def test_add_visible_discount_bad(self):
register(RegisteredUser('YoniYoni', '1234567878'))
register(RegisteredUser('StoreManager1', '1234567878'))
shop = Shop('My Shop', 'Active')
ShopLogic.create_shop(shop, 'YoniYoni')
UsersLogic.add_manager(
'YoniYoni',
StoreManager('StoreManager1', 'My Shop', 1, 1, 1, 1, 1, 1, 1, 1))
item1 = Item(1, 'My Shop', 'milk', 'diary', 'good', 12, 100, 'regular',
None, 0, 0, 0)
ItemsLogic.add_item_to_shop(item1, 'StoreManager1')
disc = VisibleDiscount(item1.id, shop.name, -1, '2018-12-01',
'2019-12-01')
self.assertFalse(add_visible_discount(disc, 'YoniYoni'))
def test_get_visible_discount(self):
register(RegisteredUser('YoniYoni', '1234567878'))
register(RegisteredUser('StoreManager1', '1234567878'))
shop = Shop('My Shop', 'Active')
ShopLogic.create_shop(shop, 'YoniYoni')
UsersLogic.add_manager(
'YoniYoni',
StoreManager('StoreManager1', 'My Shop', 1, 1, 1, 1, 1, 1, 1, 1))
item1 = Item(1, 'My Shop', 'milk', 'diary', 'good', 12, 100, 'regular',
None, 0, 0, 0)
ItemsLogic.add_item_to_shop(item1, 'StoreManager1')
disc = VisibleDiscount(item1.id, shop.name, 50, '2018-12-01',
'2019-12-01')
self.assertTrue(add_visible_discount(disc, 'YoniYoni'))
getted = get_visible_discount(item1.id, shop.name)
self.assertEqual(getted.item_id, disc.item_id)
self.assertEqual(getted.shop_name, disc.shop_name)
self.assertEqual(getted.percentage, disc.percentage)
def fetch_discount_item(discount_tuples):
if discount_tuples is False:
return False
discounts_arr = []
for discount_tuple in discount_tuples:
if len(discount_tuple) == 5:
discounts_arr.append(VisibleDiscount(discount_tuple[0],
discount_tuple[1],
discount_tuple[2],
discount_tuple[3],
discount_tuple[4]))
else:
discounts_arr.append(InvisibleDiscount(discount_tuple[0],
discount_tuple[1],
discount_tuple[2],
discount_tuple[3],
discount_tuple[4],
discount_tuple[5]))
return discounts_arr
def add_discount(request):
global result
if request.method == 'POST':
shop_name = request.POST.get('shop_name')
percent = int(request.POST.get('percent'))
kind = request.POST.get('kind')
event = "ADD DISCOUNT"
suspect_sql_injection = False
suspect_sql_injection = LoggerLogic.identify_sql_injection(
shop_name, event) or suspect_sql_injection
suspect_sql_injection = LoggerLogic.identify_sql_injection(
kind, event) or suspect_sql_injection
if suspect_sql_injection:
return HttpResponse(LoggerLogic.MESSAGE_SQL_INJECTION)
start_date = request.POST.get('start_date')
end_date = request.POST.get('duration')
end_date = end_date.split('-')
end_date = end_date[0] + '-' + end_date[2] + '-' + end_date[1]
start_date = start_date.split('-')
start_date = start_date[0] + '-' + start_date[2] + '-' + start_date[1]
if shop_name is None or ShopLogic.search_shop(shop_name) is False:
return HttpResponse('invalid shop')
login = request.COOKIES.get('login_hash')
username = None
if login is not None:
username = Consumer.loggedInUsers.get(login)
if username is None:
return HttpResponse('user not logged in')
if not UsersLogic.is_owner_of_shop(username, shop_name):
if UsersLogic.is_manager_of_shop(username, shop_name):
manager = UsersLogic.get_manager(username, shop_name)
if manager.discount_permission is not 1: # no permission
return HttpResponse('no permission to add discount')
else:
return HttpResponse('not owner or manager in this shop'
) # not manager not owner
if kind == "visible_item":
