def test_SQLinjection():
#Can we trust the session to check?
POST('/classes?className=test_class')
POST('/groups?name=test_group&className=test_class&channel=test_channel')
maliciousQuery = "test_group; DELETE FROM GROUPS WHERE name=test_group;"
response = GET('/group/health/' + maliciousQuery)
response = GET('/groups')
assert len(response.json()) == 1
def test_get_good_UID_in_group():
POST('/classes?className=test_class')
POST('/groups?name=test_group&className=test_class&channel=test_channel')
POST(
'/students?firstName=test_first_name&lastName=test_last_name&directoryId=test_directoryId&uid=0'
)
POST('/student/uid/0/group/test_group')
response = GET('/student/uid/0')
assert response.status_code == 200
def test_post_deleted_student():
POST('/classes?className=test_class')
POST('/groups?name=test_group&className=test_class&channel=test_channel')
POST(
'/students?firstName=test_firstName&lastName=test_lastName&directoryId=test_directory_id&uid=0'
)
DELETE('/student/directoryId/test_directory_id')
response = POST('/group/test_group/student/directoryId/test_directory_id')
assert response.status_code == 404
def test_put_bad_table():
POST('/classes?className=test_class')
POST(
'/students?firstName=test_firstName&lastName=test_lastName&directoryId=test_directory_id&uid=0'
)
POST('/groups?name=test_group&className=test_class&channel=test_channel')
POST('/student/uid/0/group/test_group')
response = PUT(
'/not_a_table/student/directoryId/test_directory_id/class/test_class')
assert response.status_code == 404
def test_student_in_one_group():
POST('/students?firstName=testFirst&lastName=testLast&directoryId=testId&uid=0')
POST('/classes?className=testClass')
POST('/groups?name=testGroup&className=testClass&channel=testChannel')
POST('/student/uid/0/group/testGroup')
resp = GET('/groups/student/directoryId/testId')
assert resp.status_code == 200
assert resp.json()[0]['name'] == 'testGroup'
assert len(resp.json()) == 1
def test_get_empty():
POST('/classes?className=test_class')
POST(
'/students?firstName=test_firstName&lastName=test_lastName&directoryId=test_directory_id&uid=0'
)
POST('/groups?name=test_group&className=test_class&channel=test_channel')
POST('/student/uid/0/group/test_group')
response = GET(
'/elmsData/student/directoryId/test_directory_id/class/test_class')
assert response.status_code == 200
assert response.json() is not None and response.json()['result'] == ""
def test_duplicate_name():
POST('/students?firstName=testFirst&lastName=testLast&directoryId=testId&uid=0')
resp = POST('/students?firstName=testFirst&lastName=testLast&directoryId=testId1&uid=1')
assert resp.status_code == 200
students = GET('/students').json()
assert len(students) == 2
assert students[0]['firstName'] == students[1]['firstName']
assert students[0]['lastName'] == students[1]['lastName']
DELETE('/student/uid/0')
DELETE('/student/uid/1')
def test_put_invalid_health_arg():
DELETE('/clear')
POST('/classes?className=testClass')
POST('/groups?name=testGroup&className=testClass&channel=testChannel')
resp = PUT('/group/health/testGroup?groupHealth=0')
assert resp.status_code == 400
resp = PUT('/group/health/testGroup?groupHealth=4')
assert resp.status_code == 400
resp = PUT('/group/health/testGroup?groupHealth=-10')
assert resp.status_code == 400
def test_post_basic():
DELETE('/clear')
POST('/students?firstName=test_first_name&lastName=test_name&directoryId=test_directoryId&uid=0')
DELETE('/student/directoryId/test_directoryId')
response = GET('/student/directoryId/test_directoryId')
assert response.status_code == 404
response = POST('/student/directoryId/test_directoryId?uid=0')
assert response.status_code == 200
response = GET('/student/directoryId/test_directoryId')
assert response.status_code == 200
def test_simple_post_delete():
response = POST('/students?firstName=testFirst&lastName=testLast&directoryId=testId&uid=0')
assert response.status_code == 200
students = response.json()
assert students['firstName'] == 'testFirst'
assert students['lastName'] == 'testLast'
assert students['directoryId'] == 'testId'
assert students['uid'] == 0
DELETE('/student/uid/0')
test_get_empty()
def test_put_get_basic():
# POST('/classes?className=test_class')
# POST('/students?firstName=test_firstName&lastName=test_lastName&directoryId=test_directory_id&uid=0')
# POST('/groups?name=test_group&className=test_class&channel=test_channel')
# POST('/student/uid/0/group/test_group')
response = POST('/elmsData/student/uid/0/class/test_class?filePath=Users/stschoberg/Desktop/435/questmetrics/QUESTmetrics/tests/files/elms_data.csv')
