def test_handling_of_fake_review_step_key(self):
        """Test that bad keys result in the appropriate responses."""

        email = '*****@*****.**'
        name = 'Student 1'
        submission = transforms.dumps([
            {'index': 0, 'type': 'regex', 'value': 'S1-1', 'correct': True},
            {'index': 1, 'type': 'choices', 'value': 3, 'correct': False},
            {'index': 2, 'type': 'regex', 'value': 'is-S1', 'correct': True},
        ])
        payload = {
            'answers': submission, 'assessment_type': LEGACY_REVIEW_UNIT_ID}

        actions.login(email)
        actions.register(self, name)
        actions.submit_assessment(self, LEGACY_REVIEW_UNIT_ID, payload)

        actions.view_review(
            self, LEGACY_REVIEW_UNIT_ID, 'Fake key',
            expected_status_code=404)

        actions.logout()
    def test_draft_review_behaviour(self):
        """Test correctness of draft review visibility."""

        email1 = '*****@*****.**'
        name1 = 'Student 1'
        submission1 = transforms.dumps([
            {'index': 0, 'type': 'regex', 'value': 'S1-1', 'correct': True},
            {'index': 1, 'type': 'choices', 'value': 3, 'correct': False},
            {'index': 2, 'type': 'regex', 'value': 'is-S1', 'correct': True},
        ])
        payload1 = {
            'answers': submission1, 'assessment_type': LEGACY_REVIEW_UNIT_ID}

        email2 = '*****@*****.**'
        name2 = 'Student 2'
        submission2 = transforms.dumps([
            {'index': 0, 'type': 'regex', 'value': 'S2-1', 'correct': True},
            {'index': 1, 'type': 'choices', 'value': 3, 'correct': False},
            {'index': 2, 'type': 'regex', 'value': 'not-S1', 'correct': True},
        ])
        payload2 = {
            'answers': submission2, 'assessment_type': LEGACY_REVIEW_UNIT_ID}

        email3 = '*****@*****.**'
        name3 = 'Student 3'
        submission3 = transforms.dumps([
            {'index': 0, 'type': 'regex', 'value': 'S3-1', 'correct': True},
            {'index': 1, 'type': 'choices', 'value': 3, 'correct': False},
            {'index': 2, 'type': 'regex', 'value': 'not-S1', 'correct': True},
        ])
        payload3 = {
            'answers': submission3, 'assessment_type': LEGACY_REVIEW_UNIT_ID}

        # Student 1 submits the assignment.
        actions.login(email1)
        actions.register(self, name1)
        response = actions.submit_assessment(
            self, LEGACY_REVIEW_UNIT_ID, payload1)
        actions.logout()

        # Student 2 logs in and submits the assignment.
        actions.login(email2)
        actions.register(self, name2)
        response = actions.submit_assessment(
            self, LEGACY_REVIEW_UNIT_ID, payload2)

        # Student 2 requests a review, and is given Student 1's assignment.
        response = actions.request_new_review(self, LEGACY_REVIEW_UNIT_ID)
        review_step_key_2_for_1 = get_review_step_key(response)
        actions.assert_contains('S1-1', response.body)

        # Student 2 saves her review as a draft.
        review_2_for_1_payload = get_review_payload(
            'R2for1', is_draft=True)

        response = actions.submit_review(
            self, LEGACY_REVIEW_UNIT_ID, review_step_key_2_for_1,
            review_2_for_1_payload)
        actions.assert_contains('Your review has been saved.', response.body)

        response = self.get('reviewdashboard?unit=%s' % LEGACY_REVIEW_UNIT_ID)
        actions.assert_equals(response.status_int, 200)
        actions.assert_contains('(Draft)', response.body)

        # Student 2's draft is still changeable.
        response = actions.view_review(
            self, LEGACY_REVIEW_UNIT_ID, review_step_key_2_for_1)
        actions.assert_contains('Submit Review', response.body)
        response = actions.submit_review(
            self, LEGACY_REVIEW_UNIT_ID, review_step_key_2_for_1,
            review_2_for_1_payload)
        actions.assert_contains('Your review has been saved.', response.body)

        # Student 2 logs out.
        actions.logout()

        # Student 3 submits the assignment.
        actions.login(email3)
        actions.register(self, name3)
        response = actions.submit_assessment(
            self, LEGACY_REVIEW_UNIT_ID, payload3)
        actions.logout()

        # Student 1 logs in and requests two assignments to review.
        actions.login(email1)
        response = self.get('/reviewdashboard?unit=%s' % LEGACY_REVIEW_UNIT_ID)

        response = actions.request_new_review(self, LEGACY_REVIEW_UNIT_ID)
        actions.assert_contains('Assignment to review', response.body)
        actions.assert_contains('not-S1', response.body)

        review_step_key_1_for_someone = get_review_step_key(response)

        response = actions.request_new_review(self, LEGACY_REVIEW_UNIT_ID)
        actions.assert_contains('Assignment to review', response.body)
        actions.assert_contains('not-S1', response.body)

        review_step_key_1_for_someone_else = get_review_step_key(response)

        response = self.get('reviewdashboard?unit=%s' % LEGACY_REVIEW_UNIT_ID)
        actions.assert_equals(response.status_int, 200)
        actions.assert_contains('disabled="true"', response.body)

