def test_get_instance(self): student = test.logging_in(self, self.studentname, self.studentpass) superuser = test.logging_in(self, self.supername, self.superpass) test.api_get_call(self, '/instance/0/', login=student) test.api_get_call(self, '/instance/0/', login=superuser) self.assertEqual(Instance.objects.all().first().name, 'eJournal')
def test_get_format(self): """Test get format.""" course1 = factory.make_course('Portfolio2016', 'PAV', author=self.rein) course2 = factory.make_course('Portfolio2017', 'PAV', author=self.rein) course3 = factory.make_course('Portfolio2018', 'PAV') template = factory.make_entry_template('template') format = factory.make_format([template]) assignment = factory.make_assignment( 'Colloq', 'description1', format=format, courses=[course1, course2, course3]) login = test.logging_in(self, self.rein_user, self.rein_pass) response = test.api_get_call(self, '/formats/' + str(assignment.pk) + '/', login) self.assertEquals(response.json()['format']['templates'][0]['name'], 'template') # permissions and authorization check for the api call. login = test.logging_in(self, self.no_perm_user, self.no_perm_pass) test.api_get_call(self, '/formats/' + str(assignment.pk) + '/', login, status=403) test.api_get_call(self, '/formats/' + str(self.not_found_pk) + '/', login, status=404) test.test_unauthorized_api_get_call( self, '/formats/' + str(assignment.pk) + '/')
def test_get_names(self): """Test get names function.""" course = factory.make_course('Portfolio', 'PAV', author=self.rein) template = factory.make_entry_template('template') format = factory.make_format([template]) assignment = factory.make_assignment('Colloq', 'description1', format=format, courses=[course], is_published=True) student_user, student_pass, student = test.set_up_user_and_auth( 'student', 'pass', '*****@*****.**', 'first', 'last') test.set_up_participation(student, course, 'Student') journal = test.set_up_journal(assignment, template, student, 4) login = test.logging_in(self, student_user, student_pass) url = '/names/{}/{}/{}/'.format(course.pk, assignment.pk, journal.pk) result = test.api_get_call(self, url, login).json() self.assertEquals(result['names']['course'], 'Portfolio') self.assertEquals(result['names']['journal'], 'first last') self.assertEquals(result['names']['assignment'], 'Colloq') # permissions and authorization check for the api call. login = test.logging_in(self, self.no_perm_user, self.no_perm_pass) test.api_get_call(self, url, login, status=403)
def test_update_course_roles(self): """Test update course roles""" teacher_user, teacher_pass, teacher = test.set_up_user_and_auth( 'Teacher', 'pass', '*****@*****.**') teacher_role = factory.make_role_teacher("TE", self.course) factory.make_role_ta('TA2', self.course) factory.make_participation(teacher, self.course, teacher_role) login = test.logging_in(self, teacher_user, teacher_pass) result = test.api_get_call(self, '/roles/', login, params={'course_id': self.course.pk}) roles = result.json()['roles'] for role in roles: if role['name'] == 'TA2': role['can_grade'] = 1 roles.append( serialize.RoleSerializer( factory.make_role_default_no_perms('test_role', self.course)).data) test.api_patch_call(self, '/roles/{}/'.format(self.course.pk), {'roles': roles}, login) role_test = Role.objects.get(name='TA2', course=self.course) self.assertTrue(role_test.can_grade) self.assertEquals( Role.objects.filter(name='test_role', course=self.course).count(), 1)
