def update_shopping_policy_on_shop(username, policy_id, field_name, new_value, shop_name):
if policy_id is not None and field_name is not None and new_value is not None:
if int(policy_id) < 0:
return "FAILED: Invalid id of Policy"
if field_name not in ['shop_name', 'conditions', 'restriction', 'quantity']:
return "FAILED: Invalid field name"
if Owners.get_owner(username, shop_name) is not False:
if field_name in ['conditions']:
status = checkConditionsSyntax(new_value)
if new_value == "":
new_value = "1=1"
if status is not True:
return status
if not ShoppingPolicies.update_shopping_policy_on_shop(policy_id, field_name, new_value):
return "FAILED: DB error."
LoggerLogic.add_event_log(username, "POLICY: UPDATE SHOP SHOPPING POLICY")
return True
manager = StoreManagers.get_store_manager(username, shop_name)
if manager is not False:
if manager.permission_set_policy > 0:
if field_name in ['conditions']:
status = checkConditionsSyntax(new_value)
if new_value == "":
new_value = "1=1"
if status is not True:
return status
if not ShoppingPolicies.update_shopping_policy_on_shop(policy_id, field_name, new_value):
return "FAILED: DB error."
LoggerLogic.add_event_log(username, "POLICY: UPDATE SHOP SHOPPING POLICY")
return True
return 'FAILED: no permissions!'
return 'FAILED: you are not a the Owner of the shop'
return "FAILED: One (or more) of the parameters is None"
def add_review_on_item(request):
if request.method == 'POST':
item_id = request.POST.get('item_id')
description = request.POST.get('description')
rank = request.POST.get('rank')
event = "ADD REVIEW"
suspect_sql_injection = False
suspect_sql_injection = LoggerLogic.identify_sql_injection(
item_id, event) or suspect_sql_injection
suspect_sql_injection = LoggerLogic.identify_sql_injection(
description, event) or suspect_sql_injection
suspect_sql_injection = LoggerLogic.identify_sql_injection(
rank, event) or suspect_sql_injection
if suspect_sql_injection:
return HttpResponse(MESSAGE_SQL_INJECTION)
login = request.COOKIES.get('login_hash')
if login is not None:
writer_name = Consumer.loggedInUsers.get(login)
old_review = ItemsLogic.get_item_review_with_writer(
item_id, writer_name)
if old_review is not False:
return HttpResponse('has reviews')
review = ItemReview(writer_name, item_id, description, rank)
if ItemsLogic.add_review_on_item(review):
return HttpResponse('success')
return HttpResponse('fail')
def register(request):
if request.method == 'POST':
username = request.POST.get('username')
password = request.POST.get('password')
state = request.POST.get('state')
age = request.POST.get('age')
sex = request.POST.get('sex')
event = "REGISTER"
suspect_sql_injection = False
suspect_sql_injection = LoggerLogic.identify_sql_injection(
username, event)
suspect_sql_injection = LoggerLogic.identify_sql_injection(
password, event)
suspect_sql_injection = LoggerLogic.identify_sql_injection(
state, event)
suspect_sql_injection = LoggerLogic.identify_sql_injection(age, event)
suspect_sql_injection = LoggerLogic.identify_sql_injection(sex, event)
if suspect_sql_injection:
return HttpResponse(LoggerLogic.MESSAGE_SQL_INJECTION)
return HttpResponse(
UsersLogic.register_with_user_detail(
RegisteredUser(username, password), state, age, sex))
def send_message(message):
if message.from_username is not None and message.to_username is not None and message.content is not None:
if message.to_username == 'System' or get_user(
message.to_username) is not False or Shops.search_shop(
message.to_username) is not False:
# output = Messages.send_message(message)
if SystemManagers.is_system_manager(message.from_username):
message.from_username = '******'
output = Messages.send_message(message)
else:
return "FAILED: Target user is incorrect"
else:
return "FAILED: Missing Parameters"
if output:
users = [message.to_username]
if message.to_username == 'System':
LoggerLogic.add_event_log(message.from_username,
"REPORT ITEM / SHOP")
SMs = SystemManagers.get_all_system_managers()
