def test_verify_password_fail_at_persistence(password_authenticator):
user_id, password = fake.pystr(), fake.pystr()
error = Err(fake.pystr())
password_authenticator.authentication_persistence.get_password_hash = MagicMock(
return_value=error)
assert password_authenticator.verify_password(user_id, password) == error
password_authenticator.crypto_context.verify_and_update.assert_not_called()
password_authenticator.authentication_persistence.update_password_hash.assert_not_called(
)
def test_update_password(password_authenticator):
user_id, password = fake.pystr(), fake.pystr()
expected_hash = fake.sha256()
password_authenticator.authentication_presistence.update_password_hash = MagicMock(
return_value=Ok(None)
)
password_authenticator.crypto_context.hash = MagicMock(return_value=expected_hash)
assert password_authenticator.update_password(user_id, password).unwrap() is None
password_authenticator.crypto_context.hash.assert_called_once_with(password)
password_authenticator.authentication_presistence.update_password_hash.assert_called_once_with(
user_id, expected_hash
)
def filters_list(self):
return [
{},
{
"courseCode": fake.pystr()
},
{
"taughtBy": fake.pystr(),
"courseCode": fake.pystr(),
"enrolledIn": fake.pystr(),
},
]
def test_update_password_fail(password_authenticator):
user_id, password = fake.pystr(), fake.pystr()
expected_hash = fake.sha256()
error = Err(fake.pystr())
password_authenticator.authentication_persistence.update_password_hash = MagicMock(
return_value=error)
password_authenticator.crypto_context.hash = MagicMock(
return_value=expected_hash)
assert password_authenticator.update_password(user_id, password) == error
password_authenticator.crypto_context.hash.assert_called_once_with(
password)
password_authenticator.authentication_persistence.update_password_hash.assert_called_once_with(
user_id, expected_hash)
def test_create_meeting(meeting_api, success):
meeting = next(fake_meeting())
error = Err(fake.pystr())
def assert_called_correctly(_meeting):
assert meeting.meeting_id != _meeting.meeting_id
for attr in (
"office_hour_id",
"index",
"instructor",
"student",
"notes",
"comments",
"start_time",
):
assert getattr(meeting, attr) == getattr(_meeting, attr)
return Ok(meeting) if success else error
meeting_api.meeting_persistence.create_meeting.side_effect = assert_called_correctly
result = meeting_api.create_meeting(
meeting.instructor,
meeting.student,
meeting.office_hour_id,
meeting.index,
meeting.start_time,
)
if success:
assert result.unwrap() == meeting
else:
assert result == error
meeting_api.meeting_persistence.create_meeting.assert_called_once()
def test_check_meeting_user_not_found(meeting_api, user):
id_ = uuid4()
meeting_api.meeting_persistence.get_meeting.return_value = NONE
error = fake.pystr()
assert ("does not exist"
in meeting_api._check_meeting_user(id_, user, error).unwrap_err())
meeting_api.meeting_persistence.get_meeting.assert_called_once_with(id_)
def test_get_meetings_of_student(meeting_api):
student_number = fake.pystr()
expected = [meeting for meeting, _ in zip(fake_meeting(), range(10))]
meeting_api.meeting_persistence.get_meetings_of_student.return_value = expected
assert meeting_api.get_meetings_of_student(student_number) == expected
meeting_api.meeting_persistence.get_meetings_of_student.assert_called_once_with(
student_number)
def test_get_meetings_of_instructor(meeting_api):
user_name = fake.pystr()
expected = [meeting for meeting, _ in zip(fake_meeting(), range(10))]
meeting_api.meeting_persistence.get_meetings_of_instructor.return_value = expected
assert meeting_api.get_meetings_of_instructor(user_name) == expected
meeting_api.meeting_persistence.get_meetings_of_instructor.assert_called_once_with(
user_name)
def test_fail(self, mock_course_presistence):
course_api = CourseApi(mock_course_presistence)
course = fake_course()
err = Err(fake.pystr())
