cafe-grader-web Commit - r784:73e8782d729d

cafe-grader-web

Commit `r784:73e8782d729d` public

parent | child

Description:

fix whitelisting bugs fix report bug

Commit status:

[Not Reviewed]

References:

algo

Diff options:

| | | |

Comments:

0 Commit comments 0 Inline Comments

Unresolved TODOs:

There are no unresolved TODOs

Add another comment

r784:73e8782d729d - Mon, 04 Nov 2019 09:01:41 - 5 files changed: 58 inserted, 54 deleted

app/controllers/application_controller.rb ¶ +10 -9

                 SINGLE_USER_MODE_CONF_KEY = 'system.single_user_mode'
                 MULTIPLE_IP_LOGIN_CONF_KEY = 'right.multiple_ip_login'
-            -   ALLOW_WHITELIST_IP_ONLY_CONF_KEY = 'right.allow_whitelist_ip_only'
+            +   WHITELIST_IGNORE_CONF_KEY = 'right.whitelist_ignore'
                 WHITELIST_IP_CONF_KEY = 'right.whitelist_ip'
                 #report and redirect for unauthorized activities
                   end
                   # check if user ip is allowed
-            -     unless @current_user.admin? || !GraderConfiguration[ALLOW_WHITELIST_IP_ONLY_CONF_KEY]
+            +     unless @current_user.admin? || GraderConfiguration[WHITELIST_IGNORE_CONF_KEY]
                     unless is_request_ip_allowed?
-            -         unauthorized_redirect 'Your IP is not allowed'
+            +         unauthorized_redirect 'Your IP is not allowed to login at this time.'
                       return false
                     end
                   end
                   #this assume that we have already authenticate normally
                   unless GraderConfiguration[MULTIPLE_IP_LOGIN_CONF_KEY]
                     user = User.find(session[:user_id])
-            -       puts "User admin #{user.admin?}"
                     if (!user.admin? && user.last_ip && user.last_ip != request.remote_ip)
                       flash[:notice] = "You cannot use the system from #{request.remote_ip}. Your last ip is #{user.last_ip}"
-            -         puts "hahaha"
                       redirect_to :controller => 'main', :action => 'login'
                       return false
                     end
                 end
                 def is_request_ip_allowed?
-            -     if GraderConfiguration[ALLOW_WHITELIST_IP_ONLY_CONF_KEY]
+            +     unless GraderConfiguration[WHITELIST_IGNORE_CONF_KEY]
                     user_ip = IPAddr.new(request.remote_ip)
-            -       GraderConfiguration[WHITELIST_IP_LIST_CONF_KEY].delete(' ').split(',').each do |ips|
+            +
+            +       GraderConfiguration[WHITELIST_IP_CONF_KEY].delete(' ').split(',').each do |ips|
+            +         puts "ip is #{ips}, user ip is #{user_ip}"
                       allow_ips = IPAddr.new(ips)
-            -         unless allow_ips.includes(user_ip)
-            -           return false
+            +         if allow_ips.include?(user_ip)
+            +           return true
                       end
                     end
+            +       return false
                   end
                   return true
                 end

app/controllers/report_controller.rb ¶ +1 -1

                 protected
                 def calculate_max_score(problems, users,since_id,until_id, get_last_score = false)
-            -     #score[i] = user #i's user stat where i is the index (not id)
+            +     #scorearray[i] = user #i's user stat where i is the index (not id)
                   scorearray = Array.new
                   users.each do |u|
                     ustat = Array.new

app/views/report/_score_table.html.haml ¶ +5 -3

                     %th.text-right Total
                     %th.text-right Passed
                 %tbody
-            -     - sum = Array.new(@problems.count,0)
-            -     - nonzero = Array.new(@problems.count,0)
-            -     - full = Array.new(@problems.count,0)
+            +     - sum = Array.new(@problems.count+1,0)
+            +     - nonzero = Array.new(@problems.count+1,0)
+            +     - full = Array.new(@problems.count+1,0)
+            +     - puts @scorearray
+            +     - puts @problems.count
                   - @scorearray.each do |sc|
                     %tr
                       - total,num_passed = 0,0

