def test_bad_no_get_all_premss_send_message_and_get_messages_of_shops(self):
register(RegisteredUser('TomerTomer1', '1234567878'))
shop1 = Shop('My Shop1', 'Active')
ShopLogic.create_shop(shop1, 'TomerTomer1')
register(RegisteredUser('TomerTomer2', '1234567878'))
shop2 = Shop('My Shop2', 'Active')
ShopLogic.create_shop(shop2, 'TomerTomer2')
UsersLogic.add_manager('TomerTomer1', StoreManager('TomerTomer2', 'My Shop1', 1, 1, 1, 1, 0, 1, 1, 1))
UsersLogic.add_manager('TomerTomer2', StoreManager('TomerTomer1', 'My Shop2', 1, 1, 1, 1, 0, 1, 1, 1))
MessagingLogic.send_message_from_shop('TomerTomer2', Message(1, 'My Shop1', 'My Shop2', 'Hello 1'))
MessagingLogic.send_message_from_shop('TomerTomer1', Message(2, 'My Shop2', 'My Shop1', 'Hello 2'))
messages1 = MessagingLogic.get_all_shop_messages('TomerTomer2', 'My Shop1')
messages2 = MessagingLogic.get_all_shop_messages('TomerTomer1', 'My Shop2')
self.assertFalse(messages1)
self.assertFalse(messages2)
def test_bad_no_permssion_send_message_and_get_messages_of_shops(self):
register(RegisteredUser('TomerTomer1', '1234567878'))
shop1 = Shop('My Shop1', 'Active')
ShopLogic.create_shop(shop1, 'TomerTomer1')
register(RegisteredUser('TomerTomer2', '1234567878'))
shop2 = Shop('My Shop2', 'Active')
ShopLogic.create_shop(shop2, 'TomerTomer2')
UsersLogic.add_manager('TomerTomer1', StoreManager('TomerTomer2', 'My Shop1', 1, 1, 1, 0, 1, 1, 1, 1))
UsersLogic.add_manager('TomerTomer2', StoreManager('TomerTomer1', 'My Shop2', 1, 1, 1, 0, 1, 1, 1, 1))
self.assertEqual(MessagingLogic.send_message_from_shop('TomerTomer2',
Message(1, 'My Shop1', 'My Shop2', 'Hello 1'))
, "FAILED: You don't have the permissions")
self.assertEqual(MessagingLogic.send_message_from_shop('TomerTomer1',
Message(2, 'My Shop2', 'My Shop1', 'Hello 2'))
, "FAILED: You don't have the permissions")
def send_message_from_shop(request):
if request.method == 'POST':
content = request.POST.get('content')
from_shop = request.POST.get('from')
to = request.POST.get('to')
event = "SEND MESSAGE FROM SHOP"
suspect_sql_injection = False
suspect_sql_injection = LoggerLogic.identify_sql_injection(
content, event) or suspect_sql_injection
suspect_sql_injection = LoggerLogic.identify_sql_injection(
from_shop, event) or suspect_sql_injection
suspect_sql_injection = LoggerLogic.identify_sql_injection(
to, event) or suspect_sql_injection
if suspect_sql_injection:
return HttpResponse(LoggerLogic.MESSAGE_SQL_INJECTION)
login = request.COOKIES.get('login_hash')
if login is not None:
username = Consumer.loggedInUsers.get(login)
message = Message(None, from_shop, to, content)
return HttpResponse(
MessagingLogic.send_message_from_shop(username, message))
return HttpResponse('FAILED: You are not logged in')
def test_no_permission(self):
UsersLogic.register(RegisteredUser('ShaharShahar', '12312456'))
UsersLogic.register(RegisteredUser('TomerTomerLev', '65431221'))
shop = Shop('myShop', 'Active')
ShopLogic.create_shop(shop, 'ShaharShahar')
UsersLogic.add_manager(
'ShaharShahar',
StoreManager('TomerTomerLev', 'myShop', 0, 0, 0, 0, 0, 0, 0, 0))
status = ItemsLogic.add_item_to_shop(
Item(None, 'myShop', 'doll', 'toys', 'toys;kids', 20, 300,
'regular', None, 0, 0, 0), 'TomerTomerLev')
self.assertFalse(status)
message = Message(None, 'myShop', 'ShaharShahar', 'Hi There')
status = MessagingLogic.send_message_from_shop('TomerTomerLev',
message)
self.assertFalse(returnStringToBoolean(status))
def test_torture2(self):
# Adding Users
status = UsersLogic.register(
RegisteredUser('u1ser1u1ser1', 'wxde12exd12'))
self.assertTrue(status)
status = UsersLogic.register(RegisteredUser('u2ser2u2ser2',
'34c124c1'))