def test_get_course_users(self): """Test the get course users function.""" teacher_user, teacher_pass, teacher = test.set_up_user_and_auth( 'teacher', 'pass', '*****@*****.**') test.set_up_participation(teacher, self.course, 'Teacher') test.set_up_participation(self.lars, self.course, 'Student') test.set_up_participation(self.rein, self.course, 'TA') login = test.logging_in(self, teacher_user, teacher_pass) response = test.api_get_call(self, '/participations/', login, params={'course_id': self.course.pk}) self.assertEquals(len(response.json()['participants']), 3) response = test.api_get_call(self, '/participations/unenrolled/', login, params={ 'course_id': self.course.pk, 'unenrolled_query': 'test123' }) self.assertEquals(len(response.json()['participants']), 1) self.assertEquals(response.json()['participants'][0]['username'], self.username) # permissions and authorization check for the api call. login = test.logging_in(self, self.no_perm_user, self.no_perm_pass) test.api_get_call(self, '/participations/', login, status=403, params={'course_id': self.course.pk}) test.api_get_call(self, '/participations/', login, status=404, params={'course_id': self.not_found_pk}) test.test_unauthorized_api_get_call( self, '/participations/', params={'course_id': self.not_found_pk}) test.test_unauthorized_api_get_call( self, '/courses/' + str(self.course.pk) + '/') test.test_unauthorized_api_get_call( self, '/participations/unenrolled/', params={'course_id': self.course.pk}) test.set_up_participation(self.no_permission_user, self.course, 'Student') test.api_get_call(self, '/participations/', login, status=403, params={'course_id': self.course.pk})
def test_get_linkable_courses(self): """Test the get linkable courses function.""" self.user.is_teacher = True self.user.save() test.set_up_courses('course', 3, author=self.user) test.set_up_courses('course', 4, author=self.user, lti_id=True) login = test.logging_in(self, self.username, self.password) response = test.api_get_call(self, '/courses/linkable/', login) self.assertEquals(len(response.json()['courses']), 7) # permissions and authorization check for the api call. login = test.logging_in(self, self.no_perm_user, self.no_perm_pass) test.api_get_call(self, '/courses/linkable/', login, status=403) test.test_unauthorized_api_get_call(self, '/courses/linkable/')
def test_get_comments(self): """Test get comments function.""" course = factory.make_course('Portfolio', 'PAV', author=self.rein) template = factory.make_entry_template('template') format = factory.make_format([template]) assignment = factory.make_assignment('Colloq', 'description1', format=format, courses=[course]) student_user, student_pass, student = test.set_up_user_and_auth( 'student', 'pass', '*****@*****.**') test.set_up_participation(student, course, 'Student') journal = factory.make_journal(assignment, student) entry = factory.make_entry(template) factory.make_node(journal, entry) factory.make_comment(entry, self.rein, 'Excellent!', True) login = test.logging_in(self, student_user, student_pass) result = test.api_get_call(self, '/comments/', login, params={ 'entry_id': entry.pk }).json() self.assertEquals(result['comments'][0]['text'], 'Excellent!') # permissions and authorization check for the api call. login = test.logging_in(self, self.no_perm_user, self.no_perm_pass) test.api_get_call(self, '/comments/', login, status=403, params={'entry_id': entry.pk}) test.api_get_call(self, '/comments/', login, status=404, params={'entry_id': self.not_found_pk}) test.test_unauthorized_api_get_call(self, '/comments/', params={'entry_id': entry.pk})
def test_get_lti_params_from_jwt_invalid(self): """Hopefully returns an error.""" login = test.logging_in(self, self.username, self.password) self.request["user_id"] = "awefd" jwt_params = jwt.encode(self.request, 'fa12f4', algorithm='HS256').decode('utf-8') response = test.api_get_call( self, '/get_lti_params_from_jwt/{0}/'.format(jwt_params), login=login, status=401) self.assertIn('Invalid', response.content.decode('utf-8'))
def test_get_user_teacher_courses(self): """Test get user teacher course function.""" factory.make_course('Portfolio2016', 'PAV', author=self.rein) factory.make_course('Portfolio2017', 'PAV', author=self.rein) factory.make_course('Portfolio2018', 'PAV') login = test.logging_in(self, self.rein_user, self.rein_pass) response = test.api_get_call(self, '/courses/', login) self.assertEquals(len(response.json()['courses']), 2) # permissions and authorization check for the api call. test.test_unauthorized_api_get_call(self, '/courses/')
