def test_add_manager_bad_username(self): manager = StoreManager(OTHER_USERNAME, SHOP_NAME, PERMISSIONS[0], PERMISSIONS[1], PERMISSIONS[2], PERMISSIONS[3], PERMISSIONS[4], PERMISSIONS[5], PERMISSIONS[6], PERMISSIONS[7],) manager = StoreManager(OTHER_USERNAME, SHOP_NAME, PERMISSIONS[0], PERMISSIONS[1], PERMISSIONS[2], PERMISSIONS[3], PERMISSIONS[4], PERMISSIONS[5], PERMISSIONS[6], PERMISSIONS[7],) is_added = UsersLogic.add_manager(USERNAME, manager) self.assertNotEqual(is_added, 'SUCCESS')
def setUp(self): init_database('db.sqlite3') register(RegisteredUser('YoniYoni', '1234567878')) register(RegisteredUser('StoreManager1', '1234567878')) register(RegisteredUser('StoreManager0', '1234567878')) shop = Shop('My Shop', 'Active') ShopLogic.create_shop(shop, 'YoniYoni') UsersLogic.add_manager( 'YoniYoni', StoreManager('StoreManager1', 'My Shop', 1, 1, 1, 1, 1, 1, 1, 1)) UsersLogic.add_manager( 'YoniYoni', StoreManager('StoreManager0', 'My Shop', 0, 0, 0, 0, 0, 0, 0, 0))
def test_bad_no_get_all_premss_send_message_and_get_messages_of_shops(self): register(RegisteredUser('TomerTomer1', '1234567878')) shop1 = Shop('My Shop1', 'Active') ShopLogic.create_shop(shop1, 'TomerTomer1') register(RegisteredUser('TomerTomer2', '1234567878')) shop2 = Shop('My Shop2', 'Active') ShopLogic.create_shop(shop2, 'TomerTomer2') UsersLogic.add_manager('TomerTomer1', StoreManager('TomerTomer2', 'My Shop1', 1, 1, 1, 1, 0, 1, 1, 1)) UsersLogic.add_manager('TomerTomer2', StoreManager('TomerTomer1', 'My Shop2', 1, 1, 1, 1, 0, 1, 1, 1)) MessagingLogic.send_message_from_shop('TomerTomer2', Message(1, 'My Shop1', 'My Shop2', 'Hello 1')) MessagingLogic.send_message_from_shop('TomerTomer1', Message(2, 'My Shop2', 'My Shop1', 'Hello 2')) messages1 = MessagingLogic.get_all_shop_messages('TomerTomer2', 'My Shop1') messages2 = MessagingLogic.get_all_shop_messages('TomerTomer1', 'My Shop2') self.assertFalse(messages1) self.assertFalse(messages2)
def test_bad_no_permssion_send_message_and_get_messages_of_shops(self): register(RegisteredUser('TomerTomer1', '1234567878')) shop1 = Shop('My Shop1', 'Active') ShopLogic.create_shop(shop1, 'TomerTomer1') register(RegisteredUser('TomerTomer2', '1234567878')) shop2 = Shop('My Shop2', 'Active') ShopLogic.create_shop(shop2, 'TomerTomer2') UsersLogic.add_manager('TomerTomer1', StoreManager('TomerTomer2', 'My Shop1', 1, 1, 1, 0, 1, 1, 1, 1)) UsersLogic.add_manager('TomerTomer2', StoreManager('TomerTomer1', 'My Shop2', 1, 1, 1, 0, 1, 1, 1, 1)) self.assertEqual(MessagingLogic.send_message_from_shop('TomerTomer2', Message(1, 'My Shop1', 'My Shop2', 'Hello 1')) , "FAILED: You don't have the permissions") self.assertEqual(MessagingLogic.send_message_from_shop('TomerTomer1', Message(2, 'My Shop2', 'My Shop1', 'Hello 2')) , "FAILED: You don't have the permissions")
