require new users to commit to follow the groundrules

zardus · zardus · commit 35bd3de4838d · 2025-08-06T21:25:06.000-07:00
diff --git a/dojo_theme/templates/register.html b/dojo_theme/templates/register.html
@@ -1,5 +1,7 @@
 {% extends "base.html" %}
 
+{% set commitment_text = "I have read the ground rules and commit to not publish pwn.college writeups on the internet." %}
+
 {% block content %}
 <div class="jumbotron">
 	<div class="container">
@@ -22,10 +24,22 @@ <h3>Bug Bounties</h3>
       If you find a vulnerability in this platform, please <a href="mailto:pwn-college@asu.edu">email</a> us rather than pwn us.
       We'll appreciate it, and you'll get extra credit (if you're an ASU student) or an awesome scoreboard award!</p>
 
+			<div class="form-group" id="commitment-section">
+				<div class="alert alert-warning">
+					To register, please type the following commitment exactly as shown:
+					<br><br>
+					<strong id="commitment-text">{{ commitment_text }}</strong>
+				</div>
+				<input type="text" id="commitment-input" class="form-control" placeholder="Type the commitment above" autocomplete="off">
+				<small class="form-text text-muted" id="commitment-feedback">
+					Please type the commitment exactly as shown above to enable registration
+				</small>
+			</div>
+
       <h2>Sign Up!</h2>
 			{% with form = Forms.auth.RegistrationForm() %}
 			{% from "macros/forms.html" import render_extra_fields %}
-			<form method="post" accept-charset="utf-8" autocomplete="off" role="form">
+			<form method="post" accept-charset="utf-8" autocomplete="off" role="form" id="registration-form">
 				<div class="form-group">
 					<b>{{ form.name.label }}</b>
 					{{ form.name(class="form-control", value=name) }}
@@ -47,13 +61,16 @@ <h2>Sign Up!</h2>
 						Password used to log into your account
 					</small>
 				</div>
+
 				{{ form.nonce() }}
+				
+				<input type="hidden" id="commitment-verified" name="commitment_verified" value="">
 
 				{{ render_extra_fields(form.extra) }}
 
 				<div class="row pt-3">
 					<div class="col-md-12">
-						{{ form.submit(class="btn btn-md btn-primary btn-outlined float-right") }}
+						{{ form.submit(class="btn btn-md btn-primary btn-outlined float-right btn-disabled", id="register-submit", style="opacity: 0.5; cursor: not-allowed;") }}
 					</div>
 				</div>
 
@@ -76,4 +93,108 @@ <h2>Sign Up!</h2>
 {% endblock %}
 
 {% block scripts %}
+<style>
+@keyframes shake {
+    0%, 100% { transform: translateX(0); }
+    10%, 30%, 50%, 70%, 90% { transform: translateX(-5px); }
+    20%, 40%, 60%, 80% { transform: translateX(5px); }
+}
+</style>
+<script>
+document.addEventListener('DOMContentLoaded', function() {
+    const commitmentText = {{ commitment_text | tojson }};
+    const commitmentInput = document.getElementById('commitment-input');
+    const commitmentFeedback = document.getElementById('commitment-feedback');
+    const registerButton = document.getElementById('register-submit');
+    const registerForm = document.getElementById('registration-form');
+    const commitmentVerifiedField = document.getElementById('commitment-verified');
+    let commitmentValid = false;
+    
+    function normalizeText(text) {
+        return text.toLowerCase().replace(/[^a-z]/g, '').split('').sort().join('');
+    }
+    
+    function validateCommitment() {
+        const userInput = commitmentInput.value.trim();
+        
+        if (userInput === '') {
+            commitmentValid = false;
+            commitmentVerifiedField.value = '';
+            commitmentInput.classList.remove('is-valid', 'is-invalid');
+            commitmentFeedback.textContent = 'Please type the commitment exactly as shown above to enable registration';
+            commitmentFeedback.classList.remove('text-success', 'text-danger');
+            commitmentFeedback.classList.add('text-muted');
+            
+            registerButton.style.opacity = '0.5';
+            registerButton.style.cursor = 'not-allowed';
+            registerButton.classList.add('btn-disabled');
+        } else {
+            const normalizedUser = normalizeText(userInput);
+            const normalizedCommitment = normalizeText(commitmentText);
+            
+            if (normalizedUser === normalizedCommitment) {
+                commitmentValid = true;
+                commitmentVerifiedField.value = 'verified';
+                commitmentInput.classList.remove('is-invalid');
+                commitmentInput.classList.add('is-valid');
+                commitmentFeedback.textContent = 'Thank you for helping keep pwn.college viable!';
+                commitmentFeedback.classList.remove('text-muted', 'text-danger');
+                commitmentFeedback.classList.add('text-success');
+                
+                registerButton.style.opacity = '1';
+                registerButton.style.cursor = 'pointer';
+                registerButton.classList.remove('btn-disabled');
+            } else {
+                commitmentValid = false;
+                commitmentVerifiedField.value = '';
+                commitmentInput.classList.remove('is-valid');
+                commitmentInput.classList.add('is-invalid');
+                commitmentFeedback.textContent = 'Please type the commitment as shown above';
+                commitmentFeedback.classList.remove('text-muted', 'text-success');
+                commitmentFeedback.classList.add('text-danger');
+                
+                registerButton.style.opacity = '0.5';
+                registerButton.style.cursor = 'not-allowed';
+                registerButton.classList.add('btn-disabled');
+            }
+        }
+    }
+    
+    function showCommitmentReminder() {
+        alert('Please type the commitment exactly as shown to enable registration.');
+        document.getElementById('commitment-section').scrollIntoView({ behavior: 'smooth', block: 'center' });
+        commitmentInput.focus();
+        commitmentInput.style.animation = 'shake 0.5s';
+        setTimeout(() => {
+            commitmentInput.style.animation = '';
+        }, 500);
+    }
+    
+    commitmentInput.addEventListener('input', validateCommitment);
+    commitmentInput.addEventListener('paste', function() {
+        setTimeout(validateCommitment, 10);
+    });
+    
+    registerForm.addEventListener('submit', function(e) {
+        if (!commitmentValid) {
+            e.preventDefault();
+            e.stopPropagation();
+            showCommitmentReminder();
+            return false;
+        }
+        return true;
+    });
+    
+    registerButton.addEventListener('click', function(e) {
+        if (!commitmentValid) {
+            e.preventDefault();
+            e.stopPropagation();
+            showCommitmentReminder();
+            return false;
+        }
+    });
+    
+    validateCommitment();
+});
+</script>
 {% endblock %}
diff --git a/test/test_welcome.py b/test/test_welcome.py
@@ -1,5 +1,7 @@
 import contextlib
 import time
+import string
+import random
 
