Expertiza_Wiki - User contributions [en]

CSC/ECE 517 Fall 2016/E1690 Improvements to password recovery and repeated login failures

2016-12-02T20:38:42Z

Vdatla: /* Password Reset */

==E1690 Improvements to password recovery and repeated login failures==

This wiki page is for the description of changes made under E1690 FinalProject for Fall 2016, CSC/ECE 517.

__TOC__

===Background===

Expertiza is an Open Source web application developed on Ruby On Rails platform. It is a platform which allows students to access assignments posted by the course instructor. Expertiza also allows students to select assignment topics, form teams and submit their work. It also allows them to review other students' submissions and improve their work based on the feedback provided. The instructor can look at the feedback provided by students and rate the student based on feedback provided for others work.
It helps organize and upload assignments and reducing the manual review process and helps students provide a peer feedback and also learn from reviewed work. Teams can be chosen by the student or can be assigned automatically based on a priority list inputted alongside each topic available for the assignment.

===Project Description===

Our final project consists of two cases of the password recovery process. Use case 1, Currently, when a user forgets his/her password and wants to reset the password, Expertiza system randomly generates a new password and sends the password as plain text in a email. It is normally considered as a bad practice to send passwords as paint text. We are replacing this practice by sending a reset password link that expires after a certain amount of time. Use case 2 deals with when a user enters wrong credentials. Currently, the login page simply shows an error. Irrespective of the number of times that a user enters wrong login credentials, the system produces a general error message. We are going to be replacing this system by using the alternative 2, using a captcha to verify that the user is indeed a human and not a bot trying to run a brute force attack on the system. This will add the needed layer of security and should serve as a great solution. Below are more details of our implementation.

===Files Created/Modified===
As a part of the project the files mentioned below were the ones, created/modified as needed.
* auth_controller.rb
* password_retrieval_controller.rb
* password_reset.rb (model)
* reset_password.html.erb (view)

===Implementation===
We have implemented the new password recovery system by sending a reset password link to the user's email. This link will be comprised of a generated path to a newly created view for resetting the password with a uniquely randomly generated token. This parameter will be a string attribute of a new model reset_password. This link will expire after a given amount of time. Using logic to compare the createdAt timestamp as well as the current time, the application would decide if the token is expired or not.

We are also implementing a backoff system that will require the user to complete a smart captcha after 3 failed attempts. This smart captcha will be generated through Recaptcha gem and the user will then be redirected to the login page after successfully changing the password. This will ensure that the system is not vulnerable to Brute Force attacks as well as bots.

==Password Reset==

===Model Schema===
Model: password_reset.rb

Attributes
*-id(autogenerated) -integer
*-unique_tokenhash -String
*-createdAt (autogenerated) -timestamp
*-user_email -string

'''Model Details'''

When the user clicks on reset password, it will redirect to a view that has an input to enter the email address of the user. Reset password button will generate a random token (Long string) which will be hashed and saved in the database of the model reset_password. An expiration date will be generated and saved along with the user_id by looking up the user table using email id. The unhashed Token value will be appended on the url emailed to the user for the password reset page.

www.expertiza.com/password_edit/check_reset_url?token=ZB71yObR-Tdssg-@#%

On clicking the url, the link will take you to password_retrieval_controller that will direct you to a reset page. Before redirecting , the controller checks the parameters in the link (username and token) and makes sure that token username pair exists and not expired. Token from the params will be hashed again and checked with the DB. This prevents an attacker who has read access to the database from making a token for some other user, reading the value that was sent in the email, then sending the same value himself. Once the controller completes all the necessary checks, it will redirect to a reset password page for that specific user (based on the user_id / username)

Each Email Address can have only one active token saved in the database. Every time a new token is generated, it will replace the existing one which ensures that only one reset link is available. Also, this will make sure that DB content of password_reset can never exceed the number of users registered in the application. This eliminates the need to clear out expired Tokens.

[[File:Capture password reset.JPG]]

==Captcha==

The project will be using ReCAPTCHA gem. ReCAPTCHA is a free service from Google that helps protect websites from spam and abuse. A “CAPTCHA” is a test to tell humans and robot apart. This kind of service is important for websites or web applications with lots of user generated content. The test is easy for a human to solve, but hard for bots and other malicious software to figure out.

After 3 failed Login attempts, a captcha would appear to make sure that a bot or a malicious software is not trying to attempt login using brute force.

[[File:Captcha.png]]

==== Gem File ====
Adding this line to the Gem file allows us to have access to the recaptcha gem.

<pre>gem "recaptcha", require: "recaptcha/rails"</pre>

==== Backoff System ====
In Auth Controller we added the following code. The variable @@attempts acts as a counter to track the amount of invalid login attempts a user makes. By utilizing the existing login code we were able to place the increment code. Once the attempts variable is greater than or equal to 3 we then force the user to use the recaptcha question in addition to their correct logic credentials. Once the new requirements to login are satisfied the user is redirected to the password retrieval, otherwise they are redirected to the root screen with the captcha question.
<pre>
@@attemps = 0

def login
if request.get?
AuthController.clear_session(session)
else
user = User.find_by_login(params[:login][:name])
if user and user.valid_password?(params[:login][:password])
after_login(user)
else

@@attemps = @@attemps + 1
logger.warn "Failed login attempt."
flash[:error] = "Your username or password is incorrect."
if @@attemps >= 3 ##User entered invalid login credentials at least 3 times
if verify_recaptcha(model: @user)
@@attemps = 0
redirect_to controller: 'password_retrieval', action: 'forgotten'
end

else
redirect_to root_path

end

end
end
end # def login

</pre>

==Testing==

To run the Rspecs test cases:
rspec path_to_expertiza/spec/controllers/password_retrieval_controller_spec.rb

To test from UI:
i) Enter the wrong password on login page three consecutive times, you will shown with Google Captcha for the fourth attempt.
ii) On entering the password, wrong the fourth time you will be redirected to "forgot password" page.
It can also be reached by clicking "forgot password" page on login page.
iii) Enter the email Id, for which new password has to be set. On clicking "Request password" you will get a mail with password reset link.
iv) Clicking on the password reset link, you will be redirected to password reset page where you can set your new password.

Here is a short [http://recordit.co/pXq9jM9xhr video] demonstrating the same.

CSC/ECE 517 Fall 2016

2016-12-02T20:37:20Z

Vdatla: /* Final Project Design Document */

[http://www.example.com link title]==Calibration Assignment Submissions==
*[[Calibration Assignment Submission (Firebrick JS)]]
*[[Calibration Assignment Submission (Active Job)]]
==Writing Assignments 2==
*[[CSC/ECE 517 Fall 2016/E1666. Test team functionality]]
*[[CSC/ECE 517 Fall 2016/E1643. Refactor Suggestion controller]]
*[[CSC/ECE 517 Fall 2016/E1631. Refactoring Bidding Interface]]
*[[CSC/ECE 517 Fall 2016/E1674.Refactor leaderboard.rb and write unit tests]]
*[[CSC/ECE 517 Fall 2016/E1671. Unit Tests for participants.rb Hierarchy]]
*[[CSC/ECE 517 Fall 2016/E1668.Test e-mailing functionality]]
*[[CSC/ECE 517 Fall 2016/E1658. Refractor lottery_controller.rb and write integration tests]]
*[[CSC/ECE 517 Fall 2016/E1660. Review requirements and thresholds]]
*[[CSC/ECE 517 Fall 2016/E1650. Sort instructor views alphabetically by default]]
*[[CSC/ECE 517 Fall 2016/E1644. Refactor and test Teams Controller]]
*[[CSC/ECE 517 Fall 2016/E1645. Refactoring Tree Display Controller]]
*[[CSC/ECE 517 Fall 2016/E1659. Refactor on_the_fly_calc.rb]]
*[[CSC/ECE 517 Fall 2016/E1657. Introduce a Student View for instructors]]
*[[CSC/ECE 517 Fall 2016/E1653. Fix and improve rubric criteria]]
*[[CSC/ECE 517 Fall 2016/E1642. Refactor review_response_map.rb]]
*[[CSC/ECE 517 Fall 2016/E1633. Refactor different question types from quiz feature]]
*[[CSC/ECE_517_Fall_2016/E1664:_Feature_Test_Assignment_Creation]]
*[[CSC/ECE 517 Fall 2016/E1666. Test team functionality]]
*[[CSC/ECE_517_Fall_2016/E1654. Improve_date-picker_and_deadlines]]
*[[CSC/ECE_517_Fall_2016/E1652 Fix teammate advertisements and requests to join a team ]]
*[[CSC/ECE_517_Fall_2016/E1662. UI issues/fixes]]
*[[CSC/ECE_517_Fall_2016/E1673. Refactor question_type.rb]]
*[[CSC/ECE_517_Fall_2016/E1675. Timestamp for student file & hyperlink submissions]]
*[[CSC/ECE_517_Fall_2016/E1640. Refactor response.rb and response_helper.rb]]
*[[CSC/ECE 517 Fall 2016/E1634. Refactor and write unit test of due_date.rb and deadline_helper.rb]]
*[[CSC/ECE_517_Fall_2016/M1654._Improve_network_security_features]]
*[[CSC/ECE_517_Fall_2016/E1670._Unit_tests_for_answers.rb]]
*[[CSC/ECE_517_Fall_2016/E1641. Refactor review_mapping_controller.rb]]
*[[CSC/ECE_517_Fall_2016/M1652_Implement_ImageMap_Support_Servo]]
*[[CSC/ECE_517_Fall_2016/E1648/Add_past_due_assignment]]
*[[CSC/ECE 517 Fall 2016/E1656. Improve imports]]
*[[CSC/ECE_517_Fall_2016/M1653_Implement_HTML_form_validation]]
*[[CSC/ECE_517_Fall_2016/E1635._Refactor_join_team_requests_controller.rb_and_invitation_controller.rb]]
*[[CSC/ECE 517 Fall 2016/E1665. Test staggered-deadline functionality]]

==Final Project Design Document==
*[[CSC/ECE 517 Fall 2016 E1696 Improve Self-Review]]
*[[CSC/ECE 517 Fall 2016 E1676 Role-based reviewing]]
*[[CSC/ECE 517 Fall 2016/E1680. Improve survey functionality]]
*[[CSC/ECE 517 Fall 2016/E1693. Drag-and-drop interface for creating rubrics]]
*[[CSC/ECE 517 Fall 2016/E1701. Accelerate RSpec testing]]
*[[CSC/ECE 517 Fall 2016 E1679 Let experts as well as students do reviews]]
*[[CSC/ECE 517 Fall 2016/E1705. Tracking the time students look at the others' submissions]]
*[[CSC/ECE 517 Fall 2016/E1688. Send feedback to support + tree display improvement]]
*[[CSC/ECE 517 Fall 2016 E1707: Top trading cycles to exclude previous teammates]]
*[[CSC/ECE 517 Fall 2016 E1678: Review configuration options]]
*[[CSC/ECE 517 Fall 2016 E1682: Improve score calculation]]
*[[CSC/ECE 517 Fall 2016 E1684: Feature Test for Assignment Submission]]
*[[CSC/ECE 517 Fall 2016 E1689: Anonymous Chat Between Author and Reviewer]]
*[[CSC/ECE 517 Fall 2016 E1703: Logging for Expertiza]]
*[[CSC/ECE 517 Fall 2016 E1708: Improvements to staggered-deadline assignments]]
*[[CSC/ECE 517 Fall 2016 E1685: UI changes for review and score reports]]
*[[CSC/ECE 517 Fall 2016/ M1653 Implement HTML form validation]]
*[[CSC/ECE 517 Fall 2016/ E1700 Integrate Google doc editor/viewer]]
*[[CSC/ECE_517_Fall_2016/M1652_ImageMap_Support_Servo]]
*[[CSC/ECE 517 Fall 2016 E1687 Instructor account creation over the web]]
*[[CSC/ECE_517_Fall_2016/E1690_Improvements_to_password_recovery_and_repeated_login_failures | CSC/ECE 517 Fall 2016/E1690 Improvements to password recovery and repeated login failures]]

CSC/ECE 517 Fall 2016

2016-12-02T20:35:24Z

Vdatla:

CSC/ECE 517 Fall 2016/E1690 Improvements to password recovery and repeated login failures

2016-12-02T20:25:07Z

Vdatla: /* Testing */

==E1690 Improvements to password recovery and repeated login failures==

This wiki page is for the description of changes made under E1690 FinalProject for Fall 2016, CSC/ECE 517.

__TOC__

===Background===

Expertiza is an Open Source web application developed on Ruby On Rails platform. It is a platform which allows students to access assignments posted by the course instructor. Expertiza also allows students to select assignment topics, form teams and submit their work. It also allows them to review other students' submissions and improve their work based on the feedback provided. The instructor can look at the feedback provided by students and rate the student based on feedback provided for others work.
It helps organize and upload assignments and reducing the manual review process and helps students provide a peer feedback and also learn from reviewed work. Teams can be chosen by the student or can be assigned automatically based on a priority list inputted alongside each topic available for the assignment.

===Project Description===

Our final project consists of two cases of the password recovery process. Use case 1, Currently, when a user forgets his/her password and wants to reset the password, Expertiza system randomly generates a new password and sends the password as plain text in a email. It is normally considered as a bad practice to send passwords as paint text. We are replacing this practice by sending a reset password link that expires after a certain amount of time. Use case 2 deals with when a user enters wrong credentials. Currently, the login page simply shows an error. Irrespective of the number of times that a user enters wrong login credentials, the system produces a general error message. We are going to be replacing this system by using the alternative 2, using a captcha to verify that the user is indeed a human and not a bot trying to run a brute force attack on the system. This will add the needed layer of security and should serve as a great solution. Below are more details of our implementation.

===Files Created/Modified===
As a part of the project the files mentioned below were the ones, created/modified as needed.
* auth_controller.rb
* password_retrieval_controller.rb
* password_reset.rb (model)
* reset_password.html.erb (view)

===Implementation===
We have implemented the new password recovery system by sending a reset password link to the user's email. This link will be comprised of a generated path to a newly created view for resetting the password with a uniquely randomly generated token. This parameter will be a string attribute of a new model reset_password. This link will expire after a given amount of time. Using logic to compare the createdAt timestamp as well as the current time, the application would decide if the token is expired or not.

We are also implementing a backoff system that will require the user to complete a smart captcha after 3 failed attempts. This smart captcha will be generated through Recaptcha gem and the user will then be redirected to the login page after successfully changing the password. This will ensure that the system is not vulnerable to Brute Force attacks as well as bots.

==Password Reset==

===Model Schema===
Model: reset_password

Attributes
*-id(autogenerated) -integer
*-unique_tokenhash -String
*-createdAt (autogenerated) -timestamp
*-user_email -string

'''Model Details'''

When the user clicks on reset password, it will redirect to a view that has an input to enter the email address of the user. Reset password button will generate a random token (Long string) which will be hashed and saved in the database of the model reset_password. An expiration date will be generated and saved along with the user_id by looking up the user table using email id. The unhashed Token value will be appended on the url emailed to the user for the password reset page.

www.expertiza.com/password_edit/check_reset_url?token=ZB71yObR-Tdssg-@#%

On clicking the url, the link will take you to password_retrieval_controller that will direct you to a reset page. Before redirecting , the controller checks the parameters in the link (username and token) and makes sure that token username pair exists and not expired. Token from the params will be hashed again and checked with the DB. This prevents an attacker who has read access to the database from making a token for some other user, reading the value that was sent in the email, then sending the same value himself. Once the controller completes all the necessary checks, it will redirect to a reset password page for that specific user (based on the user_id / username)

Each Email Address can have only one active token saved in the database. Every time a new token is generated, it will replace the existing one which ensures that only one reset link is available. Also, this will make sure that DB content of password_reset can never exceed the number of users registered in the application. This eliminates the need to clear out expired Tokens.

[[File:Capture password reset.JPG]]

==Captcha==

The project will be using ReCAPTCHA gem. ReCAPTCHA is a free service from Google that helps protect websites from spam and abuse. A “CAPTCHA” is a test to tell humans and robot apart. This kind of service is important for websites or web applications with lots of user generated content. The test is easy for a human to solve, but hard for bots and other malicious software to figure out.

After 3 failed Login attempts, a captcha would appear to make sure that a bot or a malicious software is not trying to attempt login using brute force.

[[File:Captcha.png]]

==== Gem File ====
Adding this line to the Gem file allows us to have access to the recaptcha gem.

<pre>gem "recaptcha", require: "recaptcha/rails"</pre>

==== Backoff System ====
In Auth Controller we added the following code. The variable @@attempts acts as a counter to track the amount of invalid login attempts a user makes. By utilizing the existing login code we were able to place the increment code. Once the attempts variable is greater than or equal to 3 we then force the user to use the recaptcha question in addition to their correct logic credentials. Once the new requirements to login are satisfied the user is redirected to the password retrieval, otherwise they are redirected to the root screen with the captcha question.
<pre>
@@attemps = 0

def login
if request.get?
AuthController.clear_session(session)
else
user = User.find_by_login(params[:login][:name])
if user and user.valid_password?(params[:login][:password])
after_login(user)
else

@@attemps = @@attemps + 1
logger.warn "Failed login attempt."
flash[:error] = "Your username or password is incorrect."
if @@attemps >= 3 ##User entered invalid login credentials at least 3 times
if verify_recaptcha(model: @user)
@@attemps = 0
redirect_to controller: 'password_retrieval', action: 'forgotten'
end

else
redirect_to root_path

end

end
end
end # def login

</pre>

==Testing==

To run the Rspecs test cases:
rspec path_to_expertiza/spec/controllers/password_retrieval_controller_spec.rb

To test from UI:
i) Enter the wrong password on login page three consecutive times, you will shown with Google Captcha for the fourth attempt.
ii) On entering the password, wrong the fourth time you will be redirected to "forgot password" page.
It can also be reached by clicking "forgot password" page on login page.
iii) Enter the email Id, for which new password has to be set. On clicking "Request password" you will get a mail with password reset link.
iv) Clicking on the password reset link, you will be redirected to password reset page where you can set your new password.

Here is a short [http://recordit.co/pXq9jM9xhr video] demonstrating the same.

CSC/ECE 517 Fall 2016/E1690 Improvements to password recovery and repeated login failures

2016-12-02T20:15:24Z

Vdatla:

==E1690 Improvements to password recovery and repeated login failures==

This wiki page is for the description of changes made under E1690 FinalProject for Fall 2016, CSC/ECE 517.

__TOC__

===Background===

Expertiza is an Open Source web application developed on Ruby On Rails platform. It is a platform which allows students to access assignments posted by the course instructor. Expertiza also allows students to select assignment topics, form teams and submit their work. It also allows them to review other students' submissions and improve their work based on the feedback provided. The instructor can look at the feedback provided by students and rate the student based on feedback provided for others work.
It helps organize and upload assignments and reducing the manual review process and helps students provide a peer feedback and also learn from reviewed work. Teams can be chosen by the student or can be assigned automatically based on a priority list inputted alongside each topic available for the assignment.

===Project Description===

Our final project consists of two cases of the password recovery process. Use case 1, Currently, when a user forgets his/her password and wants to reset the password, Expertiza system randomly generates a new password and sends the password as plain text in a email. It is normally considered as a bad practice to send passwords as paint text. We are replacing this practice by sending a reset password link that expires after a certain amount of time. Use case 2 deals with when a user enters wrong credentials. Currently, the login page simply shows an error. Irrespective of the number of times that a user enters wrong login credentials, the system produces a general error message. We are going to be replacing this system by using the alternative 2, using a captcha to verify that the user is indeed a human and not a bot trying to run a brute force attack on the system. This will add the needed layer of security and should serve as a great solution. Below are more details of our implementation.

===Files Created/Modified===
As a part of the project the files mentioned below were the ones, created/modified as needed.
* auth_controller.rb
* password_retrieval_controller.rb
* password_reset.rb (model)
* reset_password.html.erb (view)

===Implementation===
We have implemented the new password recovery system by sending a reset password link to the user's email. This link will be comprised of a generated path to a newly created view for resetting the password with a uniquely randomly generated token. This parameter will be a string attribute of a new model reset_password. This link will expire after a given amount of time. Using logic to compare the createdAt timestamp as well as the current time, the application would decide if the token is expired or not.

We are also implementing a backoff system that will require the user to complete a smart captcha after 3 failed attempts. This smart captcha will be generated through Recaptcha gem and the user will then be redirected to the login page after successfully changing the password. This will ensure that the system is not vulnerable to Brute Force attacks as well as bots.

==Password Reset==

===Model Schema===
Model: reset_password

Attributes
*-id(autogenerated) -integer
*-unique_tokenhash -String
*-createdAt (autogenerated) -timestamp
*-user_email -string

'''Model Details'''

When the user clicks on reset password, it will redirect to a view that has an input to enter the email address of the user. Reset password button will generate a random token (Long string) which will be hashed and saved in the database of the model reset_password. An expiration date will be generated and saved along with the user_id by looking up the user table using email id. The unhashed Token value will be appended on the url emailed to the user for the password reset page.

www.expertiza.com/password_edit/check_reset_url?token=ZB71yObR-Tdssg-@#%

On clicking the url, the link will take you to password_retrieval_controller that will direct you to a reset page. Before redirecting , the controller checks the parameters in the link (username and token) and makes sure that token username pair exists and not expired. Token from the params will be hashed again and checked with the DB. This prevents an attacker who has read access to the database from making a token for some other user, reading the value that was sent in the email, then sending the same value himself. Once the controller completes all the necessary checks, it will redirect to a reset password page for that specific user (based on the user_id / username)

Each Email Address can have only one active token saved in the database. Every time a new token is generated, it will replace the existing one which ensures that only one reset link is available. Also, this will make sure that DB content of password_reset can never exceed the number of users registered in the application. This eliminates the need to clear out expired Tokens.

[[File:Capture password reset.JPG]]

==Captcha==

The project will be using ReCAPTCHA gem. ReCAPTCHA is a free service from Google that helps protect websites from spam and abuse. A “CAPTCHA” is a test to tell humans and robot apart. This kind of service is important for websites or web applications with lots of user generated content. The test is easy for a human to solve, but hard for bots and other malicious software to figure out.

After 3 failed Login attempts, a captcha would appear to make sure that a bot or a malicious software is not trying to attempt login using brute force.

[[File:Captcha.png]]

==== Gem File ====
Adding this line to the Gem file allows us to have access to the recaptcha gem.

<pre>gem "recaptcha", require: "recaptcha/rails"</pre>

==== Backoff System ====
In Auth Controller we added the following code. The variable @@attempts acts as a counter to track the amount of invalid login attempts a user makes. By utilizing the existing login code we were able to place the increment code. Once the attempts variable is greater than or equal to 3 we then force the user to use the recaptcha question in addition to their correct logic credentials. Once the new requirements to login are satisfied the user is redirected to the password retrieval, otherwise they are redirected to the root screen with the captcha question.
<pre>
@@attemps = 0

def login
if request.get?
AuthController.clear_session(session)
else
user = User.find_by_login(params[:login][:name])
if user and user.valid_password?(params[:login][:password])
after_login(user)
else

@@attemps = @@attemps + 1
logger.warn "Failed login attempt."
flash[:error] = "Your username or password is incorrect."
if @@attemps >= 3 ##User entered invalid login credentials at least 3 times
if verify_recaptcha(model: @user)
@@attemps = 0
redirect_to controller: 'password_retrieval', action: 'forgotten'
end

else
redirect_to root_path

end

end
end
end # def login

</pre>

==Testing==

To run the Rspecs test cases:
rspec path_to_expertiza/spec/controllers/password_retrieval_controller_spec.rb

To test from UI:
i) Enter the wrong password on login page three consecutive times, you will shown with Google Captcha for the fourth attempt.
ii) On entering the password, wrong the fourth time you will be redirected to "forgot password" page. It can also be reached by clicking "forgot password" page on login page.
iii) Enter the email Id, for which new password has to be set. On clicking "Request password" you will get a mail with password reset link.
iv) Clicking on the password reset link, you will be redirected to password reset page where you can set your new password.

Here is a short [http://recordit.co/pXq9jM9xhr video] demonstrating the same.

CSC/ECE 517 Fall 2016/E1690 Improvements to password recovery and repeated login failures

2016-12-02T20:14:28Z

Vdatla:

==E1690 Improvements to password recovery and repeated login failures==

This wiki page is for the description of changes made under E1690 FinalProject for Fall 2016, CSC/ECE 517.

__TOC__

===Background===

Expertiza is an Open Source web application developed on Ruby On Rails platform. It is a platform which allows students to access assignments posted by the course instructor. Expertiza also allows students to select assignment topics, form teams and submit their work. It also allows them to review other students' submissions and improve their work based on the feedback provided. The instructor can look at the feedback provided by students and rate the student based on feedback provided for others work.
It helps organize and upload assignments and reducing the manual review process and helps students provide a peer feedback and also learn from reviewed work. Teams can be chosen by the student or can be assigned automatically based on a priority list inputted alongside each topic available for the assignment.

===Project Description===

Our final project consists of two cases of the password recovery process. Use case 1, Currently, when a user forgets his/her password and wants to reset the password, Expertiza system randomly generates a new password and sends the password as plain text in a email. It is normally considered as a bad practice to send passwords as paint text. We are replacing this practice by sending a reset password link that expires after a certain amount of time. Use case 2 deals with when a user enters wrong credentials. Currently, the login page simply shows an error. Irrespective of the number of times that a user enters wrong login credentials, the system produces a general error message. We are going to be replacing this system by using the alternative 2, using a captcha to verify that the user is indeed a human and not a bot trying to run a brute force attack on the system. This will add the needed layer of security and should serve as a great solution. Below are more details of our implementation.

===Files Created/Modified===
As a part of the project the files mentioned below were the ones, created/modified as needed.
* auth_controller.rb
* password_retrieval_controller.rb
* password_reset.rb (model)
* reset_password.html.erb (view)

===Implementation===
We have implemented the new password recovery system by sending a reset password link to the user's email. This link will be comprised of a generated path to a newly created view for resetting the password with a uniquely randomly generated token. This parameter will be a string attribute of a new model reset_password. This link will expire after a given amount of time. Using logic to compare the createdAt timestamp as well as the current time, the pplication would decide if the token is expired or not.

We are also implementing a backoff system that will require the user to complete a smart captcha after 3 failed attempts. This smart captcha will be generated through Recaptcha gem and the user will then be redirected to the login page after successfully changing the password. This will ensure that the system is not vulnerable to Brute Force attacks as well as bots.

==Password Reset==

===Model Schema===
Model: reset_password

Attributes
*-id(autogenerated) -integer
*-unique_tokenhash -String
*-createdAt (autogenerated) -timestamp
*-user_email -string

'''Model Details'''

When the user clicks on reset password, it will redirect to a view that has an input to enter the email address of the user. Reset password button will generate a random token (Long string) which will be hashed and saved in the database of the model reset_password. An expiration date will be generated and saved along with the user_id by looking up the user table using email id. The unhashed Token value will be appended on the url emailed to the user for the password reset page.

www.expertiza.com/password_edit/check_reset_url?token=ZB71yObR-Tdssg-@#%

On clicking the url, the link will take you to password_retrieval_controller that will direct you to a reset page. Before redirecting , the controller checks the parameters in the link (username and token) and makes sure that token username pair exists and not expired. Token from the params will be hashed again and checked with the DB. This prevents an attacker who has read access to the database from making a token for some other user, reading the value that was sent in the email, then sending the same value himself. Once the controller completes all the necessary checks, it will redirect to a reset password page for that specific user (based on the user_id / username)

Each Email Address can have only one active token saved in the database. Every time a new token is generated, it will replace the existing one which ensures that only one reset link is available. Also, this will make sure that DB content of password_reset can never exceed the number of users registered in the application. This eliminates the need to clear out expired Tokens.

[[File:Capture password reset.JPG]]

==Captcha==

The project will be using ReCAPTCHA gem. ReCAPTCHA is a free service from Google that helps protect websites from spam and abuse. A “CAPTCHA” is a test to tell humans and robot apart. This kind of service is important for websites or web applications with lots of user generated content. The test is easy for a human to solve, but hard for bots and other malicious software to figure out.

After 3 failed Login attempts, a captcha would appear to make sure that a bot or a malicious software is not trying to attempt login using brute force.