item_id = request.POST.get('item_id')
if LoggerLogic.identify_sql_injection(item_id, event):
return HttpResponse(LoggerLogic.MESSAGE_SQL_INJECTION)
item = ItemsLogic.get_item_without_lottery(item_id)
if item is False or item.shop_name != shop_name:
return HttpResponse("item with id=" + item_id +
" doesnt exist in this shop or a ticket")
discount = VisibleDiscount(item_id, shop_name, percent, start_date,
end_date)
result = DiscountLogic.add_visible_discount(discount, username)
elif kind == "invisible_item":
item_id = request.POST.get('item_id')
code = request.POST.get('code')
suspect_sql_injection = False
suspect_sql_injection = LoggerLogic.identify_sql_injection(
item_id, event) or suspect_sql_injection
suspect_sql_injection = LoggerLogic.identify_sql_injection(
code, event) or suspect_sql_injection
if suspect_sql_injection:
return HttpResponse(LoggerLogic.MESSAGE_SQL_INJECTION)
item = ItemsLogic.get_item_without_lottery(item_id)
if item is False or item.shop_name != shop_name:
return HttpResponse("item with id=" + item_id +
" doesnt exist in this shop or a ticket")
discount = InvisibleDiscount(code, item_id, shop_name, percent,
start_date, end_date)
result = DiscountLogic.add_invisible_discount(discount, username)
elif kind == "visible_category":
category = request.POST.get('category')
if LoggerLogic.identify_sql_injection(category, event):
return HttpResponse(LoggerLogic.MESSAGE_SQL_INJECTION)
discount = VisibleDiscountCategory(category, shop_name, percent,
start_date, end_date)
result = DiscountLogic.add_visible_discount_category(
discount, username)
elif kind == "invisible_category":
category = request.POST.get('category')
code = request.POST.get('code')
suspect_sql_injection = False
suspect_sql_injection = LoggerLogic.identify_sql_injection(
category, event) or suspect_sql_injection
suspect_sql_injection = LoggerLogic.identify_sql_injection(
code, event) or suspect_sql_injection
if suspect_sql_injection:
return HttpResponse(LoggerLogic.MESSAGE_SQL_INJECTION)
discount = InvisibleDiscountCategory(code, category, shop_name,
percent, start_date, end_date)
result = DiscountLogic.add_invisible_discount_category(
discount, username)
if result:
return HttpResponse('success')
else:
return HttpResponse(
'discount already exist for this item/category!')
else:
return HttpResponse('FAIL: not post request')
def test_discounts_torture(self):
status = UsersLogic.register(RegisteredUser('YoniYoni', "SsS0897SsS"))
self.assertEqual(status, "SUCCESS")
status = UsersLogic.update_details('YoniYoni', 'AFG', 20, 'Male')
self.assertEqual(status, "SUCCESS")
status = UsersLogic.register(RegisteredUser('YoniYoni2', "SsS0897SsS"))
self.assertEqual(status, "SUCCESS")
status = UsersLogic.update_details('YoniYoni2', 'ZMB', 20, 'Male')
self.assertEqual(status, "SUCCESS")
status = UsersLogic.register(RegisteredUser('YoniYoni3', "SsS0897SsS"))
self.assertEqual(status, "SUCCESS")
status = UsersLogic.update_details('YoniYoni3', 'ISR', 100, 'Female')
self.assertEqual(status, "SUCCESS")
status = ShopLogic.create_shop(Shop('eBay', "Active"), 'YoniYoni')
self.assertEqual(status, "SUCCESS")
status = ShopLogic.create_shop(Shop('Amazon', "Active"), 'YoniYoni2')
self.assertEqual(status, "SUCCESS")
status = ShopLogic.create_shop(Shop('Carmel', "Active"), 'YoniYoni3')
self.assertEqual(status, "SUCCESS")
item1 = Item(1, 'eBay', 'carrot', 'vegas', 'good', 10, 500, 'regular',
