aljaz/CTFd
1
0
Fork 0
mirror of https://github.com/aljazceru/CTFd.git synced 2025-12-18 06:24:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix exception occuring on Admin demotion (#1799)

Browse Source 
* Fix an exception that occurred when demoting an Admin user
* Fix the response from the above request from returning a list instead of a dict
* Closes #1794
This commit is contained in:
Kevin Chung
2021-02-09 04:03:04 -05:00
committed by GitHub
parent 0a5a886ac6
commit fa7316722e
3 changed files with 28 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
CTFd/api/v1/users.py
View File

@@ -233,16 +233,18 @@ class UserPublic(Resource):
if response.errors: if response.errors:
return {"success": False, "errors": response.errors}, 400 return {"success": False, "errors": response.errors}, 400
db.session.commit() # This generates the response first before actually changing the type
# This avoids an error during User type changes where we change
# the polymorphic identity resulting in an ObjectDeletedError
# https://github.com/CTFd/CTFd/issues/1794
response = schema.dump(response.data) response = schema.dump(response.data)
db.session.commit()
db.session.close() db.session.close()
clear_user_session(user_id=user_id) clear_user_session(user_id=user_id)
clear_standings() clear_standings()
return {"success": True, "data": response} return {"success": True, "data": response.data}
@admins_only @admins_only
@users_namespace.doc( @users_namespace.doc(

2
tests/api/v1/test_users.py
View File

@@ -308,7 +308,7 @@ def test_api_user_patch_admin():
}, },
) )
assert r.status_code == 200 assert r.status_code == 200
user_data = r.get_json()["data"][0] user_data = r.get_json()["data"]
assert user_data["country"] == "US" assert user_data["country"] == "US"
assert user_data["verified"] is True assert user_data["verified"] is True
destroy_ctfd(app) destroy_ctfd(app)

22
tests/api/v1/users/test_users.py
View File

@@ -1,7 +1,7 @@
#!/usr/bin/env python #!/usr/bin/env python
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
from tests.helpers import create_ctfd, destroy_ctfd, login_as_user from tests.helpers import create_ctfd, destroy_ctfd, login_as_user, register_user
def test_api_self_ban(): def test_api_self_ban():
@@ -15,3 +15,23 @@ def test_api_self_ban():
assert resp["success"] == False assert resp["success"] == False
assert resp["errors"] == {"id": "You cannot ban yourself"} assert resp["errors"] == {"id": "You cannot ban yourself"}
destroy_ctfd(app) destroy_ctfd(app)
def test_api_modify_user_type():
"""Can a user patch /api/v1/users/<user_id> to promote a user to admin and demote them to user"""
app = create_ctfd()
with app.app_context():
register_user(app)
with login_as_user(app, "admin") as client:
r = client.patch("/api/v1/users/2", json={"type": "admin"})
assert r.status_code == 200
user_data = r.get_json()["data"]
assert user_data["name"] == "user"
assert user_data["type"] == "admin"
r = client.patch("/api/v1/users/2", json={"type": "user"})
assert r.status_code == 200
user_data = r.get_json()["data"]
assert user_data["name"] == "user"
assert user_data["type"] == "user"
destroy_ctfd(app)