[[File:Captcha.png]]

==== Gem File ====
Adding this line to the Gem file allows us to have access to the recaptcha gem.

<pre>gem "recaptcha", require: "recaptcha/rails"</pre>

==== Backoff System ====
In Auth Controller we added the following code. The variable @@attempts acts as a counter to track the amount of invalid login attempts a user makes. By utilizing the existing login code we were able to place the increment code. Once the attempts variable is greater than or equal to 3 we then force the user to use the recaptcha question in addition to their correct logic credentials. Once the new requirements to login are satisfied the user is redirected to the password retrieval, otherwise they are redirected to the root screen with the captcha question.
<pre>
@@attemps = 0

def login
if request.get?
AuthController.clear_session(session)
else
user = User.find_by_login(params[:login][:name])
if user and user.valid_password?(params[:login][:password])
after_login(user)
else

@@attemps = @@attemps + 1
logger.warn "Failed login attempt."
flash[:error] = "Your username or password is incorrect."
if @@attemps >= 3 ##User entered invalid login credentials at least 3 times
if verify_recaptcha(model: @user)
@@attemps = 0
redirect_to controller: 'password_retrieval', action: 'forgotten'
end

else
redirect_to root_path

end

end
end
end # def login

</pre>

==Testing==

To run the Rspecs test cases:
rspec path_to_expertiza/spec/controllers/password_retrieval_controller_spec.rb

To test from UI:
i) Enter the wrong password on login page three consecutive times, you will shown with Google Captcha for the fourth attempt.
ii) On entering the password, wrong the fourth time you will be redirected to "forgot password" page. It can also be reached by clicking "forgot password" page on login page.
iii) Enter the email Id, for which new password has to be set. On clicking "Request password" you will get a mail with password reset link.
iv) Clicking on the password reset link, you will be redirected to password reset page where you can set your new password.

Here is a short [http://recordit.co/pXq9jM9xhr video] demonstrating the same.

CSC/ECE 517 Fall 2016/E1690 Improvements to password recovery and repeated login failures

2016-12-02T20:11:00Z

Vdatla:

==E1690 Improvements to password recovery and repeated login failures==

This wiki page is for the description of changes made under E1690 FinalProject for Fall 2016, CSC/ECE 517.

__TOC__

===Background===

Expertiza is an Open Source web application developed on Ruby On Rails platform. It is a platform which allows students to access assignments posted by the course instructor. Expertiza also allows students to select assignment topics, form teams and submit their work. It also allows them to review other students' submissions and improve their work based on the feedback provided. The instructor can look at the feedback provided by students and rate the student based on feedback provided for others work.
It helps organize and upload assignments and reducing the manual review process and helps students provide a peer feedback and also learn from reviewed work. Teams can be chosen by the student or can be assigned automatically based on a priority list inputted alongside each topic available for the assignment.

===Project Description===

Our final project consists of two cases of the password recovery process. Use case 1, Currently, when a user forgets his/her password and wants to reset the password, Expertiza system randomly generates a new password and sends the password as plain text in a email. It is normally considered as a bad practice to send passwords as paint text. We are replacing this practice by sending a reset password link that expires after a certain amount of time. Use case 2 deals with when a user enters wrong credentials. Currently, the login page simply shows an error. Irrespective of the number of times that a user enters wrong login credentials, the system produces a general error message. We are going to be replacing this system by using the alternative 2, using a captcha to verify that the user is indeed a human and not a bot trying to run a brute force attack on the system. This will add the needed layer of security and should serve as a great solution. Below are more details of our planned implementation.

===Files Created/Modified===
As a part of the project the files mentioned below were the ones, created/modified as needed.
* auth_controller.rb
* password_retrieval_controller.rb
* password_reset.rb (model)
* reset_password.html.erb (view)

===Implementation===
We are going to implement the new password recovery system by sending a reset password link to the users email. This link will be comprised of a generated path to a newly created view for resetting the password with a uniquely randomly generated parameter. This parameter will be a string attribute of a new model we are creating called reset_password. This link will expire after a given amount of time. Using logic to compare the createdAt timestamp as well as the current time, we would be able to program the idea of an expired link.

We are also implementing a backoff system that will require the user to complete a smart captcha after 3 failed attempts. This smart captcha will be generated through Recaptcha gem and the user will then be redirected to the login page after successfully changing the password. This will ensure that the system is not vulnerable to Brute Force attacks as well as bots.

==Password Reset==

===Model Schema===
Model: reset_password

Attributes
*-id(autogenerated) -integer
*-unique_tokenhash -String
*-createdAt (autogenerated) -timestamp
*-user_email -string

'''Model Details'''

When the user clicks on reset password, it will redirect to a view that has an input to enter the email address of the user. Reset password button will generate a random token (Long string) which will be hashed and saved in the database of the model reset_password. An expiration date will be generated and saved along with the user_id by looking up the user table using email id. The unhashed Token value will be appended on the url emailed to the user for the password reset page.

www.expertiza.com/password_edit/check_reset_url?token=ZB71yObR-Tdssg-@#%

On clicking the url, the link will take you to password_retrieval_controller that will direct you to a reset page. Before redirecting , the controller checks the parameters in the link (username and token) and makes sure that token username pair exists and not expired. Token from the params will be hashed again and checked with the DB. This prevents an attacker who has read access to the database from making a token for some other user, reading the value that was sent in the email, then sending the same value himself. Once the controller completes all the necessary checks, it will redirect to a reset password page for that specific user (based on the user_id / username)

Each Email Address can have only one active token saved in the database. Every time a new token is generated, it will replace the existing one which ensures that only one reset link is available. Also, this will make sure that DB content of password_reset can never exceed the number of users registered in the application. This eliminates the need to clear out expired Tokens.

[[File:Capture password reset.JPG]]

==Captcha==

The project will be using ReCAPTCHA gem. ReCAPTCHA is a free service from Google that helps protect websites from spam and abuse. A “CAPTCHA” is a test to tell humans and robot apart. This kind of service is important for websites or web applications with lots of user generated content. The test is easy for a human to solve, but hard for bots and other malicious software to figure out.

After 3 failed Login attempts, a captcha would appear to make sure that a bot or a malicious software is not trying to attempt login using brute force.

[[File:Captcha.png]]

==== Gem File ====
Adding this line to the Gem file allows us to have access to the recaptcha gem.

<pre>gem "recaptcha", require: "recaptcha/rails"</pre>

==== Backoff System ====
In Auth Controller we added the following code. The variable @@attempts acts as a counter to track the amount of invalid login attempts a user makes. By utilizing the existing login code we were able to place the increment code. Once the attempts variable is greater than or equal to 3 we then force the user to use the recaptcha question in addition to their correct logic credentials. Once the new requirements to login are satisfied the user is redirected to the password retrieval, otherwise they are redirected to the root screen with the captcha question.
<pre>
@@attemps = 0

def login
if request.get?
AuthController.clear_session(session)
else
user = User.find_by_login(params[:login][:name])
if user and user.valid_password?(params[:login][:password])
after_login(user)
else

@@attemps = @@attemps + 1
logger.warn "Failed login attempt."
flash[:error] = "Your username or password is incorrect."
if @@attemps >= 3 ##User entered invalid login credentials at least 3 times
if verify_recaptcha(model: @user)
@@attemps = 0
redirect_to controller: 'password_retrieval', action: 'forgotten'
end

else
redirect_to root_path

end

end
end
end # def login

</pre>

==Testing==

To run the Rspecs test cases:
rspec path_to_expertiza/spec/controllers/password_retrieval_controller_spec.rb

To test from UI:
i) Enter the wrong password on login page three consecutive times, you will shown with Google Captcha for the fourth attempt.
ii) On entering the password, wrong the fourth time you will be redirected to "forgot password" page. It can also be reached by clicking "forgot password" page on login page.
iii) Enter the email Id, for which new password has to be set. On clicking "Request password" you will get a mail with password reset link.
iv) Clicking on the password reset link, you will be redirected to password reset page where you can set your new password.

Here is a short [http://recordit.co/pXq9jM9xhr video] demonstrating the same.

CSC/ECE 517 Fall 2016/E1690 Improvements to password recovery and repeated login failures

2016-12-02T20:04:58Z

Vdatla: /* E1690 Improvements to password recovery and repeated login failures */

==E1690 Improvements to password recovery and repeated login failures==

This wiki page is for the description of changes made under E1690 FinalProject for Fall 2016, CSC/ECE 517.

__TOC__

===Background===

Expertiza is an Open Source web application developed on Ruby On Rails platform. It is a platform which allows students to access assignments posted by the course instructor. Expertiza also allows students to select assignment topics, form teams and submit their work. It also allows them to review other students' submissions and improve their work based on the feedback provided. The instructor can look at the feedback provided by students and rate the student based on feedback provided for others work.
It helps organize and upload assignments and reducing the manual review process and helps students provide a peer feedback and also learn from reviewed work. Teams can be chosen by the student or can be assigned automatically based on a priority list inputted alongside each topic available for the assignment.

===Project Description===

Our final project consists of two cases of the password recovery process. Use case 1, Currently, when a user forgets his/her password and wants to reset the password, Expertiza system randomly generates a new password and sends the password as plain text in a email. It is normally considered as a bad practice to send passwords as paint text. We are replacing this practice by sending a reset password link that expires after a certain amount of time. Use case 2 deals with when a user enters wrong credentials. Currently, the login page simply shows an error. Irrespective of the number of times that a user enters wrong login credentials, the system produces a general error message. We are going to be replacing this system by using the alternative 2, using a captcha to verify that the user is indeed a human and not a bot trying to run a brute force attack on the system. This will add the needed layer of security and should serve as a great solution. Below are more details of our planned implementation.

===Files Created/Modified===
As a part of the project the files mentioned below were the ones, created/modified as needed.
* auth_controller.rb
* password_retrieval_controller.rb
* password_reset.rb (model)
* reset_password.html.erb (view)

===Implementation===
We are going to implement the new password recovery system by sending a reset password link to the users email. This link will be comprised of a generated path to a newly created view for resetting the password with a uniquely randomly generated parameter. This parameter will be a string attribute of a new model we are creating called reset_password. This link will expire after a given amount of time. Using logic to compare the createdAt timestamp as well as the current time, we would be able to program the idea of an expired link.

We are also implementing a backoff system that will require the user to complete a smart captcha after 3 failed attempts. This smart captcha will be generated through Recaptcha gem and the user will then be redirected to the login page after successfully changing the password. This will ensure that the system is not vulnerable to Brute Force attacks as well as bots.

==Password Reset==

===Model Schema===
Model: reset_password

Attributes
*-id(autogenerated) -integer
*-unique_tokenhash -String
*-createdAt (autogenerated) -timestamp
*-user_id -integer (Foreign key to user table)

'''Model Details'''

When the user clicks on reset password, it will redirect to a view that has an input to enter the email address of the user. Reset password button will generate a random token (Long string) which will be hashed and saved in the database of the model reset_password. An expiration date will be generated and saved along with the user_id by looking up the user table using email id. The unhashed Token value will be appended on the url emailed to the user for the password reset page.

www.expertiza.com/resetPass?username=random&token=ZB71yObR-Tdssg-@#%

On clicking the url, the link will take you to a controller that will direct you to a reset page. Before redirecting , the controller checks the parameters in the link (username and token) and makes sure that token username pair exists and not expired. Token from the params will be hashed again and checked with the db. This prevents an attacker who has read access to the database from making a token for some other user, reading the value that was sent in the email, then sending the same value himself. Once the controller completes all the necessary checks, it will redirect to a reset password page for that specific user (based on the user_id / username)

[[File:Capture password reset.JPG]]

==Captcha==

The project will be using ReCAPTCHA gem. ReCAPTCHA is a free service from Google that helps protect websites from spam and abuse. A “CAPTCHA” is a test to tell humans and robot apart. This kind of service is important for websites or web applications with lots of user generated content. The test is easy for a human to solve, but hard for bots and other malicious software to figure out.

After 3 failed Login attempts, a captcha would appear to make sure that a bot or a malicious software is not trying to attempt login using brute force.

[[File:Captcha.png]]

==== Gem File ====
Adding this line to the Gem file allows us to have access to the recaptcha gem.

<pre>gem "recaptcha", require: "recaptcha/rails"</pre>

==== Backoff System ====
In Auth Controller we added the following code. The variable @@attempts acts as a counter to track the amount of invalid login attempts a user makes. By utilizing the existing login code we were able to place the increment code. Once the attempts variable is greater than or equal to 3 we then force the user to use the recaptcha question in addition to their correct logic credentials. Once the new requirements to login are satisfied the user is redirected to the password retrieval, otherwise they are redirected to the root screen with the captcha question.
<pre>
@@attemps = 0

def login
if request.get?
AuthController.clear_session(session)
else
user = User.find_by_login(params[:login][:name])
if user and user.valid_password?(params[:login][:password])
after_login(user)
else

@@attemps = @@attemps + 1
logger.warn "Failed login attempt."
flash[:error] = "Your username or password is incorrect."
if @@attemps >= 3 ##User entered invalid login credentials at least 3 times
if verify_recaptcha(model: @user)
@@attemps = 0
redirect_to controller: 'password_retrieval', action: 'forgotten'
end

else
redirect_to root_path

end

end
end
end # def login

</pre>

==Testing==

To run the Rspecs test cases:
rspec path_to_expertiza/spec/controllers/password_retrieval_controller_spec.rb

To test from UI:
i) Enter the wrong password on login page three consecutive times, you will shown with Google Captcha for the fourth attempt.
ii) On entering the password, wrong the fourth time you will be redirected to "forgot password" page. It can also be reached by clicking "forgot password" page on login page.
iii) Enter the email Id, for which new password has to be set. On clicking "Request password" you will get a mail with password reset link.
iv) Clicking on the password reset link, you will be redirected to password reset page where you can set your new password.

Here is a short [http://recordit.co/pXq9jM9xhr video] demonstrating the same.

CSC/ECE 517 Fall 2016/E1690 Improvements to password recovery and repeated login failures

2016-12-02T19:58:04Z

Vdatla:

==E1690 Improvements to password recovery and repeated login failures==

This wiki page is for the description of changes made under E1690 FinalProject for Fall 2016, CSC/ECE 517.

__TOC__

===Background===

Expertiza is an Open Source web application developed on Ruby On Rails platform. It is a platform which allows students to access assignments posted by the course instructor. Expertiza also allows students to select assignment topics, form teams and submit their work. It also allows them to review other students' submissions and improve their work based on the feedback provided. The instructor can look at the feedback provided by students and rate the student based on feedback provided for others work.
It helps organize and upload assignments and reducing the manual review process and helps students provide a peer feedback and also learn from reviewed work. Teams can be chosen by the student or can be assigned automatically based on a priority list inputted alongside each topic available for the assignment.

===Project Description===

Our final project consists of two cases of the password recovery process. Use case 1, Currently, when a user forgets his/her password and wants to reset the password, Expertiza system randomly generates a new password and sends the password as plain text in a email. It is normally considered as a bad practice to send passwords as paint text. We are replacing this practice by sending a reset password link that expires after a certain amount of time. Use case 2 deals with when a user enters wrong credentials. Currently, the login page simply shows an error. Irrespective of the number of times that a user enters wrong login credentials, the system produces a general error message. We are going to be replacing this system by using the alternative 2, using a captcha to verify that the user is indeed a human and not a bot trying to run a brute force attack on the system. This will add the needed layer of security and should serve as a great solution. Below are more details of our planned implementation.

===Files Created/Modified===
As a part of the project the files mentioned below were the ones, created/modified as needed.
* auth_controller.rb
* reset_password.rb (model)
* reset_password.html.erb (vie)

===Implementation===
We are going to implement the new password recovery system by sending a reset password link to the users email. This link will be comprised of a generated path to a newly created view for resetting the password with a uniquely randomly generated parameter. This parameter will be a string attribute of a new model we are creating called reset_password. This link will expire after a given amount of time. Using logic to compare the createdAt timestamp as well as the current time, we would be able to program the idea of an expired link.

We are also implementing a backoff system that will require the user to complete a smart captcha after 3 failed attempts. This smart captcha will be generated through Recaptcha gem and the user will then be redirected to the login page after successfully changing the password. This will ensure that the system is not vulnerable to Brute Force attacks as well as bots.

==Password Reset==

===Model Schema===
Model: reset_password

Attributes
*-id(autogenerated) -integer
*-unique_tokenhash -String
*-createdAt (autogenerated) -timestamp
*-user_id -integer (Foreign key to user table)

'''Model Details'''

When the user clicks on reset password, it will redirect to a view that has an input to enter the email address of the user. Reset password button will generate a random token (Long string) which will be hashed and saved in the database of the model reset_password. An expiration date will be generated and saved along with the user_id by looking up the user table using email id. The unhashed Token value will be appended on the url emailed to the user for the password reset page.

www.expertiza.com/resetPass?username=random&token=ZB71yObR-Tdssg-@#%

On clicking the url, the link will take you to a controller that will direct you to a reset page. Before redirecting , the controller checks the parameters in the link (username and token) and makes sure that token username pair exists and not expired. Token from the params will be hashed again and checked with the db. This prevents an attacker who has read access to the database from making a token for some other user, reading the value that was sent in the email, then sending the same value himself. Once the controller completes all the necessary checks, it will redirect to a reset password page for that specific user (based on the user_id / username)

[[File:Capture password reset.JPG]]

==Captcha==

The project will be using ReCAPTCHA gem. ReCAPTCHA is a free service from Google that helps protect websites from spam and abuse. A “CAPTCHA” is a test to tell humans and robot apart. This kind of service is important for websites or web applications with lots of user generated content. The test is easy for a human to solve, but hard for bots and other malicious software to figure out.

After 3 failed Login attempts, a captcha would appear to make sure that a bot or a malicious software is not trying to attempt login using brute force.

[[File:Captcha.png]]

==== Gem File ====
Adding this line to the Gem file allows us to have access to the recaptcha gem.

<pre>gem "recaptcha", require: "recaptcha/rails"</pre>

==== Backoff System ====
In Auth Controller we added the following code. The variable @@attempts acts as a counter to track the amount of invalid login attempts a user makes. By utilizing the existing login code we were able to place the increment code. Once the attempts variable is greater than or equal to 3 we then force the user to use the recaptcha question in addition to their correct logic credentials. Once the new requirements to login are satisfied the user is redirected to the password retrieval, otherwise they are redirected to the root screen with the captcha question.
<pre>
@@attemps = 0

def login
if request.get?
AuthController.clear_session(session)
else
user = User.find_by_login(params[:login][:name])
if user and user.valid_password?(params[:login][:password])
after_login(user)
else

@@attemps = @@attemps + 1
logger.warn "Failed login attempt."
flash[:error] = "Your username or password is incorrect."
if @@attemps >= 3 ##User entered invalid login credentials at least 3 times
if verify_recaptcha(model: @user)
@@attemps = 0
redirect_to controller: 'password_retrieval', action: 'forgotten'
end

else
redirect_to root_path

end

end
end
end # def login

</pre>

==Testing==

To run the Rspecs test cases:
rspec path_to_expertiza/spec/controllers/password_retrieval_controller_spec.rb

To test from UI:
i) Enter the wrong password on login page three consecutive times, you will shown with Google Captcha for the fourth attempt.
ii) On entering the password, wrong the fourth time you will be redirected to "forgot password" page. It can also be reached by clicking "forgot password" page on login page.
iii) Enter the email Id, for which new password has to be set. On clicking "Request password" you will get a mail with password reset link.
iv) Clicking on the password reset link, you will be redirected to password reset page where you can set your new password.

Here is a short [http://recordit.co/pXq9jM9xhr video] demonstrating the same.

CSC/ECE 517 Fall 2016/E1690 Improvements to password recovery and repeated login failures

2016-12-02T19:49:08Z

Vdatla: /* Backoff System */

==E1690 Improvements to password recovery and repeated login failures==

This wiki page is for the description of changes made under E1690 FinalProject for Fall 2016, CSC/ECE 517.

__TOC__

===Background===

Expertiza is an Open Source web application developed on Ruby On Rails platform. It is a platform which allows students to access assignments posted by the course instructor. Expertiza also allows students to select assignment topics, form teams and submit their work. It also allows them to review other students' submissions and improve their work based on the feedback provided. The instructor can look at the feedback provided by students and rate the student based on feedback provided for others work.
It helps organize and upload assignments and reducing the manual review process and helps students provide a peer feedback and also learn from reviewed work. Teams can be chosen by the student or can be assigned automatically based on a priority list inputted alongside each topic available for the assignment.

===Project Description===

Our final project consists of two cases of the password recovery process. Use case 1, Currently, when a user forgets his/her password and wants to reset the password, Expertiza system randomly generates a new password and sends the password as plain text in a email. It is normally considered as a bad practice to send passwords as paint text. We are replacing this practice by sending a reset password link that expires after a certain amount of time. Use case 2 deals with when a user enters wrong credentials. Currently, the login page simply shows an error. Irrespective of the number of times that a user enters wrong login credentials, the system produces a general error message. We are going to be replacing this system by using the alternative 2, using a captcha to verify that the user is indeed a human and not a bot trying to run a brute force attack on the system. This will add the needed layer of security and should serve as a great solution. Below are more details of our planned implementation.

===Files Created/Modified===
As a part of the project the files mentioned below were the ones, created/modified as needed.
* auth_controller.rb
* reset_password.rb (model)
* reset_password.html.erb (vie)

===Implementation===
We are going to implement the new password recovery system by sending a reset password link to the users email. This link will be comprised of a generated path to a newly created view for resetting the password with a uniquely randomly generated parameter. This parameter will be a string attribute of a new model we are creating called reset_password. This link will expire after a given amount of time. Using logic to compare the createdAt timestamp as well as the current time, we would be able to program the idea of an expired link.

We are also implementing a backoff system that will require the user to complete a smart captcha after 3 failed attempts. This smart captcha will be generated through Recaptcha gem and the user will then be redirected to the login page after successfully changing the password. This will ensure that the system is not vulnerable to Brute Force attacks as well as bots.
==== Gem File ====
Adding this line to the Gem file allows us to have access to the recaptcha gem.

<pre>gem "recaptcha", require: "recaptcha/rails"</pre>

==== Backoff System ====
In Auth Controller we added the following code. The variable @@attempts acts as a counter to track the amount of invalid login attempts a user makes. By utilizing the existing login code we were able to place the increment code. Once the attempts variable is greater than or equal to 3 we then force the user to use the recaptcha question in addition to their correct logic credentials. Once the new requirements to login are satisfied the user is redirected to the password retrieval, otherwise they are redirected to the root screen with the captcha question.
<pre>
@@attemps = 0

def login
if request.get?
AuthController.clear_session(session)
else
user = User.find_by_login(params[:login][:name])
if user and user.valid_password?(params[:login][:password])
after_login(user)
else

@@attemps = @@attemps + 1
logger.warn "Failed login attempt."
flash[:error] = "Your username or password is incorrect."
if @@attemps >= 3 ##User entered invalid login credentials at least 3 times
if verify_recaptcha(model: @user)
@@attemps = 0
redirect_to controller: 'password_retrieval', action: 'forgotten'
end

else
redirect_to root_path

end

end
end
end # def login

</pre>

==Password Reset==

===Model Schema===
Model: reset_password

Attributes
*-id(autogenerated) -integer
*-unique_tokenhash -String
*-createdAt (autogenerated) -timestamp
*-user_id -integer (Foreign key to user table)

'''Model Details'''

When the user clicks on reset password, it will redirect to a view that has an input to enter the email address of the user. Reset password button will generate a random token (Long string) which will be hashed and saved in the database of the model reset_password. An expiration date will be generated and saved along with the user_id by looking up the user table using email id. The unhashed Token value will be appended on the url emailed to the user for the password reset page.

www.expertiza.com/resetPass?username=random&token=ZB71yObR-Tdssg-@#%

On clicking the url, the link will take you to a controller that will direct you to a reset page. Before redirecting , the controller checks the parameters in the link (username and token) and makes sure that token username pair exists and not expired. Token from the params will be hashed again and checked with the db. This prevents an attacker who has read access to the database from making a token for some other user, reading the value that was sent in the email, then sending the same value himself. Once the controller completes all the necessary checks, it will redirect to a reset password page for that specific user (based on the user_id / username)

[[File:Capture password reset.JPG]]

==Captcha==

The project will be using ReCAPTCHA gem. ReCAPTCHA is a free service from Google that helps protect websites from spam and abuse. A “CAPTCHA” is a test to tell humans and robot apart. This kind of service is important for websites or web applications with lots of user generated content. The test is easy for a human to solve, but hard for bots and other malicious software to figure out.

After 3 failed Login attempts, a captcha would appear to make sure that a bot or a malicious software is not trying to attempt login using brute force.

[[File:Captcha.png]]

==Testing==

To run the Rspecs test cases:
rspec path_to_expertiza/spec/controllers/password_retrieval_controller_spec.rb

To test from UI:
i) Enter the wrong password on login page three consecutive times, you will shown with Google Captcha for the fourth attempt.
ii) On entering the password, wrong the fourth time you will be redirected to "forgot password" page. It can also be reached by clicking "forgot password" page on login page.
iii) Enter the email Id, for which new password has to be set. On clicking "Request password" you will get a mail with password reset link.
iv) Clicking on the password reset link, you will be redirected to password reset page where you can set your new password.

Here is a short [http://recordit.co/pXq9jM9xhr video] demonstrating the same.

CSC/ECE 517 Fall 2016/E1690 Improvements to password recovery and repeated login failures

2016-11-15T01:02:51Z

Vdatla:

==E1690 Improvements to password recovery and repeated login failures==

This wiki page is for the description of changes made under E1690 FinalProject for Fall 2016, CSC/ECE 517.

__TOC__

===Background===

Expertiza is an Open Source web application developed on Ruby On Rails platform. It is a platform which allows students to access assignments posted by the course instructor. Expertiza also allows students to select assignment topics, form teams and submit their work. It also allows them to review other students' submissions and improve their work based on the feedback provided. The instructor can look at the feedback provided by students and rate the student based on feedback provided for others work.
It helps organize and upload assignments and reducing the manual review process and helps students provide a peer feedback and also learn from reviewed work. Teams can be chosen by the student or can be assigned automatically based on a priority list inputted alongside each topic available for the assignment.

===Project Description===

Our final project consists of two cases of the password recovery process. Use case 1, Currently, when a user forgets his/her password and wants to reset the password, Expertiza system randomly generates a new password and sends the password as plain text in a email. It is normally considered as a bad practice to send passwords as paint text. We are replacing this practice by sending a reset password link that expires after a certain amount of time. Use case 2 deals with when a user enters wrong credentials. Currently, the login page simply shows an error. Irrespective of the number of times that a user enters wrong login credentials, the system produces a general error message. We are going to be replacing this system by using the alternative 2, using a captcha to verify that the user is indeed a human and not a bot trying to run a brute force attack on the system. This will add the needed layer of security and should serve as a great solution. Below are more details of our planned implementation.

===Files Created/Modified===
As a part of the project the files mentioned below were the ones, created/modified as needed.
* auth_controller.rb
* reset_password.rb (model)
* reset_password.html.erb (vie)

===Implementation===
We are going to implement the new password recovery system by sending a reset password link to the users email. This link will be comprised of a generated path to a newly created view for resetting the password with a uniquely randomly generated parameter. This parameter will be a string attribute of a new model we are creating called reset_password. This link will expire after a given amount of time. Using logic to compare the createdAt timestamp as well as the current time, we would be able to program the idea of an expired link.

We are also implementing a backoff system that will require the user to complete a smart captcha after 3 failed attempts. This smart captcha will be generated through Recaptcha gem and the user will then be redirected to the login page after successfully changing the password. This will ensure that the system is not vulnerable to Brute Force attacks as well as bots.

