cafe-grader-web Commit - r539:c49187a88c77

cafe-grader-web

Commit `r539:c49187a88c77` public

parent | child

Description:

update heartbeat add try-to-login-from-other-ip loggin (by printing to stdout)

Commit status:

[Not Reviewed]

References:

java

Diff options:

| | | |

Comments:

0 Commit comments 0 Inline Comments

Unresolved TODOs:

There are no unresolved TODOs

Add another comment

r539:c49187a88c77 - Wed, 16 Sep 2015 06:29:27 - 2 files changed: 2 inserted, 1 deleted

app/controllers/application_controller.rb ¶ +1

               class ApplicationController < ActionController::Base
                 protect_from_forgery
                 SINGLE_USER_MODE_CONF_KEY = 'system.single_user_mode'
                 MULTIPLE_IP_LOGIN_CONF_KEY = 'right.multiple_ip_login'
                 def admin_authorization
                   return false unless authenticate
                   user = User.find(session[:user_id], :include => ['roles'])
                   unless user.admin?
                     flash[:notice] = 'You are not authorized to view the page you requested'
                     redirect_to :controller => 'main', :action => 'login' unless user.admin?
                     return false
                   end
                   return true
                 end
                 def authorization_by_roles(allowed_roles)
                   return false unless authenticate
                   user = User.find(session[:user_id])
                   unless user.roles.detect { |role| allowed_roles.member?(role.name) }
                     flash[:notice] = 'You are not authorized to view the page you requested'
                     redirect_to :controller => 'main', :action => 'login'
                     return false
                   end
                 end
                 protected
                 def authenticate
                   unless session[:user_id]
                     flash[:notice] = 'You need to login'
                     if GraderConfiguration[SINGLE_USER_MODE_CONF_KEY]
                       flash[:notice] = 'You need to login but you cannot log in at this time'
                     end
                     redirect_to :controller => 'main', :action => 'login'
                     return false
                   end
                   # check if run in single user mode
                   if GraderConfiguration[SINGLE_USER_MODE_CONF_KEY]
                     user = User.find(session[:user_id])
                     if user==nil or (not user.admin?)
                       flash[:notice] = 'You cannot log in at this time'
                       redirect_to :controller => 'main', :action => 'login'
                       return false
                     end
                     return true
                   end
                   if GraderConfiguration.multicontests?
                     user = User.find(session[:user_id])
                     return true if user.admin?
                     begin
                       if user.contest_stat(true).forced_logout
                         flash[:notice] = 'You have been automatically logged out.'
                         redirect_to :controller => 'main', :action => 'index'
                       end
                     rescue
                     end
                   end
                   return true
                 end
                 def authenticate_by_ip_address
                   #this assume that we have already authenticate normally
                   unless GraderConfiguration[MULTIPLE_IP_LOGIN_CONF_KEY]
                     user = User.find(session[:user_id])
                     if (not user.admin? and user.last_ip and user.last_ip != request.remote_ip)
                       flash[:notice] = "You cannot use the system from #{request.remote_ip}. Your last ip is #{user.last_ip}"
                       redirect_to :controller => 'main', :action => 'login'
+            +         puts "CHEAT: user #{user.login} tried to login from '#{request.remote_ip}' while last ip is '#{user.last_ip}' at #{Time.zone.now}"
                       return false
                     end
                     unless user.last_ip
                       user.last_ip = request.remote_ip
                       user.save
                     end
                   end
                   return true
                 end
                 def authorization
                   return false unless authenticate
                   user = User.find(session[:user_id])
                   unless user.roles.detect { |role|
               	role.rights.detect{ |right|
               	  right.controller == self.class.controller_name and
                         (right.action == 'all' or right.action == action_name)
               	}
                     }
                     flash[:notice] = 'You are not authorized to view the page you requested'
                     #request.env['HTTP_REFERER'] ? (redirect_to :back) : (redirect_to :controller => 'login')
                     redirect_to :controller => 'main', :action => 'login'
                     return false
                   end
                 end
                 def verify_time_limit
                   return true if session[:user_id]==nil
                   user = User.find(session[:user_id], :include => :site)
                   return true if user==nil or user.site == nil
                   if user.contest_finished?
                     flash[:notice] = 'Error: the contest you are participating is over.'
                     redirect_to :back
                     return false
                   end
                   return true
                 end
               end

app/controllers/heartbeat_controller.rb ¶ +1 -1

               class HeartbeatController < ApplicationController
                 before_filter :admin_authorization, :only => ['index']
                 def edit
                   @user = User.find_by_login(params[:id])
                   unless @user
                     render text: "LOGIN_NOT_FOUND"
                     return
                   end
                   #hb = HeartBeat.where(user_id: @user.id, ip_address: request.remote_ip).first
                   #puts "status = #{params[:status]}"
                   #if hb
                   #  if params[:status]
                   #    hb.status = params[:status]
                   #    hb.save
                   #  end
                   #  hb.touch
                   #else
                   #  HeartBeat.creae(user_id: @user.id, ip_address: request.remote_ip)
                   #end
                   HeartBeat.create(user_id: @user.id, ip_address: request.remote_ip, status: params[:status])
                   render text: (GraderConfiguration['right.heartbeat_response'] || 'OK')
                 end
                 def index
                   @hb = HeartBeat.where("updated_at >= ?",Time.zone.now-2.hours).includes(:user).order(:user_id).all
-            -     @num = HeartBeat.where("updated_at >= ?",Time.zone.now-5.minutes).count
+            +     @num = HeartBeat.where("updated_at >= ?",Time.zone.now-5.minutes).count(:user_id,distinct: true)
                 end
               end

Write
Preview

You need to be logged in to leave comments. Login now

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository permissions settings

Sign in to your account

Author

r539:c49187a88c77 - Wed, 16 Sep 2015 06:29:27 - 2 files changed: 2 inserted, 1 deleted

Sign in to your account

Commit r539:c49187a88c77 public

Author

r539:c49187a88c77 - Wed, 16 Sep 2015 06:29:27 - 2 files changed: 2 inserted, 1 deleted

Commit `r539:c49187a88c77` public