public function testSimpleRegistrationActions()
{
self::log("Started");
//create a contest and its admin
$contestData = ContestsFactory::createContest(null, 1);
$contestAdmin = UserFactory::createUser();
ContestsFactory::addAdminUser($contestData, $contestAdmin);
//make it "registrable"
self::log("Udate contest to make it registrable");
$r1 = new Request();
$r1["contest_alias"] = $contestData["request"]["alias"];
$r1["contestant_must_register"] = true;
$r1["auth_token"] = $this->login($contestAdmin);
ContestController::apiUpdate($r1);
//some user asks for contest
$contestant = UserFactory::createUser();
$r2 = new Request();
$r2["contest_alias"] = $contestData["request"]["alias"];
$r2["auth_token"] = $this->login($contestant);
try {
$response = ContestController::apiDetails($r2);
$this->AssertFalse(true, "User gained access to contest even though its registration needed.");
} catch (ForbiddenAccessException $fae) {
// Expected. Continue.
}
self::log("user registers, into contest");
ContestController::apiRegisterForContest($r2);
//admin lists registrations
$r3 = new Request();
$r3["contest_alias"] = $contestData["request"]["alias"];
$r3["auth_token"] = $this->login($contestAdmin);
$result = ContestController::apiRequests($r3);
$this->assertEquals(sizeof($result["users"]), 1);
self::log("amin rejects registration");
$r3["username"] = $contestant->username;
$r3["resolution"] = false;
ContestController::apiArbitrateRequest($r3);
//ask for details again, this should fail again
$r2 = new Request();
$r2["contest_alias"] = $contestData["request"]["alias"];
$r2["auth_token"] = $this->login($contestant);
try {
$response = ContestController::apiDetails($r2);
$this->AssertFalse(true);
} catch (ForbiddenAccessException $fae) {
// Expected. Continue.
}
//admin admits user
$r3["username"] = $contestant->username;
$r3["resolution"] = true;
ContestController::apiArbitrateRequest($r3);
//user can now submit to contest
$r2 = new Request();
$r2["contest_alias"] = $contestData["request"]["alias"];
$r2["auth_token"] = $this->login($contestant);
// Explicitly join contest
ContestController::apiOpen($r2);
ContestController::apiDetails($r2);
}
public function testContestActivityReport()
{
// Get a contest
$contestData = ContestsFactory::createContest();
$user = UserFactory::createUser();
ContestsFactory::openContest($contestData, $user);
ContestController::apiDetails(new Request(array('contest_alias' => $contestData['request']['alias'], 'auth_token' => $this->login($user))));
// Call API
$response = ContestController::apiActivityReport(new Request(array('contest_alias' => $contestData['request']['alias'], 'auth_token' => $this->login($contestData['director']))));
// Check that we have entries in the log.
$this->assertEquals(1, count($response['events']));
$this->assertEquals($user->username, $response['events'][0]['username']);
$this->assertEquals(0, $response['events'][0]['ip']);
$this->assertEquals('open', $response['events'][0]['event']['name']);
}
public static function openContest($contestData, $user)
{
// Create an empty request
$r = new Request();
// Log in as contest director
$r["auth_token"] = OmegaupTestCase::login($user);
// Prepare our request
$r["contest_alias"] = $contestData["request"]["alias"];
// Call api
ContestController::apiDetails($r);
unset($_REQUEST);
}
/**
* Check that user in private list can view private contest
*/
public function testNoPrivilegeEscalationOccurs()
{
// Get a contest
$contestData = ContestsFactory::createContest(null, 0);
// Get some problems into the contest
$numOfProblems = 3;
$problems = $this->insertProblemsInContest($contestData, $numOfProblems);
// Get a user for our scenario
$contestant = UserFactory::createUser();
// Prepare our request
$r = new Request(array('auth_token' => $this->login($contestant), 'contest_alias' => $contestData['request']['alias']));
// Call api. This should fail.
try {
ContestController::apiDetails($r);
$this->assertTrue(false, 'User with no access could see the contest');
} catch (ForbiddenAccessException $e) {
// Pass
}
// Get details from a problem in that contest. This should also fail.
try {
$problem_request = new Request(array('auth_token' => $this->login($contestant), 'contest_alias' => $contestData['request']['alias'], 'problem_alias' => $problems[0]['request']['alias']));
ProblemController::apiDetails($problem_request);
$this->assertTrue(false, 'User with no access could see the problem');
} catch (ForbiddenAccessException $e) {
// Pass
}
// Call api again. This should (still) fail.
try {
$response = ContestController::apiDetails($r);
$this->assertTrue(false, 'User with no access could see the contest');
} catch (ForbiddenAccessException $e) {
// Pass
}
}
/**
* Tests that user can get contest details with the scoreboard token
*/
public function testDetailsNoLoginUsingToken()
{
// Get a private contest
$contestData = ContestsFactory::createContest(null, 0);
// Get the scoreboard url by using the MyList api being the
// contest director
$response = ContestController::apiMyList(new Request(array("auth_token" => $this->login($contestData["director"]))));
// Look for our contest from the list and save the scoreboard tokens
$scoreboard_url = null;
$scoreboard_admin_url = null;
foreach ($response["results"] as $c) {
if ($c["alias"] === $contestData["request"]["alias"]) {
$scoreboard_url = $c["scoreboard_url"];
$scoreboard_admin_url = $c["scoreboard_url_admin"];
break;
}
}
$this->assertNotNull($scoreboard_url);
$this->assertNotNull($scoreboard_admin_url);
// Call details using token
$detailsResponse = ContestController::apiDetails(new Request(array("contest_alias" => $contestData["request"]["alias"], "token" => $scoreboard_url)));
$this->assertContestDetails($contestData, array(), $detailsResponse);
// Call details using admin token
$detailsResponse = ContestController::apiDetails(new Request(array("contest_alias" => $contestData["request"]["alias"], "token" => $scoreboard_admin_url)));
$this->assertContestDetails($contestData, array(), $detailsResponse);
}