==Password Reset==

===Model Schema===
Model: reset_password

Attributes
*-id(autogenerated) -integer
*-unique_tokenhash -String
*-createdAt (autogenerated) -timestamp
*-user_id -integer (Foreign key to user table)

'''Model Details'''

When the user clicks on reset password, it will redirect to a view that has an input to enter the email address of the user. Reset password button will generate a random token (Long string) which will be hashed and saved in the database of the model reset_password. An expiration date will be generated and saved along with the user_id by looking up the user table using email id. The unhashed Token value will be appended on the url emailed to the user for the password reset page.

www.expertiza.com/resetPass?username=random&token=ZB71yObR-Tdssg-@#%

On clicking the url, the link will take you to a controller that will direct you to a reset page. Before redirecting , the controller checks the parameters in the link (username and token) and makes sure that token username pair exists and not expired. Token from the params will be hashed again and checked with the db. This prevents an attacker who has read access to the database from making a token for some other user, reading the value that was sent in the email, then sending the same value himself. Once the controller completes all the necessary checks, it will redirect to a reset password page for that specific user (based on the user_id / username)

[[File:Capture password reset.JPG]]

==Captcha==

The project will be using ReCAPTCHA gem. ReCAPTCHA is a free service from Google that helps protect websites from spam and abuse. A “CAPTCHA” is a test to tell humans and robot apart. This kind of service is important for websites or web applications with lots of user generated content. The test is easy for a human to solve, but hard for bots and other malicious software to figure out.

After 3 failed Login attempts, a captcha would appear to make sure that a bot or a malicious software is not trying to attempt login using brute force.

[[File:Captcha.png]]

==Test Cases==

Following methods and functionalities will be tested using rspec

* Check if Hash is being generated as per required.
* Check if targeted user_id and user_mail are extracted from db
* Check if the link generated is of desired format
* Check if mail functionality is called.
* Check if token and user_name are extracted from the url
* Check if successful reset password changes record in DB
* Check status triggered by reCAPTCHA Gem

CSC/ECE 517 Fall 2016/E1690 Improvements to password recovery and repeated login failures

2016-11-15T01:00:41Z

Vdatla:

==E1690 Improvements to password recovery and repeated login failures==

This wiki page is for the description of changes made under E1690 FinalProject for Fall 2016, CSC/ECE 517.

__TOC__

===Background===

Expertiza is an Open Source web application developed on Ruby On Rails platform. It is a platform which allows students to access assignments posted by the course instructor. Expertiza also allows students to select assignment topics, form teams and submit their work. It also allows them to review other students' submissions and improve their work based on the feedback provided. The instructor can look at the feedback provided by students and rate the student based on feedback provided for others work.
It helps organize and upload assignments and reducing the manual review process and helps students provide a peer feedback and also learn from reviewed work. Teams can be chosen by the student or can be assigned automatically based on a priority list inputted alongside each topic available for the assignment.

===Project Description===

Our final project consists of two cases of the password recovery process. Use case 1, Currently, when a user forgets his/her password and wants to reset the password, Expertiza system randomly generates a new password and sends the password as plain text in a email. It is normally considered as a bad practice to send passwords as paint text. We are replacing this practice by sending a reset password link that expires after a certain amount of time. Use case 2 deals with when a user enters wrong credentials. Currently, the login page simply shows an error. Irrespective of the number of times that a user enters wrong login credentials, the system produces a general error message. We are going to be replacing this system by using the alternative 2, using a captcha to verify that the user is indeed a human and not a bot trying to run a brute force attack on the system. This will add the needed layer of security and should serve as a great solution. Below are more details of our planned implementation.

===Files Created/Modified===
As a part of the project the files mentioned below were the ones, created/modified as needed.
* auth_controller.rb
* reset_password.rb (model)
* reset_password.html.erb (vie)

===Implementation===
We are going to implement the new password recovery system by sending a reset password link to the users email. This link will be comprised of a generated path to a newly created view for resetting the password with a uniquely randomly generated parameter. This parameter will be a string attribute of a new model we are creating called reset_password. This link will expire after a given amount of time. Using logic to compare the createdAt timestamp as well as the current time, we would be able to program the idea of an expired link.

We are also implementing a backoff system that will require the user to complete a smart captcha after 3 failed attempts. This smart captcha will be generated through Recaptcha gem and the user will then be redirected to the login page after successfully changing the password. This will ensure that the system is not vulnerable to Brute Force attacks as well as bots.

===Model Schema===
Model: reset_password

Attributes
*-id(autogenerated) -integer
*-unique_tokenhash -String
*-createdAt (autogenerated) -timestamp
*-user_id -integer (Foreign key to user table)

'''Model Details'''

When the user clicks on reset password, it will redirect to a view that has an input to enter the email address of the user. Reset password button will generate a random token (Long string) which will be hashed and saved in the database of the model reset_password. An expiration date will be generated and saved along with the user_id by looking up the user table using email id. The unhashed Token value will be appended on the url emailed to the user for the password reset page.

www.expertiza.com/resetPass?username=random&token=ZB71yObR-Tdssg-@#%

On clicking the url, the link will take you to a controller that will direct you to a reset page. Before redirecting , the controller checks the parameters in the link (username and token) and makes sure that token username pair exists and not expired. Token from the params will be hashed again and checked with the db. This prevents an attacker who has read access to the database from making a token for some other user, reading the value that was sent in the email, then sending the same value himself. Once the controller completes all the necessary checks, it will redirect to a reset password page for that specific user (based on the user_id / username)

[[File:Capture password reset.JPG]]

===Captcha===

The project will be using ReCAPTCHA gem. ReCAPTCHA is a free service from Google that helps protect websites from spam and abuse. A “CAPTCHA” is a test to tell humans and robot apart. This kind of service is important for websites or web applications with lots of user generated content. The test is easy for a human to solve, but hard for bots and other malicious software to figure out.

After 3 failed Login attempts, a captcha would appear to make sure that a bot or a malicious software is not trying to attempt login using brute force.

[[File:Captcha.png]]

===Test Cases===

Following methods and functionalities will be tested using rspec

* Check if Hash is being generated as per required.
* Check if targeted user_id and user_mail are extracted from db
* Check if the link generated is of desired format
* Check if mail functionality is called.
* Check if token and user_name are extracted from the url
* Check if successful reset password changes record in DB
* Check status triggered by reCAPTCHA Gem

CSC/ECE 517 Fall 2016/E1690 Improvements to password recovery and repeated login failures

2016-11-15T00:59:25Z

Vdatla:

==E1690 Improvements to password recovery and repeated login failures==

This wiki page is for the description of changes made under E1690 FinalProject for Fall 2016, CSC/ECE 517.

__TOC__

===Background===

Expertiza is an Open Source web application developed on Ruby On Rails platform. It is a platform which allows students to access assignments posted by the course instructor. Expertiza also allows students to select assignment topics, form teams and submit their work. It also allows them to review other students' submissions and improve their work based on the feedback provided. The instructor can look at the feedback provided by students and rate the student based on feedback provided for others work.
It helps organize and upload assignments and reducing the manual review process and helps students provide a peer feedback and also learn from reviewed work. Teams can be chosen by the student or can be assigned automatically based on a priority list inputted alongside each topic available for the assignment.

===Project Description===

Our final project consists of two cases of the password recovery process. Use case 1, Currently, when a user forgets his/her password and wants to reset the password, Expertiza system randomly generates a new password and sends the password as plain text in a email. It is normally considered as a bad practice to send passwords as paint text. We are replacing this practice by sending a reset password link that expires after a certain amount of time. Use case 2 deals with when a user enters wrong credentials. Currently, the login page simply shows an error. Irrespective of the number of times that a user enters wrong login credentials, the system produces a general error message. We are going to be replacing this system by using the alternative 2, using a captcha to verify that the user is indeed a human and not a bot trying to run a brute force attack on the system. This will add the needed layer of security and should serve as a great solution. Below are more details of our planned implementation.

===Files Created/Modified===
As a part of the project the files mentioned below were the ones, created/modified as needed.
* auth_controller.rb
* reset_password.rb (model)
* reset_password.html.erb (vie)

===Implementation===
We are going to implement the new password recovery system by sending a reset password link to the users email. This link will be comprised of a generated path to a newly created view for resetting the password with a uniquely randomly generated parameter. This parameter will be a string attribute of a new model we are creating called reset_password. This link will expire after a given amount of time. Using logic to compare the createdAt timestamp as well as the current time, we would be able to program the idea of an expired link.

We are also implementing a backoff system that will require the user to complete a smart captcha after 3 failed attempts. This smart captcha will be generated through Recaptcha gem and the user will then be redirected to the login page after successfully changing the password. This will ensure that the system is not vulnerable to Brute Force attacks as well as bots.

===Model Schema===
Model: reset_password

Attributes
*-id(autogenerated) -integer
*-unique_tokenhash -String
*-createdAt (autogenerated) -timestamp
*-user_id -integer (Foreign key to user table)

'''Model Details'''

When the user clicks on reset password, it will redirect to a view that has an input to enter the email address of the user. Reset password button will generate a random token (Long string) which will be hashed and saved in the database of the model reset_password. An expiration date will be generated and saved along with the user_id by looking up the user table using email id. The unhashed Token value will be appended on the url emailed to the user for the password reset page.

www.expertiza.com/resetPass?username=random&token=ZB71yObR-Tdssg-@#%

On clicking the url, the link will take you to a controller that will direct you to a reset page. Before redirecting , the controller checks the parameters in the link (username and token) and makes sure that token username pair exists and not expired. Token from the params will be hashed again and checked with the db. This prevents an attacker who has read access to the database from making a token for some other user, reading the value that was sent in the email, then sending the same value himself. Once the controller completes all the necessary checks, it will redirect to a reset password page for that specific user (based on the user_id / username)

[[File:Capture password reset.JPG]]

===Captcha===

The project will be using ReCAPTCHA gem. ReCAPTCHA is a free service from Google that helps protect websites from spam and abuse. A “CAPTCHA” is a test to tell humans and robot apart. This kind of service is important for websites or web applications with lots of user generated content. The test is easy for a human to solve, but hard for bots and other malicious software to figure out.

After 3 failed Login attempts, a captcha would appear to make sure that a bot or a malicious software is not trying to attempt login using brute force.

[[File:Captcha.png]]

===Test Cases===

Following methods and functionalities will be tested using rspec

* Check if Hash is being generated as per required.
* Check if targeted user_id and user_mail are extracted from db
* Check if the link generated is of desired format
* Check if mail functionality is called.
* Check if token and user_name are extracted from the url
* Check if successful reset password changes record in DB
* Check status triggered by reCAPTCHA Gem

CSC/ECE 517 Fall 2016/E1690 Improvements to password recovery and repeated login failures

2016-11-15T00:58:09Z

Vdatla:

==E1690 Improvements to password recovery and repeated login failures==

This wiki page is for the description of changes made under E1690 FinalProject for Fall 2016, CSC/ECE 517.

__TOC__

===Background===

Expertiza is an Open Source web application developed on Ruby On Rails platform. It is a platform which allows students to access assignments posted by the course instructor. Expertiza also allows students to select assignment topics, form teams and submit their work. It also allows them to review other students' submissions and improve their work based on the feedback provided. The instructor can look at the feedback provided by students and rate the student based on feedback provided for others work.
It helps organize and upload assignments and reducing the manual review process and helps students provide a peer feedback and also learn from reviewed work. Teams can be chosen by the student or can be assigned automatically based on a priority list inputted alongside each topic available for the assignment.

===Project Description===

Our final project consists of two cases of the password recovery process. Use case 1, Currently, when a user forgets his/her password and wants to reset the password, Expertiza system randomly generates a new password and sends the password as plain text in a email. It is normally considered as a bad practice to send passwords as paint text. We are replacing this practice by sending a reset password link that expires after a certain amount of time. Use case 2 deals with when a user enters wrong credentials. Currently, the login page simply shows an error. Irrespective of the number of times that a user enters wrong login credentials, the system produces a general error message. We are going to be replacing this system by using the alternative 2, using a captcha to verify that the user is indeed a human and not a bot trying to run a brute force attack on the system. This will add the needed layer of security and should serve as a great solution. Below are more details of our planned implementation.

===Files Created/Modified===
As a part of the project the files mentioned below were the ones, created/modified as needed.
* auth_controller.rb
* reset_password.rb (model)
* reset_password.html.erb (vie)

===Implementation===
We are going to implement the new password recovery system by sending a reset password link to the users email. This link will be comprised of a generated path to a newly created view for resetting the password with a uniquely randomly generated parameter. This parameter will be a string attribute of a new model we are creating called reset_password. This link will expire after a given amount of time. Using logic to compare the createdAt timestamp as well as the current time, we would be able to program the idea of an expired link.

We are also implementing a backoff system that will require the user to complete a smart captcha after 3 failed attempts. This smart captcha will be generated through Recaptcha gem and the user will then be redirected to the login page after successfully changing the password. This will ensure that the system is not vulnerable to Brute Force attacks as well as bots.

===Model Schema===
Model: reset_password

Attributes
-id(autogenerated) -integer
-unique_tokenhash -String
-createdAt (autogenerated) -timestamp
-user_id -integer (Foreign key to user table)

'''Model Details'''
When the user clicks on reset password, it will redirect to a view that has an input to enter the email address of the user. Reset password button will generate a random token (Long string) which will be hashed and saved in the database of the model reset_password. An expiration date will be generated and saved along with the user_id by looking up the user table using email id. The unhashed Token value will be appended on the url emailed to the user for the password reset page.

www.expertiza.com/resetPass?username=random&token=ZB71yObR-Tdssg-@#%

On clicking the url, the link will take you to a controller that will direct you to a reset page. Before redirecting , the controller checks the parameters in the link (username and token) and makes sure that token username pair exists and not expired. Token from the params will be hashed again and checked with the db. This prevents an attacker who has read access to the database from making a token for some other user, reading the value that was sent in the email, then sending the same value himself. Once the controller completes all the necessary checks, it will redirect to a reset password page for that specific user (based on the user_id / username)

[[File:Capture password reset.JPG]]

===Captcha===

The project will be using ReCAPTCHA gem. ReCAPTCHA is a free service from Google that helps protect websites from spam and abuse. A “CAPTCHA” is a test to tell humans and robot apart. This kind of service is important for websites or web applications with lots of user generated content. The test is easy for a human to solve, but hard for bots and other malicious software to figure out.

After 3 failed Login attempts, a captcha would appear to make sure that a bot or a malicious software is not trying to attempt login using brute force.

[[File:Captcha.png]]

===Test Cases===

Following methods and functionalities will be tested using rspec

* Check if Hash is being generated as per required.
* Check if targeted user_id and user_mail are extracted from db
* Check if the link generated is of desired format
* Check if mail functionality is called.
* Check if token and user_name are extracted from the url
* Check if successful reset password changes record in DB
* Check status triggered by reCAPTCHA Gem

CSC/ECE 517 Fall 2016/E1690 Improvements to password recovery and repeated login failures

2016-11-15T00:56:45Z

Vdatla:

==E1690 Improvements to password recovery and repeated login failures==

This wiki page is for the description of changes made under E1690 FinalProject for Fall 2016, CSC/ECE 517.

__TOC__

===Background===

Expertiza is an Open Source web application developed on Ruby On Rails platform. It is a platform which allows students to access assignments posted by the course instructor. Expertiza also allows students to select assignment topics, form teams and submit their work. It also allows them to review other students' submissions and improve their work based on the feedback provided. The instructor can look at the feedback provided by students and rate the student based on feedback provided for others work.
It helps organize and upload assignments and reducing the manual review process and helps students provide a peer feedback and also learn from reviewed work. Teams can be chosen by the student or can be assigned automatically based on a priority list inputted alongside each topic available for the assignment.

===Project Description===

Our final project consists of two cases of the password recovery process. Use case 1, Currently, when a user forgets his/her password and wants to reset the password, Expertiza system randomly generates a new password and sends the password as plain text in a email. It is normally considered as a bad practice to send passwords as paint text. We are replacing this practice by sending a reset password link that expires after a certain amount of time. Use case 2 deals with when a user enters wrong credentials. Currently, the login page simply shows an error. Irrespective of the number of times that a user enters wrong login credentials, the system produces a general error message. We are going to be replacing this system by using the alternative 2, using a captcha to verify that the user is indeed a human and not a bot trying to run a brute force attack on the system. This will add the needed layer of security and should serve as a great solution. Below are more details of our planned implementation.

===Files Created/Modified===
As a part of the project the files mentioned below were the ones, created/modified as needed.
1. auth_controller.rb
2. reset_password.rb (model)
3. reset_password.html.erb (vie)

===Implementation===
We are going to implement the new password recovery system by sending a reset password link to the users email. This link will be comprised of a generated path to a newly created view for resetting the password with a uniquely randomly generated parameter. This parameter will be a string attribute of a new model we are creating called reset_password. This link will expire after a given amount of time. Using logic to compare the createdAt timestamp as well as the current time, we would be able to program the idea of an expired link.

We are also implementing a backoff system that will require the user to complete a smart captcha after 3 failed attempts. This smart captcha will be generated through Recaptcha gem and the user will then be redirected to the login page after successfully changing the password. This will ensure that the system is not vulnerable to Brute Force attacks as well as bots.

===Model Schema===
Model: reset_password

Attributes
-id(autogenerated) -integer
-unique_tokenhash -String
-createdAt (autogenerated) -timestamp
-user_id -integer (Foreign key to user table)

'''Model Details'''
When the user clicks on reset password, it will redirect to a view that has an input to enter the email address of the user. Reset password button will generate a random token (Long string) which will be hashed and saved in the database of the model reset_password. An expiration date will be generated and saved along with the user_id by looking up the user table using email id. The unhashed Token value will be appended on the url emailed to the user for the password reset page.

www.expertiza.com/resetPass?username=random&token=ZB71yObR-Tdssg-@#%

On clicking the url, the link will take you to a controller that will direct you to a reset page. Before redirecting , the controller checks the parameters in the link (username and token) and makes sure that token username pair exists and not expired. Token from the params will be hashed again and checked with the db. This prevents an attacker who has read access to the database from making a token for some other user, reading the value that was sent in the email, then sending the same value himself. Once the controller completes all the necessary checks, it will redirect to a reset password page for that specific user (based on the user_id / username)

[[File:Capture password reset.JPG]]

===Captcha===

The project will be using ReCAPTCHA gem. ReCAPTCHA is a free service from Google that helps protect websites from spam and abuse. A “CAPTCHA” is a test to tell humans and robot apart. This kind of service is important for websites or web applications with lots of user generated content. The test is easy for a human to solve, but hard for bots and other malicious software to figure out.

After 3 failed Login attempts, a captcha would appear to make sure that a bot or a malicious software is not trying to attempt login using brute force.

[[File:Captcha.png]]

===Test Cases===

Following methods and functionalities will be tested using rspec

1. Check if Hash is being generated as per required.
2. Check if targeted user_id and user_mail are extracted from db
3. Check if the link generated is of desired format
4. Check if mail functionality is called.
5. Check if token and user_name are extracted from the url
6. Check if successful reset password changes record in DB
7. Check status triggered by reCAPTCHA Gem

CSC/ECE 517 Fall 2016/E1690 Improvements to password recovery and repeated login failures

2016-11-15T00:56:02Z

Vdatla:

==E1690 Improvements to password recovery and repeated login failures==

This wiki page is for the description of changes made under E1690 FinalProject for Fall 2016, CSC/ECE 517.

__TOC__

===Background===

Expertiza is an Open Source web application developed on Ruby On Rails platform. It is a platform which allows students to access assignments posted by the course instructor. Expertiza also allows students to select assignment topics, form teams and submit their work. It also allows them to review other students' submissions and improve their work based on the feedback provided. The instructor can look at the feedback provided by students and rate the student based on feedback provided for others work.
It helps organize and upload assignments and reducing the manual review process and helps students provide a peer feedback and also learn from reviewed work. Teams can be chosen by the student or can be assigned automatically based on a priority list inputted alongside each topic available for the assignment.

===Project Description===

Our final project consists of two cases of the password recovery process. Use case 1, Currently, when a user forgets his/her password and wants to reset the password, Expertiza system randomly generates a new password and sends the password as plain text in a email. It is normally considered as a bad practice to send passwords as paint text. We are replacing this practice by sending a reset password link that expires after a certain amount of time. Use case 2 deals with when a user enters wrong credentials. Currently, the login page simply shows an error. Irrespective of the number of times that a user enters wrong login credentials, the system produces a general error message. We are going to be replacing this system by using the alternative 2, using a captcha to verify that the user is indeed a human and not a bot trying to run a brute force attack on the system. This will add the needed layer of security and should serve as a great solution. Below are more details of our planned implementation.

===Files Created/Modified===
As a part of the project the files mentioned below were the ones, created/modified as needed.
auth_controller.rb
reset_password.rb (model)
reset_password.html.erb (vie)

===Implementation===
We are going to implement the new password recovery system by sending a reset password link to the users email. This link will be comprised of a generated path to a newly created view for resetting the password with a uniquely randomly generated parameter. This parameter will be a string attribute of a new model we are creating called reset_password. This link will expire after a given amount of time. Using logic to compare the createdAt timestamp as well as the current time, we would be able to program the idea of an expired link.

We are also implementing a backoff system that will require the user to complete a smart captcha after 3 failed attempts. This smart captcha will be generated through Recaptcha gem and the user will then be redirected to the login page after successfully changing the password. This will ensure that the system is not vulnerable to Brute Force attacks as well as bots.

===Model Schema===
Model: reset_password

Attributes
-id(autogenerated) -integer
-unique_tokenhash -String
-createdAt (autogenerated) -timestamp
-user_id -integer (Foreign key to user table)

'''Model Details'''
When the user clicks on reset password, it will redirect to a view that has an input to enter the email address of the user. Reset password button will generate a random token (Long string) which will be hashed and saved in the database of the model reset_password. An expiration date will be generated and saved along with the user_id by looking up the user table using email id. The unhashed Token value will be appended on the url emailed to the user for the password reset page.

www.expertiza.com/resetPass?username=random&token=ZB71yObR-Tdssg-@#%

On clicking the url, the link will take you to a controller that will direct you to a reset page. Before redirecting , the controller checks the parameters in the link (username and token) and makes sure that token username pair exists and not expired. Token from the params will be hashed again and checked with the db. This prevents an attacker who has read access to the database from making a token for some other user, reading the value that was sent in the email, then sending the same value himself. Once the controller completes all the necessary checks, it will redirect to a reset password page for that specific user (based on the user_id / username)

[[File:Capture password reset.JPG]]

===Captcha===

The project will be using ReCAPTCHA gem. ReCAPTCHA is a free service from Google that helps protect websites from spam and abuse. A “CAPTCHA” is a test to tell humans and robot apart. This kind of service is important for websites or web applications with lots of user generated content. The test is easy for a human to solve, but hard for bots and other malicious software to figure out.

After 3 failed Login attempts, a captcha would appear to make sure that a bot or a malicious software is not trying to attempt login using brute force.

[[File:Captcha.png]]

===Test Cases===

Following methods and functionalities will be tested using rspec

1. Check if Hash is being generated as per required.
2. Check if targeted user_id and user_mail are extracted from db
3. Check if the link generated is of desired format
4. Check if mail functionality is called.
5. Check if token and user_name are extracted from the url
6. Check if successful reset password changes record in DB
7. Check status triggered by reCAPTCHA Gem

File:Captcha.png

2016-11-15T00:33:38Z

Vdatla:

CSC/ECE 517 Fall 2016/E1690 Improvements to password recovery and repeated login failures

2016-11-15T00:31:50Z

Vdatla:

==E1690 Improvements to password recovery and repeated login failures==

This wiki page is for the description of changes made under E1690 FinalProject for Fall 2016, CSC/ECE 517.

__TOC__

===Background===

Expertiza is an Open Source web application developed on Ruby On Rails platform. It is a platform which allows students to access assignments posted by the course instructor. Expertiza also allows students to select assignment topics, form teams and submit their work. It also allows them to review other students' submissions and improve their work based on the feedback provided. The instructor can look at the feedback provided by students and rate the student based on feedback provided for others work.
It helps organize and upload assignments and reducing the manual review process and helps students provide a peer feedback and also learn from reviewed work. Teams can be chosen by the student or can be assigned automatically based on a priority list inputted alongside each topic available for the assignment.

===Project Description===

Our final project consists of two cases of the password recovery process. Use case 1, Currently, when a user forgets his/her password and wants to reset the password, Expertiza system randomly generates a new password and sends the password as plain text in a email. It is normally considered as a bad practice to send passwords as paint text. We are replacing this practice by sending a reset password link that expires after a certain amount of time. Use case 2 deals with when a user enters wrong credentials. Currently, the login page simply shows an error. Irrespective of the number of times that a user enters wrong login credentials, the system produces a general error message. We are going to be replacing this system by using the alternative 2, using a captcha to verify that the user is indeed a human and not a bot trying to run a brute force attack on the system. This will add the needed layer of security and should serve as a great solution. Below are more details of our planned implementation.

===Files Created/Modified===
As a part of the project the files mentioned below were the ones, created/modified as needed.
auth_controller.rb
reset_password.rb (model)
reset_password.html.erb (vie)

===Implementation===
We are going to implement the new password recovery system by sending a reset password link to the users email. This link will be comprised of a generated path to a newly created view for resetting the password with a uniquely randomly generated parameter. This parameter will be a string attribute of a new model we are creating called reset_password. This link will expire after a given amount of time. Using logic to compare the createdAt timestamp as well as the current time, we would be able to program the idea of an expired link.

We are also implementing a backoff system that will require the user to complete a smart captcha after 3 failed attempts. This smart captcha will be generated through Recaptcha gem and the user will then be redirected to the login page after successfully changing the password. This will ensure that the system is not vulnerable to Brute Force attacks as well as bots.

===Model Schema===
Model: reset_password

Attributes
-id(autogenerated) -integer
-unique_tokenhash -String
-createdAt (autogenerated) -timestamp
-user_id -integer (Foreign key to user table)

'''Model Details'''
When the user clicks on reset password, it will redirect to a view that has an input to enter the email address of the user. Reset password button will generate a random token (Long string) which will be hashed and saved in the database of the model reset_password. An expiration date will be generated and saved along with the user_id by looking up the user table using email id. The unhashed Token value will be appended on the url emailed to the user for the password reset page.

www.expertiza.com/resetPass?username=random&token=ZB71yObR-Tdssg-@#%

On clicking the url, the link will take you to a controller that will direct you to a reset page. Before redirecting , the controller checks the parameters in the link (username and token) and makes sure that token username pair exists and not expired. Token from the params will be hashed again and checked with the db. This prevents an attacker who has read access to the database from making a token for some other user, reading the value that was sent in the email, then sending the same value himself. Once the controller completes all the necessary checks, it will redirect to a reset password page for that specific user (based on the user_id / username)

[[File:Capture password reset.JPG]]

===Captcha===

The project will be using ReCAPTCHA gem. ReCAPTCHA is a free service from Google that helps protect websites from spam and abuse. A “CAPTCHA” is a test to tell humans and robot apart. This kind of service is important for websites or web applications with lots of user generated content. The test is easy for a human to solve, but hard for bots and other malicious software to figure out.

After 3 failed Login attempts, a captcha would appear to make sure that a bot or a malicious software is not trying to attempt login using brute force.

===References===
1. [https://en.wikipedia.org/wiki/RSpec wikipedia.org/wiki/RSpec] 
2. [http://rspec.info/ rspec.info/ ] 
3. [https://semaphoreci.com/community/tutorials/getting-started-with-rspec semaphoreci.com/community/tutorials/getting-started-with-rspec] 
4. [https://github.com/rspec/rspec github.com/rspec/rspec] 
5. [http://wiki.expertiza.ncsu.edu/index.php/Main_Page#Expertiza Expertiza Wiki ] 
6. [https://github.com/expertiza/expertiza Expertiza Github ] 
7. [http://expertiza.ncsu.edu Expertiza] 
8. [http://research.csc.ncsu.edu/efg/expertiza/papers Research Papers on Expertiza]

File:Capture password reset.JPG

2016-11-15T00:30:29Z

Vdatla:

CSC/ECE 517 Fall 2016/E1690 Improvements to password recovery and repeated login failures

2016-11-15T00:29:03Z

Vdatla: Created page with "==E1690 Improvements to password recovery and repeated login failures== This wiki page is for the description of changes made under E1690 FinalProject for Fall 2016, CSC/ECE 517..."

CSC/ECE 517 Fall 2016/E1670. Unit tests for answers.rb

2016-10-30T15:48:17Z

Vdatla:

==E1670 . Unit tests for answers.rb==

This wiki page is for the description of changes made under E1670 OSS assignment for Fall 2016, CSC/ECE 517.

