def test_valid_credentials(self): """ If username and password credentials match that of a registered user, the user's authentication token, mystery hash and http_200_ok are returned in the response. """ time = datetime.datetime.now() time = time + datetime.timedelta(days=1) with self.settings(START_DATETIME=time.strftime("%d/%m/%Y %H:%M:%S")): # test case setup token = Token.objects.get(user__username='******') data = {'username': "******", 'password': "******"} # sends login request response = self.client.post(reverse('authentication:token'), data) # run test # proper status code test self.assertEqual(response.status_code, 200) # user token test self.assertEqual(response.data['token'], token.key) # custom login view test if self.custom: self.assertEqual(response.data['release'], get_current_release())
def post(self, request, *args, **kwargs): try: # checks if user credentials are correct username = request.data['username'] password = request.data['password'] user = authenticate(username=username, password=password) if user is not None: # successfully authenticated token, created = Token.objects.get_or_create(user=user) release = floor(get_current_release()) # mystery = Instance.objects.get(group=user.group).mystery.hash return Response({ 'token': token.key, 'release': release, 'is_ta': user.is_ta # 'mystery': mystery }, status=status.HTTP_200_OK) else: # authentication failed return Response(status=status.HTTP_400_BAD_REQUEST) except AttributeError: return Response(status=status.HTTP_400_BAD_REQUEST) except KeyError: return Response(status=status.HTTP_400_BAD_REQUEST) except ObjectDoesNotExist: return Response(status=status.HTTP_400_BAD_REQUEST)
def get(self, request, release): """ Returns a list of comments from the users instance and specified release. :param release: a release id, passed in the url. """ try: instance = request.user.group.instance.all()[0].id commented = Comment.objects.filter(instance=instance, release=release, owner=request.user.id).exists() current_release = get_current_release() # checks if user has commented on the current release if commented or int(release) < current_release: comments = Comment.objects.filter(instance=instance, release=release) serializer = CommentSerializer(comments, many=True) return Response(serializer.data, status=status.HTTP_200_OK) else: # if requested release has not yet been reached # if int(release) > current_release: # return Response(status=status.HTTP_400_BAD_REQUEST) return Response(status=status.HTTP_403_FORBIDDEN) except AttributeError: # catches if an attribute does not exist return Response(status=status.HTTP_400_BAD_REQUEST) except ObjectDoesNotExist: # catches if an object (instance) does not exist return Response(status=status.HTTP_400_BAD_REQUEST)
def get(self, request, format=None): current_week = get_current_release() # now releases are contricted in 1-3 if (current_week % 3) == 0: current_week = 3 elif current_week % 3 == 1: current_week = 1 elif current_week % 3 == 2: current_week = 2 # we need to work on implenting which order of mysteries to release in which order # for time being it is this particular mystery object mystery_name = Mystery.objects.get(pk=1) mystery_ob = Release.objects.get(pk=current_week) # Need to implement a method to assign mysteries to groups in a list format # so we can figure which mysteries to release in which order # later implement a method to organize all 1-9 releases for a student so we can # easily navigate between next, previous releases/weeks # also need to create a python file which well read all text files and create # release objects extracting the clue/answer text and putting it in the db # not currently storing images in db so we must use a path in front end path_image = "assets/anthro-virtual-mysteries/Archaeology-demo/" #path_clue = "assets/anthro-virtual-mysteries/Archaeology-demo/" path_clue = mystery_ob.clue #path_answer = "assets/anthro-virtual-mysteries/Archaeology-demo/" path_answer = mystery_ob.answer path_image += str(mystery_name.name) + "/Release" +str(current_week) +"/image1.jpg" #path_clue += str(request.user.group.mystery1) + "/Release" +str(current_week)+"/clue.txt" #path_answer += str(request.user.group.mystery1) + "/Release" +str(current_week)+ "/ans.txt" #Release.objects.filter(mystery=users_mystery, release=required_release) return Response({ 'user': str(request.user), 'mystery': str(mystery_name.name), 'image': path_image, 'clue': path_clue, 'answer': path_answer, }, status=status.HTTP_200_OK)
