autolab · zyx-billy · Apr 18, 2018 · Feb 11, 2017 · Feb 11, 2017 · Feb 11, 2017
diff --git a/.travis.yml b/.travis.yml
@@ -21,7 +21,7 @@ before_script:
 - RAILS_ENV=test bundle exec rake autolab:populate
 script:
 - RAILS_ENV=test CODECLIMATE_REPO_TOKEN=d37a8b9e09642cb73cfcf4ecfb4115fc3d6a55a7714110187ac59856ae4ab5ad
-  bundle exec rspec ./spec/features/
+  bundle exec rspec ./spec/features/ ./spec/api/v1/
 notifications:
   slack:
     secure: GXcycaSBFaOYI6Ge0vhqCYK1xxixwjASOMkV2bkfE6PNIGkDEEQdTpOkohPGoKuz2W9KCGrXC38sbu4npMtonz0/sISydG+g7V33XkLqPaW8oUcdYhwJyBUEB/Ds17U/FJ4IhT9oOrhl17Sm0rm92Mhu6O2eeZYAclGqJgZNLvg=
diff --git a/Gemfile b/Gemfile
@@ -58,6 +58,12 @@ gem 'omniauth-facebook', '>=2.0.0'
 gem 'omniauth-google-oauth2', '>=0.2.5'
 gem 'omniauth-shibboleth', '>=1.1.2'
 
+# Autolab API OAuth Service
+gem 'doorkeeper'
+
+# For block and throttling abusive requests
+gem 'rack-attack'
+
 # Adds It also adds f.error_messages and f.error_message_on to form builders
 gem 'dynamic_form'
 
@@ -73,6 +79,7 @@ gem 'rack-test'
 gem 'capybara', group: [:development, :test]
 gem 'factory_girl_rails', group: [:development, :test]
 gem 'database_cleaner', group: [:development, :test]
+gem 'webmock', group: [:development, :test]
 gem 'codeclimate-test-reporter', group: :test, require: nil
 gem 'newrelic_rpm'
 

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -80,6 +80,8 @@ GEM
       execjs
     coffee-script-source (1.12.2)
     concurrent-ruby (1.0.4)
+    crack (0.4.3)
+      safe_yaml (~> 1.0.0)
     daemons (1.2.4)
     database_cleaner (1.5.3)
     debug_inspector (0.0.2)
@@ -92,6 +94,8 @@ GEM
       warden (~> 1.2.3)
     diff-lcs (1.2.5)
     docile (1.1.5)
+    doorkeeper (4.2.0)
+      railties (>= 4.2)
     dynamic_form (1.1.4)
     erubis (2.7.0)
     eventmachine (1.2.1)
@@ -108,6 +112,7 @@ GEM
       multipart-post (>= 1.2, < 3)
     globalid (0.3.7)
       activesupport (>= 4.1.0)
+    hashdiff (0.3.4)
     hashery (2.1.2)
     hashie (3.4.6)
     httparty (0.14.0)
@@ -187,6 +192,8 @@ GEM
       ttfunk (~> 1.0.3)
     public_suffix (2.0.5)
     rack (1.6.5)
+    rack-attack (5.0.1)
+      rack
     rack-ssl-enforcer (0.2.9)
     rack-test (0.6.3)
       rack (>= 1.0)
@@ -246,6 +253,7 @@ GEM
     ruby-progressbar (1.8.1)
     ruby-rc4 (0.1.5)
     rubyzip (1.2.0)
+    safe_yaml (1.0.4)
     sass (3.4.23)
     sass-rails (5.0.6)
       railties (>= 4.0.0, < 6)
@@ -293,6 +301,10 @@ GEM
     unicode-display_width (1.1.2)
     warden (1.2.6)
       rack (>= 1.0)
+    webmock (3.0.1)
+      addressable (>= 2.3.6)
+      crack (>= 0.3.2)
+      hashdiff
     xpath (2.0.0)
       nokogiri (~> 1.3)
     yard (0.9.8)
@@ -312,6 +324,7 @@ DEPENDENCIES
   coffee-rails (>= 4.0.0)
   database_cleaner
   devise (= 3.4.0)
+  doorkeeper
   dynamic_form
   exception_notification (>= 4.1.0)
   factory_girl_rails
@@ -330,6 +343,7 @@ DEPENDENCIES
   omniauth-shibboleth (>= 1.1.2)
   populator (>= 1.0.0)
   prawn (= 0.13.0)
+  rack-attack
   rack-ssl-enforcer
   rack-test
   rails (= 4.2.1)
@@ -347,6 +361,7 @@ DEPENDENCIES
   thin
   turbolinks
   uglifier (>= 1.3.0)
+  webmock
   yard
 
