def test_refresh(self):
student = StudentFactory(email='*****@*****.**',
read_access_until=(datetime.now() -
timedelta(days=1)))
student.permissions_list = [
Permission.ReadEvaluations, Permission.WriteEvaluations,
Permission.VoteOnEvaluations
]
db.session.flush()
old_jwt = create_access_token(identity=student.to_dict())
rv = self.client.get('/auth/refresh',
headers={'Authorization': 'Bearer ' + old_jwt})
self.assertEqual(200, rv.status_code)
data = json.loads(rv.data)
new_identity = jwt.get_unverified_claims(data['jwt'])['sub']
self.assertEqual(None, student.read_access_until)
self.assertNotIn(Permission.ReadEvaluations, student.permissions_list)
self.assertNotIn(Permission.VoteOnEvaluations,
student.permissions_list)
self.assertEqual([Permission.WriteEvaluations],
new_identity['permissions'])
def test_patch_incomplete(self):
student = StudentFactory(
majors=[MajorFactory()],
permissions=[Permission.query.get(Permission.Incomplete)])
self.jwt = create_access_token(identity=student.to_dict())
headers = {
'Authorization': 'Bearer ' + self.jwt,
'Content-Type': 'application/json'
}
quarter = QuarterCurrentFactory()
rv = self.client.patch('/students/{}'.format(student.id),
headers=headers,
data=json.dumps(self.patch_data))
self.assertEqual(200, rv.status_code)
self.assertEqual(self.patch_data['graduation_year'],
student.graduation_year)
self.assertEqual(self.patch_data['gender'], student.gender)
self.assertEqual(self.patch_data['majors'], student.majors_list)
self.assertIn(Permission.WriteEvaluations, student.permissions_list)
self.assertIn(Permission.ReadEvaluations, student.permissions_list)
self.assertEqual(
datetime_from_date(quarter.period.upper +
timedelta(days=1, hours=11),
tzinfo=timezone.utc), student.read_access_until)
def test_existing_user_incomplete(self, data, decode_func):
student = StudentFactory(email='*****@*****.**')
student.permissions_list = [Permission.Incomplete]
rv = self.client.post('/auth',
headers={'Content-Type': 'application/json'},
data=json.dumps({'id_token': data['id_token']}))
self.assertEqual(200, rv.status_code)
def test_read_access_none(self):
student = StudentFactory(
permissions=[Permission.query.get(Permission.WriteEvaluations)],
read_access_until=None)
db.session.flush()
student_jwt = create_access_token(identity=student.to_dict())
rv = self.client.get(
'/auth/validate',
headers={'Authorization': 'Bearer ' + student_jwt})
self.assertEqual(200, rv.status_code)
def test_majors_as_incomplete(self):
incomplete = StudentFactory(
permissions=[Permission.query.get(Permission.Incomplete)])
db.session.flush()
jwt = create_access_token(identity=incomplete.to_dict())
head_auth = {'Authorization': 'Bearer ' + jwt}
rv = self.client.get('/majors', headers=head_auth)
self.assertEqual(200, rv.status_code)
data = json.loads(rv.data)
self.assertEqual(1, len(data))
def test_post_evaluation(self):
student = StudentFactory(
permissions=[Permission.query.get(Permission.WriteEvaluations)])
db.session.flush()
jwt = create_access_token(identity=student.to_dict())
headers = {
'Authorization': 'Bearer ' + jwt,
'Content-Type': 'application/json'
}
data = {
'quarter_id': self.section.quarter_id,
'professor_id': self.section.professors[0].id,
'course_id': self.section.course_id,
'display_grad_year': True,
'display_majors': False,
'evaluation': {
'attitude': 1,
'availability': 1,
'clarity': 1,
'easiness': 1,
'grading_speed': 1,
'recommended': 1,
'resourcefulness': 1,
'workload': 1,
'comment': 'Test'
}
}
rv = self.client.post('/evaluations',
headers=headers,
data=json.dumps(data))
self.assertEqual(201, rv.status_code)
resp = json.loads(rv.data)
self.assertIn('jwt', resp)
self.assertNotEqual('', resp['jwt'])
evaluation = Evaluation.query.filter(
Evaluation.professor_id == self.section.professors[0].id,
Evaluation.student_id == student.id).one_or_none()
if evaluation is None:
self.fail('evaluation was not inserted')
self.assertEqual(data['evaluation'], evaluation.data)
self.assertIn(Permission.ReadEvaluations, student.permissions_list)
self.assertIn(Permission.VoteOnEvaluations, student.permissions_list)
self.assertEqual(datetime(2018, 2, 2, 0, 0, tzinfo=timezone.utc),
student.read_access_until)
def test_incorrect_permissions(self):
student = StudentFactory(permissions=[])
db.session.flush()
token = create_access_token(identity=student.to_dict())
rv = self.client.get('/quarters',
headers={'Authorization': 'Bearer ' + token})
self.assertEqual(401, rv.status_code)
data = json.loads(rv.data)
self.assertIn(
'could not verify that you are authorized to access the URL requested',
data['message'])
def test_user_loader(self):
# create a jwt for a non-existing user
student = StudentFactory()
db.session.flush()
info = student.to_dict()
info['id'] += 1
token = create_access_token(identity=info)
rv = self.client.get('/auth/validate',
