Example #1
0
    def test_refresh(self):
        student = StudentFactory(email='*****@*****.**',
                                 read_access_until=(datetime.now() -
                                                    timedelta(days=1)))
        student.permissions_list = [
            Permission.ReadEvaluations, Permission.WriteEvaluations,
            Permission.VoteOnEvaluations
        ]

        db.session.flush()

        old_jwt = create_access_token(identity=student.to_dict())

        rv = self.client.get('/auth/refresh',
                             headers={'Authorization': 'Bearer ' + old_jwt})
        self.assertEqual(200, rv.status_code)

        data = json.loads(rv.data)

        new_identity = jwt.get_unverified_claims(data['jwt'])['sub']

        self.assertEqual(None, student.read_access_until)
        self.assertNotIn(Permission.ReadEvaluations, student.permissions_list)
        self.assertNotIn(Permission.VoteOnEvaluations,
                         student.permissions_list)
        self.assertEqual([Permission.WriteEvaluations],
                         new_identity['permissions'])
Example #2
0
    def test_patch_incomplete(self):
        student = StudentFactory(
            majors=[MajorFactory()],
            permissions=[Permission.query.get(Permission.Incomplete)])

        self.jwt = create_access_token(identity=student.to_dict())

        headers = {
            'Authorization': 'Bearer ' + self.jwt,
            'Content-Type': 'application/json'
        }

        quarter = QuarterCurrentFactory()

        rv = self.client.patch('/students/{}'.format(student.id),
                               headers=headers,
                               data=json.dumps(self.patch_data))

        self.assertEqual(200, rv.status_code)

        self.assertEqual(self.patch_data['graduation_year'],
                         student.graduation_year)
        self.assertEqual(self.patch_data['gender'], student.gender)
        self.assertEqual(self.patch_data['majors'], student.majors_list)

        self.assertIn(Permission.WriteEvaluations, student.permissions_list)
        self.assertIn(Permission.ReadEvaluations, student.permissions_list)
        self.assertEqual(
            datetime_from_date(quarter.period.upper +
                               timedelta(days=1, hours=11),
                               tzinfo=timezone.utc), student.read_access_until)
Example #3
0
    def test_existing_user_incomplete(self, data, decode_func):
        student = StudentFactory(email='*****@*****.**')
        student.permissions_list = [Permission.Incomplete]

        rv = self.client.post('/auth',
                              headers={'Content-Type': 'application/json'},
                              data=json.dumps({'id_token': data['id_token']}))
        self.assertEqual(200, rv.status_code)
Example #4
0
    def test_read_access_none(self):
        student = StudentFactory(
            permissions=[Permission.query.get(Permission.WriteEvaluations)],
            read_access_until=None)
        db.session.flush()
        student_jwt = create_access_token(identity=student.to_dict())

        rv = self.client.get(
            '/auth/validate',
            headers={'Authorization': 'Bearer ' + student_jwt})

        self.assertEqual(200, rv.status_code)
Example #5
0
    def test_majors_as_incomplete(self):
        incomplete = StudentFactory(
            permissions=[Permission.query.get(Permission.Incomplete)])
        db.session.flush()
        jwt = create_access_token(identity=incomplete.to_dict())
        head_auth = {'Authorization': 'Bearer ' + jwt}

        rv = self.client.get('/majors', headers=head_auth)

        self.assertEqual(200, rv.status_code)

        data = json.loads(rv.data)
        self.assertEqual(1, len(data))
Example #6
0
    def test_post_evaluation(self):
        student = StudentFactory(
            permissions=[Permission.query.get(Permission.WriteEvaluations)])
        db.session.flush()
        jwt = create_access_token(identity=student.to_dict())
        headers = {
            'Authorization': 'Bearer ' + jwt,
            'Content-Type': 'application/json'
        }

        data = {
            'quarter_id': self.section.quarter_id,
            'professor_id': self.section.professors[0].id,
            'course_id': self.section.course_id,
            'display_grad_year': True,
            'display_majors': False,
            'evaluation': {
                'attitude': 1,
                'availability': 1,
                'clarity': 1,
                'easiness': 1,
                'grading_speed': 1,
                'recommended': 1,
                'resourcefulness': 1,
                'workload': 1,
                'comment': 'Test'
            }
        }

        rv = self.client.post('/evaluations',
                              headers=headers,
                              data=json.dumps(data))
        self.assertEqual(201, rv.status_code)

        resp = json.loads(rv.data)
        self.assertIn('jwt', resp)
        self.assertNotEqual('', resp['jwt'])

        evaluation = Evaluation.query.filter(
            Evaluation.professor_id == self.section.professors[0].id,
            Evaluation.student_id == student.id).one_or_none()

        if evaluation is None:
            self.fail('evaluation was not inserted')

        self.assertEqual(data['evaluation'], evaluation.data)

        self.assertIn(Permission.ReadEvaluations, student.permissions_list)
        self.assertIn(Permission.VoteOnEvaluations, student.permissions_list)
        self.assertEqual(datetime(2018, 2, 2, 0, 0, tzinfo=timezone.utc),
                         student.read_access_until)
Example #7
0
    def test_incorrect_permissions(self):
        student = StudentFactory(permissions=[])
        db.session.flush()

        token = create_access_token(identity=student.to_dict())

        rv = self.client.get('/quarters',
                             headers={'Authorization': 'Bearer ' + token})

        self.assertEqual(401, rv.status_code)
        data = json.loads(rv.data)
        self.assertIn(
            'could not verify that you are authorized to access the URL requested',
            data['message'])
Example #8
0
    def test_user_loader(self):
        # create a jwt for a non-existing user
        student = StudentFactory()
        db.session.flush()
        info = student.to_dict()
        info['id'] += 1

        token = create_access_token(identity=info)