 BUNDLED WITH

diff --git a/app/assets/stylesheets/style.css.scss b/app/assets/stylesheets/style.css.scss
@@ -414,12 +414,17 @@ div#footer .right {
   padding-top: 14px;
 }
 
-div#footer a {
+div#footer a,
+div#footer span.site_version {
   display: inline-block;
   padding: 12px;
   color: #666;
 }
 
+div#footer span.site_version {
+  float: right;
+}
+
 div#footer div.fb-like.fb_iframe_widget {
   vertical-align: top;
   margin-left: 8px;

diff --git a/app/controllers/api/v1/assessments_controller.rb b/app/controllers/api/v1/assessments_controller.rb
@@ -0,0 +1,189 @@
+class Api::V1::AssessmentsController < Api::V1::BaseApiController
+
+  include AssessmentHandinCore
+  include AssessmentAutogradeCore
+
+  before_action -> {require_privilege :user_courses}, only: [:index, :problems, :writeup, :handout]
+  before_action -> {require_privilege :user_submit}, only: [:submit]
+
+  before_action :set_assessment, except: [:index]
+
+  def index
+    asmts = @course.assessments.ordered
+    allowed = [:name, :display_name, :start_at, :due_at, :end_at, :category_name]
+    if @cud.student?
+      asmts = asmts.released
+    else
+      allowed += [:grading_deadline]
+    end
+
+    respond_with asmts, only: allowed
+  end
+
+  def show
+    allowed = [:name, :display_name, :description, :start_at, :due_at, :end_at, :updated_at, :max_grace_days, :max_submissions,
+      :disable_handins, :category_name, :group_size, :writeup_format, :handout_format, :has_scoreboard, :has_autograder]
+    if not @cud.student?
+      allowed += [:grading_deadline]
+    end
+
+    result = @assessment.attributes.symbolize_keys
+    result.merge!(:has_scoreboard => @assessment.has_scoreboard?)
+    result.merge!(:has_autograder => @assessment.has_autograder?)
+    if @assessment.writeup_is_file?
+      result.merge!(:writeup_format => "file")
+    elsif @assessment.writeup_is_url?
+      result.merge!(:writeup_format => "url")
+    else
+      result.merge!(:writeup_format => "none")
+    end
+    if @assessment.overwrites_method?(:handout) or @assessment.handout_is_file?
+      result.merge!(:handout_format => "file")
+    elsif @assessment.handout_is_url?
+      result.merge!(:handout_format => "url")
+    else
+      result.merge!(:handout_format => "none")
+    end
+
+    respond_with result, only: allowed
+  end
+
+  # endpoint for obtaining details about all problems of an assessment
+  def problems
+    problems = @assessment.problems
+
+    respond_with problems, only: [:name, :description, :max_score, :optional]
+  end
+
+  # endpoint for obtaining the writeup
+  def writeup
+    if @assessment.writeup_is_url?
+      respond_with_hash({:url => @assessment.writeup}) and return
+    end
+
+    if @assessment.writeup_is_file?
+      filename = @assessment.writeup_path
+      send_file(filename,
+                disposition: "inline",
+                file: File.basename(filename))
+      return
+    end
+
+    respond_with_hash({:writeup => "none"})
+  end
+
+  # endpoint for obtaining the handout
+  def handout
+    extend_config_module(@assessment, nil, @cud)
+
+    if @assessment.overwrites_method?(:handout)
+      hash = @assessment.config_module.handout
+      send_file(hash["fullpath"],
+                disposition: "inline",
+                filename: hash["filename"])
+      return
+    end
+
+    if @assessment.handout_is_url?
+      respond_with_hash({:url => @assessment.handout}) and return
+    end
+
+    if @assessment.handout_is_file?
+      filename = @assessment.handout_path
+      send_file(filename,
+                disposition: "inline",
+                file: File.basename(filename))