assert response.status_code == 204
response = GET('/elmsData/student/uid/0/class/test_class')
assert response.status_code == 200
assert response.json() is not None
assert response.json()['result'] == true_file
def test_data_propagate():
POST('/classes?className=test_class')
POST('/groups?name=test_group&className=test_class&channel=test_channel')
POST('/students?firstName=test_firstName&lastName=test_lastName&directoryId=test_directory_id&uid=0')
POST('/student/directoryId/test_directory_id/group/test_group')
#ELMS Data was inserted
assert GET('/elmsData/student/uid/0/class/test_class').status_code == 200
DELETE('/student/directoryId/test_directory_id')
#ELMS Data was deleted
assert GET('/elmsData/student/uid/0/class/test_class').status_code == 404
def test_post_delete_basic():
POST('/classes?className=test_class')
POST('/groups?name=test_group&className=test_class&channel=test_channel')
response = GET('/groups')
assert response.status_code == 200
groups = response.json()
assert groups[0]["name"] == "test_group"
assert len(groups) == 1
response = DELETE('/groups?name=test_group')
assert response.status_code == 204
response = GET('/groups')
assert len(response.json()) == 0
def test_get_good_directoryId():
DELETE('/clear')
POST('/students?firstName=test_firstName&lastName=test_lastName&directoryId=test_directory_id&uid=0')
response = GET('/student/directoryId/test_directory_id')
print(response.text)
assert response.status_code == 200
def test_post_missing_args():
response = POST('/groups')
assert response.status_code == 400
res = GET('/groups')
assert res.status_code == 200
assert res.json() == []
def test_get_bad_UID_letters():
POST(
'/students?firstName=test_first_name&lastName=test_last_name&directoryId=test_directoryId&uid=0'
)
response = GET('/student/uid/a')
assert response.status_code == 400
def test_get_after_delete():
DELETE('/clear')
POST('/students?firstName=test_firstName&lastName=test_lastName&directoryId=test_directory_id&uid=0')
DELETE('/student/uid/0')
response = GET('/student/directoryId/test_directory_id')
assert response.status_code == 404
def test_delete_bad_UID():
POST(
'/students?firstName=test_first_name&lastName=test_last_name&directoryId=test_directoryId&uid=0'
)
response = DELETE('/student/uid/1')
assert response.status_code == 404
def test_get_good_UID():
POST(
'/students?firstName=test_first_name&lastName=test_last_name&directoryId=test_directoryId&uid=0'
)
response = GET('/student/uid/0')
assert response.status_code == 200
def test_single_add():
POST('/classes?className=testClass')
POST('/groups?name=testGroup&className=testClass&channel=testChannel')
POST(
'/students?firstName=testFirst&lastName=testLast&directoryId=testId&uid=0'
)
POST('/student/directoryId/testId/group/testGroup')
resp = GET('/students/group/testGroup')
assert resp.status_code == 200
students = resp.json()
assert len(students) == 1
assert students[0]['firstName'] == 'testFirst'
assert students[0]['lastName'] == 'testLast'
assert students[0]['directoryId'] == 'testId'
assert students[0]['uid'] == 0
def test_missing_uid_args():
resp = POST('/students?firstName=testFirst&lastName=testLast&directoryId=testId')
assert resp.status_code == 200
students = GET('/students').json()
assert len(students) == 1
assert students[0]['uid'] == None
DELETE('/student/directoryId=testId')
def test_post_duplicate():
POST('/classes?className=test_class')
POST('/groups?name=test_group&className=test_class&channel=test_channel')
POST(
'/students?firstName=test_firstName&lastName=test_lastName&directoryId=test_directory_id&uid=0'
)
response = POST('/student/directoryId/test_directory_id/group/test_group')
assert response.status_code == 200
response = POST('/student/directoryId/test_directory_id/group/test_group')
assert response.status_code == 400
response = GET('/students/group/test_group')
assert len(response.json()) == 1
def test_double_delete_directoryId():
DELETE('/clear')
POST('/students?firstName=test_first_name&lastName=test_last_name&directoryId=test_directoryId&uid=0')
response = DELETE('/student/directoryId/test_directoryId')
assert response.status_code == 204
response = GET('/student/directoryId/test_directoryId')
assert response.status_code == 404
response = DELETE('/student/directoryId/test_directoryId')
assert response.status_code == 404
def test_post_delete():
#NOTE: the format to make a query and how I call the item test_class. Every test class added and removed should be called that.