db/schema.rb ¶ +37 -36

               ActiveRecord::Schema.define(version: 2018_06_12_102327) do
-            -   create_table "announcements", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t|
+            +   create_table "announcements", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t|
                   t.string "author"
                   t.text "body"
                   t.boolean "published"
                   t.string "notes"
                 end
-            -   create_table "contests", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t|
+            +   create_table "contests", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t|
                   t.string "title"
                   t.boolean "enabled"
                   t.datetime "created_at"
                   t.string "name"
                 end
-            -   create_table "contests_problems", id: false, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t|
+            +   create_table "contests_problems", id: false, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t|
                   t.integer "contest_id"
                   t.integer "problem_id"
                 end
-            -   create_table "contests_users", id: false, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t|
+            +   create_table "contests_users", id: false, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t|
                   t.integer "contest_id"
                   t.integer "user_id"
                 end
-            -   create_table "countries", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t|
+            +   create_table "countries", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t|
                   t.string "name"
                   t.datetime "created_at"
                   t.datetime "updated_at"
                 end
-            -   create_table "descriptions", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t|
+            +   create_table "descriptions", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t|
                   t.text "body"
                   t.boolean "markdowned"
                   t.datetime "created_at"
                   t.datetime "updated_at"
                 end
-            -   create_table "grader_configurations", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t|
+            +   create_table "grader_configurations", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t|
                   t.string "key"
                   t.string "value_type"
                   t.string "value"
                   t.text "description"
                 end
-            -   create_table "grader_processes", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t|
+            +   create_table "grader_processes", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t|
                   t.string "host"
                   t.integer "pid"
                   t.string "mode"
                   t.integer "task_id"
                   t.string "task_type"
                   t.boolean "terminated"
-            -     t.index ["host", "pid"], name: "index_grader_processes_on_ip_and_pid"
+            +     t.index ["host", "pid"], name: "index_grader_processes_on_host_and_pid"
                 end
-            -   create_table "groups", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci", force: :cascade do |t|
+            +   create_table "groups", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t|
                   t.string "name"
                   t.string "description"
                 end
-            -   create_table "groups_problems", id: false, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci", force: :cascade do |t|
+            +   create_table "groups_problems", id: false, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t|
                   t.integer "problem_id", null: false
                   t.integer "group_id", null: false
                   t.index ["group_id", "problem_id"], name: "index_groups_problems_on_group_id_and_problem_id"
                 end
-            -   create_table "groups_users", id: false, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci", force: :cascade do |t|
+            +   create_table "groups_users", id: false, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t|
                   t.integer "group_id", null: false
                   t.integer "user_id", null: false
                   t.index ["user_id", "group_id"], name: "index_groups_users_on_user_id_and_group_id"
                 create_table "heart_beats", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t|
                   t.integer "user_id"
                   t.string "ip_address"
-            -     t.datetime "created_at", null: false
-            -     t.datetime "updated_at", null: false
+            +     t.datetime "created_at"
+            +     t.datetime "updated_at"
                   t.string "status"
                   t.index ["updated_at"], name: "index_heart_beats_on_updated_at"
                 end
-            -   create_table "languages", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t|
+            +   create_table "languages", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t|
                   t.string "name", limit: 10
                   t.string "pretty_name"
                   t.string "ext", limit: 10
                 create_table "logins", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t|
                   t.integer "user_id"
                   t.string "ip_address"
-            -     t.datetime "created_at", null: false
-            -     t.datetime "updated_at", null: false
+            +     t.datetime "created_at"
+            +     t.datetime "updated_at"
                 end
-            -   create_table "messages", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t|
+            +   create_table "messages", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t|
                   t.integer "sender_id"
                   t.integer "receiver_id"
                   t.integer "replying_message_id"
                   t.datetime "updated_at"
                 end
-            -   create_table "problems", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t|
+            +   create_table "problems", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t|
                   t.string "name", limit: 30
                   t.string "full_name"
                   t.integer "full_score"
                   t.boolean "view_testcase"
                 end
-            -   create_table "problems_tags", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci", force: :cascade do |t|
+            +   create_table "problems_tags", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t|
                   t.integer "problem_id"
                   t.integer "tag_id"
                   t.index ["problem_id", "tag_id"], name: "index_problems_tags_on_problem_id_and_tag_id", unique: true
                   t.index ["tag_id"], name: "index_problems_tags_on_tag_id"
                 end
-            -   create_table "rights", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t|
+            +   create_table "rights", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t|
                   t.string "name"
                   t.string "controller"
                   t.string "action"
                 end
-            -   create_table "rights_roles", id: false, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t|
+            +   create_table "rights_roles", id: false, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t|
                   t.integer "right_id"
                   t.integer "role_id"
                   t.index ["role_id"], name: "index_rights_roles_on_role_id"
                 end
-            -   create_table "roles", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t|
+            +   create_table "roles", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t|
                   t.string "name"
                 end
-            -   create_table "roles_users", id: false, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t|
+            +   create_table "roles_users", id: false, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t|
                   t.integer "role_id"
                   t.integer "user_id"
                   t.index ["user_id"], name: "index_roles_users_on_user_id"
                 end
-            -   create_table "sessions", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t|
+            +   create_table "sessions", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t|
                   t.string "session_id"
                   t.text "data"
                   t.datetime "updated_at"
                   t.index ["updated_at"], name: "index_sessions_on_updated_at"
                 end
-            -   create_table "sites", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t|
+            +   create_table "sites", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t|
                   t.string "name"
                   t.boolean "started"
                   t.datetime "start_time"
                 create_table "submission_view_logs", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t|
                   t.integer "user_id"
                   t.integer "submission_id"
-            -     t.datetime "created_at", null: false
-            -     t.datetime "updated_at", null: false
+            +     t.datetime "created_at"
+            +     t.datetime "updated_at"
                 end
-            -   create_table "submissions", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t|
+            +   create_table "submissions", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t|
                   t.integer "user_id"
                   t.integer "problem_id"
                   t.integer "language_id"
                   t.index ["user_id", "problem_id"], name: "index_submissions_on_user_id_and_problem_id"
                 end
-            -   create_table "tags", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci", force: :cascade do |t|
+            +   create_table "tags", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t|
                   t.string "name", null: false
                   t.text "description"
                   t.boolean "public"
                   t.datetime "updated_at", null: false
                 end
-            -   create_table "tasks", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t|
+            +   create_table "tasks", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t|
                   t.integer "submission_id"
                   t.datetime "created_at"
                   t.integer "status"
                   t.index ["submission_id"], name: "index_tasks_on_submission_id"
                 end
-            -   create_table "test_pairs", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t|
+            +   create_table "test_pairs", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t|
                   t.integer "problem_id"
                   t.text "input", limit: 16777215
                   t.text "solution", limit: 16777215
                   t.datetime "updated_at"
                 end
-            -   create_table "test_requests", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t|
+            +   create_table "test_requests", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t|
                   t.integer "user_id"
                   t.integer "problem_id"
                   t.integer "submission_id"
                   t.index ["user_id", "problem_id"], name: "index_test_requests_on_user_id_and_problem_id"
                 end
-            -   create_table "testcases", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci", force: :cascade do |t|
+            +   create_table "testcases", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t|
                   t.integer "problem_id"
                   t.integer "num"
                   t.integer "group"
                   t.index ["problem_id"], name: "index_testcases_on_problem_id"
                 end
-            -   create_table "user_contest_stats", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t|
+            +   create_table "user_contest_stats", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t|
                   t.integer "user_id"
                   t.datetime "started_at"
                   t.datetime "created_at"
                   t.datetime "updated_at"
+            +     t.boolean "forced_logout"
                 end
-            -   create_table "users", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t|
+            +   create_table "users", id: :integer, options: "ENGINE=InnoDB DEFAULT CHARSET=latin1", force: :cascade do |t|
                   t.string "login", limit: 50
                   t.string "full_name"
                   t.string "hashed_password"

