From 8654e8e198bf8b7b23d5f765a4ce11bc36ba9821 Mon Sep 17 00:00:00 2001 From: Itay Shirizly Date: Tue, 6 Oct 2020 11:51:17 +0300 Subject: [PATCH 1/2] Changed RestErrors to status codes --- server/server/config.py | 36 +++++++++++++++++++----------------- 1 file changed, 19 insertions(+), 17 deletions(-) diff --git a/server/server/config.py b/server/server/config.py index 6e8e050..8432a16 100644 --- a/server/server/config.py +++ b/server/server/config.py @@ -25,25 +25,27 @@ class ValidatorsConfig: DATE_FORMAT = '%d/%m/%y' CHAT_FILE_EXT = [".txt"] STUDENTS_FILE_EXT = [".xls", ".xlsx", ".csv"] - + MAX_CLASSROOMS = 10 # Maximum classrooms per students + MAX_REPORTS = 7 # Max reports per classroom class RestErrors: - INVALID_ROUTE = "Route does't exist" - INVALID_CLASS = "Invalid class id" - INVALID_REPORT = "Invalid report id" - INVALID_STATUS = "Invalid status id" - USERNAME_TAKEN = "Username already taken" - EMAIL_TAKEN = "Email already taken" - ILLEGAL_USERNAME_CHARS = f'Username can\'t contain the following characthers: "{list(ValidatorsConfig.INVALID_USERNAME_CHARS)}"' - PASSWORD_TO_SHORT = f'Password to short, must be at least {ValidatorsConfig.MIN_PASSWORD_LEN} chars long' - PASSWORD_MUST_CONTAIN = 'Password must contain at least one lower case letter one upper case letter and a digit' - INVALID_TIME_DELTA = "Time delta must be an int represnting number of minutes" - INVALID_STUDENTS_FILE = "Students file must be one of the following formats: " + str(ValidatorsConfig.STUDENTS_FILE_EXT) - INVALID_CHAT_FILE = "Chat file must be one of the following formats: " + str(ValidatorsConfig.CHAT_FILE_EXT) - INVALID_CREDENTIALS = "Invalid credentials" - INVALID_TOKEN = "Token is invalid" - TOKEN_EXPIRED = "Token expired" - + INVALID_ROUTE = "route_doesn't_exists" + INVALID_CLASS = "invalid_class_id" + INVALID_REPORT = "invalid_report_id" + INVALID_STATUS = "invalid_status_id" + USERNAME_TAKEN = "username_taken" + EMAIL_TAKEN = "email_taken" + ILLEGAL_USERNAME_CHARS = 'username_contains_illegal_chars" + PASSWORD_TO_SHORT = 'passowrd_to_short' + PASSWORD_MUST_CONTAIN = "password_dosen't_contain_required_chars" + INVALID_TIME_DELTA = "invalid_time_delta" + INVALID_STUDENTS_FILE = "invalid_student_file" + INVALID_CHAT_FILE = "invalid_chat_file" + INVALID_CREDENTIALS = "credentials_invalid" + INVALID_TOKEN = "token_invalid" + TOKEN_EXPIRED = "token_expired" + MAX_REPORTS = "to_many_reports" + MAX_CLASSROOMS = "to_many_classrooms" class SerializeConfig: LOGIN_SALT = 'login' From 57ecd02469b0126908f347167cd8d088ae00eb87 Mon Sep 17 00:00:00 2001 From: Itay Shirizly Date: Tue, 6 Oct 2020 12:00:53 +0300 Subject: [PATCH 2/2] Added limits for number of classrooms and reports --- server/server/api/clasrooms.py | 5 ++++- server/server/api/reports.py | 6 +++++- server/server/config.py | 2 +- server/test.py | 14 -------------- 4 files changed, 10 insertions(+), 17 deletions(-) delete mode 100644 server/test.py diff --git a/server/server/api/clasrooms.py b/server/server/api/clasrooms.py index 8f7f7b2..76d2a5f 100644 --- a/server/server/api/clasrooms.py +++ b/server/server/api/clasrooms.py @@ -5,7 +5,7 @@ from server.parsing import parser from server.parsing.utils import create_students_df import pandas as pd -from server.config import RestErrors +from server.config import RestErrors, ValidatorsConfig from server.models.marshals import classrooms_list_fields, classroom_resource_fields @@ -34,6 +34,9 @@ def get(self, class_id=None): def post(self, class_id=None): if class_id: abort(404, message=RestErrors.INVALID_ROUTE) + if len(auth.current_user().classrooms) >= ValidatorsConfig.MAX_CLASSROOMS: + abort(400, message=RestErrors.MAX_CLASSROOMS) + args = self._post_args.parse_args() filename, stream = args['students_file'].filename.replace('"', ""), args['students_file'].stream #TODO: replace here because of postman post request students_df = create_students_df(filename, stream) diff --git a/server/server/api/reports.py b/server/server/api/reports.py index e471851..b5d1103 100644 --- a/server/server/api/reports.py +++ b/server/server/api/reports.py @@ -7,7 +7,7 @@ from server.models.orm import StudentModel, ClassroomModel, ReportModel, SessionModel, ZoomNamesModel, StudentStatus from server.parsing.utils import create_chat_df from server.api.utils import validate_classroom -from server.config import RestErrors +from server.config import RestErrors, ValidatorsConfig from server.models.marshals import student_status_field, reports_list_fields @@ -35,6 +35,10 @@ def get(self, class_id, report_id=None): def post(self, class_id, report_id=None): if report_id: abort(404, message=RestErrors.INVALID_REPORT) + + if len(ReportModel.query.filter_by(class_id=class_id).all()) >= ValidatorsConfig.MAX_REPORTS: + abort(400, message=RestErrors.MAX_REPORTS) + args = self._post_args.parse_args() students_df = pd.read_sql(StudentModel.query.filter_by(class_id=class_id).statement, con=db.engine) diff --git a/server/server/config.py b/server/server/config.py index 8432a16..60b3ccd 100644 --- a/server/server/config.py +++ b/server/server/config.py @@ -35,7 +35,7 @@ class RestErrors: INVALID_STATUS = "invalid_status_id" USERNAME_TAKEN = "username_taken" EMAIL_TAKEN = "email_taken" - ILLEGAL_USERNAME_CHARS = 'username_contains_illegal_chars" + ILLEGAL_USERNAME_CHARS = "username_contains_illegal_chars" PASSWORD_TO_SHORT = 'passowrd_to_short' PASSWORD_MUST_CONTAIN = "password_dosen't_contain_required_chars" INVALID_TIME_DELTA = "invalid_time_delta" diff --git a/server/test.py b/server/test.py deleted file mode 100644 index b47f428..0000000 --- a/server/test.py +++ /dev/null @@ -1,14 +0,0 @@ -import requests - -auth = { - "username": 'a', - "password": 'TEST1234', - "email": "abc@gmail.com" -} - -BASE_URL = "http://127.0.0.1:5000/api/" - -print(requests.post(BASE_URL + 'register', auth).json()) -print(requests.get(BASE_URL + 'classrooms', auth=(auth['username'], auth['password'])).json()) -print(requests.get(BASE_URL + 'classrooms')) -print(requests.get(BASE_URL + 'classrooms/1', auth=(auth['username'], auth['password'])).json())