POST('/classes?className=test_class')
response = GET('/classes')
assert response.status_code == 200
classList = response.json()
assert classList[0]["className"] == "test_class"
DELETE('/classes?className=test_class')
response = GET('/classes')
assert response.json() == []
def test_put_bad_file():
POST('/classes?className=test_class')
POST('/students?firstName=test_firstName&lastName=test_lastName&directoryId=test_directory_id&uid=0')
POST('/groups?name=test_group&className=test_class&channel=test_channel')
POST('/student/uid/0/group/test_group')
#No file
response = PUT('/elmsData/student/uid/0/class/test_class')
assert response.status_code == 400
response = GET('/elmsData/student/uid/0/class/test_class')
assert response.status_code == 200
assert response.json() is not None and response.json()['result'] == ""
#Misnamed file
response = response = PUT('/elmsData/student/uid/0/class/test_class',
file='files/messages.csv', attachment_name='bad_name')
assert response.status_code == 400
response = GET('/elmsData/student/uid/0/class/test_class')
assert response.status_code == 200
assert response.json() is not None and response.json()['result'] == ""
def test_put_bad_file():
#Create class
POST('/classes?className=test_class')
#Create group in this class
POST('/groups?name=test_group&className=test_class&channel=test_channel')
#No file
response = PUT('/slackData/group/test_group')
assert response.status_code == 400
response = GET('/slackData/group/test_group')
assert response.status_code == 200
assert response.json() is not None and response.json()['result'] == ""
#Misnamed file
response = response = PUT('/slackData/group/test_group',
file='files/messages.csv',
attachment_name='bad_name')
assert response.status_code == 400
response = GET('/slackData/group/test_group')
assert response.status_code == 200
assert response.json() is not None and response.json()['result'] == ""
def test_put_get_basic():
POST('/classes?className=test_class')
POST(
'/students?firstName=test_firstName&lastName=test_lastName&directoryId=test_directory_id&uid=0'
)
POST('/groups?name=test_group&className=test_class&channel=test_channel')
POST('/student/uid/0/group/test_group')
p = 'files/messages.csv'
response = PUT(
'/elmsData/student/directoryId/test_directory_id/class/test_class',
file=p,
attachment_name='file')
assert response.status_code == 204
response = GET(
'/elmsData/student/directoryId/test_directory_id/class/test_class')
assert response.status_code == 200
true_file = open(p, 'rb').read().decode('utf-8')
assert response.json() is not None
assert response.json()['result'] == true_file
def test_post_duplicate():
POST('/classes?className=test_class')
POST('/groups?name=test_group&className=test_class&channel=test_channel')
response = POST('/groups?name=test_group&className=test_class&channel=test_channel')
assert response.status_code == 400
response = GET('/groups')
groupList = response.json()
assert len(groupList) == 1
def test_many_post():
for i in range(5):
response = POST('/students?firstName=testFirst{}&lastName=testLast{}&directoryId=testId{}&uid={}'.format(i, i, i, i))
assert response.status_code == 200
students = GET('/students').json()
assert len(students) == 5
for i in range(5):
assert students[i]['firstName'] == 'testFirst' + str(i)
assert students[i]['lastName'] == 'testLast' + str(i)
assert students[i]['directoryId'] == 'testId' + str(i)
assert students[i]['uid'] == i
resp = DELETE('/student/uid/{}'.format(i))
def test_post_delete_basic():
DELETE('/clear')
POST('/classes?className=test_class')
POST('/groups?name=test_group&className=test_class&channel=test_channel')
POST(
'/students?firstName=test_firstName&lastName=test_lastName&directoryId=test_directory_id&uid=0'
)
response = POST('/student/uid/0/group/test_group')
assert response.status_code == 200
group = response.json()
response = GET('/students/group/test_group')
assert response.status_code == 200
response = DELETE('/student/uid/0/group/test_group')
assert response.status_code == 204
