class LTIConsumersAPITests(ComPAIRAPITestCase): def setUp(self): super(LTIConsumersAPITests, self).setUp() self.data = BasicTestData() self.lti_data = LTITestData() def _build_consumer_url(self, consumer_uuid=None): return '/api/lti/consumers' + ('/' + consumer_uuid if consumer_uuid else '') def test_create_lti_consumer(self): url = self._build_consumer_url() consumer_expected = { 'oauth_consumer_key': 'new_consumer_key', 'oauth_consumer_secret': 'new_consumer_secret', 'global_unique_identifier_param': 'new_global_unique_identifier_param', 'student_number_param': 'new_student_number_param' } # Test login required rv = self.client.post(url, data=json.dumps(consumer_expected), content_type='application/json') self.assert401(rv) # Test unauthorized access with self.login(self.data.get_authorized_instructor().username): rv = self.client.post(url, data=json.dumps(consumer_expected), content_type='application/json') self.assert403(rv) with self.login(self.data.get_authorized_ta().username): rv = self.client.post(url, data=json.dumps(consumer_expected), content_type='application/json') self.assert403(rv) with self.login(self.data.get_authorized_student().username): rv = self.client.post(url, data=json.dumps(consumer_expected), content_type='application/json') self.assert403(rv) # Test authorized access with self.login('root'): rv = self.client.post(url, data=json.dumps(consumer_expected), content_type='application/json') self.assert200(rv) self.assertEqual(consumer_expected['oauth_consumer_key'], rv.json['oauth_consumer_key']) self.assertEqual(consumer_expected['oauth_consumer_secret'], rv.json['oauth_consumer_secret']) self.assertEqual( consumer_expected['global_unique_identifier_param'], rv.json['global_unique_identifier_param']) self.assertEqual(consumer_expected['student_number_param'], rv.json['student_number_param']) self.assertTrue(rv.json['active']) # test unique oauth_consumer_key by submitting again rv = self.client.post(url, data=json.dumps(consumer_expected), content_type='application/json') self.assertStatus(rv, 409) self.assertEqual(rv.json['title'], "Consumer Not Saved") self.assertEqual( rv.json['message'], "An LTI consumer with the same consumer key already exists. Please double-check the consumer key and try saving again." ) def test_list_lti_consumers(self): url = self._build_consumer_url() # Test login required rv = self.client.get(url) self.assert401(rv) # Test unauthorized access with self.login(self.data.get_authorized_instructor().username): rv = self.client.get(url) self.assert403(rv) with self.login(self.data.get_authorized_ta().username): rv = self.client.get(url) self.assert403(rv) with self.login(self.data.get_authorized_student().username): rv = self.client.get(url) self.assert403(rv) # Test authorized access with self.login('root'): lti_consumers = self.lti_data.lti_consumers rv = self.client.get(url) self.assert200(rv) self.assertEqual(len(rv.json['objects']), 1) self.assertEqual(rv.json['total'], 1) for index, lti_consumer in enumerate(lti_consumers): self.assertEqual( lti_consumer.oauth_consumer_key, rv.json['objects'][index]['oauth_consumer_key']) self.assertEqual( lti_consumer.global_unique_identifier_param, rv.json['objects'][index] ['global_unique_identifier_param']) self.assertEqual( lti_consumer.student_number_param, rv.json['objects'][index]['student_number_param']) self.assertEqual(lti_consumer.active, rv.json['objects'][index]['active']) self.assertNotIn('oauth_consumer_secret', rv.json['objects'][index]) # test paging for i in range(1, 30): # add 29 more consumers if i % 2 == 0: self.lti_data.create_consumer( oauth_consumer_key='lti_consumer_key_' + str(i)) else: self.lti_data.create_consumer( oauth_consumer_key='lti_consumer_key_' + str(i), global_unique_identifier_param= 'global_unique_identifier_param_' + str(i)) lti_consumers = self.lti_data.lti_consumers rv = self.client.get(url) self.assert200(rv) self.assertEqual(len(rv.json['objects']), 20) self.assertEqual(rv.json['total'], 30) for index, lti_consumer in