public function testSimpleRegistrationActions() { self::log("Started"); //create a contest and its admin $contestData = ContestsFactory::createContest(null, 1); $contestAdmin = UserFactory::createUser(); ContestsFactory::addAdminUser($contestData, $contestAdmin); //make it "registrable" self::log("Udate contest to make it registrable"); $r1 = new Request(); $r1["contest_alias"] = $contestData["request"]["alias"]; $r1["contestant_must_register"] = true; $r1["auth_token"] = $this->login($contestAdmin); ContestController::apiUpdate($r1); //some user asks for contest $contestant = UserFactory::createUser(); $r2 = new Request(); $r2["contest_alias"] = $contestData["request"]["alias"]; $r2["auth_token"] = $this->login($contestant); try { $response = ContestController::apiDetails($r2); $this->AssertFalse(true, "User gained access to contest even though its registration needed."); } catch (ForbiddenAccessException $fae) { // Expected. Continue. } self::log("user registers, into contest"); ContestController::apiRegisterForContest($r2); //admin lists registrations $r3 = new Request(); $r3["contest_alias"] = $contestData["request"]["alias"]; $r3["auth_token"] = $this->login($contestAdmin); $result = ContestController::apiRequests($r3); $this->assertEquals(sizeof($result["users"]), 1); self::log("amin rejects registration"); $r3["username"] = $contestant->username; $r3["resolution"] = false; ContestController::apiArbitrateRequest($r3); //ask for details again, this should fail again $r2 = new Request(); $r2["contest_alias"] = $contestData["request"]["alias"]; $r2["auth_token"] = $this->login($contestant); try { $response = ContestController::apiDetails($r2); $this->AssertFalse(true); } catch (ForbiddenAccessException $fae) { // Expected. Continue. } //admin admits user $r3["username"] = $contestant->username; $r3["resolution"] = true; ContestController::apiArbitrateRequest($r3); //user can now submit to contest $r2 = new Request(); $r2["contest_alias"] = $contestData["request"]["alias"]; $r2["auth_token"] = $this->login($contestant); // Explicitly join contest ContestController::apiOpen($r2); ContestController::apiDetails($r2); }
public function testContestActivityReport() { // Get a contest $contestData = ContestsFactory::createContest(); $user = UserFactory::createUser(); ContestsFactory::openContest($contestData, $user); ContestController::apiDetails(new Request(array('contest_alias' => $contestData['request']['alias'], 'auth_token' => $this->login($user)))); // Call API $response = ContestController::apiActivityReport(new Request(array('contest_alias' => $contestData['request']['alias'], 'auth_token' => $this->login($contestData['director'])))); // Check that we have entries in the log. $this->assertEquals(1, count($response['events'])); $this->assertEquals($user->username, $response['events'][0]['username']); $this->assertEquals(0, $response['events'][0]['ip']); $this->assertEquals('open', $response['events'][0]['event']['name']); }
public static function openContest($contestData, $user) { // Create an empty request $r = new Request(); // Log in as contest director $r["auth_token"] = OmegaupTestCase::login($user); // Prepare our request $r["contest_alias"] = $contestData["request"]["alias"]; // Call api ContestController::apiDetails($r); unset($_REQUEST); }
/** * Check that user in private list can view private contest */ public function testNoPrivilegeEscalationOccurs() { // Get a contest $contestData = ContestsFactory::createContest(null, 0); // Get some problems into the contest $numOfProblems = 3; $problems = $this->insertProblemsInContest($contestData, $numOfProblems); // Get a user for our scenario $contestant = UserFactory::createUser(); // Prepare our request $r = new Request(array('auth_token' => $this->login($contestant), 'contest_alias' => $contestData['request']['alias'])); // Call api. This should fail. try { ContestController::apiDetails($r); $this->assertTrue(false, 'User with no access could see the contest'); } catch (ForbiddenAccessException $e) { // Pass } // Get details from a problem in that contest. This should also fail. try { $problem_request = new Request(array('auth_token' => $this->login($contestant), 'contest_alias' => $contestData['request']['alias'], 'problem_alias' => $problems[0]['request']['alias'])); ProblemController::apiDetails($problem_request); $this->assertTrue(false, 'User with no access could see the problem'); } catch (ForbiddenAccessException $e) { // Pass } // Call api again. This should (still) fail. try { $response = ContestController::apiDetails($r); $this->assertTrue(false, 'User with no access could see the contest'); } catch (ForbiddenAccessException $e) { // Pass } }
/** * Tests that user can get contest details with the scoreboard token */ public function testDetailsNoLoginUsingToken() { // Get a private contest $contestData = ContestsFactory::createContest(null, 0); // Get the scoreboard url by using the MyList api being the // contest director $response = ContestController::apiMyList(new Request(array("auth_token" => $this->login($contestData["director"])))); // Look for our contest from the list and save the scoreboard tokens $scoreboard_url = null; $scoreboard_admin_url = null; foreach ($response["results"] as $c) { if ($c["alias"] === $contestData["request"]["alias"]) { $scoreboard_url = $c["scoreboard_url"]; $scoreboard_admin_url = $c["scoreboard_url_admin"]; break; } } $this->assertNotNull($scoreboard_url); $this->assertNotNull($scoreboard_admin_url); // Call details using token $detailsResponse = ContestController::apiDetails(new Request(array("contest_alias" => $contestData["request"]["alias"], "token" => $scoreboard_url))); $this->assertContestDetails($contestData, array(), $detailsResponse); // Call details using admin token $detailsResponse = ContestController::apiDetails(new Request(array("contest_alias" => $contestData["request"]["alias"], "token" => $scoreboard_admin_url))); $this->assertContestDetails($contestData, array(), $detailsResponse); }