Merge pull request #1366 from CTFd/extract-banned-code-from-tracker

* Extract the banning function from the IP tracking code to start moving it into cache
2020-04-29 19:50:46 -04:00 · 2020-04-29 19:50:46 -04:00 · a9aa80af89
parent f7e7c3c337 abd8aae84f
commit a9aa80af89
3 changed files with 39 additions and 32 deletions
--- a/CTFd/utils/initialization/init.py
+++ b/CTFd/utils/initialization/init.py
@ -183,31 +183,34 @@ def init_request_processors(app):
                db.session.rollback()
                logout_user()

-            if authed():
-                user = get_current_user()
-                team = get_current_team()
-
-                if request.path.startswith("/themes") is False:
-                    if user and user.banned:
-                        return (
-                            render_template(
-                                "errors/403.html",
-                                error="You have been banned from this CTF",
-                            ),
-                            403,
-                        )
-
-                    if team and team.banned:
-                        return (
-                            render_template(
-                                "errors/403.html",
-                                error="Your team has been banned from this CTF",
-                            ),
-                            403,
-                        )
-
            db.session.close()

+    @app.before_request
+    def banned():
+        if request.endpoint == "views.themes":
+            return
+
+        if authed():
+            user = get_current_user()
+            team = get_current_team()
+
+            if user and user.banned:
+                return (
+                    render_template(
+                        "errors/403.html", error="You have been banned from this CTF"
+                    ),
+                    403,
+                )
+
+            if team and team.banned:
+                return (
+                    render_template(
+                        "errors/403.html",
+                        error="Your team has been banned from this CTF",
+                    ),
+                    403,
+                )
+
    @app.before_request
    def tokens():
        token = request.headers.get("Authorization")
--- a/tests/teams/test_teams.py
+++ b/tests/teams/test_teams.py
@ -59,28 +59,31 @@ def test_hidden_teams_visibility():
        register_user(app)
        with login_as_user(app) as client:
            user = Users.query.filter_by(id=2).first()
+            user_id = user.id
            team = gen_team(app.db, name="visible_team", hidden=True)
+            team_id = team.id
+            team_name = team.name
            team.members.append(user)
            user.team_id = team.id
            app.db.session.commit()

            r = client.get("/teams")
            response = r.get_data(as_text=True)
-            assert team.name not in response
+            assert team_name not in response

            r = client.get("/api/v1/teams")
            response = r.get_json()
-            assert team.name not in response
+            assert team_name not in response

-            gen_award(app.db, user.id, team_id=team.id)
+            gen_award(app.db, user_id, team_id=team_id)

            r = client.get("/scoreboard")
            response = r.get_data(as_text=True)
-            assert team.name not in response
+            assert team_name not in response

            r = client.get("/api/v1/scoreboard")
            response = r.get_json()
-            assert team.name not in response
+            assert team_name not in response

            # Team should re-appear after disabling hiding
            # Use an API call to cause a cache clear
@ -90,15 +93,15 @@ def test_hidden_teams_visibility():

            r = client.get("/teams")
            response = r.get_data(as_text=True)
-            assert team.name in response
+            assert team_name in response

            r = client.get("/api/v1/teams")
            response = r.get_data(as_text=True)
-            assert team.name in response
+            assert team_name in response

            r = client.get("/api/v1/scoreboard")
            response = r.get_data(as_text=True)
-            assert team.name in response
+            assert team_name in response
    destroy_ctfd(app)


--- a/tests/users/test_users.py
+++ b/tests/users/test_users.py
@ -48,6 +48,7 @@ def test_hidden_user_visibility():

        with login_as_user(app, name="hidden_user") as client:
            user = Users.query.filter_by(id=2).first()
+            user_id = user.id
            user_name = user.name
            user.hidden = True
            app.db.session.commit()
@ -60,7 +61,7 @@ def test_hidden_user_visibility():
            response = r.get_json()
            assert user_name not in response

-            gen_award(app.db, user.id)
+            gen_award(app.db, user_id)

            r = client.get("/scoreboard")
            response = r.get_data(as_text=True)