Handle other cases for attrs invalidation

CTFd/api/v1/teams.py

@@ -3,7 +3,7 @@ import copy
 from flask import abort, request, session
 from flask_restx import Namespace, Resource
 
-from CTFd.cache import clear_standings
+from CTFd.cache import clear_standings, clear_team_session, clear_user_session
 from CTFd.models import Awards, Submissions, Teams, Unlocks, Users, db
 from CTFd.schemas.awards import AwardSchema
 from CTFd.schemas.submissions import SubmissionSchema
@@ -91,25 +91,31 @@ class TeamPublic(Resource):
 
         response = schema.dump(response.data)
         db.session.commit()
-        db.session.close()
 
+        clear_team_session(team_id=team.id)
         clear_standings()
 
+        db.session.close()
+
         return {"success": True, "data": response.data}
 
     @admins_only
     def delete(self, team_id):
         team = Teams.query.filter_by(id=team_id).first_or_404()
+        team_id = team.id
 
         for member in team.members:
             member.team_id = None
+            clear_user_session(user_id=member.id)
 
         db.session.delete(team)
         db.session.commit()
-        db.session.close()
 
+        clear_team_session(team_id=team_id)
         clear_standings()
 
+        db.session.close()
+
         return {"success": True}
 
 
@@ -150,7 +156,7 @@ class TeamPrivate(Resource):
             return {"success": False, "errors": response.errors}, 400
 
         db.session.commit()
-
+        clear_team_session(team_id=team.id)
         response = TeamSchema("self").dump(response.data)
         db.session.close()
 

CTFd/auth.py

@@ -9,6 +9,7 @@ from itsdangerous.exc import BadSignature, BadTimeSignature, SignatureExpired
 from CTFd.models import Teams, Users, db
 from CTFd.utils import config, email, get_app_config, get_config
 from CTFd.utils import user as current_user
+from CTFd.cache import clear_user_session, clear_team_session
 from CTFd.utils import validators
 from CTFd.utils.config import is_teams_mode
 from CTFd.utils.config.integrations import mlc_registration
@@ -57,6 +58,7 @@ def confirm(data=None):
             name=user.name,
         )
         db.session.commit()
+        clear_user_session(user_id=user.id)
         email.successful_registration_notification(user.email)
         db.session.close()
         if current_user.authed():
@@ -126,6 +128,7 @@ def reset_password(data=None):
 
             user.password = password
             db.session.commit()
+            clear_user_session(user_id=user.id)
             log(
                 "logins",
                 format="[{date}] {ip} -  successful password reset for {name}",
@@ -411,6 +414,7 @@ def oauth_redirect():
                     team = Teams(name=team_name, oauth_id=team_id, captain_id=user.id)
                     db.session.add(team)
                     db.session.commit()
+                    clear_team_session(team_id=team.id)
 
                 team_size_limit = get_config("team_size", default=0)
                 if team_size_limit and len(team.members) >= team_size_limit:
@@ -428,6 +432,7 @@ def oauth_redirect():
                 user.oauth_id = user_id
                 user.verified = True
                 db.session.commit()
+                clear_user_session(user_id=user.id)
 
             login_user(user)
 

CTFd/cache/__init__.py

@@ -50,3 +50,9 @@ def clear_user_session(user_id):
     from CTFd.utils.user import get_user_attrs
 
     cache.delete_memoized(get_user_attrs, user_id=user_id)
+
+
+def clear_team_session(team_id):
+    from CTFd.utils.user import get_team_attrs
+
+    cache.delete_memoized(get_team_attrs, team_id=team_id)

CTFd/teams.py

@@ -1,5 +1,6 @@
 from flask import Blueprint, redirect, render_template, request, url_for
 
+from CTFd.cache import clear_user_session, clear_team_session
 from CTFd.models import Teams, db
 from CTFd.utils import config, get_config
 from CTFd.utils.crypto import verify_password
@@ -63,7 +64,6 @@ def join():
         passphrase = request.form.get("password", "").strip()
 
         team = Teams.query.filter_by(name=teamname).first()
-        user = get_current_user()
 
         if team and verify_password(passphrase, team.password):
             team_size_limit = get_config("team_size", default=0)
@@ -77,6 +77,7 @@ def join():
                     "teams/join_team.html", infos=infos, errors=errors
                 )
 
+            user = get_current_user()
             user.team_id = team.id
             db.session.commit()
 
@@ -84,6 +85,9 @@ def join():
                 team.captain_id = user.id
                 db.session.commit()
 
+            clear_user_session(user_id=user.id)
+            clear_team_session(team_id=team.id)
+
             return redirect(url_for("challenges.listing"))
         else:
             errors.append("That information is incorrect")
@@ -130,6 +134,10 @@ def new():
 
         user.team_id = team.id
         db.session.commit()
+
+        clear_user_session(user_id=user.id)
+        clear_team_session(team_id=team.id)
+
         return redirect(url_for("challenges.listing"))
 
 

CTFd/utils/initialization/__init__.py

@@ -40,8 +40,6 @@ from CTFd.utils.security.auth import login_user, logout_user, lookup_user_token
 from CTFd.utils.security.csrf import generate_nonce
 from CTFd.utils.user import (
     authed,
-    get_current_team,
-    get_current_user,
     get_current_user_attrs,
     get_current_team_attrs,
     get_ip,
@@ -84,6 +82,9 @@ def init_template_globals(app):
     app.jinja_env.globals.update(integrations=integrations)
     app.jinja_env.globals.update(authed=authed)
     app.jinja_env.globals.update(is_admin=is_admin)
+    app.jinja_env.globals.update(get_current_user_attrs=get_current_user_attrs)
+    app.jinja_env.globals.update(get_current_team_attrs=get_current_team_attrs)
+    app.jinja_env.globals.update(get_ip=get_ip)
 
 
 def init_logs(app):

CTFd/utils/user/__init__.py

@@ -59,7 +59,7 @@ def get_team_attrs(team_id):
     if team:
         d = {}
         for field in TeamAttrs._fields:
-            d[field] = getattr(user, field)
+            d[field] = getattr(team, field)
         return TeamAttrs(**d)
     return None