def update_permissions(request): if request.method == 'POST': shop_name = request.POST.get('shop_name') target_id = request.POST.get('target_id') event = "UPDATE PERMISSIONS" suspect_sql_injection = False suspect_sql_injection = LoggerLogic.identify_sql_injection( shop_name, event) or suspect_sql_injection suspect_sql_injection = LoggerLogic.identify_sql_injection( target_id, event) or suspect_sql_injection if suspect_sql_injection: return HttpResponse(LoggerLogic.MESSAGE_SQL_INJECTION) login = request.COOKIES.get('login_hash') if login is not None: username = Consumer.loggedInUsers.get(login) store_manager = StoreManager( target_id, shop_name, request.POST.get('add_item_permission'), request.POST.get('remove_item_permission'), request.POST.get('edit_item_permission'), request.POST.get('reply_message_permission'), request.POST.get('get_all_message_permission'), request.POST.get('get_purchase_history_permission'), request.POST.get('get_discount_permission'), request.POST.get('set_policy_permission')) if UsersLogic.update_permissions(username, store_manager): return HttpResponse('success') return HttpResponse('fail')
def test_permissions(self): UsersLogic.register(RegisteredUser('ShaharShahar', '1212345678')) UsersLogic.register(RegisteredUser('TomerTomerLev', '65412321')) shop = Shop('myShop', 'Active') ShopLogic.create_shop(shop, 'ShaharShahar') UsersLogic.add_manager( 'ShaharShahar', StoreManager('TomerTomerLev', 'myShop', 1, 1, 1, 1, 1, 1, 1, 1)) ItemsLogic.add_item_to_shop( Item(None, 'myShop', 'doll', 'toys', 'toys:kids', 20, 300, 'regular', None, 0, 0, 0), 'TomerTomerLev') item = Items.get_item(1) self.assertEqual(item.shop_name, 'myShop') self.assertEqual(item.price, 20) self.assertEqual(item.quantity, 300) status = ItemsLogic.edit_shop_item('TomerTomerLev', 1, 'price', 40) self.assertTrue(status) status = ItemsLogic.edit_shop_item('TomerTomerLev', 1, 'name', 'doll_new') self.assertTrue(status) status = ItemsLogic.edit_shop_item('TomerTomerLev', 1, 'quantity', 40) self.assertTrue(status) item = Items.get_item(1) self.assertEqual(item.name, 'doll_new') self.assertEqual(item.quantity, 40) self.assertEqual(item.keyWords, 'toys:kids') status = ItemsLogic.remove_item_from_shop(1, 'TomerTomerLev') self.assertTrue(status)
def add_manager(request): if request.method == 'POST': shop_name = request.POST.get('shop_name') target_id = request.POST.get('target_id') event = "ADD MANAGER" suspect_sql_injection = False suspect_sql_injection = LoggerLogic.identify_sql_injection( shop_name, event) or suspect_sql_injection suspect_sql_injection = LoggerLogic.identify_sql_injection( target_id, event) or suspect_sql_injection if suspect_sql_injection: return HttpResponse(LoggerLogic.MESSAGE_SQL_INJECTION) login = request.COOKIES.get('login_hash') if login is not None: username = Consumer.loggedInUsers.get(login) store_manager = StoreManager( target_id, shop_name, request.POST.get('add_item_permission'), request.POST.get('remove_item_permission'), request.POST.get('edit_item_permission'), request.POST.get('reply_message_permission'), request.POST.get('get_all_message_permission'), request.POST.get('get_purchase_history_permission'), request.POST.get('get_discount_permission'), request.POST.get('set_policy_permission')) if username is not None: return HttpResponse( UsersLogic.add_manager(username, store_manager)) return HttpResponse('FAILED: You are not logged in')
