Merge pull request #1366 from CTFd/extract-banned-code-from-tracker

* Extract the banning function from the IP tracking code to start moving it into cache

CTFd/utils/initialization/__init__.py

@@ -183,16 +183,21 @@ def init_request_processors(app):
                 db.session.rollback()
                 logout_user()
 
+            db.session.close()
+
+    @app.before_request
+    def banned():
+        if request.endpoint == "views.themes":
+            return
+
         if authed():
             user = get_current_user()
             team = get_current_team()
 
-                if request.path.startswith("/themes") is False:
             if user and user.banned:
                 return (
                     render_template(
-                                "errors/403.html",
+                        "errors/403.html", error="You have been banned from this CTF"
-                                error="You have been banned from this CTF",
                     ),
                     403,
                 )
@@ -206,8 +211,6 @@ def init_request_processors(app):
                     403,
                 )
 
-            db.session.close()
-
     @app.before_request
     def tokens():
         token = request.headers.get("Authorization")

tests/teams/test_teams.py

@@ -59,28 +59,31 @@ def test_hidden_teams_visibility():
         register_user(app)
         with login_as_user(app) as client:
             user = Users.query.filter_by(id=2).first()
+            user_id = user.id
             team = gen_team(app.db, name="visible_team", hidden=True)
+            team_id = team.id
+            team_name = team.name
             team.members.append(user)
             user.team_id = team.id
             app.db.session.commit()
 
             r = client.get("/teams")
             response = r.get_data(as_text=True)
-            assert team.name not in response
+            assert team_name not in response
 
             r = client.get("/api/v1/teams")
             response = r.get_json()
-            assert team.name not in response
+            assert team_name not in response
 
-            gen_award(app.db, user.id, team_id=team.id)
+            gen_award(app.db, user_id, team_id=team_id)
 
             r = client.get("/scoreboard")
             response = r.get_data(as_text=True)
-            assert team.name not in response
+            assert team_name not in response
 
             r = client.get("/api/v1/scoreboard")
             response = r.get_json()
-            assert team.name not in response
+            assert team_name not in response
 
             # Team should re-appear after disabling hiding
             # Use an API call to cause a cache clear
@@ -90,15 +93,15 @@ def test_hidden_teams_visibility():
 
             r = client.get("/teams")
             response = r.get_data(as_text=True)
-            assert team.name in response
+            assert team_name in response
 
             r = client.get("/api/v1/teams")
             response = r.get_data(as_text=True)
-            assert team.name in response
+            assert team_name in response
 
             r = client.get("/api/v1/scoreboard")
             response = r.get_data(as_text=True)
-            assert team.name in response
+            assert team_name in response
     destroy_ctfd(app)
 
 

tests/users/test_users.py

@@ -48,6 +48,7 @@ def test_hidden_user_visibility():
 
         with login_as_user(app, name="hidden_user") as client:
             user = Users.query.filter_by(id=2).first()
+            user_id = user.id
             user_name = user.name
             user.hidden = True
             app.db.session.commit()
@@ -60,7 +61,7 @@ def test_hidden_user_visibility():
             response = r.get_json()
             assert user_name not in response
 
-            gen_award(app.db, user.id)
+            gen_award(app.db, user_id)
 
             r = client.get("/scoreboard")
             response = r.get_data(as_text=True)