===NOTE to reviewers===
Mocks and factories are used in the unit tests so they can't be tested by UI.

__TOC__

===Background===

Expertiza is an Open Source web application developed on Ruby On Rails platform. It is a platform which allows students to access assignments posted by the course instructor. Expertiza also allows students to select assignment topics, form teams and submit their work. It also allows them to review other students' submissions and improve their work based on the feedback provided. The instructor can look at the feedback provided by students and rate the student based on feedback provided for others work.
It helps organize and upload assignments and reducing the manual review process and helps students provide a peer feedback and also learn from reviewed work. Teams can be chosen by the student or can be assigned automatically based on a priority list inputted alongside each topic available for the assignment.

===Project Description===

In Expertiza, each questionnaire contains many questions, those question may have different types (e.g. checkbox, criterion, etc). When a user fills in a rubric, the responses for each question will become an answer record. The responses of rubrics are stored in answers table in DB. The answer.rb is the model for the answers table in the Database. The Answer.rb model does not have any test cases corresponding to it and the aim of the project is to write fast, effective and flexible unit test cases that offer maximum code coverage.

===Files Created/Modified===
As a part of the project the files mentioned below were the ones, created/modified as needed.
*answer_spec.rb (path /spec/models/answer_spec.rb)
*factories.rb (path /spec/factory/)

===RSpec===
====RSpec Introduction====
RSpec is a testing framework for Ruby for behavior-driven development (BDD) licensed under MIT. It is inspired by JBehave and contains fully integrated JMock based framework which has a very rich and powerful DSL (domain-specific language) which resembles a natural language specification.
Composed of multiple libraries structured to work together, RSpec provides encapsulated testing via the describe block to specify the behavior of the class and the context for the unit test case.

==== Why RSpec? ====
RSpec is easy to learn and implement and can be used with other testing tools like Cucumber and Minitest independently. It is extremely powerful for testing states with complicated setup and also helps in tearing down complex code to access the objects required for testing
RSpec semantics encourage agile thinking and practice and it structures the tests in a more intuitive way.

===Functions in answers.rb===
Listed below are the functionalities and the Rspec unit tests corresponding to the function names along with a list of scenarios tested.

'''Function Name : Compute_scores'''

Compute_scores is a function in model answer.rb which gives the average, maximum and minimum scores obtained in a series a responses/assessments. It has two input parameters: List of assessments and questions. The function iterates over each assessment to get the total score of that assessment. If the response or review is invalid, that assessment won’t be considered in the calculation of the score average. After iterating over all assessments, Max score, and Min scores are calculated along with the average score based on the number of valid assessments. Their scores are returned by the function.

'''Rspec Unit Test : Compute_scores'''

Following scenarios are tested:

* To return scores as nil if the input list of assessments is nil. This is to make sure no Null Pointer exceptions are thrown by the code
*To return a particular score when a single valid assessment is given as an input.
*To return a particular score when multiple valid assessments are given as an input. This is to test the looping functionality of the method.
*To return a particular score when invalid assessments are given as an input. The validity and total scores are returned by a mock and not by the actual functions. This is to make the test cases less rigid so that failure of dependent functions do not disrupt the functionality of interface level tests.
*To return a particular score when invalid flag is nil. Invalid flag can either be 0,1 or nil. Nil situation is tested to prevent NullPointer Exceptions
*To check if the method get_total_score is called with the right parameters.

This unit test uses a stub and returns a mock value.
<pre>
Answer.stub(:get_total_score)
</pre>
This is to eliminate tight coupling between compute_scores and get_total_scores. Failure in get_total_scores wouldn't break the compute_scores test cases.

'''Function Name : Get_total_scores'''

This function is called by the Compute_scores method of the answer.rb model to compute the total score of an assessment. The input consists of assessment for which the total score is being calculated and the list of questions being evaluated in the assessment. The method uses questionnaire id from the questions and response id to obtain a score view questionnaire data. This score view is a read-only record. The questionnaire data mainly consists of q1_max_question_score, sum_of_weights and weighted_score. Before calculating the score, the function performs two crucial tasks.
*Checks if the answer for a scored question is nil. If it is nil or unanswered, the question will be ignored and not counted towards the score of this response.
* Calls the submission_valid function by passing the response record to set the @invalid flag based on the validity of the response.
The total score is calculated using the below formula

<pre>
(weighted_score / (sum_of_weights * max_question_score)) * 100
</pre>

Any edge cases would return -1 indicating no score

'''Rspec Unit Test : Get_total_scores'''

Following scenarios are tested:

*To return an anticipated total score of a single response without any edge cases. Since this function will be called only on one response at a time, there is no need to test for multiple responses at the same time.
*To return an anticipated total score of a response where nil answer is for a scored question. This is to check if its weight gets removed from the sum_of_weights.
*To return -1 when the sum of weights becomes 0. This can happen when all the scored questions are unanswered. Return value of -1 is checked at the calling function to ensure if a score is returned or not.
*To return -1 when weighted_score of questionnaireData is nil
* To check if submission_valid is called. This method is called to set invalid flag to indicate whether the response entered is valid or not. The validity criteria is explained in the submission_valid? Function.

This unit test uses two stubs and returns mock results
<pre>
ScoreView.stub(:find_by_sql)
</pre>
<pre>
Answer.stub(:where)
</pre>
This is to reduce the outcome of the test to depend on DB calls. For example, in case the connection to DB fails, this unit test would still pass making it less rigid.

'''Function Name : submission_valid?'''

This purpose of this function is to verify the validity of a review based on a deadline. This function obtains a list of AssignmentDueDate objects in descending order which is then compared against the current time to determine which deadlines are valid and which ones are not. The flag variable is used to represent whether or not a deadline was available in the previous iteration of the loop. If the flag is set to TRUE and the deadline is less than the current date, then latest_review_phase_start_time is set to this deadline. A list of ResubmissionTime objects is also retrieved from the controller. These objects are then compared against the then latest_review_phase_start_time variable to determine a response.

Observations: The current implementation of the function is bugged. It retrieves a list of sorted AssignmentDueDate objects and proceeds to check if this list is empty. However, instead of exiting if the function if the list is empty, it carries on execution and raises an exception on hitting the for loop.

*Checks if a review is valid or not by comparing its date with a list of deadlines.
*Returns 1 or 0 depending on validity
*Current implementation is bugged. Throws an exception if no AssignmentDueDate objects are passed, returns nil if any objects are passed.

'''Rspec Unit Test : submission_valid?'''

Following scenarios are tested:

*Passing valid AssignmentDueDate objects
*Not passing any AssignmentDueDate objects

When valid AssignmentDueDate objects are passed, stubs are used to create fake AssignmentDueDate Objects and ResubmissionTime objects. These objects are then populated with valid deadline dates and deadline_type values. These values are then supplied when requested by the submission_valid? Function rather than actually calling the function. The current implementation of this test case expects the program to throw an error when it reaches the for loop. Once this bug is fixed, this test case may be re-written to test a more legitimate test case.

In case an empty list of AssignmentDueDate objects is passed back to the submission_valid?() method. This would cause the function to return nil. When this function is fixed, the following test case may be re-written to test for a more legitimate test-case.

This unit test uses two stubs and returns mock results
<pre>
AssignmentDueDate.stub_chain(:where, :order)
</pre>
The above stub returns two AssignmentDueDate objects whenever the where() and order() method are chained on AssignmentDueDate.
<pre>
ResubmissionTime.stub_chain(:where, :order)
</pre>
The above stub returns two ResubmissionTime objects whenever the where() and order() method are chained on ResubmissionTime.
<pre>
AssignmentDueDate.stub_chain(:where, :order)
</pre>
This stub is used in the second test case to return nil objects.

the stub_chain method can be used to create stubs where chained methods are expected.

'''Function Name : answers_by_question, answers_by_question_for_reviewee,answers_by_question_for_reviewee_in_round'''

These three functions are sql queries that hit the DB to get an output record after a series of selections and joins. SQL queries that hit DB often do not have a high priority when it comes to testing, so the project does not aggressively test these functions. However, these functions are tested to make sure the queries are able to find the right column names and tables successfully. Any change in the table schema would be detected in these test cases. The functionality of these queries are not tested but instead the existence of an output is tested. This ensures that answer.rb is able to make a successful db connection and is sync with the latest db schema. Since the function actually hits the DB, mocks can no longer be used, instead active records were created and saved in test db using FactoryGirl gem from the factories.rb. These records are cleared after every test case.

Following factories were used to create records in the table
*question
*response_record
*response_map
*answer

'''Rspec Unit Test : answers_by_question, answers_by_question_for_reviewee,answers_by_question_for_reviewee_in_round'''

The factories are created such a way that the query would return an output and the tests will pass if the query returns a non nil record. The functionality of these functions would be tested by the integration tests of the controller

<pre>
describe "#test sql queries in answer.rb" do

it "returns answer by question record from db which is not empty" do
assignment_id = 1
q_id = 1
expect(Answer.answers_by_question(assignment_id,q_id)).not_to be_empty
end

it "returns answers by question for reviewee from the db which is not empty" do
assignment_id = 1
reviewee_id = 1
q_id = 1
expect(Answer.answers_by_question_for_reviewee(assignment_id,reviewee_id,q_id)).not_to be_empty
end

it "returns answers by question for reviewee in round from db which is not empty" do
assignment_id = 1
reviewee_id = 1
q_id = 1
round = 1
expect(Answer.answers_by_question_for_reviewee_in_round(assignment_id,reviewee_id,q_id,round)).not_to be_empty
end
end
</pre>

'''Validation and Dependency Rspec Test'''

Apart from testing functions, the models are also tested for validations and external dependencies. Model answer.rb does not have any validations but does have a dependency on question.rb. Answer belongs_to question and this was tested using a simple dependency rspec test.
<pre>
it { should belong_to(:question) }
</pre>

===Running Rspec===
*To run the test suite for a particular file only( answer_spec.rb):
<pre>
root@ubuntu:~/expertiza$ rspec spec/models/answer_spec.rb
</pre>
*To run the entire suite of test cases:
<pre>
root@ubuntu:~/expertiza$ rspec spec
</pre>

===Rspec Test Results===

<pre>
1 deprecation warning total

Finished in 12.39 seconds (files took 11.25 seconds to load)
17 examples, 0 failures

Randomized with seed 37447

Coverage report generated for RSpec to /home/root/expertiza/coverage. 998 / 3919 LOC (25.47%) covered.
[Coveralls] Outside the CI environment, not sending data.
</pre>

===References===
1. [https://en.wikipedia.org/wiki/RSpec wikipedia.org/wiki/RSpec] 
2. [http://rspec.info/ rspec.info/ ] 
3. [https://semaphoreci.com/community/tutorials/getting-started-with-rspec semaphoreci.com/community/tutorials/getting-started-with-rspec] 
4. [https://github.com/rspec/rspec github.com/rspec/rspec] 
5. [http://wiki.expertiza.ncsu.edu/index.php/Main_Page#Expertiza Expertiza Wiki ] 
6. [https://github.com/expertiza/expertiza Expertiza Github ] 
7. [http://expertiza.ncsu.edu Expertiza] 
8. [http://research.csc.ncsu.edu/efg/expertiza/papers Research Papers on Expertiza]

CSC/ECE 517 Fall 2016/E1670. Unit tests for answers.rb

2016-10-29T02:39:31Z

Vdatla: /* Files Created/Modified */

==E1670 . Unit tests for answers.rb==

This wiki page is for the description of changes made under E1670 OSS assignment for Fall 2016, CSC/ECE 517.

__TOC__

===Background===

Expertiza is an Open Source web application developed on Ruby On Rails platform. It is a platform which allows students to take assignments posted by the course instructors. Expertiza allows students to select assignment topics, form teams and submit their work. It also allows them to review other students' submissions and improve their work based on this feedback.

===Project Description===

In Expertiza, each questionnaire contains many questions, those question may have different types (e.g. checkbox, criterion, etc). When a user fills in a rubric, the responses for each question will become an answer record. The responses of rubrics are stored in answers table in DB. The answer.rb is the model for the answers table in DB. Answer.rb model does not have any test cases and the aim of the project is to write fast, effective and flexible unit test cases that offer maximum code coverage.

===Files Created/Modified===
*answer_spec.rb (path /spec/models/answer_spec.rb)
*factories.rb (path /spec/factory/)

===RSpec===
====RSpec Introduction====
RSpec is a testing framework for Ruby for behavior-driven development (BDD) licensed under MIT. It is inspired by JBehave and contains fully integrated JMock based framework which has a very rich and powerful DSL (domain-specific language) which resembles a natural language specification.
Composed of multiple libraries structured to work together, RSpec provides encapsulated testing via the describe block to specify the behavior of the class and the context for the unit test case.

==== Why RSpec? ====
RSpec is easy to learn and implement and can be used with other testing tools like Cucumber and Minitest independently. It is extremely powerful for testing states with complicated setup and also helps in tearing down complex code to access the objects required for testing
RSpec semantics encourage agile thinking and practice and it structures the tests in a more intuitive way.

===Functions in answers.rb===

'''Function Name : Compute_scores'''

Compute_scores is a function in model answer.rb which gives the average, maximum and minimum scores obtained in a series a responses/assessments. It has two input parameters: List of assessments and questions. The function iterates over each assessment to get the total score of that assessment. If the response or review is invalid, that assessment won’t be considered in the calculation of the score average. After iterating over all assessments, Max score, and Min scores are calculated along with the average score based on the number of valid assessments. Their scores are returned by the function.

'''Rspec Unit Test : Compute_scores'''

Following scenarios are tested:

* To return scores as nil if the input list of assessments is nil. This is to make sure no Null Pointer exceptions are thrown by the code
*To return a particular score when a single valid assessment is given as an input.
*To return a particular score when multiple valid assessments are given as an input. This is to test the looping functionality of the method.
*To return a particular score when invalid assessments are given as an input. The validity and total scores are returned by a mock and not by the actual functions. This is to make the test cases less rigid so that failure of dependent functions do not disrupt the functionality of interface level tests.
*To return a particular score when invalid flag is nil. Invalid flag can either be 0,1 or nil. Nil situation is tested to prevent NullPointer Exceptions
*To check if the method get_total_score is called with the right parameters.

This unit test uses a stub and returns a mock value.
<pre>
Answer.stub(:get_total_score)
</pre>
This is to eliminate tight coupling between compute_scores and get_total_scores. Failure in get_total_scores wouldn't break the compute_scores test cases.

'''Function Name : Get_total_scores'''

This function is called by the Compute_scores method of the answer.rb model to compute the total score of an assessment. The input consists of assessment for which the total score is being calculated and the list of questions being evaluated in the assessment. The method uses questionnaire id from the questions and response id to obtain a score view questionnaire data. This score view is a read-only record. The questionnaire data mainly consists of q1_max_question_score, sum_of_weights and weighted_score. Before calculating the score, the function performs two crucial tasks.
*Checks if the answer for a scored question is nil. If it is nil or unanswered, the question will be ignored and not counted towards the score of this response.
* Calls the submission_valid function by passing the response record to set the @invalid flag based on the validity of the response.
The total score is calculated using the below formula

<pre>
(weighted_score / (sum_of_weights * max_question_score)) * 100
</pre>

Any edge cases would return -1 indicating no score

'''Rspec Unit Test : Get_total_scores'''

Following scenarios are tested:

*To return an anticipated total score of a single response without any edge cases. Since this function will be called only on one response at a time, there is no need to test for multiple responses at the same time.
*To return an anticipated total score of a response where nil answer is for a scored question. This is to check if its weight gets removed from the sum_of_weights.
*To return -1 when the sum of weights becomes 0. This can happen when all the scored questions are unanswered. Return value of -1 is checked at the calling function to ensure if a score is returned or not.
*To return -1 when weighted_score of questionnaireData is nil
* To check if submission_valid is called. This method is called to set invalid flag to indicate whether the response entered is valid or not. The validity criteria is explained in the submission_valid? Function.

This unit test uses two stubs and returns mock results
<pre>
ScoreView.stub(:find_by_sql)
</pre>
<pre>
Answer.stub(:where)
</pre>
This is to reduce the outcome of the test to depend on DB calls. For example, in case the connection to DB fails, this unit test would still pass making it less rigid.

'''Function Name : submission_valid?'''

This purpose of this function is to verify the validity of a review based on a deadline. This function obtains a list of AssignmentDueDate objects in descending order which is then compared against the current time to determine which deadlines are valid and which ones are not. The flag variable is used to represent whether or not a deadline was available in the previous iteration of the loop. If the flag is set to TRUE and the deadline is less than the current date, then latest_review_phase_start_time is set to this deadline. A list of ResubmissionTime objects is also retrieved from the controller. These objects are then compared against the then latest_review_phase_start_time variable to determine a response.

Observations: The current implementation of the function is bugged. It retrieves a list of sorted AssignmentDueDate objects and proceeds to check if this list is empty. However, instead of exiting if the function if the list is empty, it carries on execution and raises an exception on hitting the for loop.

*Checks if a review is valid or not by comparing its date with a list of deadlines.
*Returns 1 or 0 depending on validity
*Current implementation is bugged. Throws an exception if no AssignmentDueDate objects are passed, returns nil if any objects are passed.

'''Rspec Unit Test : submission_valid?'''

Following scenarios are tested:

*Passing valid AssignmentDueDate objects
*Not passing any AssignmentDueDate objects

When valid AssignmentDueDate objects are passed, stubs are used to create fake AssignmentDueDate Objects and ResubmissionTime objects. These objects are then populated with valid deadline dates and deadline_type values. These values are then supplied when requested by the submission_valid? Function rather than actually calling the function. The current implementation of this test case expects the program to throw an error when it reaches the for loop. Once this bug is fixed, this test case may be re-written to test a more legitimate test case.

In case an empty list of AssignmentDueDate objects is passed back to the submission_valid?() method. This would cause the function to return nil. When this function is fixed, the following test case may be re-written to test for a more legitimate test-case.

This unit test uses two stubs and returns mock results
<pre>
AssignmentDueDate.stub_chain(:where, :order)
</pre>
The above stub returns two AssignmentDueDate objects whenever the where() and order() method are chained on AssignmentDueDate.
<pre>
ResubmissionTime.stub_chain(:where, :order)
</pre>
The above stub returns two ResubmissionTime objects whenever the where() and order() method are chained on ResubmissionTime.
<pre>
AssignmentDueDate.stub_chain(:where, :order)
</pre>
This stub is used in the second test case to return nil objects.

the stub_chain method can be used to create stubs where chained methods are expected.

'''Function Name : answers_by_question, answers_by_question_for_reviewee,answers_by_question_for_reviewee_in_round'''

These three functions are sql queries that hit the DB to get an output record after a series of selections and joins. SQL queries that hit DB often do not have a high priority when it comes to testing, so the project does not aggressively test these functions. However, these functions are tested to make sure the queries are able to find the right column names and tables successfully. Any change in the table schema would be detected in these test cases. The functionality of these queries are not tested but instead the existence of an output is tested. This ensures that answer.rb is able to make a successful db connection and is sync with the latest db schema. Since the function actually hits the DB, mocks can no longer be used, instead active records were created and saved in test db using FactoryGirl gem from the factories.rb. These records are cleared after every test case.

Following factories were used to create records in the table
*question
*response_record
*response_map
*answer

'''Rspec Unit Test : answers_by_question, answers_by_question_for_reviewee,answers_by_question_for_reviewee_in_round'''

The factories are created such a way that the query would return an output and the tests will pass if the query returns a non nil record. The functionality of these functions would be tested by the integration tests of the controller

<pre>
describe "#test sql queries in answer.rb" do

it "returns answer by question record from db which is not empty" do
assignment_id = 1
q_id = 1
expect(Answer.answers_by_question(assignment_id,q_id)).not_to be_empty
end

it "returns answers by question for reviewee from the db which is not empty" do
assignment_id = 1
reviewee_id = 1
q_id = 1
expect(Answer.answers_by_question_for_reviewee(assignment_id,reviewee_id,q_id)).not_to be_empty
end

it "returns answers by question for reviewee in round from db which is not empty" do
assignment_id = 1
reviewee_id = 1
q_id = 1
round = 1
expect(Answer.answers_by_question_for_reviewee_in_round(assignment_id,reviewee_id,q_id,round)).not_to be_empty
end
end
</pre>

'''Validation and Dependency Rspec Test'''

Apart from testing functions, the models are also tested for validations and external dependencies. Model answer.rb does not have any validations but does have a dependency on question.rb. Answer belongs_to question and this was tested using a simple dependency rspec test.
<pre>
it { should belong_to(:question) }
</pre>
===Running Rspec===
*To run the test suite for a particular file only( answer_spec.rb):
<pre>
root@ubuntu:~/expertiza$ rspec spec/models/answer_spec.rb
</pre>
*To run the entire suite of test cases:
<pre>
root@ubuntu:~/expertiza$ rspec spec
</pre>

===Rspec Test Results===

<pre>
1 deprecation warning total

Finished in 12.39 seconds (files took 11.25 seconds to load)
17 examples, 0 failures

Randomized with seed 37447

Coverage report generated for RSpec to /home/root/expertiza/coverage. 998 / 3919 LOC (25.47%) covered.
[Coveralls] Outside the CI environment, not sending data.
</pre>

===References===
1. [https://en.wikipedia.org/wiki/RSpec wikipedia.org/wiki/RSpec] 
2. [http://rspec.info/ rspec.info/ ] 
3. [https://semaphoreci.com/community/tutorials/getting-started-with-rspec semaphoreci.com/community/tutorials/getting-started-with-rspec] 
4. [https://github.com/rspec/rspec github.com/rspec/rspec]

CSC/ECE 517 Fall 2016/E1670. Unit tests for answers.rb

2016-10-29T00:33:23Z

Vdatla:

==E1670 . Unit tests for answers.rb==

This wiki page is for the description of changes made under E1670 OSS assignment for Fall 2016, CSC/ECE 517.

__TOC__

===Background===

Expertiza is an Open Source web application developed on Ruby On Rails platform. It is a platform which allows students to take assignments posted by the course instructors. Expertiza allows students to select assignment topics, form teams and submit their work. It also allows them to review other students' submissions and improve their work based on this feedback.

===Project Description===

In Expertiza, each questionnaire contains many questions, those question may have different types (e.g. checkbox, criterion, etc). When a user fills in a rubric, the responses for each question will become an answer record. The responses of rubrics are stored in answers table in DB. The answer.rb is the model for the answers table in DB. Answer.rb model does not have any test cases and the aim of the project is to write fast, effective and flexible unit test cases that offer maximum code coverage.

===Files Created/Modified===
*answer_spec.rb
*factories.rb

===RSpec===
====RSpec Introduction====
RSpec is a testing framework for Ruby for behavior-driven development (BDD) licensed under MIT. It is inspired by JBehave and contains fully integrated JMock based framework which has a very rich and powerful DSL (domain-specific language) which resembles a natural language specification.
Composed of multiple libraries structured to work together, RSpec provides encapsulated testing via the describe block to specify the behavior of the class and the context for the unit test case.

==== Why RSpec? ====
RSpec is easy to learn and implement and can be used with other testing tools like Cucumber and Minitest independently. It is extremely powerful for testing states with complicated setup and also helps in tearing down complex code to access the objects required for testing
RSpec semantics encourage agile thinking and practice and it structures the tests in a more intuitive way.

===Functions in answers.rb===

'''Function Name : Compute_scores'''

Compute_scores is a function in model answer.rb which gives the average, maximum and minimum scores obtained in a series a responses/assessments. It has two input parameters: List of assessments and questions. The function iterates over each assessment to get the total score of that assessment. If the response or review is invalid, that assessment won’t be considered in the calculation of the score average. After iterating over all assessments, Max score, and Min scores are calculated along with the average score based on the number of valid assessments. Their scores are returned by the function.

'''Rspec Unit Test : Compute_scores'''

Following scenarios are tested:

* To return scores as nil if the input list of assessments is nil. This is to make sure no Null Pointer exceptions are thrown by the code
*To return a particular score when a single valid assessment is given as an input.
*To return a particular score when multiple valid assessments are given as an input. This is to test the looping functionality of the method.
*To return a particular score when invalid assessments are given as an input. The validity and total scores are returned by a mock and not by the actual functions. This is to make the test cases less rigid so that failure of dependent functions do not disrupt the functionality of interface level tests.
*To return a particular score when invalid flag is nil. Invalid flag can either be 0,1 or nil. Nil situation is tested to prevent NullPointer Exceptions
*To check if the method get_total_score is called with the right parameters.

This unit test uses a stub and returns a mock value.
<pre>
Answer.stub(:get_total_score)
</pre>
This is to eliminate tight coupling between compute_scores and get_total_scores. Failure in get_total_scores wouldn't break the compute_scores test cases.

'''Function Name : Get_total_scores'''

This function is called by the Compute_scores method of the answer.rb model to compute the total score of an assessment. The input consists of assessment for which the total score is being calculated and the list of questions being evaluated in the assessment. The method uses questionnaire id from the questions and response id to obtain a score view questionnaire data. This score view is a read-only record. The questionnaire data mainly consists of q1_max_question_score, sum_of_weights and weighted_score. Before calculating the score, the function performs two crucial tasks.
*Checks if the answer for a scored question is nil. If it is nil or unanswered, the question will be ignored and not counted towards the score of this response.
* Calls the submission_valid function by passing the response record to set the @invalid flag based on the validity of the response.
The total score is calculated using the below formula

<pre>
(weighted_score / (sum_of_weights * max_question_score)) * 100
</pre>

Any edge cases would return -1 indicating no score

'''Rspec Unit Test : Get_total_scores'''

Following scenarios are tested:

*To return an anticipated total score of a single response without any edge cases. Since this function will be called only on one response at a time, there is no need to test for multiple responses at the same time.
*To return an anticipated total score of a response where nil answer is for a scored question. This is to check if its weight gets removed from the sum_of_weights.
*To return -1 when the sum of weights becomes 0. This can happen when all the scored questions are unanswered. Return value of -1 is checked at the calling function to ensure if a score is returned or not.
*To return -1 when weighted_score of questionnaireData is nil
* To check if submission_valid is called. This method is called to set invalid flag to indicate whether the response entered is valid or not. The validity criteria is explained in the submission_valid? Function.

This unit test uses two stubs and returns mock results
<pre>
ScoreView.stub(:find_by_sql)
</pre>
<pre>
Answer.stub(:where)
</pre>
This is to reduce the outcome of the test to depend on DB calls. For example, in case the connection to DB fails, this unit test would still pass making it less rigid.

'''Function Name : submission_valid?'''

This purpose of this function is to verify the validity of a review based on a deadline. This function obtains a list of AssignmentDueDate objects in descending order which is then compared against the current time to determine which deadlines are valid and which ones are not. The flag variable is used to represent whether or not a deadline was available in the previous iteration of the loop. If the flag is set to TRUE and the deadline is less than the current date, then latest_review_phase_start_time is set to this deadline. A list of ResubmissionTime objects is also retrieved from the controller. These objects are then compared against the then latest_review_phase_start_time variable to determine a response.

Observations: The current implementation of the function is bugged. It retrieves a list of sorted AssignmentDueDate objects and proceeds to check if this list is empty. However, instead of exiting if the function if the list is empty, it carries on execution and raises an exception on hitting the for loop.

*Checks if a review is valid or not by comparing its date with a list of deadlines.
*Returns 1 or 0 depending on validity
*Current implementation is bugged. Throws an exception if no AssignmentDueDate objects are passed, returns nil if any objects are passed.

'''Rspec Unit Test : submission_valid?'''

Following scenarios are tested:

*Passing valid AssignmentDueDate objects
*Not passing any AssignmentDueDate objects

When valid AssignmentDueDate objects are passed, stubs are used to create fake AssignmentDueDate Objects and ResubmissionTime objects. These objects are then populated with valid deadline dates and deadline_type values. These values are then supplied when requested by the submission_valid? Function rather than actually calling the function. The current implementation of this test case expects the program to throw an error when it reaches the for loop. Once this bug is fixed, this test case may be re-written to test a more legitimate test case.

In case an empty list of AssignmentDueDate objects is passed back to the submission_valid?() method. This would cause the function to return nil. When this function is fixed, the following test case may be re-written to test for a more legitimate test-case.

