JohnHammond
/
CTFd
mirror of https://github.com/JohnHammond/CTFd.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Test clear_user_session and clear sessions on user modifications

is_admin_func_cache_hit
Kevin Chung 2020-04-29 03:58:54 -04:00
parent e1e22eddb3
commit 805b48d00d
4 changed files with 56 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
CTFd/api/v1/users.py
View File

@ -1,7 +1,7 @@
from flask import abort, request from flask import abort, request
from flask_restx import Namespace, Resource from flask_restx import Namespace, Resource
from CTFd.cache import clear_standings from CTFd.cache import clear_standings, clear_user_session
from CTFd.models import ( from CTFd.models import (
Awards, Awards,
Notifications, Notifications,
@ -107,6 +107,7 @@ class UserPublic(Resource):
db.session.close() db.session.close()
clear_user_session(user_id=user_id)
clear_standings() clear_standings()
return {"success": True, "data": response} return {"success": True, "data": response}
@ -123,6 +124,7 @@ class UserPublic(Resource):
db.session.commit() db.session.commit()
db.session.close() db.session.close()
clear_user_session(user_id=user_id)
clear_standings() clear_standings()
return {"success": True} return {"success": True}
@ -149,6 +151,7 @@ class UserPrivate(Resource):
db.session.commit() db.session.commit()
clear_user_session(user_id=user.id)
response = schema.dump(response.data) response = schema.dump(response.data)
db.session.close() db.session.close()

1
CTFd/cache/__init__.py vendored
View File

@ -48,4 +48,5 @@ def clear_pages():
def clear_user_session(user_id): def clear_user_session(user_id):
from CTFd.utils.user import get_user_type from CTFd.utils.user import get_user_type
cache.delete_memoized(get_user_type, user_id=user_id) cache.delete_memoized(get_user_type, user_id=user_id)

0
tests/cache/__init__.py vendored Normal file
View File

51
tests/cache/test_cache.py vendored Normal file
View File

@ -0,0 +1,51 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from CTFd.models import Users
from CTFd.utils.user import is_admin, get_current_user
from CTFd.utils.security.auth import login_user
from tests.helpers import create_ctfd, destroy_ctfd, register_user
from CTFd.cache import clear_user_session
def test_clear_user_session():
app = create_ctfd()
with app.app_context():
register_user(app)
# Users by default should have a non-admin type
user = Users.query.filter_by(id=2).first()
with app.test_request_context("/"):
login_user(user)
user = get_current_user()
assert user.id == 2
assert user.type == "user"
assert is_admin() is False
# Set the user's updated type
user = Users.query.filter_by(id=2).first()
user.type = "admin"
app.db.session.commit()
# The user shouldn't be considered admin because their type is still cached
user = Users.query.filter_by(id=2).first()
with app.test_request_context("/"):
login_user(user)
user = get_current_user()
assert user.id == 2
assert user.type == "admin"
assert is_admin() is False
# Clear the user's cached session (for now just the type)
clear_user_session(user_id=2)
# The user's type should now be admin
user = Users.query.filter_by(id=2).first()
with app.test_request_context("/"):
login_user(user)
user = get_current_user()
assert user.id == 2
assert user.type == "admin"
assert is_admin() is True
destroy_ctfd(app)