mirror of https://github.com/JohnHammond/CTFd.git
Add feature to search users by IP address (#1059)
* Allows admins to search users by IP address * Closes #1054selenium-screenshot-testing
parent
cf7959ab16
commit
34bab12a99
|
@ -43,7 +43,7 @@ def teams_listing():
|
||||||
return render_template(
|
return render_template(
|
||||||
"admin/teams/teams.html",
|
"admin/teams/teams.html",
|
||||||
teams=teams,
|
teams=teams,
|
||||||
pages=None,
|
pages=0,
|
||||||
curr_page=None,
|
curr_page=None,
|
||||||
q=q,
|
q=q,
|
||||||
field=field,
|
field=field,
|
||||||
|
|
|
@ -42,10 +42,18 @@ def users_listing():
|
||||||
.order_by(Users.id.asc())
|
.order_by(Users.id.asc())
|
||||||
.all()
|
.all()
|
||||||
)
|
)
|
||||||
|
elif field == "ip":
|
||||||
|
users = (
|
||||||
|
Users.query.join(Tracking, Users.id == Tracking.user_id)
|
||||||
|
.filter(Tracking.ip.like("%{}%".format(q)))
|
||||||
|
.order_by(Users.id.asc())
|
||||||
|
.all()
|
||||||
|
)
|
||||||
|
|
||||||
return render_template(
|
return render_template(
|
||||||
"admin/users/users.html",
|
"admin/users/users.html",
|
||||||
users=users,
|
users=users,
|
||||||
pages=None,
|
pages=0,
|
||||||
curr_page=None,
|
curr_page=None,
|
||||||
q=q,
|
q=q,
|
||||||
field=field,
|
field=field,
|
||||||
|
|
|
@ -31,11 +31,12 @@
|
||||||
<option value="id" {% if field == 'id' %}selected{% endif %}>ID</option>
|
<option value="id" {% if field == 'id' %}selected{% endif %}>ID</option>
|
||||||
<option value="email" {% if field == 'email' %}selected{% endif %}>Email</option>
|
<option value="email" {% if field == 'email' %}selected{% endif %}>Email</option>
|
||||||
<option value="affiliation" {% if field == 'affiliation' %}selected{% endif %}>Affiliation</option>
|
<option value="affiliation" {% if field == 'affiliation' %}selected{% endif %}>Affiliation</option>
|
||||||
|
<option value="ip" {% if field == 'ip' %}selected{% endif %}>IP Address</option>
|
||||||
</select>
|
</select>
|
||||||
</div>
|
</div>
|
||||||
<div class="form-group col-md-8">
|
<div class="form-group col-md-8">
|
||||||
<label for="team-name-search" class="sr-only">Parameter</label>
|
<label for="team-name-search" class="sr-only">Parameter</label>
|
||||||
<input type="text" class="form-control w-100" id="team-name-search" name="q" placeholder="Search for matching team names" {% if q %}value="{{q}}"{% endif %}>
|
<input type="text" class="form-control w-100" id="team-name-search" name="q" placeholder="Search for matching user" {% if q %}value="{{q}}"{% endif %}>
|
||||||
</div>
|
</div>
|
||||||
<div class="form-group col-md-2">
|
<div class="form-group col-md-2">
|
||||||
<label for="team-name-search" class="sr-only">Search</label>
|
<label for="team-name-search" class="sr-only">Search</label>
|
||||||
|
|
|
@ -0,0 +1,49 @@
|
||||||
|
#!/usr/bin/env python
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
|
||||||
|
from tests.helpers import (
|
||||||
|
create_ctfd,
|
||||||
|
destroy_ctfd,
|
||||||
|
login_as_user,
|
||||||
|
gen_user,
|
||||||
|
gen_tracking,
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
def test_admin_user_ip_search():
|
||||||
|
"""Can an admin search user IPs"""
|
||||||
|
app = create_ctfd()
|
||||||
|
with app.app_context():
|
||||||
|
u1 = gen_user(app.db, name="user1", email="user1@ctfd.io")
|
||||||
|
gen_tracking(app.db, user_id=u1.id, ip="1.1.1.1")
|
||||||
|
|
||||||
|
u2 = gen_user(app.db, name="user2", email="user2@ctfd.io")
|
||||||
|
gen_tracking(app.db, user_id=u2.id, ip="2.2.2.2")
|
||||||
|
|
||||||
|
u3 = gen_user(app.db, name="user3", email="user3@ctfd.io")
|
||||||
|
gen_tracking(app.db, user_id=u3.id, ip="3.3.3.3")
|
||||||
|
|
||||||
|
u4 = gen_user(app.db, name="user4", email="user4@ctfd.io")
|
||||||
|
gen_tracking(app.db, user_id=u4.id, ip="3.3.3.3")
|
||||||
|
gen_tracking(app.db, user_id=u4.id, ip="4.4.4.4")
|
||||||
|
|
||||||
|
with login_as_user(app, name="admin", password="password") as admin:
|
||||||
|
r = admin.get("/admin/users?field=ip&q=1.1.1.1")
|
||||||
|
resp = r.get_data(as_text=True)
|
||||||
|
assert "user1" in resp
|
||||||
|
assert "user2" not in resp
|
||||||
|
assert "user3" not in resp
|
||||||
|
|
||||||
|
r = admin.get("/admin/users?field=ip&q=2.2.2.2")
|
||||||
|
resp = r.get_data(as_text=True)
|
||||||
|
assert "user1" not in resp
|
||||||
|
assert "user2" in resp
|
||||||
|
assert "user3" not in resp
|
||||||
|
|
||||||
|
r = admin.get("/admin/users?field=ip&q=3.3.3.3")
|
||||||
|
resp = r.get_data(as_text=True)
|
||||||
|
assert "user1" not in resp
|
||||||
|
assert "user2" not in resp
|
||||||
|
assert "user3" in resp
|
||||||
|
assert "user4" in resp
|
||||||
|
destroy_ctfd(app)
|
Loading…
Reference in New Issue