mock_course_presistence.create_course = MagicMock(return_value=err)
assert course_api.create_course(course.course_code) == err
mock_course_presistence.create_course.assert_called_once_with(course)
def test_generate(jwt_authenticator):
user_id = fake.pystr()
assert jwt.decode(
jwt_authenticator.generate_token(user_id),
SECRET,
algorithms=[jwt_authenticator.algorithm],
) == {"id": user_id}
def test_create_note(schema, success):
note = next(fake_note())
error = Err(fake.pystr())
context = MagicMock()
context.api.meeting_api.create_note.return_value = Ok(
note) if success else error
query = """
mutation createNote($meetingId: UUID!, $contentText: String!) {
createNote(meetingId: $meetingId, contentText: $contentText) {
noteId
meetingId
timeStamp
contentText
}
}
"""
variables = {
"meetingId": str(note.meeting_id),
"contentText": note.content_text
}
result = schema.execute(query, context=context, variables=variables)
if success:
assert not result.errors
for attr, val in result.data["createNote"].items():
expected = getattr(note, to_snake_case(attr))
if isinstance(expected, UUID):
expected = str(expected)
assert expected == val
else:
assert error.unwrap_err() in str(result.errors)
context.api.meeting_api.create_note.assert_called_once_with(
note.meeting_id, context.user, note.content_text)
def test_delete_note(schema, success):
context = MagicMock()
note_id = uuid4()
error = Err(fake.pystr())
context.user = fake_instructor()
context.api.meeting_api.delete_note.return_value = Ok(
note_id) if success else error
query = """
mutation deleteNote($noteId: UUID!) {
deleteNote(noteId: $noteId) {
noteId
}
}
"""
result = schema.execute(query,
context=context,
variables={"noteId": str(note_id)})
if success:
assert not result.errors
assert result.data["deleteNote"] == {"noteId": str(note_id)}
else:
assert error.unwrap_err() in str(result.errors)
context.api.meeting_api.delete_note.assert_called_once_with(
note_id, context.user)
def test_verify_password_success(password_authenticator):
user_id, password = fake.pystr(), fake.pystr()
expected_hash = fake.sha256()
password_authenticator.authentication_persistence.get_password_hash = MagicMock(
return_value=Ok(expected_hash))
password_authenticator.authentication_persistence.update_password_hash = MagicMock(
)
password_authenticator.crypto_context.verify_and_update = MagicMock(
return_value=(True, None))
assert password_authenticator.verify_password(user_id,
password).unwrap() is None
password_authenticator.authentication_persistence.get_password_hash.assert_called_once_with(
user_id)
password_authenticator.authentication_persistence.update_password_hash.assert_not_called(
)
password_authenticator.crypto_context.verify_and_update.assert_called_once_with(
password, expected_hash)
def fake_note() -> Iterator[Note]:
while True:
yield Note(
note_id=uuid4(),
meeting_id=uuid4(),
time_stamp=int(time.time()),
content_text=fake.pystr(),
)
def fake_section(course=None, year=None, semester=None) -> Section:
course = course or fake_course()
year = year or int(fake.year())
semester = semester or choice(list(Semester))
section_code = fake.pystr()
instructor = fake_instructor()
num_students = fake.pyint()
return Section(course, year, semester, section_code, instructor, num_students)
def test_check_meeting_user_not_permitted(meeting_api, user):
meeting = next(fake_meeting())
meeting_api.meeting_persistence.get_meeting.return_value = Some(meeting)
error = fake.pystr()
assert (meeting_api._check_meeting_user(meeting.meeting_id, user,
error).unwrap_err() == error)
meeting_api.meeting_persistence.get_meeting.assert_called_once_with(
meeting.meeting_id)
def test_get_instructor(instructor_api, expected_instructor):
instructor_api.instructor_persistence.get_instructor = MagicMock(
return_value=maybe(expected_instructor))
user_name = expected_instructor.user_name if expected_instructor else fake.pystr(
)