def test_valid_logout(self): """ If the authentication credential (token) matches that of a registered user, the user's authentication token is deleted and http_200_ok is returned in the response. """ time = datetime.datetime.now() time = time + datetime.timedelta(days=1) with self.settings(START_DATETIME=time.strftime("%d/%m/%Y %H:%M:%S")): # test case setup token1 = Token.objects.get(user__username='******') data = {'username': "******", 'password': "******"} # sends login request response = self.client.post(reverse('authentication:token'), data) # login test # proper status code test self.assertEqual(response.status_code, 200) # user token test self.assertEqual(response.data['token'], token1.key) # custom login view test if self.custom: self.assertEqual(response.data['release'], get_current_release()) # auth header header = {'HTTP_AUTHORIZATION': 'Token {}'.format(token1.key)} # send logout request response = self.client.get(reverse('authentication:logout'), {}, **header) # logout test # proper status code test self.assertEqual(response.status_code, 200) # sends login request response = self.client.post(reverse('authentication:token'), data) # login test # proper status code test self.assertEqual(response.status_code, 200) # get new token token2 = Token.objects.get(user__username='******') # user token test self.assertNotEqual(token2.key, token1.key)
def get(self, request): try: results = Result.objects.get(comment__owner=request.user, comment__release=get_current_release()) serializer = ResultSerializer(results) return Response(serializer.data, status=status.HTTP_200_OK) except AttributeError: # catches if an attribute does not exist return Response(status=status.HTTP_400_BAD_REQUEST) except ObjectDoesNotExist: # catches if an object (instance) does not exist return Response(status=status.HTTP_400_BAD_REQUEST)
def post(self, request, *args, **kwargs): username = '' try: # checks if user credentials are correct username = request.data['username'] password = request.data['password'] user = authenticate(username=username, password=password) if user is not None: # successfully authenticated token, created = Token.objects.get_or_create(user=user) # get current release info release_info = get_current_release() # log successful login activityLogger.info(f'Login: User "{username}" logged in.') return Response( { 'token': token.key, 'release': release_info[0], 'mark': release_info[1], 'mystery_end': release_info[2], 'is_ta': user.is_ta }, status=status.HTTP_200_OK) else: # authentication failed activityLogger.error( f'Failed login: User "{username}" failed authentication.') return Response(status=status.HTTP_400_BAD_REQUEST) except AttributeError: debugLogger.exception(f'User "{username}" login failed.', exc_info=True) return Response(status=status.HTTP_400_BAD_REQUEST) except KeyError: debugLogger.exception(f'User "{username}" login failed.', exc_info=True) return Response(status=status.HTTP_400_BAD_REQUEST) except ObjectDoesNotExist: debugLogger.exception(f'User "{username}" login failed.', exc_info=True) return Response(status=status.HTTP_400_BAD_REQUEST)
def get(self, request, groupId): try: current_release = get_current_release()[0] # checks if mystery has reached start date if current_release > 0 and request.user.is_ta: mystery = Instance.objects.get(group__id=groupId).mystery # releases for mystery <= current_release releases = Release.objects.filter(mystery=mystery.id) serializer = ArtifactSerializerTA(releases, many=True) return Response(serializer.data, status=status.HTTP_200_OK) else: return Response(status=status.HTTP_400_BAD_REQUEST) except AttributeError: return Response(status=status.HTTP_400_BAD_REQUEST) except KeyError: return Response(status=status.HTTP_400_BAD_REQUEST) except ObjectDoesNotExist: return Response(status=status.HTTP_400_BAD_REQUEST)