def test_get_user_courses(self): """Test the get user courses function.""" for course in test.set_up_courses('course', 4): student_role = Role.objects.get(name='Student', course=course) factory.make_participation(self.user, course, student_role) login = test.logging_in(self, self.username, self.password) response = test.api_get_call(self, '/courses/', login) self.assertEquals(len(response.json()['courses']), 4) # permissions and authorization check for the api call. test.test_unauthorized_api_get_call(self, '/courses/')
def test_get_lti_params_from_jwt_key_Error(self): """Hopefully returns the lti course data.""" login = test.logging_in(self, self.username, self.password) self.request["user_id"] = "awefd" del self.request['custom_course_id'] jwt_params = jwt.encode(self.request, settings.SECRET_KEY, algorithm='HS256').decode('utf-8') response = test.api_get_call( self, '/get_lti_params_from_jwt/{0}/'.format(jwt_params), login=login, status=400) self.assertIn('KeyError', response.content.decode('utf-8'))
def test_get_lti_params_from_jwt_course_student(self): """Hopefully returns the lti course and assignment data.""" login = test.logging_in(self, self.username, self.password) self.request["user_id"] = "awefd" self.request["roles"] = settings.ROLES["Student"] jwt_params = jwt.encode(self.request, settings.SECRET_KEY, algorithm='HS256').decode('utf-8') response = test.api_get_call( self, '/get_lti_params_from_jwt/{0}/'.format(jwt_params), login=login, status=404) self.assertIn('course', response.content.decode('utf-8'))
def test_assignment_journals(self): """Test the get assignment journals function.""" course = factory.make_course('Portfolio', 'PAV', author=self.rein) template = factory.make_entry_template('template') format = factory.make_format([template]) assignment = factory.make_assignment('Colloq', 'description1', format=format, courses=[course]) students = test.set_up_users('student', 2) for student in students: test.set_up_participation(student, course, 'Student') test.set_up_journal(assignment, template, student, 4) login = test.logging_in(self, self.rein_user, self.rein_pass) response = test.api_get_call(self, '/journals/', login, params={ 'course_id': course.pk, 'assignment_id': assignment.pk }) result = response.json() self.assertEquals(len(result['journals']), 2) # permissions and authorization check for the api call. login = test.logging_in(self, self.no_perm_user, self.no_perm_pass) test.api_get_call(self, '/journals/', login, status=403, params={ 'course_id': course.pk, 'assignment_id': assignment.pk }) test.api_get_call(self, '/journals/', login, status=404, params={ 'course_id': course.pk, 'assignment_id': self.not_found_pk }) test.api_get_call(self, '/journals/', login, status=400, params={}) test.test_unauthorized_api_get_call(self, '/journals/', params={ 'course_id': course.pk, 'assignment_id': self.not_found_pk })
def test_get_lti_params_from_jwt_expired(self): """Hopefully returns the lti course and assignment data.""" login = test.logging_in(self, self.username, self.password) self.request["user_id"] = "awefd" self.request['exp'] = datetime.datetime.utcnow() - datetime.timedelta( minutes=30) jwt_params = jwt.encode(self.request, settings.SECRET_KEY, algorithm='HS256').decode('utf-8') response = test.api_get_call( self, '/get_lti_params_from_jwt/{0}/'.format(jwt_params), login=login, status=403) self.assertIn('expired', response.content.decode('utf-8'))