assert instructor_api.get_instructor(user_name) == maybe(
expected_instructor)
instructor_api.instructor_persistence.get_instructor.called_once_with(
user_name)
def test_delete_meeting_fail_user_check(meeting_api, user):
meeting = next(fake_meeting())
error = Err(fake.pystr())
meeting_api._check_meeting_user = MagicMock(return_value=error)
assert meeting_api.delete_meeting(meeting.meeting_id, user) == error
meeting_api.meeting_persistence.delete_meeting.assert_not_called()
meeting_api._check_meeting_user.assert_called_once_with(
meeting.meeting_id, user,
"Cannot delete meeting that you are not a part of")
def test_verify_bad_token(jwt_authenticator):
user_id = fake.pystr()
token = (
jwt.encode(
{"id": user_id}, SECRET, algorithm=jwt_authenticator.algorithm
).decode("utf8")
+ "f"
)
assert jwt_authenticator.verify_token(token).is_err
def fake_comment(author=None) -> Iterator[Comment]:
while True:
_author = author or fake_instructor()
yield Comment(
comment_id=uuid4(),
meeting_id=uuid4(),
author=_author,
time_stamp=int(time.time()),
content_text=fake.pystr(),
)
def test_verify_password_fail_wrong_password(password_authenticator, new_hash):
user_id, password = fake.pystr(), fake.pystr()
expected_hash = fake.sha256()
password_authenticator.authentication_persistence.get_password_hash = MagicMock(
return_value=Ok(expected_hash))
password_authenticator.crypto_context.verify_and_update = MagicMock(
return_value=(False, new_hash))
assert (password_authenticator.verify_password(
user_id, password).unwrap_err() == f"Incorrect password "
f"for user: {user_id}")
password_authenticator.authentication_persistence.get_password_hash.assert_called_once_with(
user_id)
password_authenticator.authentication_persistence.update_password_hash.assert_not_called(
)
password_authenticator.crypto_context.verify_and_update.assert_called_once_with(
password, expected_hash)
def test_get_token(instructor_api, success):
error = Err(fake.pystr())
password = fake.pystr()
token = fake.sha256()
user_name = fake.pystr()
instructor_api.password_authenticator.verify_password.return_value = (
Ok(None) if success else error)
instructor_api.jwt_authenticator.generate_token.return_value = token
result = instructor_api.get_token(user_name, password)
if success:
assert result == Ok(token)
instructor_api.jwt_authenticator.generate_token.assert_called_once_with(
user_name)
else:
assert result == error
instructor_api.jwt_authenticator.generate_token.assert_not_called()
instructor_api.password_authenticator.verify_password.assert_called_once_with(
user_name, password)
def test_delete_comment(meeting_api, success):
id_ = uuid4()
error = Err(fake.pystr())
meeting_api.meeting_persistence.delete_comment.return_value = (
Ok(id_) if success else error)
result = meeting_api.delete_comment(id_)
if success:
assert result.unwrap() == id_
else:
assert result == error
meeting_api.meeting_persistence.delete_comment.assert_called_once_with(id_)
def test_create_course_fail(schema, mock_context, create_course_query):
context, course_api, instructor_api = mock_context
course = fake_course()
error = fake.pystr()
course_api.create_course = MagicMock(return_value=Err(error))
result = schema.execute(
create_course_query,
variables={"courseCode": course.course_code},
context=context,
)
assert error in str(result.errors[0])
course_api.create_course.assert_called_once_with(course.course_code)
def test_fail(self, mock_course_presistence):
course_api = CourseApi(mock_course_presistence)
section = fake_section()
err = Err(fake.pystr())
mock_course_presistence.create_section = MagicMock(return_value=err)
assert (course_api.create_section(
section.course,
section.year,
section.semester,
section.section_code,
section.taught_by,
section.num_students,
) == err)
mock_course_presistence.create_section.assert_called_once_with(section)
def test_create_instructor(instructor_api, success):
instructor = fake_instructor()