db/seeds.rb ¶ +5 -5

                    :key => 'right.view_testcase',
                    :value_type => 'boolean',
                    :default_value => 'false',
-            -      :description => 'When true, any user can view/download test data'
+            +      :description => 'If true, any user can view/download test data'
                  },
                  {
                  {
-            -      :key => 'right.whitelist_ip_only',
+            +      :key => 'right.whitelist_ignore',
                    :value_type => 'boolean',
-            -      :default_value => 'false',
-            -      :description => "If true, non-admin user will be able to use the system only when their ip is in the 'whitelist_ip'."
+            +      :default_value => 'true',
+            +      :description => "If true, no IP check against whitelist_ip is perform. However, when false, non-admin user must have their ip in 'whitelist_ip' to be able to login."
                  },
                  {
                    :key => 'right.whitelist_ip',
                    :value_type => 'string',
                    :default_value => '0.0.0.0/0',
-            -      :description => "list of whitelist ip, given in comma separated CIDR notation. For example '161.200.92.0/23, 161.200.80.1/32'"
+            +      :description => "list of whitelist ip, given in comma separated CIDR notation. For example '192.168.90.0/23, 192.168.1.23/32'"
                  },
                 ]

Write
Preview

You need to be logged in to leave comments. Login now

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository permissions settings

Sign in to your account

Author

r784:73e8782d729d - Mon, 04 Nov 2019 09:01:41 - 5 files changed: 58 inserted, 54 deleted

Sign in to your account

Commit r784:73e8782d729d public

Author

r784:73e8782d729d - Mon, 04 Nov 2019 09:01:41 - 5 files changed: 58 inserted, 54 deleted

Commit `r784:73e8782d729d` public