def test_create_user_lti_and_CAS(self):
url = '/api/users'
lti_data = LTITestData()
auth_data = ThirdPartyAuthTestData()
with self.client.session_transaction() as sess:
sess['CAS_CREATE'] = True
sess['CAS_UNIQUE_IDENTIFIER'] = "some_unique_identifier"
self.assertIsNone(sess.get('LTI'))
# test login required when LTI and oauth_create_user_link are not present (even when CAS params are present)
expected = UserFactory.stub(system_role=SystemRole.student.value)
rv = self.client.post(url, data=json.dumps(expected.__dict__), content_type='application/json')
self.assert401(rv)
# test create student via lti session
with self.lti_launch(lti_data.get_consumer(), lti_data.generate_resource_link_id(),
user_id=lti_data.generate_user_id(), context_id=lti_data.generate_context_id(),
roles="Student") as lti_response:
self.assert200(lti_response)
with self.client.session_transaction() as sess:
sess['CAS_CREATE'] = True
sess['CAS_UNIQUE_IDENTIFIER'] = "some_unique_identifier"
self.assertTrue(sess.get('LTI'))
expected = UserFactory.stub(system_role=None)
rv = self.client.post(url, data=json.dumps(expected.__dict__), content_type="application/json")
self.assert200(rv)
self.assertEqual(expected.displayname, rv.json['displayname'])
user = User.query.filter_by(uuid=rv.json['id']).one()
self.assertEqual(SystemRole.student, user.system_role)
self.assertIsNone(user.password)
self.assertIsNone(user.username)
third_party_user = ThirdPartyUser.query \
.filter_by(
third_party_type=ThirdPartyType.cas,
unique_identifier="some_unique_identifier",
user_id=user.id
) \
.one_or_none()
self.assertIsNotNone(third_party_user)
with self.client.session_transaction() as sess:
self.assertTrue(sess.get('CAS_LOGIN'))
self.assertIsNone(sess.get('CAS_CREATE'))
self.assertIsNone(sess.get('CAS_UNIQUE_IDENTIFIER'))
self.assertIsNone(sess.get('oauth_create_user_link'))
def test_create_user(self):
url = '/api/users'
# test login required
expected = UserFactory.stub(system_role=SystemRole.student.value)
rv = self.client.post(url, data=json.dumps(expected.__dict__), content_type='application/json')
self.assert401(rv)
# test unauthorized user
with self.login(self.data.get_authorized_student().username):
expected = UserFactory.stub(system_role=SystemRole.student.value)
rv = self.client.post(
url, data=json.dumps(expected.__dict__), content_type='application/json')
self.assert403(rv)
with self.login(self.data.get_authorized_instructor().username):
expected = UserFactory.stub(system_role=SystemRole.student.value)
rv = self.client.post(
url, data=json.dumps(expected.__dict__), content_type='application/json')
self.assert403(rv)
# only system admins can create users
with self.login('root'):
# test duplicate username
expected = UserFactory.stub(
system_role=SystemRole.student.value,
username=self.data.get_authorized_student().username)
rv = self.client.post(
url, data=json.dumps(expected.__dict__), content_type='application/json')
self.assertStatus(rv, 409)
self.assertEqual("This username already exists. Please pick another.", rv.json['error'])
# test duplicate student number
expected = UserFactory.stub(
system_role=SystemRole.student.value,
student_number=self.data.get_authorized_student().student_number)
rv = self.client.post(url, data=json.dumps(expected.__dict__), content_type='application/json')
self.assertStatus(rv, 409)
self.assertEqual("This student number already exists. Please pick another.", rv.json['error'])
# test creating student
expected = UserFactory.stub(system_role=SystemRole.student.value)
rv = self.client.post(
url, data=json.dumps(expected.__dict__), content_type="application/json")
self.assert200(rv)
self.assertEqual(expected.displayname, rv.json['displayname'])
# test creating instructor
expected = UserFactory.stub(system_role=SystemRole.instructor.value)
rv = self.client.post(url, data=json.dumps(expected.__dict__), content_type="application/json")
self.assert200(rv)
self.assertEqual(expected.displayname, rv.json['displayname'])
# test creating admin
expected = UserFactory.stub(system_role=SystemRole.sys_admin.value)
rv = self.client.post(url, data=json.dumps(expected.__dict__), content_type="application/json")
self.assert200(rv)
self.assertEqual(expected.displayname, rv.json['displayname'])
def test_create_user_lti(self):
url = '/api/users'