This unit test uses two stubs and returns mock results
<pre>
AssignmentDueDate.stub_chain(:where, :order)
</pre>
The above stub returns two AssignmentDueDate objects whenever the where() and order() method are chained on AssignmentDueDate.
<pre>
ResubmissionTime.stub_chain(:where, :order)
</pre>
The above stub returns two ResubmissionTime objects whenever the where() and order() method are chained on ResubmissionTime.
<pre>
AssignmentDueDate.stub_chain(:where, :order)
</pre>
This stub is used in the second test case to return nil objects.

the stub_chain method can be used to create stubs where chained methods are expected.

'''Function Name : answers_by_question, answers_by_question_for_reviewee,answers_by_question_for_reviewee_in_round'''

These three functions are sql queries that hit the DB to get an output record after a series of selections and joins. SQL queries that hit DB often do not have a high priority when it comes to testing, so the project does not aggressively test these functions. However, these functions are tested to make sure the queries are able to find the right column names and tables successfully. Any change in the table schema would be detected in these test cases. The functionality of these queries are not tested but instead the existence of an output is tested. This ensures that answer.rb is able to make a successful db connection and is sync with the latest db schema. Since the function actually hits the DB, mocks can no longer be used, instead active records were created and saved in test db using FactoryGirl gem from the factories.rb. These records are cleared after every test case.

Following factories were used to create records in the table
*question
*response_record
*response_map
*answer

'''Rspec Unit Test : answers_by_question, answers_by_question_for_reviewee,answers_by_question_for_reviewee_in_round'''

The factories are created such a way that the query would return an output and the tests will pass if the query returns a non nil record. The functionality of these functions would be tested by the integration tests of the controller

<pre>
describe "#test sql queries in answer.rb" do

it "returns answer by question record from db which is not empty" do
assignment_id = 1
q_id = 1
expect(Answer.answers_by_question(assignment_id,q_id)).not_to be_empty
end

it "returns answers by question for reviewee from the db which is not empty" do
assignment_id = 1
reviewee_id = 1
q_id = 1
expect(Answer.answers_by_question_for_reviewee(assignment_id,reviewee_id,q_id)).not_to be_empty
end

it "returns answers by question for reviewee in round from db which is not empty" do
assignment_id = 1
reviewee_id = 1
q_id = 1
round = 1
expect(Answer.answers_by_question_for_reviewee_in_round(assignment_id,reviewee_id,q_id,round)).not_to be_empty
end
end
</pre>

'''Validation and Dependency Rspec Test'''

Apart from testing functions, the models are also tested for validations and external dependencies. Model answer.rb does not have any validations but does have a dependency on question.rb. Answer belongs_to question and this was tested using a simple dependency rspec test.
<pre>
it { should belong_to(:question) }
</pre>
===Running Rspec===
*To run the test suite for a particular file only( answer_spec.rb):
<pre>
root@ubuntu:~/expertiza$ rspec spec/models/answer_spec.rb
</pre>
*To run the entire suite of test cases:
<pre>
root@ubuntu:~/expertiza$ rspec spec
</pre>

===Rspec Test Results===

<pre>
1 deprecation warning total

Finished in 12.39 seconds (files took 11.25 seconds to load)
17 examples, 0 failures

Randomized with seed 37447

Coverage report generated for RSpec to /home/root/expertiza/coverage. 998 / 3919 LOC (25.47%) covered.
[Coveralls] Outside the CI environment, not sending data.
</pre>

===References===
1. [https://en.wikipedia.org/wiki/RSpec wikipedia.org/wiki/RSpec] 
2. [http://rspec.info/ rspec.info/ ] 
3. [https://semaphoreci.com/community/tutorials/getting-started-with-rspec semaphoreci.com/community/tutorials/getting-started-with-rspec] 
4. [https://github.com/rspec/rspec github.com/rspec/rspec]

CSC/ECE 517 Fall 2016/E1670. Unit tests for answers.rb

2016-10-29T00:23:53Z

Vdatla:

==E1670 . Unit tests for answers.rb==

This wiki page is for the description of changes made under E1670 OSS assignment for Fall 2016, CSC/ECE 517.

__TOC__

===Background===

Expertiza is an Open Source web application developed on Ruby On Rails platform. It is a platform which allows students to take assignments posted by the course instructors. Expertiza allows students to select assignment topics, form teams and submit their work. It also allows them to review other students' submissions and improve their work based on this feedback.

===Project Description===

In Expertiza, each questionnaire contains many questions, those question may have different types (e.g. checkbox, criterion, etc). When a user fills in a rubric, the responses for each question will become an answer record. The responses of rubrics are stored in answers table in DB. The answer.rb is the model for the answers table in DB. Answer.rb model does not have any test cases and the aim of the project is to write fast, effective and flexible unit test cases that offer maximum code coverage.

===Files Created/Modified===
*answer_spec.rb
*factories.rb

===RSpec===
====RSpec Introduction====
RSpec is a testing framework for Ruby for behavior-driven development (BDD) licensed under MIT. It is inspired by JBehave and contains fully integrated JMock based framework which has a very rich and powerful DSL (domain-specific language) which resembles a natural language specification.
Composed of multiple libraries structured to work together, RSpec provides encapsulated testing via the describe block to specify the behavior of the class and the context for the unit test case.

==== Why RSpec? ====
RSpec is easy to learn and implement and can be used with other testing tools like Cucumber and Minitest independently. It is extremely powerful for testing states with complicated setup and also helps in tearing down complex code to access the objects required for testing
RSpec semantics encourage agile thinking and practice and it structures the tests in a more intuitive way.

===Functions in answers.rb===

'''Function Name : Compute_scores'''

Compute_scores is a function in model answer.rb which gives the average, maximum and minimum scores obtained in a series a responses/assessments. It has two input parameters: List of assessments and questions. The function iterates over each assessment to get the total score of that assessment. If the response or review is invalid, that assessment won’t be considered in the calculation of the score average. After iterating over all assessments, Max score, and Min scores are calculated along with the average score based on the number of valid assessments. Their scores are returned by the function.

'''Rspec Unit Test : Compute_scores'''

Following scenarios are tested:

* To return scores as nil if the input list of assessments is nil. This is to make sure no Null Pointer exceptions are thrown by the code
*To return a particular score when a single valid assessment is given as an input.
*To return a particular score when multiple valid assessments are given as an input. This is to test the looping functionality of the method.
*To return a particular score when invalid assessments are given as an input. The validity and total scores are returned by a mock and not by the actual functions. This is to make the test cases less rigid so that failure of dependent functions do not disrupt the functionality of interface level tests.
*To return a particular score when invalid flag is nil. Invalid flag can either be 0,1 or nil. Nil situation is tested to prevent NullPointer Exceptions
*To check if the method get_total_score is called with the right parameters.

This unit test uses a stub and returns a mock value.
<pre>
Answer.stub(:get_total_score)
</pre>
This is to eliminate tight coupling between compute_scores and get_total_scores. Failure in get_total_scores wouldn't break the compute_scores test cases.

'''Function Name : Get_total_scores'''

This function is called by the Compute_scores method of the answer.rb model to compute the total score of an assessment. The input consists of assessment for which the total score is being calculated and the list of questions being evaluated in the assessment. The method uses questionnaire id from the questions and response id to obtain a score view questionnaire data. This score view is a read-only record. The questionnaire data mainly consists of q1_max_question_score, sum_of_weights and weighted_score. Before calculating the score, the function performs two crucial tasks.
*Checks if the answer for a scored question is nil. If it is nil or unanswered, the question will be ignored and not counted towards the score of this response.
* Calls the submission_valid function by passing the response record to set the @invalid flag based on the validity of the response.
The total score is calculated using the below formula

<pre>
(weighted_score / (sum_of_weights * max_question_score)) * 100
</pre>

Any edge cases would return -1 indicating no score

'''Rspec Unit Test : Get_total_scores'''

Following scenarios are tested:

*To return an anticipated total score of a single response without any edge cases. Since this function will be called only on one response at a time, there is no need to test for multiple responses at the same time.
*To return an anticipated total score of a response where nil answer is for a scored question. This is to check if its weight gets removed from the sum_of_weights.
*To return -1 when the sum of weights becomes 0. This can happen when all the scored questions are unanswered. Return value of -1 is checked at the calling function to ensure if a score is returned or not.
*To return -1 when weighted_score of questionnaireData is nil
* To check if submission_valid is called. This method is called to set invalid flag to indicate whether the response entered is valid or not. The validity criteria is explained in the submission_valid? Function.

This unit test uses two stubs and returns mock results
<pre>
ScoreView.stub(:find_by_sql)
</pre>
<pre>
Answer.stub(:where)
</pre>
This is to reduce the outcome of the test to depend on DB calls. For example, in case the connection to DB fails, this unit test would still pass making it less rigid.

'''Function Name : submission_valid?'''

This purpose of this function is to verify the validity of a review based on a deadline. This function obtains a list of AssignmentDueDate objects in descending order which is then compared against the current time to determine which deadlines are valid and which ones are not. The flag variable is used to represent whether or not a deadline was available in the previous iteration of the loop. If the flag is set to TRUE and the deadline is less than the current date, then latest_review_phase_start_time is set to this deadline. A list of ResubmissionTime objects is also retrieved from the controller. These objects are then compared against the then latest_review_phase_start_time variable to determine a response.

Observations: The current implementation of the function is bugged. It retrieves a list of sorted AssignmentDueDate objects and proceeds to check if this list is empty. However, instead of exiting if the function if the list is empty, it carries on execution and raises an exception on hitting the for loop.

*Checks if a review is valid or not by comparing its date with a list of deadlines.
*Returns 1 or 0 depending on validity
*Current implementation is bugged. Throws an exception if no AssignmentDueDate objects are passed, returns nil if any objects are passed.

'''Rspec Unit Test : submission_valid?'''

Following scenarios are tested:

*Passing valid AssignmentDueDate objects
*Not passing any AssignmentDueDate objects

When valid AssignmentDueDate objects are passed, stubs are used to create fake AssignmentDueDate Objects and ResubmissionTime objects. These objects are then populated with valid deadline dates and deadline_type values. These values are then supplied when requested by the submission_valid? Function rather than actually calling the function. The current implementation of this test case expects the program to throw an error when it reaches the for loop. Once this bug is fixed, this test case may be re-written to test a more legitimate test case.

In case an empty list of AssignmentDueDate objects is passed back to the submission_valid?() method. This would cause the function to return nil. When this function is fixed, the following test case may be re-written to test for a more legitimate test-case.

This unit test uses two stubs and returns mock results
<pre>
AssignmentDueDate.stub_chain(:where, :order)
</pre>
The above stub returns two AssignmentDueDate objects whenever the where() and order() method are chained on AssignmentDueDate.
<pre>
ResubmissionTime.stub_chain(:where, :order)
</pre>
The above stub returns two ResubmissionTime objects whenever the where() and order() method are chained on ResubmissionTime.
<pre>
AssignmentDueDate.stub_chain(:where, :order)
</pre>
This stub is used in the second test case to return nil objects.

the stub_chain method can be used to create stubs where chained methods are expected.

'''Function Name : answers_by_question, answers_by_question_for_reviewee,answers_by_question_for_reviewee_in_round'''

These three functions are sql queries that hit the DB to get a output record after a series of selections and joins. SQL queries that hit DB often do not have a high priority when it comes to testing, so the project does not aggressively test these functions. However, these functions are tested to make sure the queries are able to find the right column names and tables successfully. Any change in the table schema would be detected in these test cases. The functionality of these queries are not tested but instead existence of an output is tested. This ensures that answer.rb is able to make a successful db connection and is sync with the latest db schema. Since the function actually hits the DB, mocks can no longer be used, instead active records were created and saved in test db using FactoryGirl gem from the factories.rb. These records are cleared after every test case.

Following factories were used to create records in the table
*question
*response_record
*response_map
*answer

'''Rspec Unit Test : answers_by_question, answers_by_question_for_reviewee,answers_by_question_for_reviewee_in_round'''

The factories are created such a way that the query would return an output and the tests will pass if the query returns a non nil record. The functionality of these functions would be tested by the integration tests of the controller

<pre>
describe "#test sql queries in answer.rb" do

it "returns answer by question record from db which is not empty" do
assignment_id = 1
q_id = 1
expect(Answer.answers_by_question(assignment_id,q_id)).not_to be_empty
end

it "returns answers by question for reviewee from the db which is not empty" do
assignment_id = 1
reviewee_id = 1
q_id = 1
expect(Answer.answers_by_question_for_reviewee(assignment_id,reviewee_id,q_id)).not_to be_empty
end

it "returns answers by question for reviewee in round from db which is not empty" do
assignment_id = 1
reviewee_id = 1
q_id = 1
round = 1
expect(Answer.answers_by_question_for_reviewee_in_round(assignment_id,reviewee_id,q_id,round)).not_to be_empty
end
end
</pre>

'''Validation and Dependency Rspec Test'''

Apart from testing functions, the models are also tested for validations and external dependencies. Model answer.rb does not have any validations but does have a dependency on question.rb. Answer belongs_to question and this was tested using a simple dependency rspec test.
<pre>
it { should belong_to(:question) }
</pre>
===Running Rspec===
*To run the test suite for a particular file only( answer_spec.rb):
<pre>
root@ubuntu:~/expertiza$ rspec spec/models/answer_spec.rb
</pre>
*To run the entire suite of test cases:
<pre>
root@ubuntu:~/expertiza$ rspec spec
</pre>

===Rspec Test Results===

<pre>
1 deprecation warning total

Finished in 12.39 seconds (files took 11.25 seconds to load)
17 examples, 0 failures

Randomized with seed 37447

Coverage report generated for RSpec to /home/root/expertiza/coverage. 998 / 3919 LOC (25.47%) covered.
[Coveralls] Outside the CI environment, not sending data.
</pre>

===References===
1. [https://en.wikipedia.org/wiki/RSpec wikipedia.org/wiki/RSpec] 
2. [http://rspec.info/ rspec.info/ ] 
3. [https://semaphoreci.com/community/tutorials/getting-started-with-rspec semaphoreci.com/community/tutorials/getting-started-with-rspec] 
4. [https://github.com/rspec/rspec github.com/rspec/rspec]

CSC/ECE 517 Fall 2016/E1670. Unit tests for answers.rb

2016-10-29T00:20:24Z

Vdatla:

==E1670 . Unit tests for answers.rb==

This wiki page is for the description of changes made under E1670 OSS assignment for Fall 2016, CSC/ECE 517.

__TOC__

===Background===

Expertiza is an Open Source web application developed on Ruby On Rails platform. It is a platform which allows students to take assignments posted by the course instructors. Expertiza allows students to select assignment topics, form teams and submit their work. It also allows them to review other students' submissions and improve their work based on this feedback.

===Project Description===

In Expertiza, each questionnaire contains many questions, those question may have different types (e.g. checkbox, criterion, etc). When a user fills in a rubric, the responses for each question will become an answer record. The responses of rubrics are stored in answers table in DB. The answer.rb is the model for the answers table in DB. Answer.rb model does not have any test cases and the aim of the project is to write fast, effective and flexible unit test cases that offer maximum code coverage.

===Files Created/Modified===
*answer_spec.rb
*factories.rb

===RSpec===
====RSpec Introduction====
RSpec is a testing framework for Ruby for behavior-driven development (BDD) licensed under MIT. It is inspired by JBehave and contains fully integrated JMock based framework which has a very rich and powerful DSL (domain-specific language) which resembles a natural language specification.
Composed of multiple libraries structured to work together, RSpec provides encapsulated testing via the describe block to specify the behavior of the class and the context for the unit test case.

==== Why RSpec? ====
RSpec is easy to learn and implement and can be used with other testing tools like Cucumber and Minitest independently. It is extremely powerful for testing states with complicated setup and also helps in tearing down complex code to access the objects required for testing
RSpec semantics encourage agile thinking and practice and it structures the tests in a more intuitive way.

===Functions in answers.rb===

'''Function Name : Compute_scores'''

Compute_scores is a function in model answer.rb which gives the average, maximum and minimum scores obtained in a series a responses/assessments. It has two input parameters: List of assessments and questions. The function iterates over each assessment to get the total score of that assessment. If the response or review is invalid, that assessment won’t be considered in the calculation of the score average. After iterating over all assessments, Max score, and Min scores are calculated along with the average score based on the number of valid assessments. Their scores are returned by the function.

'''Rspec Unit Test : Compute_scores'''

Following scenarios are tested:

* To return scores as nil if the input list of assessments is nil. This is to make sure no Null Pointer exceptions are thrown by the code
*To return a particular score when a single valid assessment is given as an input.
*To return a particular score when multiple valid assessments are given as an input. This is to test the looping functionality of the method.
*To return a particular score when invalid assessments are given as an input. The validity and total scores are returned by a mock and not by the actual functions. This is to make the test cases less rigid so that failure of dependent functions do not disrupt the functionality of interface level tests.
*To return a particular score when invalid flag is nil. Invalid flag can either be 0,1 or nil. Nil situation is tested to prevent NullPointer Exceptions
*To check if the method get_total_score is called with the right parameters.

This unit test uses a stub and returns a mock value.
<pre>
Answer.stub(:get_total_score)
</pre>
This is to eliminate tight coupling between compute_scores and get_total_scores. Failure in get_total_scores wouldn't break the compute_scores test cases.

'''Function Name : Get_total_scores'''

This function is called by the Compute_scores method of the answer.rb model to compute the total score of an assessment. The input consists of assessment for which the total score is being calculated and the list of questions being evaluated in the assessment. The method uses questionnaire id from the questions and response id to obtain a score view questionnaire data. This score view is a read-only record. The questionnaire data mainly consists of q1_max_question_score, sum_of_weights and weighted_score. Before calculating the score, the function performs two crucial tasks.
*Checks if the answer for a scored question is nil. If it is nil or unanswered, the question will be ignored and not counted towards the score of this response.
* Calls the submission_valid function by passing the response record to set the @invalid flag based on the validity of the response.
The total score is calculated using the below formula

<pre>
(weighted_score / (sum_of_weights * max_question_score)) * 100
</pre>

Any edge cases would return -1 indicating no score

'''Rspec Unit Test : Get_total_scores'''

Following scenarios are tested:

*To return an anticipated total score of a single response without any edge cases. Since this function will be called only on one response at a time, there is no need to test for multiple responses at the same time.
*To return an anticipated total score of a response where nil answer is for a scored question. This is to check if its weight gets removed from the sum_of_weights.
*To return -1 when the sum of weights becomes 0. This can happen when all the scored questions are unanswered. Return value of -1 is checked at the calling function to ensure if a score is returned or not.
*To return -1 when weighted_score of questionnaireData is nil
* To check if submission_valid is called. This method is called to set invalid flag to indicate whether the response entered is valid or not. The validity criteria is explained in the submission_valid? Function.

This unit test uses two stubs and returns mock results
<pre>
ScoreView.stub(:find_by_sql)
</pre>
<pre>
Answer.stub(:where)
</pre>
This is to reduce the outcome of the test to depend on DB calls. For example, in case the connection to DB fails, this unit test would still pass making it less rigid.

'''Function Name : submission_valid?'''

This purpose of this function is to verify the validity of a review based on a deadline. This function obtains a list of AssignmentDueDate objects in descending order which is then compared against the current time to determine which deadlines are valid and which ones are not. The flag variable is used to represent whether or not a deadline was available in the previous iteration of the loop. If the flag is set to TRUE and the deadline is less than the current date, then latest_review_phase_start_time is set to this deadline. A list of ResubmissionTime objects is also retrieved from the controller. These objects are then compared against the then latest_review_phase_start_time variable to determine a response.

Observations: The current implementation of the function is bugged. It retrieves a list of sorted AssignmentDueDate objects and proceeds to check if this list is empty. However, instead of exiting if the function if the list is empty, it carries on execution and raises an exception on hitting the for loop.

*Checks if a review is valid or not by comparing its date with a list of deadlines.
*Returns 1 or 0 depending on validity
*Current implementation is bugged. Throws an exception if no AssignmentDueDate objects are passed, returns nil if any objects are passed.

'''Rspec Unit Test : submission_valid?'''

Following scenarios are tested:

*Passing valid AssignmentDueDate objects
*Not passing any AssignmentDueDate objects

When valid AssignmentDueDate objects are passed, stubs are used to create fake AssignmentDueDate Objects and ResubmissionTime objects. These objects are then populated with valid deadline dates and deadline_type values. These values are then supplied when requested by the submission_valid? Function rather than actually calling the function. The current implementation of this test case expects the program to throw an error when it reaches the for loop. Once this bug is fixed, this test case may be re-written to test a more legitimate test case.

In case an empty list of AssignmentDueDate objects is passed back to the submission_valid?() method. This would cause the function to return nil. When this function is fixed, the following test case may be re-written to test for a more legitimate test-case.

This unit test uses two stubs and returns mock results
<pre>
AssignmentDueDate.stub_chain(:where, :order)
</pre>
The above stub returns two AssignmentDueDate objects whenever the where() and order() method are chained on AssignmentDueDate.
<pre>
ResubmissionTime.stub_chain(:where, :order)
</pre>
The above stub returns two ResubmissionTime objects whenever the where() and order() method are chained on ResubmissionTime.
<pre>
AssignmentDueDate.stub_chain(:where, :order)
</pre>
This stub is used in the second test case to return nil objects.

the stub_chain method can be used to create stubs where chained methods are expected.

'''Function Name : answers_by_question, answers_by_question_for_reviewee,answers_by_question_for_reviewee_in_round'''

These three functions are sql queries that hit the DB to get a output record after a series of selections and joins. SQL queries that hit DB often do not have a high priority when it comes to testing, so the project does not aggressively test these functions. However, these functions are tested to make sure the queries are able to find the right column names and tables successfully. Any change in the table schema would be detected in these test cases. The functionality of these queries are not tested but instead existence of an output is tested. This ensures that answer.rb is able to make a successful db connection and is sync with the latest db schema. Since the function actually hits the DB, mocks can no longer be used, instead active records were created and saved in test db using FactoryGirl gem from the factories.rb. These records are cleared after every test case.

Following factories were used to create records in the table
*question
*response_record
*response_map
*answer

'''Rspec Unit Test : answers_by_question, answers_by_question_for_reviewee,answers_by_question_for_reviewee_in_round'''

The factories are created such a way that the query would return an output and the tests will pass if the query returns a non nil record. The functionality of these functions would be tested by the integration tests of the controller

'''Validation and Dependency Rspec Test'''

Apart from testing functions, the models are also tested for validations and external dependencies. Model answer.rb does not have any validations but does have a dependency on question.rb. Answer belongs_to question and this was tested using a simple dependency rspec test.
<pre>
it { should belong_to(:question) }
</pre>
===Running Rspec===
*To run the test suite for a particular file only( answer_spec.rb):
<pre>
root@ubuntu:~/expertiza$ rspec spec/models/answer_spec.rb
</pre>
*To run the entire suite of test cases:
<pre>
root@ubuntu:~/expertiza$ rspec spec
</pre>

===Rspec Test Results===

<pre>
1 deprecation warning total

Finished in 12.39 seconds (files took 11.25 seconds to load)
17 examples, 0 failures

Randomized with seed 37447

Coverage report generated for RSpec to /home/root/expertiza/coverage. 998 / 3919 LOC (25.47%) covered.
[Coveralls] Outside the CI environment, not sending data.
</pre>

===References===
1. [https://en.wikipedia.org/wiki/RSpec wikipedia.org/wiki/RSpec] 
2. [http://rspec.info/ rspec.info/ ] 
3. [https://semaphoreci.com/community/tutorials/getting-started-with-rspec semaphoreci.com/community/tutorials/getting-started-with-rspec] 
4. [https://github.com/rspec/rspec github.com/rspec/rspec]

CSC/ECE 517 Fall 2016/E1670. Unit tests for answers.rb

2016-10-29T00:19:48Z

Vdatla:

==E1670 . Unit tests for answers.rb==

This wiki page is for the description of changes made under E1670 OSS assignment for Fall 2016, CSC/ECE 517.

__TOC__

===Background===

Expertiza is an Open Source web application developed on Ruby On Rails platform. It is a platform which allows students to take assignments posted by the course instructors. Expertiza allows students to select assignment topics, form teams and submit their work. It also allows them to review other students' submissions and improve their work based on this feedback.

===Project Description===

In Expertiza, each questionnaire contains many questions, those question may have different types (e.g. checkbox, criterion, etc). When a user fills in a rubric, the responses for each question will become an answer record. The responses of rubrics are stored in answers table in DB. The answer.rb is the model for the answers table in DB. Answer.rb model does not have any test cases and the aim of the project is to write fast, effective and flexible unit test cases that offer maximum code coverage.

===Files Created/Modified===
*answer_spec.rb
*factories.rb

===RSpec===
====RSpec Introduction====
RSpec is a testing framework for Ruby for behavior-driven development (BDD) licensed under MIT. It is inspired by JBehave and contains fully integrated JMock based framework which has a very rich and powerful DSL (domain-specific language) which resembles a natural language specification.
Composed of multiple libraries structured to work together, RSpec provides encapsulated testing via the describe block to specify the behavior of the class and the context for the unit test case.

==== Why RSpec? ====
RSpec is easy to learn and implement and can be used with other testing tools like Cucumber and Minitest independently. It is extremely powerful for testing states with complicated setup and also helps in tearing down complex code to access the objects required for testing
RSpec semantics encourage agile thinking and practice and it structures the tests in a more intuitive way.

===Functions in answers.rb===

'''Function Name : Compute_scores'''

Compute_scores is a function in model answer.rb which gives the average, maximum and minimum scores obtained in a series a responses/assessments. It has two input parameters: List of assessments and questions. The function iterates over each assessment to get the total score of that assessment. If the response or review is invalid, that assessment won’t be considered in the calculation of the score average. After iterating over all assessments, Max score, and Min scores are calculated along with the average score based on the number of valid assessments. Their scores are returned by the function.

'''Rspec Unit Test : Compute_scores'''

Following scenarios are tested:

* To return scores as nil if the input list of assessments is nil. This is to make sure no Null Pointer exceptions are thrown by the code
*To return a particular score when a single valid assessment is given as an input.
*To return a particular score when multiple valid assessments are given as an input. This is to test the looping functionality of the method.
*To return a particular score when invalid assessments are given as an input. The validity and total scores are returned by a mock and not by the actual functions. This is to make the test cases less rigid so that failure of dependent functions do not disrupt the functionality of interface level tests.
*To return a particular score when invalid flag is nil. Invalid flag can either be 0,1 or nil. Nil situation is tested to prevent NullPointer Exceptions
*To check if the method get_total_score is called with the right parameters.

This unit test uses a stub and returns a mock value.
<pre>
Answer.stub(:get_total_score)
</pre>
This is to eliminate tight coupling between compute_scores and get_total_scores. Failure in get_total_scores wouldn't break the compute_scores test cases.

'''Function Name : Get_total_scores'''

This function is called by the Compute_scores method of the answer.rb model to compute the total score of an assessment. The input consists of assessment for which the total score is being calculated and the list of questions being evaluated in the assessment. The method uses questionnaire id from the questions and response id to obtain a score view questionnaire data. This score view is a read-only record. The questionnaire data mainly consists of q1_max_question_score, sum_of_weights and weighted_score. Before calculating the score, the function performs two crucial tasks.
*Checks if the answer for a scored question is nil. If it is nil or unanswered, the question will be ignored and not counted towards the score of this response.
* Calls the submission_valid function by passing the response record to set the @invalid flag based on the validity of the response.
The total score is calculated using the below formula

<pre>
(weighted_score / (sum_of_weights * max_question_score)) * 100
</pre>

Any edge cases would return -1 indicating no score

'''Rspec Unit Test : Get_total_scores'''

Following scenarios are tested:

*To return an anticipated total score of a single response without any edge cases. Since this function will be called only on one response at a time, there is no need to test for multiple responses at the same time.
*To return an anticipated total score of a response where nil answer is for a scored question. This is to check if its weight gets removed from the sum_of_weights.
*To return -1 when the sum of weights becomes 0. This can happen when all the scored questions are unanswered. Return value of -1 is checked at the calling function to ensure if a score is returned or not.
*To return -1 when weighted_score of questionnaireData is nil
* To check if submission_valid is called. This method is called to set invalid flag to indicate whether the response entered is valid or not. The validity criteria is explained in the submission_valid? Function.