def test_get_course_data(self): """Test get coursedata function.""" test.set_up_participation(self.user, self.course, 'Teacher') login = test.logging_in(self, self.username, self.password) response = test.api_get_call(self, '/courses/' + str(self.course.pk) + '/', login) self.assertEquals(response.json()['course']['name'], 'Beeldbewerken') self.assertEquals(response.json()['course']['abbreviation'], 'BB') # permissions and authorization check for the api call. login = test.logging_in(self, self.no_perm_user, self.no_perm_pass) test.api_get_call(self, '/courses/' + str(self.course.pk) + '/', login, status=403) test.api_get_call(self, '/courses/' + str(self.not_found_pk) + '/', login, status=404) test.test_unauthorized_api_get_call( self, '/courses/' + str(self.course.pk) + '/')
def test_get_lti_params_from_jwt_no_context_label(self): """Hopefully returns the lti course data.""" login = test.logging_in(self, self.username, self.password) self.request["user_id"] = "awefd" del self.request['context_label'] jwt_params = jwt.encode(self.request, settings.SECRET_KEY, algorithm='HS256').decode('utf-8') response = test.api_get_call( self, '/get_lti_params_from_jwt/{0}/'.format(jwt_params), login=login, status=200) self.assertIn( '"state": "{0}"'.format(lti_view.LTI_STATES.NEW_COURSE.value), response.content.decode('utf-8'))
def test_get_lti_params_from_jwt_assignment_teacher(self): """Hopefully returns the lti assignment data.""" factory.make_course('TestCourse', 'aaaa', lti_id='asdf') login = test.logging_in(self, self.username, self.password) self.request["user_id"] = "awefd" jwt_params = jwt.encode(self.request, settings.SECRET_KEY, algorithm='HS256').decode('utf-8') response = test.api_get_call( self, '/get_lti_params_from_jwt/{0}/'.format(jwt_params), login=login, status=200) self.assertIn( '"state": "{0}"'.format(lti_view.LTI_STATES.NEW_ASSIGN.value), response.content.decode('utf-8'))
def test_get_lti_params_from_jwt_journal_teacher(self): """Hopefully returns the LTI assignment and course.""" course = factory.make_course('TestCourse', 'aaaa', lti_id='asdf') factory.make_assignment("TestAss", "TestDescr", lti_id='bughh', courses=[course]) login = test.logging_in(self, self.username, self.password) self.request["user_id"] = "awefd" jwt_params = jwt.encode(self.request, settings.SECRET_KEY, algorithm='HS256').decode('utf-8') response = test.api_get_call( self, '/get_lti_params_from_jwt/{0}/'.format(jwt_params), login=login, status=200) self.assertIn( '"state": "{0}"'.format(lti_view.LTI_STATES.FINISH_T.value), response.content.decode('utf-8'))
def test_get_lti_params_from_jwt_wrong_user(self): """Hopefully returns an error that tells wrong user logged in.""" login = test.logging_in(self, self.username, self.password) self.request["user_id"] = "12def" self.username, self.password, self.user = test.set_up_user_and_auth( 'TestUser2', 'Pass', '*****@*****.**') self.user.lti_id = '12def' self.user.verified_email = True self.user.save() jwt_params = jwt.encode(self.request, settings.SECRET_KEY, algorithm='HS256').decode('utf-8') response = test.api_get_call( self, '/get_lti_params_from_jwt/{0}/'.format(jwt_params), login=login, status=403) self.assertIn( "The user specified that should be logged in according to the request is not the logged in user.", response.content.decode('utf-8'))
def test_get_lti_params_from_jwt_unknown_role(self): """Test case for when a unknown role is given .""" course = factory.make_course('TestCourse', 'aaaa', lti_id='asdf') factory.make_assignment("TestAss", "TestDescr", lti_id='bughh', courses=[course]) login = test.logging_in(self, self.username, self.password) self.request["user_id"] = "awefd" self.request["roles"] = 'urn:lti:instrole:ims/lis/Administrator' jwt_params = jwt.encode(self.request, settings.SECRET_KEY, algorithm='HS256').decode('utf-8') response = test.api_get_call( self, '/get_lti_params_from_jwt/{0}/'.format(jwt_params), login=login, status=200) self.assertIn( '"state": "{0}"'.format(lti_view.LTI_STATES.FINISH_S.value), response.content.decode('utf-8'))
