Do Not Enforce Email Address During CTFd Registration



CTFd is a Python-based open-source Capture The Flag (CTF) web app. I wanted to use it in a context where I didn't want to collect email addresses of the registering users. To archive this, I decided to take the easy way and hack myself around the problem: just hide the email-field in the registration form and generate a random address for every registration. The following patch was applied to commit 4c31dc23 but should be easily translatable to future versions of CTFd.
diff --git a/CTFd/auth.py b/CTFd/auth.py
index 2f801f0..944f61e 100644
--- a/CTFd/auth.py
+++ b/CTFd/auth.py
@@ -1,6 +1,8 @@
 import base64

 import requests
+import random
+import string
 from flask import Blueprint
 from flask import current_app as app
 from flask import redirect, render_template, request, session, url_for
@@ -187,7 +189,7 @@ def register():
     errors = get_errors()
     if request.method == "POST":
         name = request.form.get("name", "").strip()
-        email_address = request.form.get("email", "").strip().lower()
+        email_address = ''.join(random.choice(string.ascii_lowercase) for i in range(20)) + '@example.com'
         password = request.form.get("password", "").strip()

         website = request.form.get("website")
diff --git a/CTFd/themes/core/templates/register.html b/CTFd/themes/core/templates/register.html
index ecc5bb4..55e5bc1 100644
--- a/CTFd/themes/core/templates/register.html
+++ b/CTFd/themes/core/templates/register.html
@@ -32,9 +32,9 @@
                                                Your username on the site
                                        </small>
                                </div>
-                               <div class="form-group">
+                               <div class="form-group" style="display: none;">
                                        <b>{{ form.email.label }}</b>
-                                       {{ form.email(class="form-control", value=email) }}
+                                       {{ form.email(class="form-control", value='test@example.com') }}
                                        <small class="form-text text-muted">
                                                Never shown to the public
                                        </small>

2 Replies to “Do Not Enforce Email Address During CTFd Registration”

Leave a Reply

Your email address will not be published. Required fields are marked *