This unit test uses two stubs and returns mock results
<pre>
ScoreView.stub(:find_by_sql)
</pre>
<pre>
Answer.stub(:where)
</pre>
This is to reduce the outcome of the test to depend on DB calls. For example, in case the connection to DB fails, this unit test would still pass making it less rigid.

'''Function Name : submission_valid?'''

This purpose of this function is to verify the validity of a review based on a deadline. This function obtains a list of AssignmentDueDate objects in descending order which is then compared against the current time to determine which deadlines are valid and which ones are not. The flag variable is used to represent whether or not a deadline was available in the previous iteration of the loop. If the flag is set to TRUE and the deadline is less than the current date, then latest_review_phase_start_time is set to this deadline. A list of ResubmissionTime objects is also retrieved from the controller. These objects are then compared against the then latest_review_phase_start_time variable to determine a response.

Observations: The current implementation of the function is bugged. It retrieves a list of sorted AssignmentDueDate objects and proceeds to check if this list is empty. However, instead of exiting if the function if the list is empty, it carries on execution and raises an exception on hitting the for loop.

*Checks if a review is valid or not by comparing its date with a list of deadlines.
*Returns 1 or 0 depending on validity
*Current implementation is bugged. Throws an exception if no AssignmentDueDate objects are passed, returns nil if any objects are passed.

'''Rspec Unit Test : submission_valid?'''

Following scenarios are tested:

*Passing valid AssignmentDueDate objects
*Not passing any AssignmentDueDate objects

When valid AssignmentDueDate objects are passed, stubs are used to create fake AssignmentDueDate Objects and ResubmissionTime objects. These objects are then populated with valid deadline dates and deadline_type values. These values are then supplied when requested by the submission_valid? Function rather than actually calling the function. The current implementation of this test case expects the program to throw an error when it reaches the for loop. Once this bug is fixed, this test case may be re-written to test a more legitimate test case.

In case an empty list of AssignmentDueDate objects is passed back to the submission_valid?() method. This would cause the function to return nil. When this function is fixed, the following test case may be re-written to test for a more legitimate test-case.

This unit test uses two stubs and returns mock results
<pre>
AssignmentDueDate.stub_chain(:where, :order)
</pre>
The above stub returns two AssignmentDueDate objects whenever the where() and order() method are chained on AssignmentDueDate.
<pre>
ResubmissionTime.stub_chain(:where, :order)
</pre>
The above stub returns two ResubmissionTime objects whenever the where() and order() method are chained on ResubmissionTime.
<pre>
AssignmentDueDate.stub_chain(:where, :order)
</pre>
This stub is used in the second test case to return nil objects.

the stub_chain method can be used to create stubs where chained methods are expected.

'''Function Name : answers_by_question, answers_by_question_for_reviewee,answers_by_question_for_reviewee_in_round'''

These three functions are sql queries that hit the DB to get a output record after a series of selections and joins. SQL queries that hit DB often do not have a high priority when it comes to testing, so the project does not aggressively test these functions. However, these functions are tested to make sure the queries are able to find the right column names and tables successfully. Any change in the table schema would be detected in these test cases. The functionality of these queries are not tested but instead existence of an output is tested. This ensures that answer.rb is able to make a successful db connection and is sync with the latest db schema. Since the function actually hits the DB, mocks can no longer be used, instead active records were created and saved in test db using FactoryGirl gem from the factories.rb. These records are cleared after every test case.

Following factories were used to create records in the table
*question
*response_record
*response_map
*answer

'''Rspec Unit Test : answers_by_question, answers_by_question_for_reviewee,answers_by_question_for_reviewee_in_round'''

The factories are created such a way that the query would return an output and the tests will pass if the query returns a non nil record. The functionality of these functions would be tested by the integration tests of the controller

'''Validation and Dependency Rspec Test'''

Apart from testing functions, the models are also tested for validations and external dependencies. Model answer.rb does not have any validations but does have a dependency on question.rb. Answer belongs_to question and this was tested using a simple dependency rspec test.
<pre>
it { should belong_to(:question) }
</pre>
===Running Rspec===
*To run the test suite for a particular file only( answer_spec.rb):
<pre>
root@ubuntu:~/expertiza$ rspec spec/models/answer_spec.rb
</pre>
*To run the entire suite of test cases:
<pre>
root@ubuntu:~/expertiza$ rspec spec
</pre>

===Rspec Test Results===

<pre>
1 deprecation warning total

Finished in 12.39 seconds (files took 11.25 seconds to load)
17 examples, 0 failures

Randomized with seed 37447

Coverage report generated for RSpec to /home/root/expertiza/coverage. 998 / 3919 LOC (25.47%) covered.
[Coveralls] Outside the CI environment, not sending data.
</pre>

===References===
1. [https://en.wikipedia.org/wiki/RSpec wikipedia.org/wiki/RSpec] 
2. [http://rspec.info/] 
3. [https://semaphoreci.com/community/tutorials/getting-started-with-rspec] 
4. [https://github.com/rspec/rspec]

CSC/ECE 517 Fall 2016/E1670. Unit tests for answers.rb

2016-10-29T00:18:51Z

Vdatla:

==E1670 . Unit tests for answers.rb==

This wiki page is for the description of changes made under E1670 OSS assignment for Fall 2016, CSC/ECE 517.

__TOC__

===Background===

Expertiza is an Open Source web application developed on Ruby On Rails platform. It is a platform which allows students to take assignments posted by the course instructors. Expertiza allows students to select assignment topics, form teams and submit their work. It also allows them to review other students' submissions and improve their work based on this feedback.

===Project Description===

In Expertiza, each questionnaire contains many questions, those question may have different types (e.g. checkbox, criterion, etc). When a user fills in a rubric, the responses for each question will become an answer record. The responses of rubrics are stored in answers table in DB. The answer.rb is the model for the answers table in DB. Answer.rb model does not have any test cases and the aim of the project is to write fast, effective and flexible unit test cases that offer maximum code coverage.

===Files Created/Modified===
*answer_spec.rb
*factories.rb

===RSpec===
====RSpec Introduction====
RSpec is a testing framework for Ruby for behavior-driven development (BDD) licensed under MIT. It is inspired by JBehave and contains fully integrated JMock based framework which has a very rich and powerful DSL (domain-specific language) which resembles a natural language specification.
Composed of multiple libraries structured to work together, RSpec provides encapsulated testing via the describe block to specify the behavior of the class and the context for the unit test case.

==== Why RSpec? ====
RSpec is easy to learn and implement and can be used with other testing tools like Cucumber and Minitest independently. It is extremely powerful for testing states with complicated setup and also helps in tearing down complex code to access the objects required for testing
RSpec semantics encourage agile thinking and practice and it structures the tests in a more intuitive way.

===Functions in answers.rb===

'''Function Name : Compute_scores'''

Compute_scores is a function in model answer.rb which gives the average, maximum and minimum scores obtained in a series a responses/assessments. It has two input parameters: List of assessments and questions. The function iterates over each assessment to get the total score of that assessment. If the response or review is invalid, that assessment won’t be considered in the calculation of the score average. After iterating over all assessments, Max score, and Min scores are calculated along with the average score based on the number of valid assessments. Their scores are returned by the function.

'''Rspec Unit Test : Compute_scores'''

Following scenarios are tested:

* To return scores as nil if the input list of assessments is nil. This is to make sure no Null Pointer exceptions are thrown by the code
*To return a particular score when a single valid assessment is given as an input.
*To return a particular score when multiple valid assessments are given as an input. This is to test the looping functionality of the method.
*To return a particular score when invalid assessments are given as an input. The validity and total scores are returned by a mock and not by the actual functions. This is to make the test cases less rigid so that failure of dependent functions do not disrupt the functionality of interface level tests.
*To return a particular score when invalid flag is nil. Invalid flag can either be 0,1 or nil. Nil situation is tested to prevent NullPointer Exceptions
*To check if the method get_total_score is called with the right parameters.

This unit test uses a stub and returns a mock value.
<pre>
Answer.stub(:get_total_score)
</pre>
This is to eliminate tight coupling between compute_scores and get_total_scores. Failure in get_total_scores wouldn't break the compute_scores test cases.

'''Function Name : Get_total_scores'''

This function is called by the Compute_scores method of the answer.rb model to compute the total score of an assessment. The input consists of assessment for which the total score is being calculated and the list of questions being evaluated in the assessment. The method uses questionnaire id from the questions and response id to obtain a score view questionnaire data. This score view is a read-only record. The questionnaire data mainly consists of q1_max_question_score, sum_of_weights and weighted_score. Before calculating the score, the function performs two crucial tasks.
*Checks if the answer for a scored question is nil. If it is nil or unanswered, the question will be ignored and not counted towards the score of this response.
* Calls the submission_valid function by passing the response record to set the @invalid flag based on the validity of the response.
The total score is calculated using the below formula

<pre>
(weighted_score / (sum_of_weights * max_question_score)) * 100
</pre>

Any edge cases would return -1 indicating no score

'''Rspec Unit Test : Get_total_scores'''

Following scenarios are tested:

*To return an anticipated total score of a single response without any edge cases. Since this function will be called only on one response at a time, there is no need to test for multiple responses at the same time.
*To return an anticipated total score of a response where nil answer is for a scored question. This is to check if its weight gets removed from the sum_of_weights.
*To return -1 when the sum of weights becomes 0. This can happen when all the scored questions are unanswered. Return value of -1 is checked at the calling function to ensure if a score is returned or not.
*To return -1 when weighted_score of questionnaireData is nil
* To check if submission_valid is called. This method is called to set invalid flag to indicate whether the response entered is valid or not. The validity criteria is explained in the submission_valid? Function.

This unit test uses two stubs and returns mock results
<pre>
ScoreView.stub(:find_by_sql)
</pre>
<pre>
Answer.stub(:where)
</pre>
This is to reduce the outcome of the test to depend on DB calls. For example, in case the connection to DB fails, this unit test would still pass making it less rigid.

'''Function Name : submission_valid?'''

This purpose of this function is to verify the validity of a review based on a deadline. This function obtains a list of AssignmentDueDate objects in descending order which is then compared against the current time to determine which deadlines are valid and which ones are not. The flag variable is used to represent whether or not a deadline was available in the previous iteration of the loop. If the flag is set to TRUE and the deadline is less than the current date, then latest_review_phase_start_time is set to this deadline. A list of ResubmissionTime objects is also retrieved from the controller. These objects are then compared against the then latest_review_phase_start_time variable to determine a response.

Observations: The current implementation of the function is bugged. It retrieves a list of sorted AssignmentDueDate objects and proceeds to check if this list is empty. However, instead of exiting if the function if the list is empty, it carries on execution and raises an exception on hitting the for loop.

*Checks if a review is valid or not by comparing its date with a list of deadlines.
*Returns 1 or 0 depending on validity
*Current implementation is bugged. Throws an exception if no AssignmentDueDate objects are passed, returns nil if any objects are passed.

'''Rspec Unit Test : submission_valid?'''

Following scenarios are tested:

*Passing valid AssignmentDueDate objects
*Not passing any AssignmentDueDate objects

When valid AssignmentDueDate objects are passed, stubs are used to create fake AssignmentDueDate Objects and ResubmissionTime objects. These objects are then populated with valid deadline dates and deadline_type values. These values are then supplied when requested by the submission_valid? Function rather than actually calling the function. The current implementation of this test case expects the program to throw an error when it reaches the for loop. Once this bug is fixed, this test case may be re-written to test a more legitimate test case.

In case an empty list of AssignmentDueDate objects is passed back to the submission_valid?() method. This would cause the function to return nil. When this function is fixed, the following test case may be re-written to test for a more legitimate test-case.

This unit test uses two stubs and returns mock results
<pre>
AssignmentDueDate.stub_chain(:where, :order)
</pre>
The above stub returns two AssignmentDueDate objects whenever the where() and order() method are chained on AssignmentDueDate.
<pre>
ResubmissionTime.stub_chain(:where, :order)
</pre>
The above stub returns two ResubmissionTime objects whenever the where() and order() method are chained on ResubmissionTime.
<pre>
AssignmentDueDate.stub_chain(:where, :order)
</pre>
This stub is used in the second test case to return nil objects.

the stub_chain method can be used to create stubs where chained methods are expected.

'''Function Name : answers_by_question, answers_by_question_for_reviewee,answers_by_question_for_reviewee_in_round'''

These three functions are sql queries that hit the DB to get a output record after a series of selections and joins. SQL queries that hit DB often do not have a high priority when it comes to testing, so the project does not aggressively test these functions. However, these functions are tested to make sure the queries are able to find the right column names and tables successfully. Any change in the table schema would be detected in these test cases. The functionality of these queries are not tested but instead existence of an output is tested. This ensures that answer.rb is able to make a successful db connection and is sync with the latest db schema. Since the function actually hits the DB, mocks can no longer be used, instead active records were created and saved in test db using FactoryGirl gem from the factories.rb. These records are cleared after every test case.

Following factories were used to create records in the table
*question
*response_record
*response_map
*answer

'''Rspec Unit Test : answers_by_question, answers_by_question_for_reviewee,answers_by_question_for_reviewee_in_round'''

The factories are created such a way that the query would return an output and the tests will pass if the query returns a non nil record. The functionality of these functions would be tested by the integration tests of the controller

'''Validation and Dependency Rspec Test'''

Apart from testing functions, the models are also tested for validations and external dependencies. Model answer.rb does not have any validations but does have a dependency on question.rb. Answer belongs_to question and this was tested using a simple dependency rspec test.
<pre>
it { should belong_to(:question) }
</pre>
===Running Rspec===
*To run the test suite for a particular file only( answer_spec.rb):
<pre>
root@ubuntu:~/expertiza$ rspec spec/models/answer_spec.rb
</pre>
*To run the entire suite of test cases:
<pre>
root@ubuntu:~/expertiza$ rspec spec
</pre>

===Rspec Test Results===

<pre>
1 deprecation warning total

Finished in 12.39 seconds (files took 11.25 seconds to load)
17 examples, 0 failures

Randomized with seed 37447

Coverage report generated for RSpec to /home/root/expertiza/coverage. 998 / 3919 LOC (25.47%) covered.
[Coveralls] Outside the CI environment, not sending data.
</pre>

===References===
1. [https://en.wikipedia.org/wiki/RSpec] 
2. [http://rspec.info/] 
3. [https://semaphoreci.com/community/tutorials/getting-started-with-rspec] 
4. [https://github.com/rspec/rspec]

CSC/ECE 517 Fall 2016/E1670. Unit tests for answers.rb

2016-10-29T00:15:27Z

Vdatla:

==E1670 . Unit tests for answers.rb==

This wiki page is for the description of changes made under E1670 OSS assignment for Fall 2016, CSC/ECE 517.

__TOC__

===Background===

Expertiza is an Open Source web application developed on Ruby On Rails platform. It is a platform which allows students to take assignments posted by the course instructors. Expertiza allows students to select assignment topics, form teams and submit their work. It also allows them to review other students' submissions and improve their work based on this feedback.

===Project Description===

In Expertiza, each questionnaire contains many questions, those question may have different types (e.g. checkbox, criterion, etc). When a user fills in a rubric, the responses for each question will become an answer record. The responses of rubrics are stored in answers table in DB. The answer.rb is the model for the answers table in DB. Answer.rb model does not have any test cases and the aim of the project is to write fast, effective and flexible unit test cases that offer maximum code coverage.

===Files Created/Modified===
*answer_spec.rb
*factories.rb

===RSpec===
====RSpec Introduction====
RSpec is a testing framework for Ruby for behavior-driven development (BDD) licensed under MIT. It is inspired by JBehave and contains fully integrated JMock based framework which has a very rich and powerful DSL (domain-specific language) which resembles a natural language specification.
Composed of multiple libraries structured to work together, RSpec provides encapsulated testing via the describe block to specify the behavior of the class and the context for the unit test case.

==== Why RSpec? ====
RSpec is easy to learn and implement and can be used with other testing tools like Cucumber and Minitest independently. It is extremely powerful for testing states with complicated setup and also helps in tearing down complex code to access the objects required for testing
RSpec semantics encourage agile thinking and practice and it structures the tests in a more intuitive way.

===Functions in answers.rb===

'''Function Name : Compute_scores'''

Compute_scores is a function in model answer.rb which gives the average, maximum and minimum scores obtained in a series a responses/assessments. It has two input parameters: List of assessments and questions. The function iterates over each assessment to get the total score of that assessment. If the response or review is invalid, that assessment won’t be considered in the calculation of the score average. After iterating over all assessments, Max score, and Min scores are calculated along with the average score based on the number of valid assessments. Their scores are returned by the function.

'''Rspec Unit Test : Compute_scores'''

Following scenarios are tested:

* To return scores as nil if the input list of assessments is nil. This is to make sure no Null Pointer exceptions are thrown by the code
*To return a particular score when a single valid assessment is given as an input.
*To return a particular score when multiple valid assessments are given as an input. This is to test the looping functionality of the method.
*To return a particular score when invalid assessments are given as an input. The validity and total scores are returned by a mock and not by the actual functions. This is to make the test cases less rigid so that failure of dependent functions do not disrupt the functionality of interface level tests.
*To return a particular score when invalid flag is nil. Invalid flag can either be 0,1 or nil. Nil situation is tested to prevent NullPointer Exceptions
*To check if the method get_total_score is called with the right parameters.

This unit test uses a stub and returns a mock value.
<pre>
Answer.stub(:get_total_score)
</pre>
This is to eliminate tight coupling between compute_scores and get_total_scores. Failure in get_total_scores wouldn't break the compute_scores test cases.

'''Function Name : Get_total_scores'''

This function is called by the Compute_scores method of the answer.rb model to compute the total score of an assessment. The input consists of assessment for which the total score is being calculated and the list of questions being evaluated in the assessment. The method uses questionnaire id from the questions and response id to obtain a score view questionnaire data. This score view is a read-only record. The questionnaire data mainly consists of q1_max_question_score, sum_of_weights and weighted_score. Before calculating the score, the function performs two crucial tasks.
*Checks if the answer for a scored question is nil. If it is nil or unanswered, the question will be ignored and not counted towards the score of this response.
* Calls the submission_valid function by passing the response record to set the @invalid flag based on the validity of the response.
The total score is calculated using the below formula

<pre>
(weighted_score / (sum_of_weights * max_question_score)) * 100
</pre>

Any edge cases would return -1 indicating no score

'''Rspec Unit Test : Get_total_scores'''

Following scenarios are tested:

*To return an anticipated total score of a single response without any edge cases. Since this function will be called only on one response at a time, there is no need to test for multiple responses at the same time.
*To return an anticipated total score of a response where nil answer is for a scored question. This is to check if its weight gets removed from the sum_of_weights.
*To return -1 when the sum of weights becomes 0. This can happen when all the scored questions are unanswered. Return value of -1 is checked at the calling function to ensure if a score is returned or not.
*To return -1 when weighted_score of questionnaireData is nil
* To check if submission_valid is called. This method is called to set invalid flag to indicate whether the response entered is valid or not. The validity criteria is explained in the submission_valid? Function.

This unit test uses two stubs and returns mock results
<pre>
ScoreView.stub(:find_by_sql)
</pre>
<pre>
Answer.stub(:where)
</pre>
This is to reduce the outcome of the test to depend on DB calls. For example, in case the connection to DB fails, this unit test would still pass making it less rigid.

'''Function Name : submission_valid?'''

This purpose of this function is to verify the validity of a review based on a deadline. This function obtains a list of AssignmentDueDate objects in descending order which is then compared against the current time to determine which deadlines are valid and which ones are not. The flag variable is used to represent whether or not a deadline was available in the previous iteration of the loop. If the flag is set to TRUE and the deadline is less than the current date, then latest_review_phase_start_time is set to this deadline. A list of ResubmissionTime objects is also retrieved from the controller. These objects are then compared against the then latest_review_phase_start_time variable to determine a response.

Observations: The current implementation of the function is bugged. It retrieves a list of sorted AssignmentDueDate objects and proceeds to check if this list is empty. However, instead of exiting if the function if the list is empty, it carries on execution and raises an exception on hitting the for loop.

*Checks if a review is valid or not by comparing its date with a list of deadlines.
*Returns 1 or 0 depending on validity
*Current implementation is bugged. Throws an exception if no AssignmentDueDate objects are passed, returns nil if any objects are passed.

'''Rspec Unit Test : submission_valid?'''

Following scenarios are tested:

*Passing valid AssignmentDueDate objects
*Not passing any AssignmentDueDate objects

When valid AssignmentDueDate objects are passed, stubs are used to create fake AssignmentDueDate Objects and ResubmissionTime objects. These objects are then populated with valid deadline dates and deadline_type values. These values are then supplied when requested by the submission_valid? Function rather than actually calling the function. The current implementation of this test case expects the program to throw an error when it reaches the for loop. Once this bug is fixed, this test case may be re-written to test a more legitimate test case.

In case an empty list of AssignmentDueDate objects is passed back to the submission_valid?() method. This would cause the function to return nil. When this function is fixed, the following test case may be re-written to test for a more legitimate test-case.

This unit test uses two stubs and returns mock results
<pre>
AssignmentDueDate.stub_chain(:where, :order)
</pre>
The above stub returns two AssignmentDueDate objects whenever the where() and order() method are chained on AssignmentDueDate.
<pre>
ResubmissionTime.stub_chain(:where, :order)
</pre>
The above stub returns two ResubmissionTime objects whenever the where() and order() method are chained on ResubmissionTime.
<pre>
AssignmentDueDate.stub_chain(:where, :order)
</pre>
This stub is used in the second test case to return nil objects.

the stub_chain method can be used to create stubs where chained methods are expected.

'''Function Name : answers_by_question, answers_by_question_for_reviewee,answers_by_question_for_reviewee_in_round'''

These three functions are sql queries that hit the DB to get a output record after a series of selections and joins. SQL queries that hit DB often do not have a high priority when it comes to testing, so the project does not aggressively test these functions. However, these functions are tested to make sure the queries are able to find the right column names and tables successfully. Any change in the table schema would be detected in these test cases. The functionality of these queries are not tested but instead existence of an output is tested. This ensures that answer.rb is able to make a successful db connection and is sync with the latest db schema. Since the function actually hits the DB, mocks can no longer be used, instead active records were created and saved in test db using FactoryGirl gem from the factories.rb. These records are cleared after every test case.

Following factories were used to create records in the table
*question
*response_record
*response_map
*answer

'''Rspec Unit Test : answers_by_question, answers_by_question_for_reviewee,answers_by_question_for_reviewee_in_round'''

The factories are created such a way that the query would return an output and the tests will pass if the query returns a non nil record. The functionality of these functions would be tested by the integration tests of the controller

'''Validation and Dependency Rspec Test'''

Apart from testing functions, the models are also tested for validations and external dependencies. Model answer.rb does not have any validations but does have a dependency on question.rb. Answer belongs_to question and this was tested using a simple dependency rspec test.
<pre>
it { should belong_to(:question) }
</pre>

===Rspec Test Results===

<pre>
1 deprecation warning total

Finished in 12.39 seconds (files took 11.25 seconds to load)
17 examples, 0 failures

Randomized with seed 37447

Coverage report generated for RSpec to /home/root/expertiza/coverage. 998 / 3919 LOC (25.47%) covered.
[Coveralls] Outside the CI environment, not sending data.
</pre>

CSC/ECE 517 Fall 2016/E1670. Unit tests for answers.rb

2016-10-29T00:14:56Z

Vdatla:

==E1670 . Unit tests for answers.rb==

This wiki page is for the description of changes made under E1670 OSS assignment for Fall 2016, CSC/ECE 517.

__TOC__

===Background===

Expertiza is an Open Source web application developed on Ruby On Rails platform. It is a platform which allows students to take assignments posted by the course instructors. Expertiza allows students to select assignment topics, form teams and submit their work. It also allows them to review other students' submissions and improve their work based on this feedback.

===Project Description===

In Expertiza, each questionnaire contains many questions, those question may have different types (e.g. checkbox, criterion, etc). When a user fills in a rubric, the responses for each question will become an answer record. The responses of rubrics are stored in answers table in DB. The answer.rb is the model for the answers table in DB. Answer.rb model does not have any test cases and the aim of the project is to write fast, effective and flexible unit test cases that offer maximum code coverage.

===Files Created/Modified===
*answer_spec.rb
*factories.rb

===RSpec===
====RSpec Introduction====
RSpec is a testing framework for Ruby for behavior-driven development (BDD) licensed under MIT. It is inspired by JBehave and contains fully integrated JMock based framework which has a very rich and powerful DSL (domain-specific language) which resembles a natural language specification.
Composed of multiple libraries structured to work together, RSpec provides encapsulated testing via the describe block to specify the behavior of the class and the context for the unit test case.

==== Why RSpec? ====
RSpec is easy to learn and implement and can be used with other testing tools like Cucumber and Minitest independently. It is extremely powerful for testing states with complicated setup and also helps in tearing down complex code to access the objects required for testing
RSpec semantics encourage agile thinking and practice and it structures the tests in a more intuitive way.

===Functions in answers.rb===

'''Function Name : Compute_scores'''

Compute_scores is a function in model answer.rb which gives the average, maximum and minimum scores obtained in a series a responses/assessments. It has two input parameters: List of assessments and questions. The function iterates over each assessment to get the total score of that assessment. If the response or review is invalid, that assessment won’t be considered in the calculation of the score average. After iterating over all assessments, Max score, and Min scores are calculated along with the average score based on the number of valid assessments. Their scores are returned by the function.

'''Rspec Unit Test : Compute_scores'''

Following scenarios are tested:

* To return scores as nil if the input list of assessments is nil. This is to make sure no Null Pointer exceptions are thrown by the code
*To return a particular score when a single valid assessment is given as an input.
*To return a particular score when multiple valid assessments are given as an input. This is to test the looping functionality of the method.
*To return a particular score when invalid assessments are given as an input. The validity and total scores are returned by a mock and not by the actual functions. This is to make the test cases less rigid so that failure of dependent functions do not disrupt the functionality of interface level tests.
*To return a particular score when invalid flag is nil. Invalid flag can either be 0,1 or nil. Nil situation is tested to prevent NullPointer Exceptions
*To check if the method get_total_score is called with the right parameters.

This unit test uses a stub and returns a mock value.
<pre>
Answer.stub(:get_total_score)
</pre>
This is to eliminate tight coupling between compute_scores and get_total_scores. Failure in get_total_scores wouldn't break the compute_scores test cases.

'''Function Name : Get_total_scores'''

This function is called by the Compute_scores method of the answer.rb model to compute the total score of an assessment. The input consists of assessment for which the total score is being calculated and the list of questions being evaluated in the assessment. The method uses questionnaire id from the questions and response id to obtain a score view questionnaire data. This score view is a read-only record. The questionnaire data mainly consists of q1_max_question_score, sum_of_weights and weighted_score. Before calculating the score, the function performs two crucial tasks.
*Checks if the answer for a scored question is nil. If it is nil or unanswered, the question will be ignored and not counted towards the score of this response.
* Calls the submission_valid function by passing the response record to set the @invalid flag based on the validity of the response.
The total score is calculated using the below formula

<pre>
(weighted_score / (sum_of_weights * max_question_score)) * 100
</pre>

Any edge cases would return -1 indicating no score

'''Rspec Unit Test : Get_total_scores'''

Following scenarios are tested:

*To return an anticipated total score of a single response without any edge cases. Since this function will be called only on one response at a time, there is no need to test for multiple responses at the same time.
*To return an anticipated total score of a response where nil answer is for a scored question. This is to check if its weight gets removed from the sum_of_weights.
*To return -1 when the sum of weights becomes 0. This can happen when all the scored questions are unanswered. Return value of -1 is checked at the calling function to ensure if a score is returned or not.
*To return -1 when weighted_score of questionnaireData is nil
* To check if submission_valid is called. This method is called to set invalid flag to indicate whether the response entered is valid or not. The validity criteria is explained in the submission_valid? Function.

This unit test uses two stubs and returns mock results
<pre>
ScoreView.stub(:find_by_sql)
</pre>
<pre>
Answer.stub(:where)
</pre>
This is to reduce the outcome of the test to depend on DB calls. For example, in case the connection to DB fails, this unit test would still pass making it less rigid.