def get(self, request, release): """ Returns artifact information for a specific release. :param release: a release id, passed in the url. """ try: current_release = get_current_release()[0] # checks if requested release has been reached if int(release) <= current_release: mystery = Instance.objects.get(group=request.user.group) \ .mystery release_info = Release.objects.get(mystery=mystery.id, number=release) serializer = ArtifactSerializer(release_info) return Response(serializer.data, status=status.HTTP_200_OK) else: # release not reached or dne return Response(status=status.HTTP_400_BAD_REQUEST) except AttributeError: return Response(status=status.HTTP_400_BAD_REQUEST) except ObjectDoesNotExist: return Response(status=status.HTTP_400_BAD_REQUEST)
def get(self, request): try: current_release = get_current_release() # checks if mystery has reached start date if current_release > 0: mystery = Instance.objects.get(group=request.user.group)\ .mystery # releases for mystery <= current_release releases = Release.objects.filter(mystery=mystery.id, number__lte=current_release) serializer = ReleaseSerializer(releases, many=True, context={'request': request}) return Response(serializer.data, status=status.HTTP_200_OK) else: return Response(status=status.HTTP_400_BAD_REQUEST) except AttributeError: return Response(status=status.HTTP_400_BAD_REQUEST) except KeyError: return Response(status=status.HTTP_400_BAD_REQUEST) except ObjectDoesNotExist: return Response(status=status.HTTP_400_BAD_REQUEST)
def post(self, request): """ Creates a comment through info submitted in a post request. """ try: instance = request.user.group.instance.all()[0].id release = get_current_release() commented = Comment.objects.filter(instance=instance, release=release, owner=request.user.id).exists() # checks if mystery start date has been reached if release > 0: # checks if user has already commented if not commented: # (.copy returns a mutable QueryDict object) data = request.data.copy() data['owner'] = request.user.id data['instance'] = instance data['release'] = release serializer = CommentSerializer(data=data) if serializer.is_valid(): # creates comment serializer.save() return Response(status=status.HTTP_201_CREATED) return Response(status=status.HTTP_400_BAD_REQUEST) else: return Response(status=status.HTTP_403_FORBIDDEN) else: return Response(status=status.HTTP_400_BAD_REQUEST) except AttributeError: # catches if an attribute does not exist return Response(status=status.HTTP_400_BAD_REQUEST) except ObjectDoesNotExist: # catches if an object (instance) does not exist return Response(status=status.HTTP_400_BAD_REQUEST)
def post(self, request): """ Creates a comment through info submitted in a post request. """ username = '' data = {} try: instance = request.user.group.instance.all()[0].id release_info = get_current_release() commented = Comment.objects.filter(instance=instance, release=release_info[0], owner=request.user.id).exists() username = request.user.get_username() # checks if mystery start date has been reached if release_info[0] > 0: # checks if user has already commented if not commented and \ (not release_info[1] or not release_info[2]): # (.copy returns a mutable QueryDict object) data = request.data.copy() data['owner'] = request.user.id data['instance'] = instance data['release'] = release_info[0] # sanitize the input string data['text'] = sanitize_text(data, username) data['time'] = get_time_string() serializer = CommentSerializer(data=data) if serializer.is_valid(): # creates comment serializer.save() # log successful comment activityLogger.info( f'User comment ({username}): {data}') return Response(status=status.HTTP_201_CREATED) # otherwise, log the unsuccessful comment debugLogger.debug( f'Unsuccessful user comment ({username}): {data}') return Response(status=status.HTTP_400_BAD_REQUEST) else: # add updated response here debugLogger.info( f'User "{username}" tried to submit a ' f'comment when they should not be able to.') return Response(status=status.HTTP_403_FORBIDDEN) else: debugLogger.info(f'User "{username}" tried to submit a ' f'comment before mystery start date.') return Response(status=status.HTTP_400_BAD_REQUEST) except AttributeError: # catches if an attribute does not exist debugLogger.exception( f'User "{username}" comment create failed: {data}', exc_info=True) return Response(status=status.HTTP_400_BAD_REQUEST) except ObjectDoesNotExist: # catches if an object (instance) does not exist debugLogger.exception( f'User "{username}" comment create failed: {data}', exc_info=True) return Response(status=status.HTTP_400_BAD_REQUEST)