        rv = self.client.get('/auth/validate',
                             headers={'Authorization': 'Bearer ' + token})

        self.assertEqual(500, rv.status_code)
        data = json.loads(rv.data)
        self.assertEqual('unable to load user', data['message'])
Example #9
0
    def test_existing_user_suspended(self, data, decode_func):
        student = StudentFactory(email='*****@*****.**',
                                 suspended_until=(datetime.now() +
                                                  timedelta(days=1)))

        db.session.flush()

        token = create_access_token(identity=student.to_dict())

        rv = self.client.get('/auth/refresh',
                             headers={'Authorization': 'Bearer ' + token})

        self.assertEqual(401, rv.status_code)

        data = json.loads(rv.data)
        self.assertEqual('suspended', data['status'])
Example #10
0
    def test_read_access_expired(self):
        student = StudentFactory(
            permissions=[Permission.query.get(Permission.ReadEvaluations)],
            read_access_until=(datetime.now() - timedelta(days=1)))
        db.session.flush()
        student_jwt = create_access_token(identity=student.to_dict())

        rv = self.client.get(
            '/search?q=', headers={'Authorization': 'Bearer ' + student_jwt})

        self.assertEqual(401, rv.status_code)

        data = json.loads(rv.data)
        self.assertIn('message', data)
        self.assertIn(
            'could not verify that you are authorized to access the URL requested',
            data['message'])
Example #11
0
    def test_existing_user_suspended(self, data, decode_func):
        StudentFactory(email='*****@*****.**',
                       suspended_until=(datetime.now() + timedelta(days=1)))

        rv = self.client.post('/auth',
                              headers={'Content-Type': 'application/json'},
                              data=json.dumps({'id_token': data['id_token']}))
        self.assertEqual(401, rv.status_code)

        data = json.loads(rv.data)
        self.assertEqual('suspended', data['status'])
Example #12
0
    def test_existing_user_read_access_expired(self, data, decode_func):
        student = StudentFactory(email='*****@*****.**',
                                 read_access_until=(datetime.now() -
                                                    timedelta(days=1)))
        student.permissions_list = [
            Permission.ReadEvaluations, Permission.WriteEvaluations,
            Permission.VoteOnEvaluations
        ]

        rv = self.client.post('/auth',
                              headers={'Content-Type': 'application/json'},
                              data=json.dumps({'id_token': data['id_token']}))
        self.assertEqual(200, rv.status_code)

        data = json.loads(rv.data)
        self.assertEqual('ok', data['status'])

        self.assertEqual(None, student.read_access_until)
        self.assertNotIn(Permission.ReadEvaluations, student.permissions_list)
        self.assertNotIn(Permission.VoteOnEvaluations,
                         student.permissions_list)
Example #13
0
    def test_existing_user_turned_alumni(self, data, decode_func):
        student = StudentFactory(email='*****@*****.**')

        rv = self.client.post('/auth',
                              headers={'Content-Type': 'application/json'},
                              data=json.dumps(
                                  {'id_token': data['id_token_alumni']}))
        self.assertEqual(rv.status_code, 200)

        data = json.loads(rv.data)
        self.assertIn('status', data)
        self.assertEqual('converted', data['status'])

        self.assertEqual('*****@*****.**', student.email)
        self.assertTrue(student.alumni)
Example #14
0
    def setUp(self):
        super().setUp()

        self.course = CourseFactory()
        prof = ProfessorFactory()
        prof2 = ProfessorFactory()
        prof3 = ProfessorFactory()
        student = StudentFactory()

        section = SectionFactory(course=self.course, professors=[prof, prof2, prof3])

        # prof2 has taught this course multiple quarters
        SectionFactory(course=self.course, professors=[prof2])

        EvaluationFactory(student=self.student, professor=prof, section=section)
        evaluation = EvaluationFactory(student=student, professor=prof, section=section)
        VoteFactory(student=self.student, evaluation=evaluation, value=Vote.UPVOTE)

        db.session.flush()
Example #15
0
    def test_existing_student(self, data):
        StudentFactory(email='*****@*****.**')

        # make sure the new token will have a new expiration time
        time.sleep(1)

        old_jwt = jwt.get_unverified_claims(self.jwt)

        rv = self.client.post('/auth',
                              headers={'Content-Type': 'application/json'},
                              data=json.dumps({'id_token': data['id_token']}))
        self.assertEqual(rv.status_code, 200)

        try:
            resp = json.loads(rv.data)
        except JSONDecodeError:
            self.fail('invalid response')

        self.assertIn('jwt', resp)

        new_data = jwt.get_unverified_claims(resp['jwt'])

        self.assertGreater(new_data['exp'], old_jwt['exp'])
Example #16
0
    def setUp(self):
        super().setUp()

        self.course = CourseFactory()
        self.prof = ProfessorFactory()
        prof2 = ProfessorFactory()
        prof3 = ProfessorFactory()
        student = StudentFactory()
        section = SectionFactory(course=self.course,
                                 professors=[self.prof, prof2, prof3])

        # prof has taught this course twice
        SectionFactory(course=self.course, professors=[self.prof])

        SectionFactory(professors=[self.prof])
        EvaluationFactory(student=self.student,
                          professor=self.prof,
                          section=section)
        evaluation = EvaluationFactory(student=student,
                                       professor=self.prof,
                                       section=section)
        VoteFactory(student=self.student, evaluation=evaluation)

        db.session.flush()
Example #17
0
    def test_get_wrong_user(self):
        student = StudentFactory()

        rv = self.client.get('/students/{}/evaluations'.format(student.id),
                             headers=self.head_auth)
        self.assertEqual(rv.status_code, 403)
Example #18
0
 def setUp(self):
     super().setUp()
     self.student = StudentFactory()