def parse_store_managers(store_managers): store_managers_list = [] for store_manager in store_managers: store_managers_list.append(StoreManager(store_manager[0], store_manager[1], store_manager[2], store_manager[3], store_manager[4], store_manager[5], store_manager[6], store_manager[7], store_manager[8], store_manager[9])) return store_managers_list
def test_add_manager(self): ShopLogic.create_shop(SHOP, USERNAME) UsersLogic.register(OTHER_USER) manager = StoreManager(OTHER_USERNAME, SHOP_NAME, PERMISSIONS[0], PERMISSIONS[1], PERMISSIONS[2], PERMISSIONS[3], PERMISSIONS[4], PERMISSIONS[5], PERMISSIONS[6], PERMISSIONS[7]) is_added = UsersLogic.add_manager(USERNAME, manager) self.assertTrue(is_added)
def test_add_store_manager(self): UsersLogic.register(RegisteredUser('ShaharShahar', '12345126')) UsersLogic.register(RegisteredUser('TomerTomerLev', '65412321')) shop = Shop('myShop', 'Active') ShopLogic.create_shop(shop, 'ShaharShahar') UsersLogic.add_manager( 'ShaharShahar', StoreManager('TomerTomerLev', 'myShop', 1, 1, 1, 1, 1, 1, 1, 1)) manager = StoreManagers.get_store_manager('TomerTomerLev', 'myShop') self.assertTrue(manager.permission_add_item > 0) self.assertTrue(manager.permission_remove_item > 0) self.assertTrue(manager.permission_edit_item > 0) self.assertEqual(manager.store_name, 'myShop') self.assertEqual(manager.username, 'TomerTomerLev')
def test_add_invisible_discount_bad(self): register(RegisteredUser('YoniYoni', '1234567878')) register(RegisteredUser('StoreManager1', '1234567878')) shop = Shop('My Shop', 'Active') ShopLogic.create_shop(shop, 'YoniYoni') UsersLogic.add_manager( 'YoniYoni', StoreManager('StoreManager1', 'My Shop', 1, 1, 1, 1, 1, 1, 1, 1)) item1 = Item(1, 'My Shop', 'milk', 'diary', 'good', 12, 100, 'regular', None, 0, 0, 0) ItemsLogic.add_item_to_shop(item1, 'StoreManager1') invdisc = InvisibleDiscount('ABCDEFGHIJKLMNO', item1.id, shop.name, -1, '2018-12-01', '2019-12-01') self.assertFalse(add_invisible_discount(invdisc, 'YoniYoni'))
def test_get_visible_discount_bad_item(self): register(RegisteredUser('YoniYoni', '1234567878')) register(RegisteredUser('StoreManager1', '1234567878')) shop = Shop('My Shop', 'Active') ShopLogic.create_shop(shop, 'YoniYoni') UsersLogic.add_manager( 'YoniYoni', StoreManager('StoreManager1', 'My Shop', 1, 1, 1, 1, 1, 1, 1, 1)) item1 = Item(1, 'My Shop', 'milk', 'diary', 'good', 12, 100, 'regular', None, 0, 0, 0) item2 = Item(2, 'My Shop', 'milk1', 'diary1', 'good', 12, 100, 'regular', None, 0, 0, 0) ItemsLogic.add_item_to_shop(item1, 'StoreManager1') disc = VisibleDiscount(item1.id, shop.name, 50, '2018-12-01', '2019-12-01') self.assertTrue(add_visible_discount(disc, 'YoniYoni')) self.assertFalse(get_visible_discount(item2.id, shop.name))
def test_no_permission(self): UsersLogic.register(RegisteredUser('ShaharShahar', '12312456')) UsersLogic.register(RegisteredUser('TomerTomerLev', '65431221')) shop = Shop('myShop', 'Active') ShopLogic.create_shop(shop, 'ShaharShahar') UsersLogic.add_manager( 'ShaharShahar', StoreManager('TomerTomerLev', 'myShop', 0, 0, 0, 0, 0, 0, 0, 0)) status = ItemsLogic.add_item_to_shop( Item(None, 'myShop', 'doll', 'toys', 'toys;kids', 20, 300, 'regular', None, 0, 0, 0), 'TomerTomerLev') self.assertFalse(status) message = Message(None, 'myShop', 'ShaharShahar', 'Hi There') status = MessagingLogic.send_message_from_shop('TomerTomerLev', message) self.assertFalse(returnStringToBoolean(status))
