mirror of https://github.com/JohnHammond/CTFd.git
Merge pull request #1366 from CTFd/extract-banned-code-from-tracker
* Extract the banning function from the IP tracking code to start moving it into cacheupdate-jquery-3.5.0
commit
a9aa80af89
|
@ -183,16 +183,21 @@ def init_request_processors(app):
|
|||
db.session.rollback()
|
||||
logout_user()
|
||||
|
||||
db.session.close()
|
||||
|
||||
@app.before_request
|
||||
def banned():
|
||||
if request.endpoint == "views.themes":
|
||||
return
|
||||
|
||||
if authed():
|
||||
user = get_current_user()
|
||||
team = get_current_team()
|
||||
|
||||
if request.path.startswith("/themes") is False:
|
||||
if user and user.banned:
|
||||
return (
|
||||
render_template(
|
||||
"errors/403.html",
|
||||
error="You have been banned from this CTF",
|
||||
"errors/403.html", error="You have been banned from this CTF"
|
||||
),
|
||||
403,
|
||||
)
|
||||
|
@ -206,8 +211,6 @@ def init_request_processors(app):
|
|||
403,
|
||||
)
|
||||
|
||||
db.session.close()
|
||||
|
||||
@app.before_request
|
||||
def tokens():
|
||||
token = request.headers.get("Authorization")
|
||||
|
|
|
@ -59,28 +59,31 @@ def test_hidden_teams_visibility():
|
|||
register_user(app)
|
||||
with login_as_user(app) as client:
|
||||
user = Users.query.filter_by(id=2).first()
|
||||
user_id = user.id
|
||||
team = gen_team(app.db, name="visible_team", hidden=True)
|
||||
team_id = team.id
|
||||
team_name = team.name
|
||||
team.members.append(user)
|
||||
user.team_id = team.id
|
||||
app.db.session.commit()
|
||||
|
||||
r = client.get("/teams")
|
||||
response = r.get_data(as_text=True)
|
||||
assert team.name not in response
|
||||
assert team_name not in response
|
||||
|
||||
r = client.get("/api/v1/teams")
|
||||
response = r.get_json()
|
||||
assert team.name not in response
|
||||
assert team_name not in response
|
||||
|
||||
gen_award(app.db, user.id, team_id=team.id)
|
||||
gen_award(app.db, user_id, team_id=team_id)
|
||||
|
||||
r = client.get("/scoreboard")
|
||||
response = r.get_data(as_text=True)
|
||||
assert team.name not in response
|
||||
assert team_name not in response
|
||||
|
||||
r = client.get("/api/v1/scoreboard")
|
||||
response = r.get_json()
|
||||
assert team.name not in response
|
||||
assert team_name not in response
|
||||
|
||||
# Team should re-appear after disabling hiding
|
||||
# Use an API call to cause a cache clear
|
||||
|
@ -90,15 +93,15 @@ def test_hidden_teams_visibility():
|
|||
|
||||
r = client.get("/teams")
|
||||
response = r.get_data(as_text=True)
|
||||
assert team.name in response
|
||||
assert team_name in response
|
||||
|
||||
r = client.get("/api/v1/teams")
|
||||
response = r.get_data(as_text=True)
|
||||
assert team.name in response
|
||||
assert team_name in response
|
||||
|
||||
r = client.get("/api/v1/scoreboard")
|
||||
response = r.get_data(as_text=True)
|
||||
assert team.name in response
|
||||
assert team_name in response
|
||||
destroy_ctfd(app)
|
||||
|
||||
|
||||
|
|
|
@ -48,6 +48,7 @@ def test_hidden_user_visibility():
|
|||
|
||||
with login_as_user(app, name="hidden_user") as client:
|
||||
user = Users.query.filter_by(id=2).first()
|
||||
user_id = user.id
|
||||
user_name = user.name
|
||||
user.hidden = True
|
||||
app.db.session.commit()
|
||||
|
@ -60,7 +61,7 @@ def test_hidden_user_visibility():
|
|||
response = r.get_json()
|
||||
assert user_name not in response
|
||||
|
||||
gen_award(app.db, user.id)
|
||||
gen_award(app.db, user_id)
|
||||
|
||||
r = client.get("/scoreboard")
|
||||
response = r.get_data(as_text=True)
|
||||
|
|
Loading…
Reference in New Issue