lti_data = LTITestData()
# test login required when LTI and oauth_create_user_link are not present
expected = UserFactory.stub(system_role=SystemRole.student.value)
rv = self.client.post(url, data=json.dumps(expected.__dict__), content_type='application/json')
self.assert401(rv)
# Instructor - no context
with self.lti_launch(lti_data.get_consumer(), lti_data.generate_resource_link_id(),
user_id=lti_data.generate_user_id(), context_id=None,
roles="Instructor") as lti_response:
self.assert200(lti_response)
# test create instructor via lti session
expected = UserFactory.stub(system_role=None)
rv = self.client.post(url, data=json.dumps(expected.__dict__), content_type="application/json")
self.assert200(rv)
self.assertEqual(expected.displayname, rv.json['displayname'])
user = User.query.filter_by(uuid=rv.json['id']).one()
self.assertEqual(SystemRole.instructor, user.system_role)
self.assertIsNotNone(user.password)
self.assertEqual(expected.username, user.username)
# verify not enrolled in any course
self.assertEqual(len(user.user_courses), 0)
# Instructor - with context not linked
with self.lti_launch(lti_data.get_consumer(), lti_data.generate_resource_link_id(),
user_id=lti_data.generate_user_id(), context_id=lti_data.generate_context_id(),
roles="Instructor") as lti_response:
self.assert200(lti_response)
# test create instructor via lti session
expected = UserFactory.stub(system_role=None)
rv = self.client.post(url, data=json.dumps(expected.__dict__), content_type="application/json")
self.assert200(rv)
self.assertEqual(expected.displayname, rv.json['displayname'])
user = User.query.filter_by(uuid=rv.json['id']).one()
self.assertEqual(SystemRole.instructor, user.system_role)
self.assertIsNotNone(user.password)
self.assertEqual(expected.username, user.username)
# verify not enrolled in any course
self.assertEqual(len(user.user_courses), 0)
# Instructor - with context linked
with self.lti_launch(lti_data.get_consumer(), lti_data.generate_resource_link_id(),
user_id=lti_data.generate_user_id(), context_id=lti_data.generate_context_id(),
roles="Instructor") as lti_response:
self.assert200(lti_response)
lti_context = LTIContext.query.all()[-1]
course = self.data.create_course()
lti_context.compair_course_id = course.id
db.session.commit()
# test create instructor via lti session
expected = UserFactory.stub(system_role=None)
rv = self.client.post(url, data=json.dumps(expected.__dict__), content_type="application/json")
self.assert200(rv)
self.assertEqual(expected.displayname, rv.json['displayname'])
user = User.query.filter_by(uuid=rv.json['id']).one()
self.assertEqual(SystemRole.instructor, user.system_role)
self.assertIsNotNone(user.password)
self.assertEqual(expected.username, user.username)
# verify enrolled in course
self.assertEqual(len(user.user_courses), 1)
self.assertEqual(user.user_courses[0].course_id, course.id)
# test create student via lti session
with self.lti_launch(lti_data.get_consumer(), lti_data.generate_resource_link_id(),
user_id=lti_data.generate_user_id(), context_id=lti_data.generate_context_id(),
roles="Student") as lti_response:
self.assert200(lti_response)
expected = UserFactory.stub(system_role=None)
rv = self.client.post(url, data=json.dumps(expected.__dict__), content_type="application/json")
self.assert200(rv)
self.assertEqual(expected.displayname, rv.json['displayname'])
user = User.query.filter_by(uuid=rv.json['id']).one()
self.assertEqual(SystemRole.student, user.system_role)
self.assertIsNotNone(user.password)
self.assertEqual(expected.username, user.username)
# test create teaching assistant (student role) via lti session
with self.lti_launch(lti_data.get_consumer(), lti_data.generate_resource_link_id(),
user_id=lti_data.generate_user_id(), context_id=lti_data.generate_context_id(),
roles="TeachingAssistant") as lti_response:
self.assert200(lti_response)
expected = UserFactory.stub(system_role=None)
rv = self.client.post(url, data=json.dumps(expected.__dict__), content_type="application/json")
self.assert200(rv)
self.assertEqual(expected.displayname, rv.json['displayname'])
user = User.query.filter_by(uuid=rv.json['id']).one()
self.assertEqual(SystemRole.student, user.system_role)
self.assertIsNotNone(user.password)
self.assertEqual(expected.username, user.username)