password = fake.pystr()
password_hash = fake.sha256()
error = Err(fake.pystr())
instructor_api.password_authenticator.crypto_context.hash = MagicMock(
return_value=password_hash)
instructor_api.instructor_persistence.create_instructor.return_value = (
Ok(instructor) if success else error)
result = instructor_api.create_instructor(instructor.first_name,
instructor.last_name,
instructor.user_name, password)
if success:
assert result == Ok(instructor)
else:
assert result == error
instructor_api.password_authenticator.crypto_context.hash.assert_called_once_with(
password)
instructor_api.instructor_persistence.create_instructor.assert_called_once_with(
instructor, password_hash)
def test_post_auth_fail(self):
request = MagicMock(Request)
request.method = "POST"
request.json = {"query": "bar"}
error = fake.pystr()
mock_gql_controller.execute = MagicMock()
_old_create_secure_context = app.create_secure_context
app.create_secure_context = MagicMock(return_value=Err(error))
result = app.execute_gql(request)
assert result.unwrap_err().code == 401
assert result.unwrap_err().to_dict() == {"errors": [error]}
mock_gql_controller.execute.assert_not_called()
app.create_secure_context = _old_create_secure_context
def test_create_comment(schema, author, success):
context = MagicMock()
comment = next(fake_comment())
error = Err(fake.pystr())
query = """
mutation createComment($meetingId: UUID!, $contentText: String!) {
createComment(meetingId: $meetingId, contentText: $contentText) {
commentId
meetingId
author {
... on Instructor {
userName
}
... on Student {
studentNumber
}
}
timeStamp
contentText
}
}
"""
context.api.meeting_api.create_comment.return_value = (Ok(comment) if
success else error)
variables = {
"meetingId": str(comment.meeting_id),
"contentText": comment.content_text,
}
result = schema.execute(query, context=context, variables=variables)
if success:
assert not result.errors
for key, val in result.data["createComment"].items():
if key == "author":
if isinstance(comment.author, Instructor):
assert val["userName"] == comment.author.user_name
else:
assert val[
"studentNumber"] == comment.author.student_number
else:
expected = getattr(comment, to_snake_case(key))
if isinstance(expected, UUID):
expected = str(expected)
assert expected == val
else:
assert result.errors
assert error.unwrap_err() in str(result.errors)
context.api.meeting_api.create_comment.assert_called_once_with(
comment.meeting_id, context.user, comment.content_text)
def test_delete_note(meeting_api, success):
note = next(fake_note())
meeting = next(fake_meeting())
error = Err(fake.pystr())
meeting_api.meeting_persistence.get_note.return_value = Some(note)
meeting_api.meeting_persistence.get_meeting.return_value = Some(meeting)
meeting_api.meeting_persistence.delete_note.return_value = (Ok(
note.note_id) if success else error)
result = meeting_api.delete_note(note.note_id, meeting.instructor)
if success:
assert result.unwrap() == note.note_id
else:
assert result == error
meeting_api.meeting_persistence.get_note.assert_called_once_with(
note.note_id)
meeting_api.meeting_persistence.get_meeting.assert_called_once_with(
note.meeting_id)
def test_delete_meeting(meeting_api, success, user_type):
meeting = next(fake_meeting())
error = Err(fake.pystr())
meeting_api.meeting_persistence.delete_meeting.return_value = (Ok(
meeting.meeting_id) if success else error)
meeting_api._check_meeting_user = MagicMock(return_value=Ok(None))
user = meeting.instructor if user_type == "instructor" else meeting.student
result = meeting_api.delete_meeting(meeting.meeting_id, user)
if success:
assert result.unwrap() == meeting.meeting_id
else:
assert result == error
meeting_api._check_meeting_user.assert_called_once_with(
meeting.meeting_id, user,
"Cannot delete meeting that you are not a part of")
meeting_api.meeting_persistence.delete_meeting.assert_called_once_with(
meeting.meeting_id)