        # Student 1 submits both reviews, fulfilling his quota.
        review_1_for_other_payload = get_review_payload('R1for')

        response = actions.submit_review(
            self, LEGACY_REVIEW_UNIT_ID, review_step_key_1_for_someone,
            review_1_for_other_payload)
        actions.assert_contains(
            'Your review has been submitted successfully', response.body)

        response = actions.submit_review(
            self, LEGACY_REVIEW_UNIT_ID, review_step_key_1_for_someone_else,
            review_1_for_other_payload)
        actions.assert_contains(
            'Your review has been submitted successfully', response.body)

        response = self.get('/reviewdashboard?unit=%s' % LEGACY_REVIEW_UNIT_ID)
        actions.assert_contains('(Completed)', response.body)
        actions.assert_does_not_contain('(Draft)', response.body)

        # Although Student 1 has submitted 2 reviews, he cannot view Student
        # 2's review because it is still in Draft status.
        response = self.get('assessment?name=%s' % LEGACY_REVIEW_UNIT_ID)
        actions.assert_equals(response.status_int, 200)
        actions.assert_contains(
            'You have not received any peer reviews yet.', response.body)
        actions.assert_does_not_contain('R2for1', response.body)

        # Student 1 logs out.
        actions.logout()

        # Student 2 submits her review for Student 1's assignment.
        actions.login(email2)

        response = self.get('review?unit=%s&key=%s' % (
            LEGACY_REVIEW_UNIT_ID, review_step_key_2_for_1))
        actions.assert_does_not_contain('Submitted review', response.body)

        response = actions.submit_review(
            self, LEGACY_REVIEW_UNIT_ID, review_step_key_2_for_1,
            get_review_payload('R2for1'))
        actions.assert_contains(
            'Your review has been submitted successfully', response.body)

        # Her review is now read-only.
        response = self.get('review?unit=%s&key=%s' % (
            LEGACY_REVIEW_UNIT_ID, review_step_key_2_for_1))
        actions.assert_contains('Submitted review', response.body)
        actions.assert_contains('R2for1', response.body)

        # Student 2 logs out.
        actions.logout()

        # Now Student 1 can see the review he has received from Student 2.
        actions.login(email1)
        response = self.get('assessment?name=%s' % LEGACY_REVIEW_UNIT_ID)
        actions.assert_equals(response.status_int, 200)
        actions.assert_contains('R2for1', response.body)
    def test_reviewer_cannot_impersonate_another_reviewer(self):
        """Test that one reviewer cannot use another's review step key."""

        email1 = '*****@*****.**'
        name1 = 'Student 1'
        submission1 = transforms.dumps([
            {'index': 0, 'type': 'regex', 'value': 'S1-1', 'correct': True},
            {'index': 1, 'type': 'choices', 'value': 3, 'correct': False},
            {'index': 2, 'type': 'regex', 'value': 'is-S1', 'correct': True},
        ])
        payload1 = {
            'answers': submission1, 'assessment_type': LEGACY_REVIEW_UNIT_ID}

        email2 = '*****@*****.**'
        name2 = 'Student 2'
        submission2 = transforms.dumps([
            {'index': 0, 'type': 'regex', 'value': 'S2-1', 'correct': True},
            {'index': 1, 'type': 'choices', 'value': 3, 'correct': False},
            {'index': 2, 'type': 'regex', 'value': 'not-S1', 'correct': True},
        ])
        payload2 = {
            'answers': submission2, 'assessment_type': LEGACY_REVIEW_UNIT_ID}

        email3 = '*****@*****.**'
        name3 = 'Student 3'
        submission3 = transforms.dumps([
            {'index': 0, 'type': 'regex', 'value': 'S3-1', 'correct': True},
            {'index': 1, 'type': 'choices', 'value': 3, 'correct': False},
            {'index': 2, 'type': 'regex', 'value': 'not-S1', 'correct': True},
        ])
        payload3 = {
            'answers': submission3, 'assessment_type': LEGACY_REVIEW_UNIT_ID}

        # Student 1 submits the assignment.
        actions.login(email1)
        actions.register(self, name1)
        response = actions.submit_assessment(
            self, LEGACY_REVIEW_UNIT_ID, payload1)
        actions.logout()

        # Student 2 logs in and submits the assignment.
        actions.login(email2)
        actions.register(self, name2)
        response = actions.submit_assessment(
            self, LEGACY_REVIEW_UNIT_ID, payload2)

        # Student 2 requests a review, and is given Student 1's assignment.
        response = actions.request_new_review(self, LEGACY_REVIEW_UNIT_ID)
        review_step_key_2_for_1 = get_review_step_key(response)
        actions.assert_contains('S1-1', response.body)
        actions.logout()

        # Student 3 logs in, and submits the assignment.
        actions.login(email3)
        actions.register(self, name3)
        response = actions.submit_assessment(
            self, LEGACY_REVIEW_UNIT_ID, payload3)

        # Student 3 tries to view Student 1's assignment using Student 2's
        # review step key, but is not allowed to.
        response = actions.view_review(
            self, LEGACY_REVIEW_UNIT_ID, review_step_key_2_for_1,
            expected_status_code=404)

        # Student 3 logs out.
        actions.logout()