def test_get_visible_discount(self): register(RegisteredUser('YoniYoni', '1234567878')) register(RegisteredUser('StoreManager1', '1234567878')) shop = Shop('My Shop', 'Active') ShopLogic.create_shop(shop, 'YoniYoni') UsersLogic.add_manager( 'YoniYoni', StoreManager('StoreManager1', 'My Shop', 1, 1, 1, 1, 1, 1, 1, 1)) item1 = Item(1, 'My Shop', 'milk', 'diary', 'good', 12, 100, 'regular', None, 0, 0, 0) ItemsLogic.add_item_to_shop(item1, 'StoreManager1') disc = VisibleDiscount(item1.id, shop.name, 50, '2018-12-01', '2019-12-01') self.assertTrue(add_visible_discount(disc, 'YoniYoni')) getted = get_visible_discount(item1.id, shop.name) self.assertEqual(getted.item_id, disc.item_id) self.assertEqual(getted.shop_name, disc.shop_name) self.assertEqual(getted.percentage, disc.percentage)
def test_torture3(self): # Adding Users status = UsersLogic.register( RegisteredUser('u1ser1u1ser1', 'wxde12exd12')) self.assertTrue(status) status = UsersLogic.register(RegisteredUser('u2ser2u2ser2', '34c124c1')) self.assertTrue(status) status = UsersLogic.register( RegisteredUser('u3ser3u3ser3', '1c241c24c1')) self.assertTrue(status) status = UsersLogic.register( RegisteredUser('u4ser4u4ser4', '3214v132v4132')) self.assertTrue(status) status = UsersLogic.register(RegisteredUser('u5seru5ser', '12121212')) self.assertTrue(status) # Adding System Managers status = UsersLogic.add_system_manager( SystemManager('sys1sys1', 'POWER123')) self.assertTrue(status) # Creating Shops status = ShopLogic.create_shop(Shop('myShop1', 'Active'), 'u1ser1u1ser1') self.assertTrue(status) status = ShopLogic.create_shop(Shop('myShop2', 'Active'), 'u2ser2u2ser2') self.assertTrue(status) status = UsersLogic.add_owner('u1ser1u1ser1', Owner('u3ser3u3ser3', 'myShop1', 0)) self.assertTrue(status) owner = Owners.get_owner('u1ser1u1ser1', 'myShop1') status = UsersLogic.add_manager( owner.username, StoreManager('u4ser4u4ser4', 'myShop1', 1, 1, 1, 1, 1, 1, 1, 1)) status = UsersLogic.add_manager( 'u2ser2u2ser2', StoreManager('u4ser4u4ser4', 'myShop2', 1, 1, 1, 1, 1, 1, 1, 1)) ItemsLogic.add_item_to_shop( Item(None, 'myShop1', 'banana', 'fruits', 'fruit;healthy;yellow', 4.90, 300, 'regular', None, 0, 0, 0), 'u4ser4u4ser4') ItemsLogic.add_item_to_shop( Item(None, 'myShop2', 'doll', 'toys', 'fun', 30, 10, 'regular', None, 0, 0, 0), 'u2ser2u2ser2') ItemsLogic.add_item_to_shop( Item(None, 'myShop1', 'soda', 'drinks', 'good', 4.90, 20, 'regular', None, 0, 0, 0), 'u1ser1u1ser1') ItemsLogic.add_item_to_shop( Item(None, 'myShop2', 'cucumber', 'vegetables', 'fun', 4.90, 300, 'regular', None, 0, 0, 0), 'u4ser4u4ser4') ItemsLogic.add_item_to_shop( Item(None, 'myShop1', 'vodka', 'drinks', 'bad;for;your;health', 70, 2, 'regular', None, 0, 0, 0), 'u3ser3u3ser3') username1 = 'u4ser4u4ser4' username2 = 'u2ser2u2ser2' username3 = 'u1ser1u1ser1' username4 = 'u3ser3u3ser3' username5 = 'u5seru5ser' access_token1 = hashlib.md5(username1.encode()).hexdigest() Consumer.loggedInUsers[access_token1] = username1 Consumer.loggedInUsersShoppingCart[access_token1] = [] access_token2 = hashlib.md5(username2.encode()).hexdigest() Consumer.loggedInUsers[access_token2] = username2 Consumer.loggedInUsersShoppingCart[access_token2] = [] access_token3 = hashlib.md5(username3.encode()).hexdigest() Consumer.loggedInUsers[access_token3] = username3 Consumer.loggedInUsersShoppingCart[access_token3] = [] access_token4 = hashlib.md5(username4.encode()).hexdigest() Consumer.loggedInUsers[access_token4] = username4 Consumer.loggedInUsersShoppingCart[access_token4] = [] access_token5 = hashlib.md5(username5.encode()).hexdigest() Consumer.loggedInUsers[access_token5] = username5 Consumer.loggedInUsersShoppingCart[access_token5] = [] UserShoppingCartLogic.add_item_shopping_cart( access_token5, ShoppingCartItem('u5seru5ser', 1, 10, None)) UserShoppingCartLogic.add_item_shopping_cart( access_token5, ShoppingCartItem('u5seru5ser', 2, 5, None)) UserShoppingCartLogic.add_item_shopping_cart( access_token5, ShoppingCartItem('u5seru5ser', 3, 15, None)) items = UserShoppingCartLogic.get_cart_items(access_token5) self.assertEqual(len(items), 3) self.assertEqual(items[0].code, None) UserShoppingCartLogic.remove_item_shopping_cart(access_token5, 1) items = UserShoppingCartLogic.get_cart_items(access_token5) self.assertEqual(len(items), 2) UserShoppingCartLogic.remove_item_shopping_cart(access_token5, 2) items = UserShoppingCartLogic.get_cart_items(access_token5) self.assertEqual(len(items), 1) # Only item id 3 left UserShoppingCartLogic.pay_all(access_token5) items1 = UsersLogic.get_purchase_history('u5seru5ser') items2 = ItemsLogic.get_all_purchased_items('sys1sys1') items3 = ShopLogic.get_shop_purchase_history('u4ser4u4ser4', 'myShop1') self.assertEqual(items1[0].item_id, items2[0].item_id) self.assertEqual(items2[0].quantity, items3[0].quantity) self.assertEqual(items1[0].price, items3[0].price) self.assertTrue('Nadav Ha Gever')
def test_add_manager_bad_shop(self): ShopLogic.create_shop(SHOP, USERNAME) manager = StoreManager(OTHER_USERNAME, OTHER_SHOP_NAME, PERMISSIONS[0], PERMISSIONS[1], PERMISSIONS[2], PERMISSIONS[3], PERMISSIONS[4], PERMISSIONS[5], PERMISSIONS[6],PERMISSIONS[7], ) is_added = UsersLogic.add_manager(USERNAME, manager) self.assertNotEqual(is_added, 'SUCCESS')
def test_torture2(self): # Adding Users status = UsersLogic.register( RegisteredUser('u1ser1u1ser1', 'wxde12exd12')) self.assertTrue(status) status = UsersLogic.register(RegisteredUser('u2ser2u2ser2', '34c124c1')) self.assertTrue(status) status = UsersLogic.register( RegisteredUser('u3ser3u3ser3', '1c241c24c1')) self.assertTrue(status) status = UsersLogic.register( RegisteredUser('u4ser4u4ser4', '3214v132v4132')) self.assertTrue(status) status = UsersLogic.register(RegisteredUser('u5seru5ser', '12121212')) self.assertTrue(status) # Adding System Managers status = UsersLogic.add_system_manager( SystemManager('sys1sys1', 'POWER123')) self.assertTrue(status) # Creating Shops status = ShopLogic.create_shop(Shop('myShop1', 