headers={'Authorization': 'Bearer ' + token})
self.assertEqual(500, rv.status_code)
data = json.loads(rv.data)
self.assertEqual('unable to load user', data['message'])
def test_existing_user_suspended(self, data, decode_func):
student = StudentFactory(email='*****@*****.**',
suspended_until=(datetime.now() +
timedelta(days=1)))
db.session.flush()
token = create_access_token(identity=student.to_dict())
rv = self.client.get('/auth/refresh',
headers={'Authorization': 'Bearer ' + token})
self.assertEqual(401, rv.status_code)
data = json.loads(rv.data)
self.assertEqual('suspended', data['status'])
def test_read_access_expired(self):
student = StudentFactory(
permissions=[Permission.query.get(Permission.ReadEvaluations)],
read_access_until=(datetime.now() - timedelta(days=1)))
db.session.flush()
student_jwt = create_access_token(identity=student.to_dict())
rv = self.client.get(
'/search?q=', headers={'Authorization': 'Bearer ' + student_jwt})
self.assertEqual(401, rv.status_code)
data = json.loads(rv.data)
self.assertIn('message', data)
self.assertIn(
'could not verify that you are authorized to access the URL requested',
data['message'])
def test_existing_user_suspended(self, data, decode_func):
StudentFactory(email='*****@*****.**',
suspended_until=(datetime.now() + timedelta(days=1)))
rv = self.client.post('/auth',
headers={'Content-Type': 'application/json'},
data=json.dumps({'id_token': data['id_token']}))
self.assertEqual(401, rv.status_code)
data = json.loads(rv.data)
self.assertEqual('suspended', data['status'])
def test_existing_user_read_access_expired(self, data, decode_func):
student = StudentFactory(email='*****@*****.**',
read_access_until=(datetime.now() -
timedelta(days=1)))
student.permissions_list = [
Permission.ReadEvaluations, Permission.WriteEvaluations,
Permission.VoteOnEvaluations
]
rv = self.client.post('/auth',
headers={'Content-Type': 'application/json'},
data=json.dumps({'id_token': data['id_token']}))
self.assertEqual(200, rv.status_code)
data = json.loads(rv.data)
self.assertEqual('ok', data['status'])
self.assertEqual(None, student.read_access_until)
self.assertNotIn(Permission.ReadEvaluations, student.permissions_list)
self.assertNotIn(Permission.VoteOnEvaluations,
student.permissions_list)
def test_existing_user_turned_alumni(self, data, decode_func):
student = StudentFactory(email='*****@*****.**')
rv = self.client.post('/auth',
headers={'Content-Type': 'application/json'},
data=json.dumps(
{'id_token': data['id_token_alumni']}))
self.assertEqual(rv.status_code, 200)
data = json.loads(rv.data)
self.assertIn('status', data)
self.assertEqual('converted', data['status'])
self.assertEqual('*****@*****.**', student.email)
self.assertTrue(student.alumni)
def setUp(self):
super().setUp()
self.course = CourseFactory()
prof = ProfessorFactory()
prof2 = ProfessorFactory()
prof3 = ProfessorFactory()
student = StudentFactory()
section = SectionFactory(course=self.course, professors=[prof, prof2, prof3])
# prof2 has taught this course multiple quarters
SectionFactory(course=self.course, professors=[prof2])
EvaluationFactory(student=self.student, professor=prof, section=section)
evaluation = EvaluationFactory(student=student, professor=prof, section=section)
VoteFactory(student=self.student, evaluation=evaluation, value=Vote.UPVOTE)
db.session.flush()
def test_existing_student(self, data):
StudentFactory(email='*****@*****.**')
# make sure the new token will have a new expiration time
time.sleep(1)
old_jwt = jwt.get_unverified_claims(self.jwt)
rv = self.client.post('/auth',
headers={'Content-Type': 'application/json'},
data=json.dumps({'id_token': data['id_token']}))
self.assertEqual(rv.status_code, 200)
try:
resp = json.loads(rv.data)
except JSONDecodeError:
self.fail('invalid response')
self.assertIn('jwt', resp)
new_data = jwt.get_unverified_claims(resp['jwt'])
self.assertGreater(new_data['exp'], old_jwt['exp'])
def setUp(self):
super().setUp()
self.course = CourseFactory()
self.prof = ProfessorFactory()
prof2 = ProfessorFactory()
prof3 = ProfessorFactory()
student = StudentFactory()
section = SectionFactory(course=self.course,
professors=[self.prof, prof2, prof3])
# prof has taught this course twice
SectionFactory(course=self.course, professors=[self.prof])
SectionFactory(professors=[self.prof])
EvaluationFactory(student=self.student,
professor=self.prof,
section=section)
evaluation = EvaluationFactory(student=student,
professor=self.prof,
section=section)
VoteFactory(student=self.student, evaluation=evaluation)
db.session.flush()
def test_get_wrong_user(self):
student = StudentFactory()
rv = self.client.get('/students/{}/evaluations'.format(student.id),
headers=self.head_auth)
self.assertEqual(rv.status_code, 403)
def setUp(self):
super().setUp()
self.student = StudentFactory()