SM_names = []
for sm in SMs:
SM_names.append(sm.username)
users = SM_names
MessagingAlerts.notify_messaging_alerts(
users, '<a href = "../app/home/messages/?content=received" > '
'You Have a new message from ' + message.from_username + '</a>')
return "SUCCESS"
else:
return "FAILED"
def add_manager(request):
if request.method == 'POST':
shop_name = request.POST.get('shop_name')
target_id = request.POST.get('target_id')
event = "ADD MANAGER"
suspect_sql_injection = False
suspect_sql_injection = LoggerLogic.identify_sql_injection(
shop_name, event) or suspect_sql_injection
suspect_sql_injection = LoggerLogic.identify_sql_injection(
target_id, event) or suspect_sql_injection
if suspect_sql_injection:
return HttpResponse(LoggerLogic.MESSAGE_SQL_INJECTION)
login = request.COOKIES.get('login_hash')
if login is not None:
username = Consumer.loggedInUsers.get(login)
store_manager = StoreManager(
target_id, shop_name, request.POST.get('add_item_permission'),
request.POST.get('remove_item_permission'),
request.POST.get('edit_item_permission'),
request.POST.get('reply_message_permission'),
request.POST.get('get_all_message_permission'),
request.POST.get('get_purchase_history_permission'),
request.POST.get('get_discount_permission'),
request.POST.get('set_policy_permission'))
if username is not None:
return HttpResponse(
UsersLogic.add_manager(username, store_manager))
return HttpResponse('FAILED: You are not logged in')
def send_message_from_shop(request):
if request.method == 'POST':
content = request.POST.get('content')
from_shop = request.POST.get('from')
to = request.POST.get('to')
event = "SEND MESSAGE FROM SHOP"
suspect_sql_injection = False
suspect_sql_injection = LoggerLogic.identify_sql_injection(
content, event) or suspect_sql_injection
suspect_sql_injection = LoggerLogic.identify_sql_injection(
from_shop, event) or suspect_sql_injection
suspect_sql_injection = LoggerLogic.identify_sql_injection(
to, event) or suspect_sql_injection
if suspect_sql_injection:
return HttpResponse(LoggerLogic.MESSAGE_SQL_INJECTION)
login = request.COOKIES.get('login_hash')
if login is not None:
username = Consumer.loggedInUsers.get(login)
message = Message(None, from_shop, to, content)
return HttpResponse(
MessagingLogic.send_message_from_shop(username, message))
return HttpResponse('FAILED: You are not logged in')
def update_details(request):
if request.method == 'POST':
state = request.POST.get('state')
age = request.POST.get('age')
sex = request.POST.get('sex')
event = "UPDATE USER DETAILS"
suspect_sql_injection = False
suspect_sql_injection = LoggerLogic.identify_sql_injection(
state, event) or suspect_sql_injection
suspect_sql_injection = LoggerLogic.identify_sql_injection(
age, event) or suspect_sql_injection
suspect_sql_injection = LoggerLogic.identify_sql_injection(
sex, event) or suspect_sql_injection
if suspect_sql_injection:
return HttpResponse(LoggerLogic.MESSAGE_SQL_INJECTION)
login = request.COOKIES.get('login_hash')
if login is not None:
username = Consumer.loggedInUsers.get(login)
return HttpResponse(
UsersLogic.update_details(username, state, age, sex))
return HttpResponse('FAILED: You are not logged in.')
def edit_password(request):
if request.method == 'POST':
current_password = request.POST.get('current_password')
new_password = request.POST.get('new_password')
event = "EDIT PASSWORD"
suspect_sql_injection = False
suspect_sql_injection = LoggerLogic.identify_sql_injection(
current_password, event)
suspect_sql_injection = LoggerLogic.identify_sql_injection(
new_password, event)
if suspect_sql_injection:
return HttpResponse(LoggerLogic.MESSAGE_SQL_INJECTION)
login = request.COOKIES.get('login_hash')
if login is not None:
username = Consumer.loggedInUsers.get(login)
if UsersLogic.login(RegisteredUser(username, current_password)):
return HttpResponse(
UsersLogic.edit_password(
RegisteredUser(username, new_password)))
return HttpResponse('FAILED: You are not logged in.')