None, 0, 0, 0)
item2 = Item(2, 'Amazon', 'apple', 'fruits', 'good', 10, 500,
'regular', None, 0, 0, 0)
item3 = Item(3, 'Carmel', 'Kipa', 'Yudaika', 'good', 10, 500,
'regular', None, 0, 0, 0)
status = ItemsLogic.add_item_to_shop(item1, 'YoniYoni')
self.assertTrue(status)
status = ItemsLogic.add_item_to_shop(item2, 'YoniYoni2')
self.assertTrue(status)
status = ItemsLogic.add_item_to_shop(item3, 'YoniYoni3')
self.assertTrue(status)
disc1 = VisibleDiscount(item1.id, item1.shop_name, 10, '2018-17-06',
'2019-21-03')
disc2 = VisibleDiscount(item2.id, item2.shop_name, 20, '2018-17-06',
'2019-22-03')
disc3 = VisibleDiscount(item3.id, item3.shop_name, 30, '2018-17-06',
'2019-23-03')
status = DiscountLogic.add_visible_discount(disc1, 'YoniYoni')
self.assertTrue(status)
status = DiscountLogic.add_visible_discount(disc2, 'YoniYoni2')
self.assertTrue(status)
status = DiscountLogic.add_visible_discount(disc3, 'YoniYoni3')
self.assertTrue(status)
disc1 = VisibleDiscountCategory(item1.category, item1.shop_name, 10,
'2018-17-06', '2019-21-03')
disc2 = VisibleDiscountCategory(item2.category, item2.shop_name, 20,
'2018-17-06', '2019-22-03')
disc3 = VisibleDiscountCategory(item3.category, item3.shop_name, 30,
'2018-17-06', '2019-23-03')
status = DiscountLogic.add_visible_discount_category(disc1, 'YoniYoni')
self.assertTrue(status)
status = DiscountLogic.add_visible_discount_category(
disc2, 'YoniYoni2')
self.assertTrue(status)
status = DiscountLogic.add_visible_discount_category(
disc3, 'YoniYoni3')
self.assertTrue(status)
access_token = hashlib.md5('YoniYoni'.encode()).hexdigest()
Consumer.loggedInUsers[access_token] = 'YoniYoni'
Consumer.loggedInUsersShoppingCart[access_token] = []
status = UserShoppingCartLogic.add_item_shopping_cart(
access_token, ShoppingCartItem('YoniYoni', 2, 10, None))
self.assertTrue(status)
status = UserShoppingCartLogic.add_item_shopping_cart(
access_token, ShoppingCartItem('YoniYoni', 3, 10, None))
self.assertTrue(status)
status = UserShoppingCartLogic.get_cart_cost(access_token)
self.assertEqual(status, 113)
status = UserShoppingCartLogic.pay_all(access_token)
self.assertTrue(StoB(status))
access_token = hashlib.md5('YoniYoni2'.encode()).hexdigest()
Consumer.loggedInUsers[access_token] = 'YoniYoni2'
Consumer.loggedInUsersShoppingCart[access_token] = []
status = UserShoppingCartLogic.add_item_shopping_cart(
access_token, ShoppingCartItem('YoniYoni2', 1, 10, None))
self.assertTrue(status)
status = UserShoppingCartLogic.add_item_shopping_cart(
access_token, ShoppingCartItem('YoniYoni2', 3, 10, None))
self.assertTrue(status)
status = UserShoppingCartLogic.get_cart_cost(access_token)
self.assertEqual(status, 130)
status = UserShoppingCartLogic.pay_all(access_token)
self.assertTrue(StoB(status))
access_token = hashlib.md5('YoniYoni3'.encode()).hexdigest()
Consumer.loggedInUsers[access_token] = 'YoniYoni3'
Consumer.loggedInUsersShoppingCart[access_token] = []
status = UserShoppingCartLogic.add_item_shopping_cart(
access_token, ShoppingCartItem('YoniYoni3', 2, 10, None))
self.assertTrue(status)
status = UserShoppingCartLogic.add_item_shopping_cart(
access_token, ShoppingCartItem('YoniYoni3', 1, 10, None))
self.assertTrue(status)
status = UserShoppingCartLogic.get_cart_cost(access_token)
self.assertEqual(status, 145)
status = UserShoppingCartLogic.pay_all(access_token)
self.assertTrue(StoB(status))