Add feature to search users by IP address (#1059)

* Allows admins to search users by IP address * Closes #1054
2019-07-30 05:09:41 +00:00 · 2019-07-30 05:09:41 +00:00 · 34bab12a99
parent cf7959ab16
commit 34bab12a99
4 changed files with 61 additions and 3 deletions
--- a/CTFd/admin/teams.py
+++ b/CTFd/admin/teams.py
@ -43,7 +43,7 @@ def teams_listing():
        return render_template(
            "admin/teams/teams.html",
            teams=teams,
-            pages=None,
+            pages=0,
            curr_page=None,
            q=q,
            field=field,
--- a/CTFd/admin/users.py
+++ b/CTFd/admin/users.py
@ -42,10 +42,18 @@ def users_listing():
                .order_by(Users.id.asc())
                .all()
            )
+        elif field == "ip":
+            users = (
+                Users.query.join(Tracking, Users.id == Tracking.user_id)
+                .filter(Tracking.ip.like("%{}%".format(q)))
+                .order_by(Users.id.asc())
+                .all()
+            )
+
        return render_template(
            "admin/users/users.html",
            users=users,
-            pages=None,
+            pages=0,
            curr_page=None,
            q=q,
            field=field,
--- a/CTFd/themes/admin/templates/users/users.html
+++ b/CTFd/themes/admin/templates/users/users.html
@ -31,11 +31,12 @@
 							<option value="id" {% if field == 'id' %}selected{% endif %}>ID</option>
 							<option value="email" {% if field == 'email' %}selected{% endif %}>Email</option>
 							<option value="affiliation" {% if field == 'affiliation' %}selected{% endif %}>Affiliation</option>
+							<option value="ip" {% if field == 'ip' %}selected{% endif %}>IP Address</option>
 					  </select>
 					</div>
 					<div class="form-group col-md-8">
 						<label for="team-name-search" class="sr-only">Parameter</label>
-						<input type="text" class="form-control w-100" id="team-name-search" name="q" placeholder="Search for matching team names" {% if q %}value="{{q}}"{% endif %}>
+						<input type="text" class="form-control w-100" id="team-name-search" name="q" placeholder="Search for matching user" {% if q %}value="{{q}}"{% endif %}>
 					</div>
 					<div class="form-group col-md-2">
 						<label for="team-name-search" class="sr-only">Search</label>
--- a/tests/admin/test_users.py
+++ b/tests/admin/test_users.py
@ -0,0 +1,49 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+from tests.helpers import (
+    create_ctfd,
+    destroy_ctfd,
+    login_as_user,
+    gen_user,
+    gen_tracking,
+)
+
+
+def test_admin_user_ip_search():
+    """Can an admin search user IPs"""
+    app = create_ctfd()
+    with app.app_context():
+        u1 = gen_user(app.db, name="user1", email="user1@ctfd.io")
+        gen_tracking(app.db, user_id=u1.id, ip="1.1.1.1")
+
+        u2 = gen_user(app.db, name="user2", email="user2@ctfd.io")
+        gen_tracking(app.db, user_id=u2.id, ip="2.2.2.2")
+
+        u3 = gen_user(app.db, name="user3", email="user3@ctfd.io")
+        gen_tracking(app.db, user_id=u3.id, ip="3.3.3.3")
+
+        u4 = gen_user(app.db, name="user4", email="user4@ctfd.io")
+        gen_tracking(app.db, user_id=u4.id, ip="3.3.3.3")
+        gen_tracking(app.db, user_id=u4.id, ip="4.4.4.4")
+
+        with login_as_user(app, name="admin", password="password") as admin:
+            r = admin.get("/admin/users?field=ip&q=1.1.1.1")
+            resp = r.get_data(as_text=True)
+            assert "user1" in resp
+            assert "user2" not in resp
+            assert "user3" not in resp
+
+            r = admin.get("/admin/users?field=ip&q=2.2.2.2")
+            resp = r.get_data(as_text=True)
+            assert "user1" not in resp
+            assert "user2" in resp
+            assert "user3" not in resp
+
+            r = admin.get("/admin/users?field=ip&q=3.3.3.3")
+            resp = r.get_data(as_text=True)
+            assert "user1" not in resp
+            assert "user2" not in resp
+            assert "user3" in resp
+            assert "user4" in resp
+    destroy_ctfd(app)