mirror of
https://github.com/aljazceru/CTFd.git
synced 2025-12-17 22:14:25 +01:00
Merge pull request #1366 from CTFd/extract-banned-code-from-tracker
* Extract the banning function from the IP tracking code to start moving it into cache
This commit is contained in:
Kevin Chung
@@ -183,31 +183,34 @@ def init_request_processors(app):
|
|||||||
db.session.rollback()
|
db.session.rollback()
|
||||||
logout_user()
|
logout_user()
|
||||||
|
|
||||||
if authed():
|
|
||||||
user = get_current_user()
|
|
||||||
team = get_current_team()
|
|
||||||
|
|
||||||
if request.path.startswith("/themes") is False:
|
|
||||||
if user and user.banned:
|
|
||||||
return (
|
|
||||||
render_template(
|
|
||||||
"errors/403.html",
|
|
||||||
error="You have been banned from this CTF",
|
|
||||||
),
|
|
||||||
403,
|
|
||||||
)
|
|
||||||
|
|
||||||
if team and team.banned:
|
|
||||||
return (
|
|
||||||
render_template(
|
|
||||||
"errors/403.html",
|
|
||||||
error="Your team has been banned from this CTF",
|
|
||||||
),
|
|
||||||
403,
|
|
||||||
)
|
|
||||||
|
|
||||||
db.session.close()
|
db.session.close()
|
||||||
|
|
||||||
|
@app.before_request
|
||||||
|
def banned():
|
||||||
|
if request.endpoint == "views.themes":
|
||||||
|
return
|
||||||
|
|
||||||
|
if authed():
|
||||||
|
user = get_current_user()
|
||||||
|
team = get_current_team()
|
||||||
|
|
||||||
|
if user and user.banned:
|
||||||
|
return (
|
||||||
|
render_template(
|
||||||
|
"errors/403.html", error="You have been banned from this CTF"
|
||||||
|
),
|
||||||
|
403,
|
||||||
|
)
|
||||||
|
|
||||||
|
if team and team.banned:
|
||||||
|
return (
|
||||||
|
render_template(
|
||||||
|
"errors/403.html",
|
||||||
|
error="Your team has been banned from this CTF",
|
||||||
|
),
|
||||||
|
403,
|
||||||
|
)
|
||||||
|
|
||||||
@app.before_request
|
@app.before_request
|
||||||
def tokens():
|
def tokens():
|
||||||
token = request.headers.get("Authorization")
|
token = request.headers.get("Authorization")
|
||||||
|
|||||||
@@ -59,28 +59,31 @@ def test_hidden_teams_visibility():
|
|||||||
register_user(app)
|
register_user(app)
|
||||||
with login_as_user(app) as client:
|
with login_as_user(app) as client:
|
||||||
user = Users.query.filter_by(id=2).first()
|
user = Users.query.filter_by(id=2).first()
|
||||||
|
user_id = user.id
|
||||||
team = gen_team(app.db, name="visible_team", hidden=True)
|
team = gen_team(app.db, name="visible_team", hidden=True)
|
||||||
|
team_id = team.id
|
||||||
|
team_name = team.name
|
||||||
team.members.append(user)
|
team.members.append(user)
|
||||||
user.team_id = team.id
|
user.team_id = team.id
|
||||||
app.db.session.commit()
|
app.db.session.commit()
|
||||||
|
|
||||||
r = client.get("/teams")
|
r = client.get("/teams")
|
||||||
response = r.get_data(as_text=True)
|
response = r.get_data(as_text=True)
|
||||||
assert team.name not in response
|
assert team_name not in response
|
||||||
|
|
||||||
r = client.get("/api/v1/teams")
|
r = client.get("/api/v1/teams")
|
||||||
response = r.get_json()
|
response = r.get_json()
|
||||||
assert team.name not in response
|
assert team_name not in response
|
||||||
|
|
||||||
gen_award(app.db, user.id, team_id=team.id)
|
gen_award(app.db, user_id, team_id=team_id)
|
||||||
|
|
||||||
r = client.get("/scoreboard")
|
r = client.get("/scoreboard")
|
||||||
response = r.get_data(as_text=True)
|
response = r.get_data(as_text=True)
|
||||||
assert team.name not in response
|
assert team_name not in response
|
||||||
|
|
||||||
r = client.get("/api/v1/scoreboard")
|
r = client.get("/api/v1/scoreboard")
|
||||||
response = r.get_json()
|
response = r.get_json()
|
||||||
assert team.name not in response
|
assert team_name not in response
|
||||||
|
|
||||||
# Team should re-appear after disabling hiding
|
# Team should re-appear after disabling hiding
|
||||||
# Use an API call to cause a cache clear
|
# Use an API call to cause a cache clear
|
||||||
@@ -90,15 +93,15 @@ def test_hidden_teams_visibility():
|
|||||||
|
|
||||||
r = client.get("/teams")
|
r = client.get("/teams")
|
||||||
response = r.get_data(as_text=True)
|
response = r.get_data(as_text=True)
|
||||||
assert team.name in response
|
assert team_name in response
|
||||||
|
|
||||||
r = client.get("/api/v1/teams")
|
r = client.get("/api/v1/teams")
|
||||||
response = r.get_data(as_text=True)
|
response = r.get_data(as_text=True)
|
||||||
assert team.name in response
|
assert team_name in response
|
||||||
|
|
||||||
r = client.get("/api/v1/scoreboard")
|
r = client.get("/api/v1/scoreboard")
|
||||||
response = r.get_data(as_text=True)
|
response = r.get_data(as_text=True)
|
||||||
assert team.name in response
|
assert team_name in response
|
||||||
destroy_ctfd(app)
|
destroy_ctfd(app)
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -48,6 +48,7 @@ def test_hidden_user_visibility():
|
|||||||
|
|
||||||
with login_as_user(app, name="hidden_user") as client:
|
with login_as_user(app, name="hidden_user") as client:
|
||||||
user = Users.query.filter_by(id=2).first()
|
user = Users.query.filter_by(id=2).first()
|
||||||
|
user_id = user.id
|
||||||
user_name = user.name
|
user_name = user.name
|
||||||
user.hidden = True
|
user.hidden = True
|
||||||
app.db.session.commit()
|
app.db.session.commit()
|
||||||
@@ -60,7 +61,7 @@ def test_hidden_user_visibility():
|
|||||||
response = r.get_json()
|
response = r.get_json()
|
||||||
assert user_name not in response
|
assert user_name not in response
|
||||||
|
|
||||||
gen_award(app.db, user.id)
|
gen_award(app.db, user_id)
|
||||||
|
|
||||||
r = client.get("/scoreboard")
|
r = client.get("/scoreboard")
|
||||||
response = r.get_data(as_text=True)
|
response = r.get_data(as_text=True)
|
||||||
|
|||||||
Reference in New Issue
Block a user