# HG changeset patch # User Nattee Niparnan # Date 2019-11-04 09:01:41 # Node ID 73e8782d729d456e18b0381e1dad78cbac6350f4 # Parent f1343ca4b1416af579595a027e894e8f7302211f fix whitelisting bugs fix report bug diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -7,7 +7,7 @@ SINGLE_USER_MODE_CONF_KEY = 'system.single_user_mode' MULTIPLE_IP_LOGIN_CONF_KEY = 'right.multiple_ip_login' - ALLOW_WHITELIST_IP_ONLY_CONF_KEY = 'right.allow_whitelist_ip_only' + WHITELIST_IGNORE_CONF_KEY = 'right.whitelist_ignore' WHITELIST_IP_CONF_KEY = 'right.whitelist_ip' #report and redirect for unauthorized activities @@ -81,9 +81,9 @@ end # check if user ip is allowed - unless @current_user.admin? || !GraderConfiguration[ALLOW_WHITELIST_IP_ONLY_CONF_KEY] + unless @current_user.admin? || GraderConfiguration[WHITELIST_IGNORE_CONF_KEY] unless is_request_ip_allowed? - unauthorized_redirect 'Your IP is not allowed' + unauthorized_redirect 'Your IP is not allowed to login at this time.' return false end end @@ -108,10 +108,8 @@ #this assume that we have already authenticate normally unless GraderConfiguration[MULTIPLE_IP_LOGIN_CONF_KEY] user = User.find(session[:user_id]) - puts "User admin #{user.admin?}" if (!user.admin? && user.last_ip && user.last_ip != request.remote_ip) flash[:notice] = "You cannot use the system from #{request.remote_ip}. Your last ip is #{user.last_ip}" - puts "hahaha" redirect_to :controller => 'main', :action => 'login' return false end @@ -152,14 +150,17 @@ end def is_request_ip_allowed? - if GraderConfiguration[ALLOW_WHITELIST_IP_ONLY_CONF_KEY] + unless GraderConfiguration[WHITELIST_IGNORE_CONF_KEY] user_ip = IPAddr.new(request.remote_ip) - GraderConfiguration[WHITELIST_IP_LIST_CONF_KEY].delete(' ').split(',').each do |ips| + + GraderConfiguration[WHITELIST_IP_CONF_KEY].delete(' ').split(',').each do |ips| + puts "ip is #{ips}, user ip is #{user_ip}" allow_ips = IPAddr.new(ips) - unless allow_ips.includes(user_ip) - return false + if allow_ips.include?(user_ip) + return true end end + return false end return true end diff --git a/app/controllers/report_controller.rb b/app/controllers/report_controller.rb --- a/app/controllers/report_controller.rb +++ b/app/controllers/report_controller.rb @@ -465,7 +465,7 @@ protected def calculate_max_score(problems, users,since_id,until_id, get_last_score = false) - #score[i] = user #i's user stat where i is the index (not id) + #scorearray[i] = user #i's user stat where i is the index (not id) scorearray = Array.new users.each do |u| ustat = Array.new diff --git a/app/views/report/_score_table.html.haml b/app/views/report/_score_table.html.haml --- a/app/views/report/_score_table.html.haml +++ b/app/views/report/_score_table.html.haml @@ -12,9 +12,11 @@ %th.text-right Total %th.text-right Passed %tbody - - sum = Array.new(@problems.count,0) - - nonzero = Array.new(@problems.count,0) - - full = Array.new(@problems.count,0) + - sum = Array.new(@problems.count+1,0) + - nonzero = Array.new(@problems.count+1,0) + - full = Array.new(@problems.count+1,0) + - puts @scorearray + - puts @problems.count - @scorearray.each do |sc| %tr - total,num_passed = 0,0 diff --git a/db/schema.rb b/db/schema.rb --- a/db/schema.rb +++ b/db/schema.rb @@ -12,7 +12,7 @@ ActiveRecord::Schema.define(version: 2018_06_12_102327) do - create_table "announcements", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t| + create_table "announcements", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t| t.string "author" t.text "body" t.boolean "published" @@ -24,7 +24,7 @@ t.string "notes" end - create_table "contests", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t| + create_table "contests", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t| t.string "title" t.boolean "enabled" t.datetime "created_at" @@ -32,30 +32,30 @@ t.string "name" end - create_table "contests_problems", id: false, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t| + create_table "contests_problems", id: false, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t| t.integer "contest_id" t.integer "problem_id" end - create_table "contests_users", id: false, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t| + create_table "contests_users", id: false, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t| t.integer "contest_id" t.integer "user_id" end - create_table "countries", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t| + create_table "countries", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t| t.string "name" t.datetime "created_at" t.datetime "updated_at" end - create_table "descriptions", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t| + create_table "descriptions", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t| t.text "body" t.boolean "markdowned" t.datetime "created_at" t.datetime "updated_at" end - create_table "grader_configurations", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t| + create_table "grader_configurations", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t| t.string "key" t.string "value_type" t.string "value" @@ -64,7 +64,7 @@ t.text "description" end - create_table "grader_processes", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t| + create_table "grader_processes", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t| t.string "host" t.integer "pid" t.string "mode" @@ -74,21 +74,21 @@ t.integer "task_id" t.string "task_type" t.boolean "terminated" - t.index ["host", "pid"], name: "index_grader_processes_on_ip_and_pid" + t.index ["host", "pid"], name: "index_grader_processes_on_host_and_pid" end - create_table "groups", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci", force: :cascade do |t| + create_table "groups", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t| t.string "name" t.string "description" end - create_table "groups_problems", id: false, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci", force: :cascade do |t| + create_table "groups_problems", id: false, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t| t.integer "problem_id", null: false t.integer "group_id", null: false t.index ["group_id", "problem_id"], name: "index_groups_problems_on_group_id_and_problem_id" end - create_table "groups_users", id: false, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci", force: :cascade do |t| + create_table "groups_users", id: false, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t| t.integer "group_id", null: false t.integer "user_id", null: false t.index ["user_id", "group_id"], name: "index_groups_users_on_user_id_and_group_id" @@ -97,13 +97,13 @@ create_table "heart_beats", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t| t.integer "user_id" t.string "ip_address" - t.datetime "created_at", null: false - t.datetime "updated_at", null: false + t.datetime "created_at" + t.datetime "updated_at" t.string "status" t.index ["updated_at"], name: "index_heart_beats_on_updated_at" end - create_table "languages", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t| + create_table "languages", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t| t.string "name", limit: 10 t.string "pretty_name" t.string "ext", limit: 10 @@ -113,11 +113,11 @@ create_table "logins", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t| t.integer "user_id" t.string "ip_address" - t.datetime "created_at", null: false - t.datetime "updated_at", null: false + t.datetime "created_at" + t.datetime "updated_at" end - create_table "messages", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t| + create_table "messages", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t| t.integer "sender_id" t.integer "receiver_id" t.integer "replying_message_id" @@ -127,7 +127,7 @@ t.datetime "updated_at" end - create_table "problems", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t| + create_table "problems", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t| t.string "name", limit: 30 t.string "full_name" t.integer "full_score" @@ -141,7 +141,7 @@ t.boolean "view_testcase" end - create_table "problems_tags", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci", force: :cascade do |t| + create_table "problems_tags", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t| t.integer "problem_id" t.integer "tag_id" t.index ["problem_id", "tag_id"], name: "index_problems_tags_on_problem_id_and_tag_id", unique: true @@ -149,29 +149,29 @@ t.index ["tag_id"], name: "index_problems_tags_on_tag_id" end - create_table "rights", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t| + create_table "rights", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t| t.string "name" t.string "controller" t.string "action" end - create_table "rights_roles", id: false, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t| + create_table "rights_roles", id: false, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t| t.integer "right_id" t.integer "role_id" t.index ["role_id"], name: "index_rights_roles_on_role_id" end - create_table "roles", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t| + create_table "roles", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t| t.string "name" end - create_table "roles_users", id: false, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t| + create_table "roles_users", id: false, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t| t.integer "role_id" t.integer "user_id" t.index ["user_id"], name: "index_roles_users_on_user_id" end - create_table "sessions", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t| + create_table "sessions", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t| t.string "session_id" t.text "data" t.datetime "updated_at" @@ -179,7 +179,7 @@ t.index ["updated_at"], name: "index_sessions_on_updated_at" end - create_table "sites", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t| + create_table "sites", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t| t.string "name" t.boolean "started" t.datetime "start_time" @@ -192,11 +192,11 @@ create_table "submission_view_logs", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t| t.integer "user_id" t.integer "submission_id" - t.datetime "created_at", null: false - t.datetime "updated_at", null: false + t.datetime "created_at" + t.datetime "updated_at" end - create_table "submissions", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t| + create_table "submissions", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t| t.integer "user_id" t.integer "problem_id" t.integer "language_id" @@ -218,7 +218,7 @@ t.index ["user_id", "problem_id"], name: "index_submissions_on_user_id_and_problem_id" end - create_table "tags", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci", force: :cascade do |t| + create_table "tags", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t| t.string "name", null: false t.text "description" t.boolean "public" @@ -226,7 +226,7 @@ t.datetime "updated_at", null: false end - create_table "tasks", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t| + create_table "tasks", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t| t.integer "submission_id" t.datetime "created_at" t.integer "status" @@ -234,7 +234,7 @@ t.index ["submission_id"], name: "index_tasks_on_submission_id" end - create_table "test_pairs", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t| + create_table "test_pairs", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t| t.integer "problem_id" t.text "input", limit: 16777215 t.text "solution", limit: 16777215 @@ -242,7 +242,7 @@ t.datetime "updated_at" end - create_table "test_requests", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t| + create_table "test_requests", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t| t.integer "user_id" t.integer "problem_id" t.integer "submission_id" @@ -263,7 +263,7 @@ t.index ["user_id", "problem_id"], name: "index_test_requests_on_user_id_and_problem_id" end - create_table "testcases", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci", force: :cascade do |t| + create_table "testcases", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t| t.integer "problem_id" t.integer "num" t.integer "group" @@ -275,14 +275,15 @@ t.index ["problem_id"], name: "index_testcases_on_problem_id" end - create_table "user_contest_stats", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t| + create_table "user_contest_stats", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t| t.integer "user_id" t.datetime "started_at" t.datetime "created_at" t.datetime "updated_at" + t.boolean "forced_logout" end - create_table "users", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t| + create_table "users", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t| t.string "login", limit: 50 t.string "full_name" t.string "hashed_password" diff --git a/db/seeds.rb b/db/seeds.rb --- a/db/seeds.rb +++ b/db/seeds.rb @@ -100,7 +100,7 @@ :key => 'right.view_testcase', :value_type => 'boolean', :default_value => 'false', - :description => 'When true, any user can view/download test data' + :description => 'If true, any user can view/download test data' }, { @@ -182,17 +182,17 @@ { - :key => 'right.whitelist_ip_only', + :key => 'right.whitelist_ignore', :value_type => 'boolean', - :default_value => 'false', - :description => "If true, non-admin user will be able to use the system only when their ip is in the 'whitelist_ip'." + :default_value => 'true', + :description => "If true, no IP check against whitelist_ip is perform. However, when false, non-admin user must have their ip in 'whitelist_ip' to be able to login." }, { :key => 'right.whitelist_ip', :value_type => 'string', :default_value => '0.0.0.0/0', - :description => "list of whitelist ip, given in comma separated CIDR notation. For example '161.200.92.0/23, 161.200.80.1/32'" + :description => "list of whitelist ip, given in comma separated CIDR notation. For example '192.168.90.0/23, 192.168.1.23/32'" }, ]