def search_item_in_shop(request):
if request.method == 'GET':
login = request.COOKIES.get('login_hash')
topbar = loader.render_to_string('components/Topbar.html',
context=None)
if login is not None:
username = Consumer.loggedInUsers.get(login)
if username is not None:
# html of a logged in user
topbar = loader.render_to_string(
'components/TopbarLoggedIn.html',
context={'username': username})
name = request.GET.get('item_name')
shop_name = request.GET.get('shop_name')
event = "SEARCH ITEM IN SHOP"
suspect_sql_injection = False
suspect_sql_injection = LoggerLogic.identify_sql_injection(
name, event) or suspect_sql_injection
suspect_sql_injection = LoggerLogic.identify_sql_injection(
shop_name, event) or suspect_sql_injection
if suspect_sql_injection:
return HttpResponse(LoggerLogic.MESSAGE_SQL_INJECTION)
item = SearchLogic.search_item_in_shop(name, shop_name)
if item is not False:
context = {'topbar': topbar, 'item': item}
return render(request, 'SearchView.html', context)
def update_permissions(request):
if request.method == 'POST':
shop_name = request.POST.get('shop_name')
target_id = request.POST.get('target_id')
event = "UPDATE PERMISSIONS"
suspect_sql_injection = False
suspect_sql_injection = LoggerLogic.identify_sql_injection(
shop_name, event) or suspect_sql_injection
suspect_sql_injection = LoggerLogic.identify_sql_injection(
target_id, event) or suspect_sql_injection
if suspect_sql_injection:
return HttpResponse(LoggerLogic.MESSAGE_SQL_INJECTION)
login = request.COOKIES.get('login_hash')
if login is not None:
username = Consumer.loggedInUsers.get(login)
store_manager = StoreManager(
target_id, shop_name, request.POST.get('add_item_permission'),
request.POST.get('remove_item_permission'),
request.POST.get('edit_item_permission'),
request.POST.get('reply_message_permission'),
request.POST.get('get_all_message_permission'),
request.POST.get('get_purchase_history_permission'),
request.POST.get('get_discount_permission'),
request.POST.get('set_policy_permission'))
if UsersLogic.update_permissions(username, store_manager):
return HttpResponse('success')
return HttpResponse('fail')
def login(request):
if request.method == 'POST':
username = request.POST.get('username')
password = request.POST.get('password')
event = "LOGIN"
suspect_sql_injection = False
suspect_sql_injection = LoggerLogic.identify_sql_injection(
username, event) or suspect_sql_injection
suspect_sql_injection = LoggerLogic.identify_sql_injection(
password, event) or suspect_sql_injection
if suspect_sql_injection:
return HttpResponse(LoggerLogic.MESSAGE_SQL_INJECTION)
user = RegisteredUser(username, password)
result = UsersLogic.login(user)
if result[:7] == 'SUCCESS':
access_token = hashlib.md5(username.encode()).hexdigest()
Consumer.loggedInUsers[access_token] = username
Consumer.loggedInUsersShoppingCart[
access_token] = ShoppingLogic.get_cart_items(username)
return HttpResponse(access_token)
else:
return HttpResponse(result)
def create_shop(request):
if request.method == 'POST':
# return HttpResponse('item added')
shop_name = request.POST.get('name')
shop_status = request.POST.get('status')
event = "ADD SHOP"
suspect_sql_injection = False
suspect_sql_injection = LoggerLogic.identify_sql_injection(
shop_name, event) or suspect_sql_injection
suspect_sql_injection = LoggerLogic.identify_sql_injection(
shop_status, event) or suspect_sql_injection
if suspect_sql_injection or shop_name == '':
return HttpResponse(LoggerLogic.MESSAGE_SQL_INJECTION)
login = request.COOKIES.get('login_hash')
if login is None:
login = request.POST.get('login_hash')
if login is None:
return HttpResponse('FAILED: You are not logged in')
username = Consumer.loggedInUsers.get(login)
if username is None:
return HttpResponse('FAILED: You are not logged in')
shop = Shop(shop_name, shop_status)
return HttpResponse(ShopLogic.create_shop(shop, username))
def add_review_on_shop(request):
if request.method == 'POST':
shop_name = request.POST.get('shop_name')
description = request.POST.get('description')
rank = int(request.POST.get('rank'))
event = "ADD REVIEW ON SHOP"
suspect_sql_injection = False
suspect_sql_injection = LoggerLogic.identify_sql_injection(
shop_name, event) or suspect_sql_injection
suspect_sql_injection = LoggerLogic.identify_sql_injection(
description, event) or suspect_sql_injection
if suspect_sql_injection:
return HttpResponse(LoggerLogic.MESSAGE_SQL_INJECTION)
login = request.COOKIES.get('login_hash')
if login is not None:
writer_id = Consumer.loggedInUsers.get(login)
shop_review = ShopReview(writer_id, description, rank, shop_name)
old_review = ShopLogic.get_shop_review_with_writer(
shop_name, writer_id)
if old_review is not False:
return HttpResponse('has reviews')
if ShopLogic.add_review_on_shop(shop_review):
return HttpResponse('success')
return HttpResponse('fail')
def remove_user(username, registered_user):
if username is not None and registered_user is not None:
if SystemManagers.is_system_manager(username) is not False:
sys_manager = SystemManagers.is_system_manager(
registered_user.username)
is_store_manager = StoreManagers.is_store_manager(
registered_user.username)
is_owner = Owners.is_owner(registered_user.username)
if sys_manager is False:
user = RegisteredUsers.get_user(registered_user.username)
if user is not False:
result_delete = True
if is_store_manager is not False:
result_delete = StoreManagers.remove_manager(
registered_user.username)
else:
if is_owner is not False:
result_delete = Owners.remove_owner(
registered_user.username)
final_result = result_delete and RegisteredUsers.remove_user(
registered_user.username)
if final_result:
LoggerLogic.add_event_log(username, "DELETE USER")
return final_result
return False
return False
def test_get_all_security(self):
LoggerLogic.identify_sql_injection("#", "event1")
LoggerLogic.identify_sql_injection("'SELECT * FROM Items;--", "event2")
logs = Logger.get_all_security_logs()
self.assertTrue(len(logs) == 2)
security_log = logs[1]
self.assertEqual(security_log.event, "event1")
security_log = logs[0]
self.assertEqual(security_log.event, "event2")
def remove_shopping_policy_on_shop(username, policy_id, shop_name):
if policy_id is not None and policy_id > 0:
if Owners.get_owner(username, shop_name) is not False:
if not ShoppingPolicies.remove_shopping_policy_on_shop(policy_id):
return "FAILED: DB error."
LoggerLogic.add_event_log(username, "POLICY: REMOVE SHOP SHOPPING POLICY")
return True
return 'FAILED: you are not a the Owner of the shop'
return "FAILED: Invalid id of Policy"
def remove_shopping_policy_on_category(username, policy_id):
if policy_id is not None and policy_id > 0:
if SystemManagers.is_system_manager(username) is not False:
if not ShoppingPolicies.remove_shopping_policy_on_category(policy_id):
return "FAILED: DB error."
LoggerLogic.add_event_log(username, "POLICY: REMOVE CATEGORY SHOPPING POLICY")
return True
return 'FAILED: you are not a System Manager'
return "FAILED: Invalid id of Policy"
def re_open_shop(username, shop_name):
owner_of_shop = Owners.get_owner(username, shop_name)
if owner_of_shop is not False:
result = Shops.re_open_shop(shop_name)
if result:
LoggerLogic.add_event_log(username,
"SHOP STATUS CHANGED - RE-OPEN")
return result
else:
return False
def test_get_all_events(self):
LoggerLogic.add_event_log("omri", "open shop")
LoggerLogic.add_event_log("omri2", "payAll")
logs = Logger.get_all_event_logs()
self.assertTrue(len(logs) == 2)
event_log = logs[1]
self.assertEqual(event_log.username, "omri")
self.assertEqual(event_log.event, "open shop")
event_log = logs[0]
self.assertEqual(event_log.username, "omri2")
self.assertEqual(event_log.event, "payAll")
def create_shop(shop, username):
if shop is not None and username is not None:
if Shops.search_shop(shop.name) is False:
if Shops.create_shop(shop):
if Owners.add_owner(Owner(username, shop.name, None)):
LoggerLogic.add_event_log(username, "OPEN SHOP")
return "SUCCESS"
return "FAILED: Adding Owner"
return "FAILED: Adding Shop"
return "FAILED: Shop name is taken"
return "FAILED: Missing parameters"
def test_get_all_logging(self):
UsersLogic.register(RegisteredUser("user1user1", "13245678"))
UsersLogic.register(RegisteredUser("user2user2", "13245678"))
LoggerLogic.add_login_log("user1user1")
LoggerLogic.add_login_log("user2user2")
logs = Logger.get_all_login_logs()
self.assertTrue(len(logs) == 2)
login_log = logs[1]
self.assertEqual(login_log.username, "user1user1")
login_log = logs[0]
self.assertEqual(login_log.username, "user2user2")
def close_shop(username, shop_name):
owner_of_shop = Owners.get_owner(username, shop_name)
if owner_of_shop is not False:
result = Shops.close_shop(shop_name)
if result:
lotteries = get_lotteries_by_shop(shop_name)
for lottery in lotteries:
lottery_timer(lottery.id)
LoggerLogic.add_event_log(username, "SHOP STATUS CHANGED - CLOSE")
return result
else:
return False
def add_shopping_policy_on_identity(username, conditions, restriction, quantity):
if conditions is not None and restriction is not None and quantity is not None:
if restriction not in ['N', 'AL', 'E', 'UT']:
return "FAILED: Invalid value of restriction."
if int(quantity) < 0:
return "FAILED: Negative quantity is invalid."
if SystemManagers.is_system_manager(username) is not False:
if not ShoppingPolicies.add_shopping_policy_on_identity(conditions, restriction, quantity):
return "FAILED: DB error."