+      return
+    end
+
+    respond_with_hash({:handout => "none"})
+  end
+
+  # endpoint for submitting to assessments
+  # Does not support embedded quizzes.
+  # Potential Errors:
+  #   Submission Rejected:
+  #   - Assessment is an embedded quiz
+  #   - Handins disabled
+  #   - Submitting late without submit-late flag
+  #   - Past assessment end time
+  #   - Before assessment start time
+  #   - Exceeded max submission count
+  #   - Exceeded max handin file size
+  #   - Submission was blank
+  #   - Submission failed file type check
+  #   - Cannot submit until all group members confirm their group membership
+  #   - A member of your group has reached the submission limit for this assessment
+  #   Autograding Failed:
+  #   - No autograding properties
+  #   - Error submitting job
+  #   - Error uploading submission file
+  #   - Submission rejected by autograder
+  #   - One or more files in the Autograder module don't exist.
+  #   - Encountered unexpected exception
+  def submit
+    if @assessment.embedded_quiz
+      raise ApiError.new("Assessment is an embedded quiz", :bad_request)
+    end
+
+    if not params.has_key?(:submission)
+      raise ApiError.new("Required parameter 'submission' not found", :bad_request)
+    end
+
+    if not params[:submission].has_key?("file")
+      raise ApiError.new("Required parameter 'submission['file']' not found", :bad_request)
+    end
+
+    # validate Handin
+    validity = validateHandin(params[:submission]["file"].size,
+                              params[:submission]["file"].content_type,
+                              params[:submission]["file"].original_filename)
+    case validity
+    when :valid
+    when :handin_disabled
+      raise ApiError.new("Handins for this assessment is disabled", :forbidden)
+    when :submission_empty
+      raise ApiError.new("Submission was blank", :forbidden)
+    when :file_too_large
+      msg = "Submission is larger than the max allowed " \
+            "size (#{@assessment.max_size} MB) - please remove any " \
+            "unnecessary logfiles and binaries."
+      raise ApiError.new(msg, :forbidden)
+    when :fail_type_check
+      raise ApiError.new("Submission failed Filetype Check", :forbidden)
+    else
+      raise ApiError.new("Unexpected error during handin validation", :forbidden)
+    end
+
+    group_validity = validateHandinForGroups()
+    case group_validity
+    when :valid
+    when :awaiting_member_confirmation
+      raise ApiError.new("Submission not allowed until all group members confirm their group membership", :forbidden)
+    when :group_submission_limit_exceeded
+      raise ApiError.new("A member of your group has reached the submission limit for this assessment", :forbidden)
+    else
+      raise ApiError.new("Unexpected error during handin validation for groups", :forbidden)
+    end
+
+    # attempt to save the submission
+    begin
+      submissions = saveHandin(params[:submission], current_app.id)
+    rescue StandardError => e
+      # TODO: log error
+      raise ApiError.new("Unexpected error during submission handin.\nDetails: #{e.message}", :internal_server_error)
+    end
+
+    # autograde the submission
+    if @assessment.has_autograder?
+      begin
+        sendJob(@course, @assessment, submissions, @cud)
+      rescue AssessmentAutogradeCore::AutogradeError => e
+        raise ApiError.new("Submission accepted, but autograding failed: " + e.message, :internal_server_error)
+      end
+    end
+
+    respond_with_hash({version: submissions[0].version, filename: submissions[0].filename})
+  end
+
+end