'Active'), 'u1ser1u1ser1') self.assertTrue(status) status = ShopLogic.create_shop(Shop('myShop2', 'Active'), 'u2ser2u2ser2') self.assertTrue(status) status = UsersLogic.add_owner('u1ser1u1ser1', Owner('u3ser3u3ser3', 'myShop1', 0)) self.assertTrue(status) owner = Owners.get_owner('u1ser1u1ser1', 'myShop1') status = UsersLogic.add_manager( owner.username, StoreManager('u4ser4u4ser4', 'myShop1', 1, 1, 1, 1, 1, 1, 1, 1)) status = UsersLogic.add_manager( 'u2ser2u2ser2', StoreManager('u4ser4u4ser4', 'myShop2', 1, 1, 1, 1, 1, 1, 1, 1)) manager = StoreManagers.get_store_manager('u4ser4u4ser4', 'myShop1') self.assertEqual(manager.permission_reply_messages, 1) ItemsLogic.add_item_to_shop( Item(None, 'myShop1', 'banana', 'fruits', 'fruit;healthy;yellow', 4.90, 300, 'regular', None, 0, 0, 0), 'u4ser4u4ser4') ItemsLogic.add_item_to_shop( Item(None, 'myShop2', 'doll', 'toys', 'fun', 30, 10, 'regular', None, 0, 0, 0), 'u2ser2u2ser2') ItemsLogic.add_item_to_shop( Item(None, 'myShop1', 'soda', 'drinks', 'good', 4.90, 20, 'regular', None, 0, 0, 0), 'u1ser1u1ser1') ItemsLogic.add_item_to_shop( Item(None, 'myShop2', 'cucumber', 'vegetables', 'fun', 4.90, 300, 'regular', None, 0, 0, 0), 'u4ser4u4ser4') ItemsLogic.add_item_to_shop( Item(None, 'myShop1', 'vodka', 'drinks', 'bad;for;your;health', 70, 2, 'regular', None, 0, 0, 0), 'u3ser3u3ser3') items = SearchLogic.search_by_name('banana') self.assertEqual(items[0].quantity, 300) self.assertEqual(items[0].price, 4.90) self.assertEqual(len(items), 1) items = SearchLogic.search_by_category('drinks') self.assertEqual(items[0].quantity, 20) self.assertEqual(items[1].price, 70) self.assertEqual(len(items), 2) items = SearchLogic.search_by_keywords('fun') self.assertEqual(items[0].quantity, 10) self.assertEqual(items[1].price, 4.90) self.assertEqual(len(items), 2) items = SearchLogic.search_items_in_shop('myShop2') self.assertEqual(items[0].name, 'doll') self.assertEqual(items[1].name, 'cucumber') self.assertEqual(len(items), 2) MessagingLogic.send_message_from_shop( 'u4ser4u4ser4', Message(None, 'myShop1', 'u5seru5ser', 'Nadav is our lord and savior')) messages = MessagingLogic.get_all_messages('u5seru5ser') self.assertEqual(len(messages), 1) self.assertEqual(messages[0].content, 'Nadav is our lord and savior') MessagingLogic.send_message( Message(None, 'u5seru5ser', 'myShop1', 'Hello Shop')) messages = MessagingLogic.get_all_shop_messages( 'u4ser4u4ser4', 'myShop1') self.assertEqual(len(messages), 1) self.assertEqual(messages[0].content, 'Hello Shop') MessagingLogic.send_message_from_shop( 'u1ser1u1ser1', Message(None, 'myShop1', 'myShop2', 'Hello Shop2')) messages = MessagingLogic.get_all_shop_messages( 'u2ser2u2ser2', 'myShop2') self.assertEqual(len(messages), 1) self.assertEqual(messages[0].content, 'Hello Shop2') MessagingLogic.send_message( Message(None, 'u1ser1u1ser1', 'u3ser3u3ser3', 'Shop2 Sucks!')) messages = MessagingLogic.get_all_messages('u3ser3u3ser3') self.assertEqual(messages[0].content, 'Shop2 Sucks!') UsersLogic.close_shop('u1ser1u1ser1', 'myShop1') items = SearchLogic.search_by_name('banana') self.assertEqual(len(items), 0)