LoggerLogic.add_event_log(username, "POLICY: ADD IDENTITY SHOPPING POLICY")
return True
return 'FAILED: you are not a System Manager'
return "FAILED: One (or more) of the parameters is None"
def pay_all_guest(guest):
if guest is not None:
# check if cart has items
empty = check_empty_cart_guest(guest)
if empty is not True:
purchase_id = 0
# if so, check foreach item if the requested amount exist
cart_items = Consumer.guestShoppingCart[guest]
# cart_items is a array consist of shopping_cart objects
shopping_policy_status = UserShoppingCartLogic.shopping_policy_check(
"guest", cart_items)
if shopping_policy_status is not True:
return shopping_policy_status
message = check_stock_for_shopping_cart(cart_items)
if message is not True:
return message
# if so, sum all items costs, get from costumer his credentials
total_cost = 0
# for each item, calculate visible_discount
for shopping_cart_item in cart_items:
item = get_item(shopping_cart_item.item_id)
new_price = UserShoppingCartLogic.get_new_price_for_item(
item, shopping_cart_item)
total_cost = total_cost + shopping_cart_item.item_quantity * new_price
new_quantity = item.quantity - shopping_cart_item.item_quantity
status = ItemsLogic.update_stock(item.id, new_quantity)
if status is False:
return 'Something went wrong with the purchase'
# live alerts
owners = Owners.get_owners_by_shop(item.shop_name)
owners_name = []
for owner in owners:
owners_name.append(owner.username)
PurchasesAlerts.notify_purchasing_alerts(
owners_name, '<strong>' + guest +
'</strong> has bought item <a href="http://localhost:8000/app/item/?item_id='
+ str(item.id) + '"># <strong>' + str(item.id) +
'</strong></a> from your shop')
pay_confirmation = ExternalSystems.payment.pay(total_cost, guest)
if pay_confirmation is False:
return 'Payment System Denied.'
sup_confirmation = ExternalSystems.supply.supply_a_purchase(
guest, purchase_id)
if sup_confirmation is False:
return 'Supply System Denied.'
status = remove_shopping_cart_guest(guest)
if status is False:
return 'Something went wrong with the purchase'
LoggerLogic.add_event_log("GUEST", "PAY ALL")
return [purchase_id, total_cost]
return 'Shopping cart is empty'
def edit_shop_item(request):
if request.method == 'POST':
login = request.COOKIES.get('login_hash')
username = None
if login is not None:
username = Consumer.loggedInUsers.get(login)
if username is None:
return HttpResponse('fail')
item_id = request.POST.get('item_id')
fields = ['quantity', 'category', 'keywords', 'price', 'url']
new_values = [
request.POST.get('item_quantity'),
request.POST.get('item_category'),
request.POST.get('item_keywords'),
request.POST.get('item_price'),
request.POST.get('item_url')
]
event = "EDIT ITEM"
suspect_sql_injection = False
suspect_sql_injection = LoggerLogic.identify_sql_injection(
new_values[0], event) or suspect_sql_injection
suspect_sql_injection = LoggerLogic.identify_sql_injection(
new_values[1], event) or suspect_sql_injection
suspect_sql_injection = LoggerLogic.identify_sql_injection(
new_values[2], event) or suspect_sql_injection
suspect_sql_injection = LoggerLogic.identify_sql_injection(
new_values[3], event) or suspect_sql_injection
suspect_sql_injection = LoggerLogic.identify_sql_injection(
new_values[4], event) or suspect_sql_injection
if suspect_sql_injection:
return HttpResponse(MESSAGE_SQL_INJECTION)
item = ItemsLogic.get_item(item_id)
if item is False:
return HttpResponse('fail')
if not UsersLogic.is_owner_of_shop(username, item.shop_name):
if UsersLogic.is_manager_of_shop(username, item.shop_name):
manager = UsersLogic.get_manager(username, item.shop_name)
if manager.permission_edit_item is not 1: # no permission
return HttpResponse('no permission to edit item')
else:
return HttpResponse('fail') # not manager not owner
for i in range(0, len(fields)):
status = ItemsLogic.edit_shop_item(username, item_id, fields[i],
new_values[i])
if status is False:
return HttpResponse('fail')
return HttpResponse('success')