def test_get_course_roles(self): """Test the get delete assignment function.""" teacher_user = '******' teacher_pass = '******' teacher = factory.make_user(teacher_user, teacher_pass, "*****@*****.**") factory.make_role_student("SD", self.course) factory.make_role_default_no_perms("HE", self.course) teacher_role = factory.make_role_teacher("TE", self.course) factory.make_participation(teacher, self.course, teacher_role) login = test.logging_in(self, teacher_user, teacher_pass) result = test.api_get_call(self, '/roles/', login, params={'course_id': self.course.pk}) self.assertEquals(len(result.json()['roles']), 6) # permissions and authorization check for the api call. login = test.logging_in(self, self.no_perm_user, self.no_perm_pass) test.test_unauthorized_api_get_call(self, '/roles/', params={'course_id': 1}) test.api_get_call(self, '/roles/', login, params={'course_id': self.course.pk}, status=403) test.api_get_call(self, '/roles/', login, params={'course_id': self.not_found_pk}, status=404) test.set_up_participation(self.no_permission_user, self.course, 'Student') test.api_get_call(self, '/roles/', login, params={'course_id': self.course.pk}, status=403)
def test_get_nodes(self): """Test the get nodes function.""" course = factory.make_course('Portfolio', 'PAV', author=self.rein) template = factory.make_entry_template('template') format = factory.make_format([template]) assignment = factory.make_assignment('Colloq', 'description1', format=format, courses=[course]) student_user, student_pass, student = test.set_up_user_and_auth( 'student', 'pass', '*****@*****.**') test.set_up_participation(student, course, 'Student') journal = test.set_up_journal(assignment, template, student, 4) login = test.logging_in(self, student_user, student_pass) response = test.api_get_call(self, '/nodes/', login, params={'journal_id': journal.pk}) result = response.json() self.assertEquals(len(result['nodes']), 5) login = test.logging_in(self, self.rein_user, self.rein_pass) response = test.api_get_call(self, '/nodes/', login, params={'journal_id': journal.pk}) result = response.json() self.assertEquals(len(result['nodes']), 4) # permissions and authorization check for the api call. login = test.logging_in(self, self.no_perm_user, self.no_perm_pass) test.api_get_call(self, '/nodes/', login, status=403, params={'journal_id': journal.pk}) test.api_get_call(self, '/nodes/', login, status=404, params={'journal_id': self.not_found_pk}) test.test_unauthorized_api_get_call(self, '/nodes/', params={'journal_id': journal.pk})
def test_get_assignment_data(self): """Test the get assignment data function.""" course = factory.make_course('Portfolio', 'PAV', author=self.rein) template = factory.make_entry_template('template') format1 = factory.make_format([template]) format2 = factory.make_format([template]) assignment1 = factory.make_assignment('Colloq', 'description1', format=format1, courses=[course], is_published=True) assignment2 = factory.make_assignment('Portfolio', 'description2', format=format2, courses=[course], is_published=True) test.set_up_participation(self.user, course, 'Student') login_user = test.logging_in(self, self.username, self.password) resp = test.api_get_call(self, '/assignments/' + str(assignment1.pk) + '/', login_user) self.assertEquals(resp.json()['assignment']['name'], 'Colloq') self.assertIn('journal', resp.json()['assignment']) login_rein = test.logging_in(self, self.rein_user, self.rein_pass) resp = test.api_get_call(self, '/assignments/' + str(assignment2.pk) + '/', login_rein) self.assertEquals(resp.json()['assignment']['name'], 'Portfolio') # permissions and authorization check for the api call. login = test.logging_in(self, self.no_perm_user, self.no_perm_pass) test.api_get_call(self, '/assignments/{}/'.format(assignment1.pk), login, status=403) test.api_get_call(self, '/assignments/{}/'.format(assignment2.pk), login, status=403) test.test_unauthorized_api_get_call( self, '/assignments/{}/'.format(assignment1.pk))
