Add feature to search users by IP address (#1059)

* Allows admins to search users by IP address
* Closes #1054
selenium-screenshot-testing
Sachin S. Kamath 2019-07-30 05:09:41 +00:00 committed by Kevin Chung
parent cf7959ab16
commit 34bab12a99
4 changed files with 61 additions and 3 deletions

View File

@ -43,7 +43,7 @@ def teams_listing():
return render_template( return render_template(
"admin/teams/teams.html", "admin/teams/teams.html",
teams=teams, teams=teams,
pages=None, pages=0,
curr_page=None, curr_page=None,
q=q, q=q,
field=field, field=field,

View File

@ -42,10 +42,18 @@ def users_listing():
.order_by(Users.id.asc()) .order_by(Users.id.asc())
.all() .all()
) )
elif field == "ip":
users = (
Users.query.join(Tracking, Users.id == Tracking.user_id)
.filter(Tracking.ip.like("%{}%".format(q)))
.order_by(Users.id.asc())
.all()
)
return render_template( return render_template(
"admin/users/users.html", "admin/users/users.html",
users=users, users=users,
pages=None, pages=0,
curr_page=None, curr_page=None,
q=q, q=q,
field=field, field=field,

View File

@ -31,11 +31,12 @@
<option value="id" {% if field == 'id' %}selected{% endif %}>ID</option> <option value="id" {% if field == 'id' %}selected{% endif %}>ID</option>
<option value="email" {% if field == 'email' %}selected{% endif %}>Email</option> <option value="email" {% if field == 'email' %}selected{% endif %}>Email</option>
<option value="affiliation" {% if field == 'affiliation' %}selected{% endif %}>Affiliation</option> <option value="affiliation" {% if field == 'affiliation' %}selected{% endif %}>Affiliation</option>
<option value="ip" {% if field == 'ip' %}selected{% endif %}>IP Address</option>
</select> </select>
</div> </div>
<div class="form-group col-md-8"> <div class="form-group col-md-8">
<label for="team-name-search" class="sr-only">Parameter</label> <label for="team-name-search" class="sr-only">Parameter</label>
<input type="text" class="form-control w-100" id="team-name-search" name="q" placeholder="Search for matching team names" {% if q %}value="{{q}}"{% endif %}> <input type="text" class="form-control w-100" id="team-name-search" name="q" placeholder="Search for matching user" {% if q %}value="{{q}}"{% endif %}>
</div> </div>
<div class="form-group col-md-2"> <div class="form-group col-md-2">
<label for="team-name-search" class="sr-only">Search</label> <label for="team-name-search" class="sr-only">Search</label>

View File

@ -0,0 +1,49 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from tests.helpers import (
create_ctfd,
destroy_ctfd,
login_as_user,
gen_user,
gen_tracking,
)
def test_admin_user_ip_search():
"""Can an admin search user IPs"""
app = create_ctfd()
with app.app_context():
u1 = gen_user(app.db, name="user1", email="user1@ctfd.io")
gen_tracking(app.db, user_id=u1.id, ip="1.1.1.1")
u2 = gen_user(app.db, name="user2", email="user2@ctfd.io")
gen_tracking(app.db, user_id=u2.id, ip="2.2.2.2")
u3 = gen_user(app.db, name="user3", email="user3@ctfd.io")
gen_tracking(app.db, user_id=u3.id, ip="3.3.3.3")
u4 = gen_user(app.db, name="user4", email="user4@ctfd.io")
gen_tracking(app.db, user_id=u4.id, ip="3.3.3.3")
gen_tracking(app.db, user_id=u4.id, ip="4.4.4.4")
with login_as_user(app, name="admin", password="password") as admin:
r = admin.get("/admin/users?field=ip&q=1.1.1.1")
resp = r.get_data(as_text=True)
assert "user1" in resp
assert "user2" not in resp
assert "user3" not in resp
r = admin.get("/admin/users?field=ip&q=2.2.2.2")
resp = r.get_data(as_text=True)
assert "user1" not in resp
assert "user2" in resp
assert "user3" not in resp
r = admin.get("/admin/users?field=ip&q=3.3.3.3")
resp = r.get_data(as_text=True)
assert "user1" not in resp
assert "user2" not in resp
assert "user3" in resp
assert "user4" in resp
destroy_ctfd(app)