def add_lottery_item_to_shop(request):
if request.method == 'POST':
item_name = request.POST.get('item_name')
item_category = request.POST.get('item_category')
item_keywords = request.POST.get('item_keyWords')
item_price = request.POST.get('item_price')
ticket_name = request.POST.get('ticket_name')
ticket_price = request.POST.get('ticket_price')
shop_name = request.POST.get('item_shop_name')
final_date = request.POST.get('final_date')
item = Item(None, shop_name, item_name, item_category, item_keywords, 0, 1, 'prize')
ticket = Item(None, shop_name, ticket_name, item_category, item_keywords, ticket_price, 1, 'ticket')
username = request.POST.get('username')
event = "ADD LOTTERY ITEM"
suspect_sql_injection = False
suspect_sql_injection = LoggerLogic.identify_sql_injection(item_name, event) or suspect_sql_injection
suspect_sql_injection = LoggerLogic.identify_sql_injection(item_category, event) or suspect_sql_injection
suspect_sql_injection = LoggerLogic.identify_sql_injection(item_keywords, event) or suspect_sql_injection
suspect_sql_injection = LoggerLogic.identify_sql_injection(item_price, event) or suspect_sql_injection
suspect_sql_injection = LoggerLogic.identify_sql_injection(ticket_name, event) or suspect_sql_injection
suspect_sql_injection = LoggerLogic.identify_sql_injection(ticket_price, event) or suspect_sql_injection
suspect_sql_injection = LoggerLogic.identify_sql_injection(shop_name, event) or suspect_sql_injection
suspect_sql_injection = LoggerLogic.identify_sql_injection(username, event) or suspect_sql_injection
if suspect_sql_injection:
return HttpResponse(MESSAGE_SQL_INJECTION)
LotteryLogic.add_lottery_and_items(item, ticket, item_price, final_date, username)
def test_get_errors_by_event(self):
LoggerLogic.add_error_log("omri", "open shop",
"shop name already exists")
LoggerLogic.add_error_log("omri2", "payAll", "error in pay")
logs = Logger.get_error_logs_by_event("open shop")
self.assertTrue(len(logs) == 1)
error_log = logs[0]
self.assertEqual(error_log.username, "omri")
self.assertEqual(error_log.event, "open shop")
logs = Logger.get_error_logs_by_event("payAll")
self.assertTrue(len(logs) == 1)
error_log = logs[0]
self.assertEqual(error_log.username, "omri2")
self.assertEqual(error_log.event, "payAll")
def login(user):
if SystemManagers.login(user.username,
hashlib.sha256(
user.password.encode()).hexdigest()):
LoggerLogic.add_login_log(user.username)
return "SUCCESS"
if user.username is not None and user.password is not None:
if RegisteredUsers.is_user_exists(user.username):
user.password = hashlib.sha256(user.password.encode()).hexdigest()
if RegisteredUsers.login(user):
LoggerLogic.add_login_log(user.username)
return "SUCCESS"
return "FAILED:Password in incorrect"
return "FAILED: Username is incorrect"
return "FAILED: Missing Parameters"
def test_add_event(self):
self.assertTrue(LoggerLogic.add_event_log("omri", "open shop"))
logs = Logger.get_all_event_logs()
self.assertTrue(len(logs) == 1)
event_log = logs[0]
self.assertEqual(event_log.username, "omri")
self.assertEqual(event_log.event, "open shop")
def search_shop(request):
if request.method == 'GET':
login = request.COOKIES.get('login_hash')
topbar = loader.render_to_string('components/Topbar.html',
context=None)
words = []
if login is not None:
username = Consumer.loggedInUsers.get(login)
if username is not None:
# html of a logged in user
topbar = loader.render_to_string(
'components/TopbarLoggedIn.html',
context={'username': username})
name = request.GET.get('name')
suspect_sql_injection = LoggerLogic.identify_sql_injection(
name, "SEARCH SHOP")
if suspect_sql_injection:
return HttpResponse(LoggerLogic.MESSAGE_SQL_INJECTION)
shop = SearchLogic.search_shop(name)
if shop is not False:
context = {'topbar': topbar}
return render(request, 'shop.html', context)
else:
words = SearchLogic.get_similar_words(name)
words = words[:5]
context = {'topbar': topbar, 'words': words}
return render(request, 'ItemsNotFound.html', context)