def test_get_course_assignments(self): """Test the get course assignment function.""" course = factory.make_course('Portfolio', 'PAV', author=self.rein, enddate=timezone.now()) assigns = test.set_up_assignments('assign', 'desc', 2, course=course) test.set_up_participation(self.user, course, 'Student') factory.make_journal(assigns[0], self.user) factory.make_journal(assigns[1], self.user) login_user = test.logging_in(self, self.username, self.password) response = test.api_get_call(self, '/assignments/', login_user, params={'course_id': course.pk}) self.assertEquals(len(response.json()['assignments']), 2) self.assertIn('journal', response.json()['assignments'][0]) login_rein = test.logging_in(self, self.rein_user, self.rein_pass) response = test.api_get_call(self, '/assignments/', login_rein, params={'course_id': course.pk}) self.assertEquals(len(response.json()['assignments']), 2) # permissions and authorization check for the api call. login = test.logging_in(self, self.no_perm_user, self.no_perm_pass) test.api_get_call(self, '/assignments/', login, status=403, params={'course_id': course.pk}) test.api_get_call(self, '/assignments/', login, status=404, params={'course_id': self.not_found_pk}) test.test_unauthorized_api_get_call( self, '/assignments/' + str(course.pk) + '/')
def test_login(self): """Test if the login is successful.""" login = test.logging_in(self, self.username, self.password) factory.make_course('test', 'TTTT') test.api_get_call(self, '/courses/', login)
def test_get_unenrolled_users(self): """Test the get get_unenrolledusers.""" teacher_user, teacher_pass, teacher = test.set_up_user_and_auth( 'teacher', 'pass', '*****@*****.**') test.set_up_participation(teacher, self.course, 'Teacher') test.set_up_participation(self.lars, self.course, 'Student') test.set_up_participation(self.rein, self.course, 'TA') login = test.logging_in(self, teacher_user, teacher_pass) response = test.api_get_call(self, '/participations/unenrolled/', login, params={ 'course_id': self.course.pk, 'unenrolled_query': 'test12' }) self.assertEquals(len(response.json()['participants']), 1) self.assertEquals(response.json()['participants'][0]['username'], self.username) response = test.api_get_call(self, '/participations/unenrolled/', login, params={ 'course_id': self.course.pk, 'unenrolled_query': 'Student' }) self.assertEquals(len(response.json()['participants']), 2) response = test.api_get_call(self, '/participations/unenrolled/', login, params={ 'course_id': self.course.pk, 'unenrolled_query': 'no_perm' }) self.assertEquals(len(response.json()['participants']), 1) self.assertEquals(response.json()['participants'][0]['username'], self.no_perm_user) login = test.logging_in(self, self.no_perm_user, self.no_perm_pass) test.api_get_call(self, '/participations/unenrolled/', login, status=403, params={ 'course_id': self.course.pk, 'unenrolled_query': '' }) test.test_unauthorized_api_get_call(self, '/participations/unenrolled/', params={ 'course_id': self.course.pk, 'unenrolled_query': '' }) test.set_up_participation(self.no_permission_user, self.course, 'Student') test.api_get_call(self, '/participations/unenrolled/', login, status=403, params={ 'course_id': self.course.pk, 'unenrolled_query': '' })
def test_GDPR(self): # Test normal user login = test.logging_in(self, self.username, self.password) _, _, other_user = test.set_up_user_and_auth('teacher', 'pass', '*****@*****.**') # Other user test.api_get_call(self, '/users/{0}/GDPR/'.format(other_user.pk), login, status=403) # Multiple times its own for _ in range( int(api_settings.DEFAULT_THROTTLE_RATES['gdpr'].split('/') [0])): test.api_get_call(self, '/users/0/GDPR/', login) test.api_get_call(self, '/users/0/GDPR/', login, status=429) # Test super user self.user.is_superuser = True self.user.save() # Other user test.api_get_call(self, '/users/{0}/GDPR/'.format(other_user.pk), login, status=403) # Multiple times its own for _ in range( int(api_settings.DEFAULT_THROTTLE_RATES['gdpr'].split('/') [0])): test.api_get_call(self, '/users/0/GDPR/', login) test.api_get_call(self, '/users/0/GDPR/', login) self.user.is_superuser = False self.user.save()