'''Function Name : submission_valid?'''

This purpose of this function is to verify the validity of a review based on a deadline. This function obtains a list of AssignmentDueDate objects in descending order which is then compared against the current time to determine which deadlines are valid and which ones are not. The flag variable is used to represent whether or not a deadline was available in the previous iteration of the loop. If the flag is set to TRUE and the deadline is less than the current date, then latest_review_phase_start_time is set to this deadline. A list of ResubmissionTime objects is also retrieved from the controller. These objects are then compared against the then latest_review_phase_start_time variable to determine a response.

Observations: The current implementation of the function is bugged. It retrieves a list of sorted AssignmentDueDate objects and proceeds to check if this list is empty. However, instead of exiting if the function if the list is empty, it carries on execution and raises an exception on hitting the for loop.

*Checks if a review is valid or not by comparing its date with a list of deadlines.
*Returns 1 or 0 depending on validity
*Current implementation is bugged. Throws an exception if no AssignmentDueDate objects are passed, returns nil if any objects are passed.

'''Rspec Unit Test : submission_valid?'''

Following scenarios are tested:

*Passing valid AssignmentDueDate objects
*Not passing any AssignmentDueDate objects

When valid AssignmentDueDate objects are passed, stubs are used to create fake AssignmentDueDate Objects and ResubmissionTime objects. These objects are then populated with valid deadline dates and deadline_type values. These values are then supplied when requested by the submission_valid? Function rather than actually calling the function. The current implementation of this test case expects the program to throw an error when it reaches the for loop. Once this bug is fixed, this test case may be re-written to test a more legitimate test case.

In case an empty list of AssignmentDueDate objects is passed back to the submission_valid?() method. This would cause the function to return nil. When this function is fixed, the following test case may be re-written to test for a more legitimate test-case.

This unit test uses two stubs and returns mock results
<pre>
AssignmentDueDate.stub_chain(:where, :order)
</pre>
The above stub returns two AssignmentDueDate objects whenever the where() and order() method are chained on AssignmentDueDate.
<pre>
ResubmissionTime.stub_chain(:where, :order)
</pre>
The above stub returns two ResubmissionTime objects whenever the where() and order() method are chained on ResubmissionTime.
<pre>
AssignmentDueDate.stub_chain(:where, :order)
</pre>
This stub is used in the second test case to return nil objects.

the stub_chain method can be used to create stubs where chained methods are expected.

'''Function Name : answers_by_question, answers_by_question_for_reviewee,answers_by_question_for_reviewee_in_round'''

These three functions are sql queries that hit the DB to get a output record after a series of selections and joins. SQL queries that hit DB often do not have a high priority when it comes to testing, so the project does not aggressively test these functions. However, these functions are tested to make sure the queries are able to find the right column names and tables successfully. Any change in the table schema would be detected in these test cases. The functionality of these queries are not tested but instead existence of an output is tested. This ensures that answer.rb is able to make a successful db connection and is sync with the latest db schema. Since the function actually hits the DB, mocks can no longer be used, instead active records were created and saved in test db using FactoryGirl gem from the factories.rb. These records are cleared after every test case.

Following factories were used to create records in the table
*question
*response_record
*response_map
*answer

'''Rspec Unit Test : answers_by_question, answers_by_question_for_reviewee,answers_by_question_for_reviewee_in_round'''

The factories are created such a way that the query would return an output and the tests will pass if the query returns a non nil record. The functionality of these functions would be tested by the integration tests of the controller

'''Validation and Dependency Rspec Test'''

Apart from testing functions, the models are also tested for validations and external dependencies. Model answer.rb does not have any validations but does have a dependency on question.rb. Answer belongs_to question and this was tested using a simple dependency rspec test.
<pre>
it { should belong_to(:question) }
</pre>

===Rspec Test Results===

<pre>
1 deprecation warning total

Finished in 12.39 seconds (files took 11.25 seconds to load)
17 examples, 0 failures

Randomized with seed 37447

Coverage report generated for RSpec to /home/root/expertiza/coverage. 998 / 3919 LOC (25.47%) covered.
[Coveralls] Outside the CI environment, not sending data.
root@ubuntu:~/expertiza$
</pre>

CSC/ECE 517 Fall 2016

2016-10-29T00:12:15Z

Vdatla: /* Writing Assignments 2 */

E1670

2016-10-29T00:08:27Z

Vdatla: moved E1670 to CSC/ECE 517 Fall 2016/E1670. Unit tests for answers.rb

#REDIRECT [[CSC/ECE 517 Fall 2016/E1670. Unit tests for answers.rb]]

CSC/ECE 517 Fall 2016/E1670. Unit tests for answers.rb

2016-10-29T00:08:27Z

Vdatla: moved E1670 to CSC/ECE 517 Fall 2016/E1670. Unit tests for answers.rb

==E1670 . Unit tests for answers.rb==

This wiki page is for the description of changes made under E1670 OSS assignment for Fall 2016, CSC/ECE 517.

__TOC__

===Background===

Expertiza is an Open Source web application developed on Ruby On Rails platform. It is a platform which allows students to take assignments posted by the course instructors. Expertiza allows students to select assignment topics, form teams and submit their work. It also allows them to review other students' submissions and improve their work based on this feedback.

===Project Description===

In Expertiza, each questionnaire contains many questions, those question may have different types (e.g. checkbox, criterion, etc). When a user fills in a rubric, the responses for each question will become an answer record. The responses of rubrics are stored in answers table in DB. The answer.rb is the model for the answers table in DB. Answer.rb model does not have any test cases and the aim of the project is to write fast, effective and flexible unit test cases that offer maximum code coverage.

===Files Created/Modified===
*answer_spec.rb
*factories.rb

===RSpec===
====RSpec Introduction====
RSpec is a testing framework for Ruby for behavior-driven development (BDD) licensed under MIT. It is inspired by JBehave and contains fully integrated JMock based framework which has a very rich and powerful DSL (domain-specific language) which resembles a natural language specification.
Composed of multiple libraries structured to work together, RSpec provides encapsulated testing via the describe block to specify the behavior of the class and the context for the unit test case.

==== Why RSpec? ====
RSpec is easy to learn and implement and can be used with other testing tools like Cucumber and Minitest independently. It is extremely powerful for testing states with complicated setup and also helps in tearing down complex code to access the objects required for testing
RSpec semantics encourage agile thinking and practice and it structures the tests in a more intuitive way.

===Functions in answers.rb===

'''Function Name : Compute_scores'''

Compute_scores is a function in model answer.rb which gives the average, maximum and minimum scores obtained in a series a responses/assessments. It has two input parameters: List of assessments and questions. The function iterates over each assessment to get the total score of that assessment. If the response or review is invalid, that assessment won’t be considered in the calculation of the score average. After iterating over all assessments, Max score, and Min scores are calculated along with the average score based on the number of valid assessments. Their scores are returned by the function.

'''Rspec Unit Test : Compute_scores'''

Following scenarios are tested:

* To return scores as nil if the input list of assessments is nil. This is to make sure no Null Pointer exceptions are thrown by the code
*To return a particular score when a single valid assessment is given as an input.
*To return a particular score when multiple valid assessments are given as an input. This is to test the looping functionality of the method.
*To return a particular score when invalid assessments are given as an input. The validity and total scores are returned by a mock and not by the actual functions. This is to make the test cases less rigid so that failure of dependent functions do not disrupt the functionality of interface level tests.
*To return a particular score when invalid flag is nil. Invalid flag can either be 0,1 or nil. Nil situation is tested to prevent NullPointer Exceptions
*To check if the method get_total_score is called with the right parameters.

This unit test uses a stub and returns a mock value.
<pre>
Answer.stub(:get_total_score)
</pre>
This is to eliminate tight coupling between compute_scores and get_total_scores. Failure in get_total_scores wouldn't break the compute_scores test cases.

'''Function Name : Get_total_scores'''

This function is called by the Compute_scores method of the answer.rb model to compute the total score of an assessment. The input consists of assessment for which the total score is being calculated and the list of questions being evaluated in the assessment. The method uses questionnaire id from the questions and response id to obtain a score view questionnaire data. This score view is a read-only record. The questionnaire data mainly consists of q1_max_question_score, sum_of_weights and weighted_score. Before calculating the score, the function performs two crucial tasks.
*Checks if the answer for a scored question is nil. If it is nil or unanswered, the question will be ignored and not counted towards the score of this response.
* Calls the submission_valid function by passing the response record to set the @invalid flag based on the validity of the response.
The total score is calculated using the below formula

<pre>
(weighted_score / (sum_of_weights * max_question_score)) * 100
</pre>

Any edge cases would return -1 indicating no score

'''Rspec Unit Test : Get_total_scores'''

Following scenarios are tested:

*To return an anticipated total score of a single response without any edge cases. Since this function will be called only on one response at a time, there is no need to test for multiple responses at the same time.
*To return an anticipated total score of a response where nil answer is for a scored question. This is to check if its weight gets removed from the sum_of_weights.
*To return -1 when the sum of weights becomes 0. This can happen when all the scored questions are unanswered. Return value of -1 is checked at the calling function to ensure if a score is returned or not.
*To return -1 when weighted_score of questionnaireData is nil
* To check if submission_valid is called. This method is called to set invalid flag to indicate whether the response entered is valid or not. The validity criteria is explained in the submission_valid? Function.

This unit test uses two stubs and returns mock results
<pre>
ScoreView.stub(:find_by_sql)
</pre>
<pre>
Answer.stub(:where)
</pre>
This is to reduce the outcome of the test to depend on DB calls. For example, in case the connection to DB fails, this unit test would still pass making it less rigid.

'''Function Name : submission_valid?'''

This purpose of this function is to verify the validity of a review based on a deadline. This function obtains a list of AssignmentDueDate objects in descending order which is then compared against the current time to determine which deadlines are valid and which ones are not. The flag variable is used to represent whether or not a deadline was available in the previous iteration of the loop. If the flag is set to TRUE and the deadline is less than the current date, then latest_review_phase_start_time is set to this deadline. A list of ResubmissionTime objects is also retrieved from the controller. These objects are then compared against the then latest_review_phase_start_time variable to determine a response.

Observations: The current implementation of the function is bugged. It retrieves a list of sorted AssignmentDueDate objects and proceeds to check if this list is empty. However, instead of exiting if the function if the list is empty, it carries on execution and raises an exception on hitting the for loop.

*Checks if a review is valid or not by comparing its date with a list of deadlines.
*Returns 1 or 0 depending on validity
*Current implementation is bugged. Throws an exception if no AssignmentDueDate objects are passed, returns nil if any objects are passed.

'''Rspec Unit Test : submission_valid?'''

Following scenarios are tested:

*Passing valid AssignmentDueDate objects
*Not passing any AssignmentDueDate objects

When valid AssignmentDueDate objects are passed, stubs are used to create fake AssignmentDueDate Objects and ResubmissionTime objects. These objects are then populated with valid deadline dates and deadline_type values. These values are then supplied when requested by the submission_valid? Function rather than actually calling the function. The current implementation of this test case expects the program to throw an error when it reaches the for loop. Once this bug is fixed, this test case may be re-written to test a more legitimate test case.

In case an empty list of AssignmentDueDate objects is passed back to the submission_valid?() method. This would cause the function to return nil. When this function is fixed, the following test case may be re-written to test for a more legitimate test-case.

This unit test uses two stubs and returns mock results
<pre>
AssignmentDueDate.stub_chain(:where, :order)
</pre>
The above stub returns two AssignmentDueDate objects whenever the where() and order() method are chained on AssignmentDueDate.
<pre>
ResubmissionTime.stub_chain(:where, :order)
</pre>
The above stub returns two ResubmissionTime objects whenever the where() and order() method are chained on ResubmissionTime.
<pre>
AssignmentDueDate.stub_chain(:where, :order)
</pre>
This stub is used in the second test case to return nil objects.

the stub_chain method can be used to create stubs where chained methods are expected.

'''Function Name : answers_by_question, answers_by_question_for_reviewee,answers_by_question_for_reviewee_in_round'''

These three functions are sql queries that hit the DB to get a output record after a series of selections and joins. SQL queries that hit DB often do not have a high priority when it comes to testing, so the project does not aggressively test these functions. However, these functions are tested to make sure the queries are able to find the right column names and tables successfully. Any change in the table schema would be detected in these test cases. The functionality of these queries are not tested but instead existence of an output is tested. This ensures that answer.rb is able to make a successful db connection and is sync with the latest db schema. Since the function actually hits the DB, mocks can no longer be used, instead active records were created and saved in test db using FactoryGirl gem from the factories.rb. These records are cleared after every test case.

Following factories were used to create records in the table
*question
*response_record
*response_map
*answer

'''Rspec Unit Test : answers_by_question, answers_by_question_for_reviewee,answers_by_question_for_reviewee_in_round'''

The factories are created such a way that the query would return an output and the tests will pass if the query returns a non nil record. The functionality of these functions would be tested by the integration tests of the controller

'''Validation and Dependency Rspec Test'''

Apart from testing functions, the models are also tested for validations and external dependencies. Model answer.rb does not have any validations but does have a dependency on question.rb. Answer belongs_to question and this was tested using a simple dependency rspec test.
<pre>
it { should belong_to(:question) }
</pre>

CSC/ECE 517 Fall 2016/E1670. Unit tests for answers.rb

2016-10-28T06:32:36Z

Vdatla:

==E1670 . Unit tests for answers.rb==

This wiki page is for the description of changes made under E1670 OSS assignment for Fall 2016, CSC/ECE 517.

__TOC__

===Background===

Expertiza is an Open Source web application developed on Ruby On Rails platform. It is a platform which allows students to take assignments posted by the course instructors. Expertiza allows students to select assignment topics, form teams and submit their work. It also allows them to review other students' submissions and improve their work based on this feedback.

===Project Description===

In Expertiza, each questionnaire contains many questions, those question may have different types (e.g. checkbox, criterion, etc). When a user fills in a rubric, the responses for each question will become an answer record. The responses of rubrics are stored in answers table in DB. The answer.rb is the model for the answers table in DB. Answer.rb model does not have any test cases and the aim of the project is to write fast, effective and flexible unit test cases that offer maximum code coverage.

===Files Created/Modified===
*answer_spec.rb
*factories.rb

===RSpec===
====RSpec Introduction====
RSpec is a testing framework for Ruby for behavior-driven development (BDD) licensed under MIT. It is inspired by JBehave and contains fully integrated JMock based framework which has a very rich and powerful DSL (domain-specific language) which resembles a natural language specification.
Composed of multiple libraries structured to work together, RSpec provides encapsulated testing via the describe block to specify the behavior of the class and the context for the unit test case.

==== Why RSpec? ====
RSpec is easy to learn and implement and can be used with other testing tools like Cucumber and Minitest independently. It is extremely powerful for testing states with complicated setup and also helps in tearing down complex code to access the objects required for testing
RSpec semantics encourage agile thinking and practice and it structures the tests in a more intuitive way.

===Functions in answers.rb===

'''Function Name : Compute_scores'''

Compute_scores is a function in model answer.rb which gives the average, maximum and minimum scores obtained in a series a responses/assessments. It has two input parameters: List of assessments and questions. The function iterates over each assessment to get the total score of that assessment. If the response or review is invalid, that assessment won’t be considered in the calculation of the score average. After iterating over all assessments, Max score, and Min scores are calculated along with the average score based on the number of valid assessments. Their scores are returned by the function.

'''Rspec Unit Test : Compute_scores'''

Following scenarios are tested:

* To return scores as nil if the input list of assessments is nil. This is to make sure no Null Pointer exceptions are thrown by the code
*To return a particular score when a single valid assessment is given as an input.
*To return a particular score when multiple valid assessments are given as an input. This is to test the looping functionality of the method.
*To return a particular score when invalid assessments are given as an input. The validity and total scores are returned by a mock and not by the actual functions. This is to make the test cases less rigid so that failure of dependent functions do not disrupt the functionality of interface level tests.
*To return a particular score when invalid flag is nil. Invalid flag can either be 0,1 or nil. Nil situation is tested to prevent NullPointer Exceptions
*To check if the method get_total_score is called with the right parameters.

This unit test uses a stub and returns a mock value.
<pre>
Answer.stub(:get_total_score)
</pre>
This is to eliminate tight coupling between compute_scores and get_total_scores. Failure in get_total_scores wouldn't break the compute_scores test cases.

'''Function Name : Get_total_scores'''

This function is called by the Compute_scores method of the answer.rb model to compute the total score of an assessment. The input consists of assessment for which the total score is being calculated and the list of questions being evaluated in the assessment. The method uses questionnaire id from the questions and response id to obtain a score view questionnaire data. This score view is a read-only record. The questionnaire data mainly consists of q1_max_question_score, sum_of_weights and weighted_score. Before calculating the score, the function performs two crucial tasks.
*Checks if the answer for a scored question is nil. If it is nil or unanswered, the question will be ignored and not counted towards the score of this response.
* Calls the submission_valid function by passing the response record to set the @invalid flag based on the validity of the response.
The total score is calculated using the below formula

<pre>
(weighted_score / (sum_of_weights * max_question_score)) * 100
</pre>

Any edge cases would return -1 indicating no score

'''Rspec Unit Test : Get_total_scores'''

Following scenarios are tested:

*To return an anticipated total score of a single response without any edge cases. Since this function will be called only on one response at a time, there is no need to test for multiple responses at the same time.
*To return an anticipated total score of a response where nil answer is for a scored question. This is to check if its weight gets removed from the sum_of_weights.
*To return -1 when the sum of weights becomes 0. This can happen when all the scored questions are unanswered. Return value of -1 is checked at the calling function to ensure if a score is returned or not.
*To return -1 when weighted_score of questionnaireData is nil
* To check if submission_valid is called. This method is called to set invalid flag to indicate whether the response entered is valid or not. The validity criteria is explained in the submission_valid? Function.

This unit test uses two stubs and returns mock results
<pre>
ScoreView.stub(:find_by_sql)
</pre>
<pre>
Answer.stub(:where)
</pre>
This is to reduce the outcome of the test to depend on DB calls. For example, in case the connection to DB fails, this unit test would still pass making it less rigid.

'''Function Name : submission_valid?'''

This purpose of this function is to verify the validity of a review based on a deadline. This function obtains a list of AssignmentDueDate objects in descending order which is then compared against the current time to determine which deadlines are valid and which ones are not. The flag variable is used to represent whether or not a deadline was available in the previous iteration of the loop. If the flag is set to TRUE and the deadline is less than the current date, then latest_review_phase_start_time is set to this deadline. A list of ResubmissionTime objects is also retrieved from the controller. These objects are then compared against the then latest_review_phase_start_time variable to determine a response.

Observations: The current implementation of the function is bugged. It retrieves a list of sorted AssignmentDueDate objects and proceeds to check if this list is empty. However, instead of exiting if the function if the list is empty, it carries on execution and raises an exception on hitting the for loop.

*Checks if a review is valid or not by comparing its date with a list of deadlines.
*Returns 1 or 0 depending on validity
*Current implementation is bugged. Throws an exception if no AssignmentDueDate objects are passed, returns nil if any objects are passed.

'''Rspec Unit Test : submission_valid?'''

Following scenarios are tested:

*Passing valid AssignmentDueDate objects
*Not passing any AssignmentDueDate objects

When valid AssignmentDueDate objects are passed, stubs are used to create fake AssignmentDueDate Objects and ResubmissionTime objects. These objects are then populated with valid deadline dates and deadline_type values. These values are then supplied when requested by the submission_valid? Function rather than actually calling the function. The current implementation of this test case expects the program to throw an error when it reaches the for loop. Once this bug is fixed, this test case may be re-written to test a more legitimate test case.

In case an empty list of AssignmentDueDate objects is passed back to the submission_valid?() method. This would cause the function to return nil. When this function is fixed, the following test case may be re-written to test for a more legitimate test-case.

This unit test uses two stubs and returns mock results
<pre>
AssignmentDueDate.stub_chain(:where, :order)
</pre>
The above stub returns two AssignmentDueDate objects whenever the where() and order() method are chained on AssignmentDueDate.
<pre>
ResubmissionTime.stub_chain(:where, :order)
</pre>
The above stub returns two ResubmissionTime objects whenever the where() and order() method are chained on ResubmissionTime.
<pre>
AssignmentDueDate.stub_chain(:where, :order)
</pre>
This stub is used in the second test case to return nil objects.

the stub_chain method can be used to create stubs where chained methods are expected.

'''Function Name : answers_by_question, answers_by_question_for_reviewee,answers_by_question_for_reviewee_in_round'''

These three functions are sql queries that hit the DB to get a output record after a series of selections and joins. SQL queries that hit DB often do not have a high priority when it comes to testing, so the project does not aggressively test these functions. However, these functions are tested to make sure the queries are able to find the right column names and tables successfully. Any change in the table schema would be detected in these test cases. The functionality of these queries are not tested but instead existence of an output is tested. This ensures that answer.rb is able to make a successful db connection and is sync with the latest db schema. Since the function actually hits the DB, mocks can no longer be used, instead active records were created and saved in test db using FactoryGirl gem from the factories.rb. These records are cleared after every test case.

Following factories were used to create records in the table
*question
*response_record
*response_map
*answer

'''Rspec Unit Test : answers_by_question, answers_by_question_for_reviewee,answers_by_question_for_reviewee_in_round'''

The factories are created such a way that the query would return an output and the tests will pass if the query returns a non nil record. The functionality of these functions would be tested by the integration tests of the controller

'''Validation and Dependency Rspec Test'''

Apart from testing functions, the models are also tested for validations and external dependencies. Model answer.rb does not have any validations but does have a dependency on question.rb. Answer belongs_to question and this was tested using a simple dependency rspec test.
<pre>
it { should belong_to(:question) }
</pre>

CSC/ECE 517 Fall 2016/E1670. Unit tests for answers.rb

2016-10-28T06:17:36Z

Vdatla:

==E1670 . Unit tests for answers.rb==

This wiki page is for the description of changes made under E1670 OSS assignment for Fall 2016, CSC/ECE 517.

__TOC__

===Background===

Expertiza is an Open Source web application developed on Ruby On Rails platform. It is a platform which allows students to take assignments posted by the course instructors. Expertiza allows students to select assignment topics, form teams and submit their work. It also allows them to review other students' submissions and improve their work based on this feedback.

===Project Description===

In Expertiza, each questionnaire contains many questions, those question may have different types (e.g. checkbox, criterion, etc). When a user fills in a rubric, the responses for each question will become an answer record. The responses of rubrics are stored in answers table in DB. The answer.rb is the model for the answers table in DB. Answer.rb model does not have any test cases and the aim of the project is to write fast, effective and flexible unit test cases that offer maximum code coverage.

===Files Created/Modified===
*answer_spec.rb
*factories.rb

===RSpec===
====RSpec Introduction====
RSpec is a testing framework for Ruby for behavior-driven development (BDD) licensed under MIT. It is inspired by JBehave and contains fully integrated JMock based framework which has a very rich and powerful DSL (domain-specific language) which resembles a natural language specification.
Composed of multiple libraries structured to work together, RSpec provides encapsulated testing via the describe block to specify the behavior of the class and the context for the unit test case.

==== Why RSpec? ====
RSpec is easy to learn and implement and can be used with other testing tools like Cucumber and Minitest independently. It is extremely powerful for testing states with complicated setup and also helps in tearing down complex code to access the objects required for testing
RSpec semantics encourage agile thinking and practice and it structures the tests in a more intuitive way.

===Functions in answers.rb===

'''Function Name : Compute_scores'''

Compute_scores is a function in model answer.rb which gives the average, maximum and minimum scores obtained in a series a responses/assessments. It has two input parameters: List of assessments and questions. The function iterates over each assessment to get the total score of that assessment. If the response or review is invalid, that assessment won’t be considered in the calculation of the score average. After iterating over all assessments, Max score, and Min scores are calculated along with the average score based on the number of valid assessments. Their scores are returned by the function.

'''Rspec Unit Test : Compute_scores'''

Following scenarios are tested:

* To return scores as nil if the input list of assessments is nil. This is to make sure no Null Pointer exceptions are thrown by the code
*To return a particular score when a single valid assessment is given as an input.
*To return a particular score when multiple valid assessments are given as an input. This is to test the looping functionality of the method.
*To return a particular score when invalid assessments are given as an input. The validity and total scores are returned by a mock and not by the actual functions. This is to make the test cases less rigid so that failure of dependent functions do not disrupt the functionality of interface level tests.
*To return a particular score when invalid flag is nil. Invalid flag can either be 0,1 or nil. Nil situation is tested to prevent NullPointer Exceptions
*To check if the method get_total_score is called with the right parameters.

This unit test uses a stub and returns a mock value.
<pre>
Answer.stub(:get_total_score)
</pre>
This is to eliminate tight coupling between compute_scores and get_total_scores. Failure in get_total_scores wouldn't break the compute_scores test cases.

'''Function Name : Get_total_scores'''

This function is called by the Compute_scores method of the answer.rb model to compute the total score of an assessment. The input consists of assessment for which the total score is being calculated and the list of questions being evaluated in the assessment. The method uses questionnaire id from the questions and response id to obtain a score view questionnaire data. This score view is a read-only record. The questionnaire data mainly consists of q1_max_question_score, sum_of_weights and weighted_score. Before calculating the score, the function performs two crucial tasks.
*Checks if the answer for a scored question is nil. If it is nil or unanswered, the question will be ignored and not counted towards the score of this response.
* Calls the submission_valid function by passing the response record to set the @invalid flag based on the validity of the response.
The total score is calculated using the below formula

<pre>
(weighted_score / (sum_of_weights * max_question_score)) * 100
</pre>

Any edge cases would return -1 indicating no score

'''Rspec Unit Test : Get_total_scores'''

Following scenarios are tested:

*To return an anticipated total score of a single response without any edge cases. Since this function will be called only on one response at a time, there is no need to test for multiple responses at the same time.
*To return an anticipated total score of a response where nil answer is for a scored question. This is to check if its weight gets removed from the sum_of_weights.
*To return -1 when the sum of weights becomes 0. This can happen when all the scored questions are unanswered. Return value of -1 is checked at the calling function to ensure if a score is returned or not.
*To return -1 when weighted_score of questionnaireData is nil
* To check if submission_valid is called. This method is called to set invalid flag to indicate whether the response entered is valid or not. The validity criteria is explained in the submission_valid? Function.

This unit test uses two stubs and returns mock results
<pre>
ScoreView.stub(:find_by_sql)
</pre>
<pre>
Answer.stub(:where)
</pre>
This is to reduce the outcome of the test to depend on DB calls. For example, in case the connection to DB fails, this unit test would still pass making it less rigid.

'''Function Name : submission_valid?'''

This purpose of this function is to verify the validity of a review based on a deadline. This function obtains a list of AssignmentDueDate objects in descending order which is then compared against the current time to determine which deadlines are valid and which ones are not. The flag variable is used to represent whether or not a deadline was available in the previous iteration of the loop. If the flag is set to TRUE and the deadline is less than the current date, then latest_review_phase_start_time is set to this deadline. A list of ResubmissionTime objects is also retrieved from the controller. These objects are then compared against the then latest_review_phase_start_time variable to determine a response.

Observations: The current implementation of the function is bugged. It retrieves a list of sorted AssignmentDueDate objects and proceeds to check if this list is empty. However, instead of exiting if the function if the list is empty, it carries on execution and raises an exception on hitting the for loop.

*Checks if a review is valid or not by comparing its date with a list of deadlines.
*Returns 1 or 0 depending on validity
*Current implementation is bugged. Throws an exception if no AssignmentDueDate objects are passed, returns nil if any objects are passed.

'''Rspec Unit Test : submission_valid?'''

Following scenarios are tested:

*Passing valid AssignmentDueDate objects
*Not passing any AssignmentDueDate objects

When valid AssignmentDueDate objects are passed, stubs are used to create fake AssignmentDueDate Objects and ResubmissionTime objects. These objects are then populated with valid deadline dates and deadline_type values. These values are then supplied when requested by the submission_valid? Function rather than actually calling the function. The current implementation of this test case expects the program to throw an error when it reaches the for loop. Once this bug is fixed, this test case may be re-written to test a more legitimate test case.