enumerate(lti_consumers[:20]): self.assertEqual( lti_consumer.oauth_consumer_key, rv.json['objects'][index]['oauth_consumer_key']) self.assertEqual( lti_consumer.global_unique_identifier_param, rv.json['objects'][index] ['global_unique_identifier_param']) self.assertEqual( lti_consumer.student_number_param, rv.json['objects'][index]['student_number_param']) self.assertEqual(lti_consumer.active, rv.json['objects'][index]['active']) self.assertNotIn('oauth_consumer_secret', rv.json['objects'][index]) rv = self.client.get(url + "?page=2") self.assert200(rv) self.assertEqual(len(rv.json['objects']), 10) self.assertEqual(rv.json['total'], 30) for index, lti_consumer in enumerate(lti_consumers[20:]): self.assertEqual( lti_consumer.oauth_consumer_key, rv.json['objects'][index]['oauth_consumer_key']) self.assertEqual( lti_consumer.global_unique_identifier_param, rv.json['objects'][index] ['global_unique_identifier_param']) self.assertEqual( lti_consumer.student_number_param, rv.json['objects'][index]['student_number_param']) self.assertEqual(lti_consumer.active, rv.json['objects'][index]['active']) self.assertNotIn('oauth_consumer_secret', rv.json['objects'][index]) # test order by rv = self.client.get(url + "?orderBy=oauth_consumer_key") self.assert200(rv) self.assertEqual(len(rv.json['objects']), 20) self.assertEqual(rv.json['total'], 30) sorted_lti_consumers = sorted( [consumer for consumer in lti_consumers], key=lambda consumer: consumer.oauth_consumer_key)[:20] for index, lti_consumer in enumerate(sorted_lti_consumers): self.assertEqual( lti_consumer.oauth_consumer_key, rv.json['objects'][index]['oauth_consumer_key']) self.assertEqual( lti_consumer.global_unique_identifier_param, rv.json['objects'][index] ['global_unique_identifier_param']) self.assertEqual( lti_consumer.student_number_param, rv.json['objects'][index]['student_number_param']) self.assertEqual(lti_consumer.active, rv.json['objects'][index]['active']) self.assertNotIn('oauth_consumer_secret', rv.json['objects'][index]) rv = self.client.get(url + "?orderBy=oauth_consumer_key&reverse=true") self.assert200(rv) self.assertEqual(len(rv.json['objects']), 20) self.assertEqual(rv.json['total'], 30) sorted_lti_consumers = sorted( [consumer for consumer in lti_consumers], key=lambda consumer: consumer.oauth_consumer_key, reverse=True)[:20] for index, lti_consumer in enumerate(sorted_lti_consumers): self.assertEqual( lti_consumer.oauth_consumer_key, rv.json['objects'][index]['oauth_consumer_key']) self.assertEqual( lti_consumer.global_unique_identifier_param, rv.json['objects'][index] ['global_unique_identifier_param']) self.assertEqual( lti_consumer.student_number_param, rv.json['objects'][index]['student_number_param']) self.assertEqual(lti_consumer.active, rv.json['objects'][index]['active']) self.assertNotIn('oauth_consumer_secret', rv.json['objects'][index]) def test_get_lti_consumer(self): lti_consumer = self.lti_data.lti_consumer url = self._build_consumer_url(lti_consumer.uuid) # Test login required rv = self.client.get(url) self.assert401(rv) # Test unauthorized access with self.login(self.data.get_authorized_instructor().username): rv = self.client.get(url) self.assert403(rv) with self.login(self.data.get_authorized_ta().username): rv = self.client.get(url) self.assert403(rv) with self.login(self.data.get_authorized_student().username): rv = self.client.get(url) self.assert403(rv) # Test authorized access with self.login('root'): # invalid id rv = self.client.get(self._build_consumer_url("999")) self.assert404(rv) # valid url rv = self.client.get(url) self.assert200(rv) self.assertEqual(lti_consumer.oauth_consumer_key, rv.json['oauth_consumer_key']) self.assertEqual(lti_consumer.oauth_consumer_secret, rv.json['oauth_consumer_secret']) self.assertEqual(lti_consumer.global_unique_identifier_param, rv.json['global_unique_identifier_param']) self.assertEqual(lti_consumer.student_number_param, rv.json['student_number_param']) self.assertTrue(lti_consumer.active, rv.json['active']) def test_edit_lti_consumer(self): lti_consumer = self.lti_data.lti_consumer url = self._build_consumer_url(lti_consumer.uuid) consumer_expected = { 'id': lti_consumer.uuid, 'oauth_consumer_key': 'edit_consumer_key', 'oauth_consumer_secret': 'edit_consumer_secret', 'global_unique_identifier_param': 'edit_consumer_global_unique_identifier_param', 'student_number_param': 'edit_student_number_param', 'active': False } # Test login required rv = self.client.post(url, data=json.dumps(consumer_expected), content_type='application/json') self.assert401(rv) # Test unauthorized access with self.login(self.data.get_authorized_instructor().username): rv = self.client.post(url, data=json.dumps(consumer_expected), content_type='application/json') self.assert403(rv) with self.login(self.data.get_authorized_ta().username): rv = self.client.post(url, data=json.dumps(consumer_expected), content_type='application/json') self.assert403(rv) with self.login(self.data.get_authorized_student().username): rv = self.client.post(url, data=json.dumps(consumer_expected), content_type='application/json') self.assert403(rv) # Test authorized access with self.login('root'): # invalid id rv = self.client.post(self._build_consumer_url("999"), data=json.dumps(consumer_expected), content_type='application/json') self.assert404(rv) # invalid id invalid_expected = consumer_expected.copy() invalid_expected['id'] = "999" rv = self.client.post(url, data=json.dumps(invalid_expected), content_type='application/json') self.assert400(rv) # valid url rv = self.client.post(url, data=json.dumps(consumer_expected), content_type='application/json') self.assert200(rv) self.assertEqual(consumer_expected['oauth_consumer_key'], rv.json['oauth_consumer_key']) self.assertEqual(consumer_expected['oauth_consumer_secret'], rv.json['oauth_consumer_secret']) self.assertEqual( consumer_expected['global_unique_identifier_param'], rv.json['global_unique_identifier_param']) self.assertEqual(consumer_expected['student_number_param'], rv.json['student_number_param']) self.assertEqual(consumer_expected['active'], rv.json['active']) # valid url (empty global_unique_identifier_param) consumer_expected_no_override = consumer_expected.copy() consumer_expected_no_override[ 'global_unique_identifier_param'] = "" rv = self.client.post( url, data=json.dumps(consumer_expected_no_override), content_type='application/json') self.assert200(rv) self.assertEqual(consumer_expected['oauth_consumer_key'], rv.json['oauth_consumer_key']) self.assertEqual(consumer_expected['oauth_consumer_secret'], rv.json['oauth_consumer_secret']) self.assertIsNone(rv.json['global_unique_identifier_param']) self.assertEqual(consumer_expected['student_number_param'], rv.json['student_number_param']) self.assertEqual(consumer_expected['active'], rv.json['active']) # valid url (empty student_number_param) consumer_expected_no_override = consumer_expected.copy() consumer_expected_no_override['student_number_param'] = "" rv = self.client.post( url, data=json.dumps(consumer_expected_no_override), content_type='application/json') self.assert200(rv) self.assertEqual(consumer_expected['oauth_consumer_key'], rv.json['oauth_consumer_key']) self.assertEqual(consumer_expected['oauth_consumer_secret'], rv.json['oauth_consumer_secret']) self.assertEqual( consumer_expected['global_unique_identifier_param'], rv.json['global_unique_identifier_param']) self.assertIsNone(rv.json['student_number_param']) self.assertEqual(consumer_expected['active'], rv.json['active']) # test edit duplicate consumer key lti_consumer2 = self.lti_data.create_consumer() url = self._build_consumer_url(lti_consumer2.uuid) consumer2_expected = consumer_expected.copy() consumer2_expected['id'] = lti_consumer2.uuid rv = self.client.post(url, data=json.dumps(consumer2_expected), content_type='application/json') self.assertStatus(rv, 409) self.assertEqual(rv.json['title'], "Consumer Not Saved") self.assertEqual( rv.json['message'], "An LTI consumer with the same consumer key already exists. Please double-check the consumer key and try saving again." )