search

pwncollege / dojo

Infrastructure powering the pwn.college dojo
https://pwn.college
BSD 2-Clause "Simplified" License
302 stars 100 forks source link

Visibility should not 404 for current student #593

Open AlexanderEpolite opened 1 month ago

AlexanderEpolite commented 1 month ago

With visibility on: image

Visibility off: image

This page should still be visible if the hacker being accessed is the same as the one which is logged in. When I go to my page, I see a 404 page when visibility is set to Hidden, which should not happen.

AlexanderEpolite commented 1 month ago

To add, pwn.college/hacker returns a 404 when visibility is set to Hidden, even though I am logged in.

ConnorNelson commented 1 month ago

I agree, this sounds like an issue.

Correct behavior would be that the visibility check for viewing your own profile is bypassed.

Are you also saying that you can’t view other users pages when your own visibility is hidden? Am I getting that right?

AlexanderEpolite commented 1 month ago

Are you also saying that you can’t view other users pages when your own visibility is hidden? Am I getting that right?

I am saying that I cannot view my own page when my visibility is hidden. Sorry for any confusion, I used your page as an example for this issue.

Additionally, you cannot see yourself on dojo leaderboards when your visibility is hidden.

adamdoupe commented 1 month ago

We should for sure fix the viewing your own page bug.

However, hidden is hidden, I don’t think it makes sense to see yourself on the dojo leaderboards.

On Oct 17, 2024 at 10:46:54 PM, Alexander Epolite @.***> wrote:

Are you also saying that you can’t view other users pages when your own visibility is hidden? Am I getting that right?

I am saying that I cannot view my own page when my visibility is hidden. Sorry for any confusion, I used your page as an example for this issue.

Additionally, you cannot see yourself on dojo leaderboards when your visibility is hidden.

— Reply to this email directly, view it on GitHub https://urldefense.com/v3/__https://github.com/pwncollege/dojo/issues/593*issuecomment-2421357937__;Iw!!IKRxdwAv5BmarQ!Y1bPoa4Cnz-qtLqJm7tmtrOqIhGGn3v-7XxKA5D5zmutr-XIqL-IeWOoMTjboIwqYH-ES-7yc0LZRcGPL1Qf22ktB4dB$, or unsubscribe https://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/AAALXZUFYT4S3GTGGH7XCFTZ4CHD5AVCNFSM6AAAAABP53GSNCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIMRRGM2TOOJTG4__;!!IKRxdwAv5BmarQ!Y1bPoa4Cnz-qtLqJm7tmtrOqIhGGn3v-7XxKA5D5zmutr-XIqL-IeWOoMTjboIwqYH-ES-7yc0LZRcGPL1Qf2546pTsG$ . You are receiving this because you are subscribed to this thread.Message ID: @.***>

ConnorNelson commented 1 month ago

I agree, we can definitely fix the profile.

Unfortunately leaderboard would be trickier because we cache leaderboard calculations for performance reasons, and this would require some changes to that. Possibly we could track the most recent solve so that we could quickly recompute tie-breakers for ordering you, but then you'd see a different ranking than everyone else, and honestly I'm not totally sure that idea really makes sense.