includes team creation!
http://mitrecyberacademy.org/
Apache License 2.0
54 stars 30 forks source link

How can I login into the administrator account ? #158

Closed noraj closed 5 years ago

noraj commented 6 years ago

http://localhost:3000/admin redirects to http://localhost:3000/.

On http://127.0.0.1:3000/users/login, login as root@root.com or ctf@mitre.org results into an error message You have to confirm your account before continuing..

How can I login into the administrator account ?

rbclark commented 6 years ago

You are supposed to be able to login through the users login page, there is not a separate login for admins. Try doing the following:

user = User.where(email: 'root@root.com')
user.confirm!
user.save

and then try to login again.

noraj commented 6 years ago

@rbclark I'm totally RoR ignorant, where you I paste this ruby code ?

I'm planning to try to implement https://github.com/mitre-cyber-academy/ctf-scoreboard/issues/122

rbclark commented 6 years ago

Sorry, you have to paste that in using rails console: bundle exec rails c

noraj commented 6 years ago

@rbclark I must be missing something.

I don't see much ref about confirm https://github.com/mitre-cyber-academy/ctf-scoreboard/search?q=confirm&unscoped_q=confirm

rbclark commented 6 years ago

My mistake, it is user.confirm not user.confirm!. The rest of the steps should be correct.

noraj commented 6 years ago

@rbclark Of course I tested user.confirm too but it doesn't exist either. I also checked all available methods but none are similar to confirmation.

rbclark commented 6 years ago

I didn't read your error message well enough, my bad. You need to only have 1 user that you are operating on, however you are operating on an activerecord relation (aka an array of users, in your case an array of 1 users), which is my bad since you were just following my instructions. The following will work:

user = User.find_by(email: 'root@root.com')
user.confirm
user.save
noraj commented 6 years ago

Sorry, I'm familiar with ruby but not with RoR so I didn't understand that activerecord relation was an array. Thanks for the explanation, this is working now.

I think those steps are not obvious for non-developers so where can we add them? What is the more suitable place: Wiki or Readme? You must think that confirming those accounts by defaults is a security issue on some environments, I agree with you.

rbclark commented 6 years ago

For the development environment I don't mind confirming by default. That should be doable with a correction to the seeds file.

noraj commented 6 years ago

See my PR #161