self.assertTrue(status)
status = UsersLogic.register(
RegisteredUser('u3ser3u3ser3', '1c241c24c1'))
self.assertTrue(status)
status = UsersLogic.register(
RegisteredUser('u4ser4u4ser4', '3214v132v4132'))
self.assertTrue(status)
status = UsersLogic.register(RegisteredUser('u5seru5ser', '12121212'))
self.assertTrue(status)
# Adding System Managers
status = UsersLogic.add_system_manager(
SystemManager('sys1sys1', 'POWER123'))
self.assertTrue(status)
# Creating Shops
status = ShopLogic.create_shop(Shop('myShop1', 'Active'),
'u1ser1u1ser1')
self.assertTrue(status)
status = ShopLogic.create_shop(Shop('myShop2', 'Active'),
'u2ser2u2ser2')
self.assertTrue(status)
status = UsersLogic.add_owner('u1ser1u1ser1',
Owner('u3ser3u3ser3', 'myShop1', 0))
self.assertTrue(status)
owner = Owners.get_owner('u1ser1u1ser1', 'myShop1')
status = UsersLogic.add_manager(
owner.username,
StoreManager('u4ser4u4ser4', 'myShop1', 1, 1, 1, 1, 1, 1, 1, 1))
status = UsersLogic.add_manager(
'u2ser2u2ser2',
StoreManager('u4ser4u4ser4', 'myShop2', 1, 1, 1, 1, 1, 1, 1, 1))
manager = StoreManagers.get_store_manager('u4ser4u4ser4', 'myShop1')
self.assertEqual(manager.permission_reply_messages, 1)
ItemsLogic.add_item_to_shop(
Item(None, 'myShop1', 'banana', 'fruits', 'fruit;healthy;yellow',
4.90, 300, 'regular', None, 0, 0, 0), 'u4ser4u4ser4')
ItemsLogic.add_item_to_shop(
Item(None, 'myShop2', 'doll', 'toys', 'fun', 30, 10, 'regular',
None, 0, 0, 0), 'u2ser2u2ser2')
ItemsLogic.add_item_to_shop(
Item(None, 'myShop1', 'soda', 'drinks', 'good', 4.90, 20,
'regular', None, 0, 0, 0), 'u1ser1u1ser1')
ItemsLogic.add_item_to_shop(
Item(None, 'myShop2', 'cucumber', 'vegetables', 'fun', 4.90, 300,
'regular', None, 0, 0, 0), 'u4ser4u4ser4')
ItemsLogic.add_item_to_shop(
Item(None, 'myShop1', 'vodka', 'drinks', 'bad;for;your;health', 70,
2, 'regular', None, 0, 0, 0), 'u3ser3u3ser3')
items = SearchLogic.search_by_name('banana')
self.assertEqual(items[0].quantity, 300)
self.assertEqual(items[0].price, 4.90)
self.assertEqual(len(items), 1)
items = SearchLogic.search_by_category('drinks')
self.assertEqual(items[0].quantity, 20)
self.assertEqual(items[1].price, 70)
self.assertEqual(len(items), 2)
items = SearchLogic.search_by_keywords('fun')
self.assertEqual(items[0].quantity, 10)
self.assertEqual(items[1].price, 4.90)
self.assertEqual(len(items), 2)
items = SearchLogic.search_items_in_shop('myShop2')
self.assertEqual(items[0].name, 'doll')
self.assertEqual(items[1].name, 'cucumber')
self.assertEqual(len(items), 2)
MessagingLogic.send_message_from_shop(
'u4ser4u4ser4',
Message(None, 'myShop1', 'u5seru5ser',
'Nadav is our lord and savior'))
messages = MessagingLogic.get_all_messages('u5seru5ser')
self.assertEqual(len(messages), 1)
self.assertEqual(messages[0].content, 'Nadav is our lord and savior')
MessagingLogic.send_message(
Message(None, 'u5seru5ser', 'myShop1', 'Hello Shop'))
messages = MessagingLogic.get_all_shop_messages(
'u4ser4u4ser4', 'myShop1')
self.assertEqual(len(messages), 1)
self.assertEqual(messages[0].content, 'Hello Shop')
MessagingLogic.send_message_from_shop(
'u1ser1u1ser1', Message(None, 'myShop1', 'myShop2', 'Hello Shop2'))
messages = MessagingLogic.get_all_shop_messages(
'u2ser2u2ser2', 'myShop2')
self.assertEqual(len(messages), 1)
self.assertEqual(messages[0].content, 'Hello Shop2')
MessagingLogic.send_message(
Message(None, 'u1ser1u1ser1', 'u3ser3u3ser3', 'Shop2 Sucks!'))
messages = MessagingLogic.get_all_messages('u3ser3u3ser3')
self.assertEqual(messages[0].content, 'Shop2 Sucks!')
UsersLogic.close_shop('u1ser1u1ser1', 'myShop1')
items = SearchLogic.search_by_name('banana')
self.assertEqual(len(items), 0)