 import pytest
 from selenium.webdriver import Firefox, FirefoxOptions
@@ -10,18 +12,19 @@
 
 from utils import DOJO_URL, workspace_run
 
-
 @pytest.fixture
-def random_user_browser(random_user_name):
+def browser_fixture():
     options = FirefoxOptions()
     options.add_argument("--headless")
-    browser = Firefox(options=options)
+    return Firefox(options=options)
 
-    browser.get(f"{DOJO_URL}/login")
-    browser.find_element("id", "name").send_keys(random_user_name)
-    browser.find_element("id", "password").send_keys(random_user_name)
-    browser.find_element("id", "_submit").click()
-    return browser
+@pytest.fixture
+def random_user_browser(browser_fixture, random_user_name):
+    browser_fixture.get(f"{DOJO_URL}/login")
+    browser_fixture.find_element("id", "name").send_keys(random_user_name)
+    browser_fixture.find_element("id", "password").send_keys(random_user_name)
+    browser_fixture.find_element("id", "_submit").click()
+    return browser_fixture
 
 
 @contextlib.contextmanager
@@ -207,3 +210,33 @@ def skip_test_welcome_practice(random_user_browser, random_user_name, welcome_do
         flag = workspace_run("tail -n1 /tmp/out 2>&1", user=random_user_name).stdout.split()[-1]
     challenge_submit(random_user_browser, idx, flag)
     random_user_browser.close()
+
+
+def test_registration_commitment(browser_fixture):
+    browser_fixture.get(f"{DOJO_URL}/register")
+    wait = WebDriverWait(browser_fixture, 10)
+    
+    test_username = "test" + "".join(random.choices(string.ascii_lowercase, k=8))
+    
+    browser_fixture.find_element(By.ID, "name").send_keys(test_username)
+    browser_fixture.find_element(By.ID, "email").send_keys(f"{test_username}@example.com")
+    browser_fixture.find_element(By.ID, "password").send_keys("TestPassword123!")
+    
+    submit_button = browser_fixture.find_element(By.ID, "register-submit")
+    submit_button.click()
+    
+    alert = browser_fixture.switch_to.alert
+    assert "Please type the commitment" in alert.text
+    alert.accept()
+    
+    commitment_input = browser_fixture.find_element(By.ID, "commitment-input")
+    commitment_input.send_keys("i have read the ground rules and commit to not publish pwn.college writeups on the internet")
+    
+    time.sleep(0.5)
+    
+    submit_button.click()
+    
+    wait.until(lambda driver: "register" not in driver.current_url.lower())
+    assert "register" not in browser_fixture.current_url.lower()
+
+    browser_fixture.close()