In case an empty list of AssignmentDueDate objects is passed back to the submission_valid?() method. This would cause the function to return nil. When this function is fixed, the following test case may be re-written to test for a more legitimate test-case.

This unit test uses two stubs and returns mock results
<pre>
AssignmentDueDate.stub_chain(:where, :order)
</pre>
The above stub returns two AssignmentDueDate objects whenever the where() and order() method are chained on AssignmentDueDate.
<pre>
ResubmissionTime.stub_chain(:where, :order)
</pre>
The above stub returns two ResubmissionTime objects whenever the where() and order() method are chained on ResubmissionTime.
<pre>
AssignmentDueDate.stub_chain(:where, :order)
</pre>
This stub is used in the second test case to return nil objects.

the stub_chain method can be used to create stubs where chained methods are expected.

'''Function Name : answers_by_question, answers_by_question_for_reviewee,answers_by_question_for_reviewee_in_round'''

These three functions are sql queries that hit the DB to get a output record after a series of selections and joins. SQL queries that hit DB often do not have a high priority when it comes to testing, so the project does not aggressively test these functions. However, these functions are tested to make sure the queries are able to find the right column names and tables successfully. Any change in the table schema would be detected in these test cases. The functionality of these queries are not tested but instead existence of an output is tested. This ensures that answer.rb is able to make a successful db connection and is sync with the latest db schema. Since the function actually hits the DB, mocks can no longer be used, instead active records were created and saved in test db using FactoryGirl gem from the factories.rb. These records are cleared after every test case.

Following factories were used to create records in the table
*question
*response_record
*response_map
*answer

'''Rspec Unit Test : answers_by_question, answers_by_question_for_reviewee,answers_by_question_for_reviewee_in_round'''

The factories are created such a way that the query would return an output and the tests will pass if the query returns a non nil record. The functionality of these functions would be tested by the integration tests of the controller

CSC/ECE 517 Fall 2016/E1670. Unit tests for answers.rb

2016-10-28T06:16:40Z

Vdatla:

==E1670 . Unit tests for answers.rb==

This wiki page is for the description of changes made under E1670 OSS assignment for Fall 2016, CSC/ECE 517.

__TOC__

===Background===

Expertiza is an Open Source web application developed on Ruby On Rails platform. It is a platform which allows students to take assignments posted by the course instructors. Expertiza allows students to select assignment topics, form teams and submit their work. It also allows them to review other students' submissions and improve their work based on this feedback.

===Project Description===

In Expertiza, each questionnaire contains many questions, those question may have different types (e.g. checkbox, criterion, etc). When a user fills in a rubric, the responses for each question will become an answer record. The responses of rubrics are stored in answers table in DB. The answer.rb is the model for the answers table in DB. Answer.rb model does not have any test cases and the aim of the project is to write fast, effective and flexible unit test cases that offer maximum code coverage.

===Files Created/Modified===
*answer_spec.rb
*factories.rb

===RSpec===
====RSpec Introduction====
RSpec is a testing framework for Ruby for behavior-driven development (BDD) licensed under MIT. It is inspired by JBehave and contains fully integrated JMock based framework which has a very rich and powerful DSL (domain-specific language) which resembles a natural language specification.
Composed of multiple libraries structured to work together, RSpec provides encapsulated testing via the describe block to specify the behavior of the class and the context for the unit test case.

==== Why RSpec? ====
RSpec is easy to learn and implement and can be used with other testing tools like Cucumber and Minitest independently. It is extremely powerful for testing states with complicated setup and also helps in tearing down complex code to access the objects required for testing
RSpec semantics encourage agile thinking and practice and it structures the tests in a more intuitive way.

===Functions in answers.rb===

'''Function Name : Compute_scores'''

Compute_scores is a function in model answer.rb which gives the average, maximum and minimum scores obtained in a series a responses/assessments. It has two input parameters: List of assessments and questions. The function iterates over each assessment to get the total score of that assessment. If the response or review is invalid, that assessment won’t be considered in the calculation of the score average. After iterating over all assessments, Max score, and Min scores are calculated along with the average score based on the number of valid assessments. Their scores are returned by the function.

'''Rspec Unit Test : Compute_scores'''

Following scenarios are tested:

* To return scores as nil if the input list of assessments is nil. This is to make sure no Null Pointer exceptions are thrown by the code
*To return a particular score when a single valid assessment is given as an input.
*To return a particular score when multiple valid assessments are given as an input. This is to test the looping functionality of the method.
*To return a particular score when invalid assessments are given as an input. The validity and total scores are returned by a mock and not by the actual functions. This is to make the test cases less rigid so that failure of dependent functions do not disrupt the functionality of interface level tests.
*To return a particular score when invalid flag is nil. Invalid flag can either be 0,1 or nil. Nil situation is tested to prevent NullPointer Exceptions
*To check if the method get_total_score is called with the right parameters.

This unit test uses a stub and returns a mock value.
<pre>
Answer.stub(:get_total_score)
</pre>
This is to eliminate tight coupling between compute_scores and get_total_scores. Failure in get_total_scores wouldn't break the compute_scores test cases.

'''Function Name : Get_total_scores'''

This function is called by the Compute_scores method of the answer.rb model to compute the total score of an assessment. The input consists of assessment for which the total score is being calculated and the list of questions being evaluated in the assessment. The method uses questionnaire id from the questions and response id to obtain a score view questionnaire data. This score view is a read-only record. The questionnaire data mainly consists of q1_max_question_score, sum_of_weights and weighted_score. Before calculating the score, the function performs two crucial tasks.
*Checks if the answer for a scored question is nil. If it is nil or unanswered, the question will be ignored and not counted towards the score of this response.
* Calls the submission_valid function by passing the response record to set the @invalid flag based on the validity of the response.
The total score is calculated using the below formula

<pre>
(weighted_score / (sum_of_weights * max_question_score)) * 100
</pre>

Any edge cases would return -1 indicating no score

'''Rspec Unit Test : Get_total_scores'''

Following scenarios are tested:

*To return an anticipated total score of a single response without any edge cases. Since this function will be called only on one response at a time, there is no need to test for multiple responses at the same time.
*To return an anticipated total score of a response where nil answer is for a scored question. This is to check if its weight gets removed from the sum_of_weights.
*To return -1 when the sum of weights becomes 0. This can happen when all the scored questions are unanswered. Return value of -1 is checked at the calling function to ensure if a score is returned or not.
*To return -1 when weighted_score of questionnaireData is nil
* To check if submission_valid is called. This method is called to set invalid flag to indicate whether the response entered is valid or not. The validity criteria is explained in the submission_valid? Function.

This unit test uses two stubs and returns mock results
<pre>
ScoreView.stub(:find_by_sql)
</pre>
<pre>
Answer.stub(:where)
</pre>
This is to reduce the outcome of the test to depend on DB calls. For example, in case the connection to DB fails, this unit test would still pass making it less rigid.

'''Function Name : submission_valid?'''

This purpose of this function is to verify the validity of a review based on a deadline. This function obtains a list of AssignmentDueDate objects in descending order which is then compared against the current time to determine which deadlines are valid and which ones are not. The flag variable is used to represent whether or not a deadline was available in the previous iteration of the loop. If the flag is set to TRUE and the deadline is less than the current date, then latest_review_phase_start_time is set to this deadline. A list of ResubmissionTime objects is also retrieved from the controller. These objects are then compared against the then latest_review_phase_start_time variable to determine a response.

Observations: The current implementation of the function is bugged. It retrieves a list of sorted AssignmentDueDate objects and proceeds to check if this list is empty. However, instead of exiting if the function if the list is empty, it carries on execution and raises an exception on hitting the for loop.

*Checks if a review is valid or not by comparing its date with a list of deadlines.
*Returns 1 or 0 depending on validity
*Current implementation is bugged. Throws an exception if no AssignmentDueDate objects are passed, returns nil if any objects are passed.

'''Rspec Unit Test : submission_valid?'''

Following scenarios are tested:

*Passing valid AssignmentDueDate objects
*Not passing any AssignmentDueDate objects

When valid AssignmentDueDate objects are passed, stubs are used to create fake AssignmentDueDate Objects and ResubmissionTime objects. These objects are then populated with valid deadline dates and deadline_type values. These values are then supplied when requested by the submission_valid? Function rather than actually calling the function. The current implementation of this test case expects the program to throw an error when it reaches the for loop. Once this bug is fixed, this test case may be re-written to test a more legitimate test case.

In case an empty list of AssignmentDueDate objects is passed back to the submission_valid?() method. This would cause the function to return nil. When this function is fixed, the following test case may be re-written to test for a more legitimate test-case.

This unit test uses two stubs and returns mock results
<pre>
AssignmentDueDate.stub_chain(:where, :order).and_return(due_date1, due_date2)
</pre>
The above stub returns two AssignmentDueDate objects whenever the where() and order() method are chained on AssignmentDueDate.
<pre>
ResubmissionTime.stub_chain(:where, :order).and_return(ResubmissionTime1, ResubmissionTime2)
</pre>
The above stub returns two ResubmissionTime objects whenever the where() and order() method are chained on ResubmissionTime.
<pre>
AssignmentDueDate.stub_chain(:where, :order).and_return(nil)
</pre>
This stub is used in the second test case to return nil objects.

the stub_chain method can be used to create stubs where chained methods are expected.

'''Function Name : answers_by_question, answers_by_question_for_reviewee,answers_by_question_for_reviewee_in_round'''

These three functions are sql queries that hit the DB to get a output record after a series of selections and joins. SQL queries that hit DB often do not have a high priority when it comes to testing, so the project does not aggressively test these functions. However, these functions are tested to make sure the queries are able to find the right column names and tables successfully. Any change in the table schema would be detected in these test cases. The functionality of these queries are not tested but instead existence of an output is tested. This ensures that answer.rb is able to make a successful db connection and is sync with the latest db schema. Since the function actually hits the DB, mocks can no longer be used, instead active records were created and saved in test db using FactoryGirl gem from the factories.rb. These records are cleared after every test case.

Following factories were used to create records in the table
*question
*response_record
*response_map
*answer

'''Rspec Unit Test : answers_by_question, answers_by_question_for_reviewee,answers_by_question_for_reviewee_in_round'''

The factories are created such a way that the query would return an output and the tests will pass if the query returns a non nil record. The functionality of these functions would be tested by the integration tests of the controller

CSC/ECE 517 Fall 2016/E1670. Unit tests for answers.rb

2016-10-28T06:15:27Z

Vdatla:

==E1670 . Unit tests for answers.rb==

This wiki page is for the description of changes made under E1670 OSS assignment for Fall 2016, CSC/ECE 517.

__TOC__

===Background===

Expertiza is an Open Source web application developed on Ruby On Rails platform. It is a platform which allows students to take assignments posted by the course instructors. Expertiza allows students to select assignment topics, form teams and submit their work. It also allows them to review other students' submissions and improve their work based on this feedback.

===Project Description===

In Expertiza, each questionnaire contains many questions, those question may have different types (e.g. checkbox, criterion, etc). When a user fills in a rubric, the responses for each question will become an answer record. The responses of rubrics are stored in answers table in DB. The answer.rb is the model for the answers table in DB. Answer.rb model does not have any test cases and the aim of the project is to write fast, effective and flexible unit test cases that offer maximum code coverage.

===Files Created/Modified===
*answer_spec.rb
*factories.rb

===RSpec===
====RSpec Introduction====
RSpec is a testing framework for Ruby for behavior-driven development (BDD) licensed under MIT. It is inspired by JBehave and contains fully integrated JMock based framework which has a very rich and powerful DSL (domain-specific language) which resembles a natural language specification.
Composed of multiple libraries structured to work together, RSpec provides encapsulated testing via the describe block to specify the behavior of the class and the context for the unit test case.

==== Why RSpec? ====
RSpec is easy to learn and implement and can be used with other testing tools like Cucumber and Minitest independently. It is extremely powerful for testing states with complicated setup and also helps in tearing down complex code to access the objects required for testing
RSpec semantics encourage agile thinking and practice and it structures the tests in a more intuitive way.

===Functions in answers.rb===

'''Function Name : Compute_scores'''

Compute_scores is a function in model answer.rb which gives the average, maximum and minimum scores obtained in a series a responses/assessments. It has two input parameters: List of assessments and questions. The function iterates over each assessment to get the total score of that assessment. If the response or review is invalid, that assessment won’t be considered in the calculation of the score average. After iterating over all assessments, Max score, and Min scores are calculated along with the average score based on the number of valid assessments. Their scores are returned by the function.

'''Rspec Unit Test : Compute_scores'''

Following scenarios are tested:

* To return scores as nil if the input list of assessments is nil. This is to make sure no Null Pointer exceptions are thrown by the code
*To return a particular score when a single valid assessment is given as an input.
*To return a particular score when multiple valid assessments are given as an input. This is to test the looping functionality of the method.
*To return a particular score when invalid assessments are given as an input. The validity and total scores are returned by a mock and not by the actual functions. This is to make the test cases less rigid so that failure of dependent functions do not disrupt the functionality of interface level tests.
*To return a particular score when invalid flag is nil. Invalid flag can either be 0,1 or nil. Nil situation is tested to prevent NullPointer Exceptions
*To check if the method get_total_score is called with the right parameters.

This unit test uses a stub and returns a mock value.
<pre>
Answer.stub(:get_total_score)
</pre>
This is to eliminate tight coupling between compute_scores and get_total_scores. Failure in get_total_scores wouldn't break the compute_scores test cases.

'''Function Name : Get_total_scores'''

This function is called by the Compute_scores method of the answer.rb model to compute the total score of an assessment. The input consists of assessment for which the total score is being calculated and the list of questions being evaluated in the assessment. The method uses questionnaire id from the questions and response id to obtain a score view questionnaire data. This score view is a read-only record. The questionnaire data mainly consists of q1_max_question_score, sum_of_weights and weighted_score. Before calculating the score, the function performs two crucial tasks.
*Checks if the answer for a scored question is nil. If it is nil or unanswered, the question will be ignored and not counted towards the score of this response.
* Calls the submission_valid function by passing the response record to set the @invalid flag based on the validity of the response.
The total score is calculated using the below formula

<pre>
(weighted_score / (sum_of_weights * max_question_score)) * 100
</pre>

Any edge cases would return -1 indicating no score

'''Rspec Unit Test : Get_total_scores'''

Following scenarios are tested:

*To return an anticipated total score of a single response without any edge cases. Since this function will be called only on one response at a time, there is no need to test for multiple responses at the same time.
*To return an anticipated total score of a response where nil answer is for a scored question. This is to check if its weight gets removed from the sum_of_weights.
*To return -1 when the sum of weights becomes 0. This can happen when all the scored questions are unanswered. Return value of -1 is checked at the calling function to ensure if a score is returned or not.
*To return -1 when weighted_score of questionnaireData is nil
* To check if submission_valid is called. This method is called to set invalid flag to indicate whether the response entered is valid or not. The validity criteria is explained in the submission_valid? Function.

This unit test uses two stubs and returns mock results
<pre>
ScoreView.stub(:find_by_sql)
</pre>
<pre>
Answer.stub(:where)
</pre>
This is to reduce the outcome of the test to depend on DB calls. For example, in case the connection to DB fails, this unit test would still pass making it less rigid.

'''Function Name : submission_valid?'''

This purpose of this function is to verify the validity of a review based on a deadline. This function obtains a list of AssignmentDueDate objects in descending order which is then compared against the current time to determine which deadlines are valid and which ones are not. The flag variable is used to represent whether or not a deadline was available in the previous iteration of the loop. If the flag is set to TRUE and the deadline is less than the current date, then latest_review_phase_start_time is set to this deadline. A list of ResubmissionTime objects is also retrieved from the controller. These objects are then compared against the then latest_review_phase_start_time variable to determine a response.

Observations: The current implementation of the function is bugged. It retrieves a list of sorted AssignmentDueDate objects and proceeds to check if this list is empty. However, instead of exiting if the function if the list is empty, it carries on execution and raises an exception on hitting the for loop.

*Checks if a review is valid or not by comparing its date with a list of deadlines.
*Returns 1 or 0 depending on validity
*Current implementation is bugged. Throws an exception if no AssignmentDueDate objects are passed, returns nil if any objects are passed.

'''Rspec Unit Test : submission_valid?'''

Following scenarios are tested:

*Passing valid AssignmentDueDate objects
*Not passing any AssignmentDueDate objects

When valid AssignmentDueDate objects are passed, stubs are used to create fake AssignmentDueDate Objects and ResubmissionTime objects. These objects are then populated with valid deadline dates and deadline_type values. These values are then supplied when requested by the submission_valid? Function rather than actually calling the function. The current implementation of this test case expects the program to throw an error when it reaches the for loop. Once this bug is fixed, this test case may be re-written to test a more legitimate test case.

In case an empty list of AssignmentDueDate objects is passed back to the submission_valid?() method. This would cause the function to return nil. When this function is fixed, the following test case may be re-written to test for a more legitimate test-case.

This unit test uses two stubs and returns mock results
<pre>
AssignmentDueDate.stub_chain(:where, :order).and_return(due_date1, due_date2)
</pre>
The above stub returns two AssignmentDueDate objects whenever the where() and order() method are chained on AssignmentDueDate.
<pre>
ResubmissionTime.stub_chain(:where, :order).and_return(ResubmissionTime1, ResubmissionTime2)
</pre>
The above stub returns two ResubmissionTime objects whenever the where() and order() method are chained on ResubmissionTime.
<pre>
AssignmentDueDate.stub_chain(:where, :order).and_return(nil)
</pre>
This stub is used in the second test case to return nil objects.

the stub_chain method can be used to create stubs where chained methods are expected.

'''Function Name : answers_by_question, answers_by_question_for_reviewee,answers_by_question_for_reviewee_in_round'''

These three functions are sql queries that hit the DB to get a output record after a series of selections and joins. SQL queries that hit DB often do not have a high priority when it comes to testing, so the project does not aggressively test these functions. However, these functions are tested to make sure the queries are able to find the right column names and tables successfully. Any change in the table schema would be detected in these test cases. The functionality of these queries are not tested but instead existence of an output is tested. This ensures that answer.rb is able to make a successful db connection and is sync with the latest db schema. Since the function actually hits the DB, mocks can no longer be used, instead active records were created and saved in test db using FactoryGirl gem from the factories.rb. These records are cleared after every test case.

Following factories were used to create records in the table
*question
*response_record
*response_map
*answer

'''Rspec Unit Test : answers_by_question, answers_by_question_for_reviewee,answers_by_question_for_reviewee_in_round'''

The factories are created such a way that the query would return an output and the tests will pass if the query returns a non nil record.

CSC/ECE 517 Fall 2016/E1670. Unit tests for answers.rb

2016-10-28T06:14:42Z

Vdatla:

==E1670 . Unit tests for answers.rb==

This wiki page is for the description of changes made under E1670 OSS assignment for Fall 2016, CSC/ECE 517.

__TOC__

===Background===

Expertiza is an Open Source web application developed on Ruby On Rails platform. It is a platform which allows students to take assignments posted by the course instructors. Expertiza allows students to select assignment topics, form teams and submit their work. It also allows them to review other students' submissions and improve their work based on this feedback.

===Project Description===

In Expertiza, each questionnaire contains many questions, those question may have different types (e.g. checkbox, criterion, etc). When a user fills in a rubric, the responses for each question will become an answer record. The responses of rubrics are stored in answers table in DB. The answer.rb is the model for the answers table in DB. Answer.rb model does not have any test cases and the aim of the project is to write fast, effective and flexible unit test cases that offer maximum code coverage.

===Files Created/Modified===
*answer_spec.rb
*factories.rb

===RSpec===
====RSpec Introduction====
RSpec is a testing framework for Ruby for behavior-driven development (BDD) licensed under MIT. It is inspired by JBehave and contains fully integrated JMock based framework which has a very rich and powerful DSL (domain-specific language) which resembles a natural language specification.
Composed of multiple libraries structured to work together, RSpec provides encapsulated testing via the describe block to specify the behavior of the class and the context for the unit test case.

==== Why RSpec? ====
RSpec is easy to learn and implement and can be used with other testing tools like Cucumber and Minitest independently. It is extremely powerful for testing states with complicated setup and also helps in tearing down complex code to access the objects required for testing
RSpec semantics encourage agile thinking and practice and it structures the tests in a more intuitive way.

===Functions in answers.rb===

'''Function Name : Compute_scores'''

Compute_scores is a function in model answer.rb which gives the average, maximum and minimum scores obtained in a series a responses/assessments. It has two input parameters: List of assessments and questions. The function iterates over each assessment to get the total score of that assessment. If the response or review is invalid, that assessment won’t be considered in the calculation of the score average. After iterating over all assessments, Max score, and Min scores are calculated along with the average score based on the number of valid assessments. Their scores are returned by the function.

'''Rspec Unit Test : Compute_scores'''

Following scenarios are tested:

* To return scores as nil if the input list of assessments is nil. This is to make sure no Null Pointer exceptions are thrown by the code
*To return a particular score when a single valid assessment is given as an input.
*To return a particular score when multiple valid assessments are given as an input. This is to test the looping functionality of the method.
*To return a particular score when invalid assessments are given as an input. The validity and total scores are returned by a mock and not by the actual functions. This is to make the test cases less rigid so that failure of dependent functions do not disrupt the functionality of interface level tests.
*To return a particular score when invalid flag is nil. Invalid flag can either be 0,1 or nil. Nil situation is tested to prevent NullPointer Exceptions
*To check if the method get_total_score is called with the right parameters.

This unit test uses a stub and returns a mock value.
<pre>
Answer.stub(:get_total_score)
</pre>
This is to eliminate tight coupling between compute_scores and get_total_scores. Failure in get_total_scores wouldn't break the compute_scores test cases.

'''Function Name : Get_total_scores'''

This function is called by the Compute_scores method of the answer.rb model to compute the total score of an assessment. The input consists of assessment for which the total score is being calculated and the list of questions being evaluated in the assessment. The method uses questionnaire id from the questions and response id to obtain a score view questionnaire data. This score view is a read-only record. The questionnaire data mainly consists of q1_max_question_score, sum_of_weights and weighted_score. Before calculating the score, the function performs two crucial tasks.
*Checks if the answer for a scored question is nil. If it is nil or unanswered, the question will be ignored and not counted towards the score of this response.
* Calls the submission_valid function by passing the response record to set the @invalid flag based on the validity of the response.
The total score is calculated using the below formula

<pre>
(weighted_score / (sum_of_weights * max_question_score)) * 100
</pre>

Any edge cases would return -1 indicating no score

'''Rspec Unit Test : Get_total_scores'''

Following scenarios are tested:

*To return an anticipated total score of a single response without any edge cases. Since this function will be called only on one response at a time, there is no need to test for multiple responses at the same time.
*To return an anticipated total score of a response where nil answer is for a scored question. This is to check if its weight gets removed from the sum_of_weights.
*To return -1 when the sum of weights becomes 0. This can happen when all the scored questions are unanswered. Return value of -1 is checked at the calling function to ensure if a score is returned or not.
*To return -1 when weighted_score of questionnaireData is nil
* To check if submission_valid is called. This method is called to set invalid flag to indicate whether the response entered is valid or not. The validity criteria is explained in the submission_valid? Function.

This unit test uses two stubs and returns mock results
<pre>
ScoreView.stub(:find_by_sql)
</pre>
<pre>
Answer.stub(:where)
</pre>
This is to reduce the outcome of the test to depend on DB calls. For example, in case the connection to DB fails, this unit test would still pass making it less rigid.

'''Function Name : submission_valid?'''

This purpose of this function is to verify the validity of a review based on a deadline. This function obtains a list of AssignmentDueDate objects in descending order which is then compared against the current time to determine which deadlines are valid and which ones are not. The flag variable is used to represent whether or not a deadline was available in the previous iteration of the loop. If the flag is set to TRUE and the deadline is less than the current date, then latest_review_phase_start_time is set to this deadline. A list of ResubmissionTime objects is also retrieved from the controller. These objects are then compared against the then latest_review_phase_start_time variable to determine a response.

Observations: The current implementation of the function is bugged. It retrieves a list of sorted AssignmentDueDate objects and proceeds to check if this list is empty. However, instead of exiting if the function if the list is empty, it carries on execution and raises an exception on hitting the for loop.

*Checks if a review is valid or not by comparing its date with a list of deadlines.
*Returns 1 or 0 depending on validity
*Current implementation is bugged. Throws an exception if no AssignmentDueDate objects are passed, returns nil if any objects are passed.

'''Rspec Unit Test : submission_valid?'''

Following scenarios are tested:

*Passing valid AssignmentDueDate objects
*Not passing any AssignmentDueDate objects

When valid AssignmentDueDate objects are passed, stubs are used to create fake AssignmentDueDate Objects and ResubmissionTime objects. These objects are then populated with valid deadline dates and deadline_type values. These values are then supplied when requested by the submission_valid? Function rather than actually calling the function. The current implementation of this test case expects the program to throw an error when it reaches the for loop. Once this bug is fixed, this test case may be re-written to test a more legitimate test case.

In case an empty list of AssignmentDueDate objects is passed back to the submission_valid?() method. This would cause the function to return nil. When this function is fixed, the following test case may be re-written to test for a more legitimate test-case.

This unit test uses two stubs and returns mock results
<pre>
AssignmentDueDate.stub_chain(:where, :order).and_return(due_date1, due_date2)
</pre>
The above stub returns two AssignmentDueDate objects whenever the where() and order() method are chained on AssignmentDueDate.
<pre>
ResubmissionTime.stub_chain(:where, :order).and_return(ResubmissionTime1, ResubmissionTime2)
</pre>
The above stub returns two ResubmissionTime objects whenever the where() and order() method are chained on ResubmissionTime.
<pre>
AssignmentDueDate.stub_chain(:where, :order).and_return(nil)
</pre>
This stub is used in the second test case to return nil objects.

the stub_chain method can be used to create stubs where chained methods are expected.

'''Function Name : answers_by_question, answers_by_question_for_reviewee,answers_by_question_for_reviewee_in_round'''

These three functions are sql queries that hit the DB to get a output record after a series of selections and joins. SQL queries that hit DB often do not have a high priority when it comes to testing, so the project does not aggressively test these functions. However, these functions are tested to make sure the queries are able to find the right column names and tables successfully. Any change in the table schema would be detected in these test cases. The functionality of these queries are not tested but instead existence of an output is tested. This ensures that answer.rb is able to make a successful db connection and is sync with the latest db schema. Since the function actually hits the DB, mocks can no longer be used, instead active records were created and saved in test db using FactoryGirl gem from the factories.rb. These records are cleared after every test case.

Following factories were used to create records in the table
*question
*response_record
*response_map
*answer

'''Rspec Unit Test : answers_by_question, answers_by_question_for_reviewee,answers_by_question_for_reviewee_in_round'''
The factories are created such a way that the query would return an output and the tests will pass if the query returns a non nil record.

CSC/ECE 517 Fall 2016/E1670. Unit tests for answers.rb

2016-10-28T06:12:52Z

Vdatla:

==E1670 . Unit tests for answers.rb==

This wiki page is for the description of changes made under E1670 OSS assignment for Fall 2016, CSC/ECE 517.

__TOC__

===Background===

Expertiza is an Open Source web application developed on Ruby On Rails platform. It is a platform which allows students to take assignments posted by the course instructors. Expertiza allows students to select assignment topics, form teams and submit their work. It also allows them to review other students' submissions and improve their work based on this feedback.

===Project Description===

In Expertiza, each questionnaire contains many questions, those question may have different types (e.g. checkbox, criterion, etc). When a user fills in a rubric, the responses for each question will become an answer record. The responses of rubrics are stored in answers table in DB. The answer.rb is the model for the answers table in DB. Answer.rb model does not have any test cases and the aim of the project is to write fast, effective and flexible unit test cases that offer maximum code coverage.

===Files Created/Modified===
*answer_spec.rb
*factories.rb

===RSpec===
====RSpec Introduction====
RSpec is a testing framework for Ruby for behavior-driven development (BDD) licensed under MIT. It is inspired by JBehave and contains fully integrated JMock based framework which has a very rich and powerful DSL (domain-specific language) which resembles a natural language specification.
Composed of multiple libraries structured to work together, RSpec provides encapsulated testing via the describe block to specify the behavior of the class and the context for the unit test case.

==== Why RSpec? ====
RSpec is easy to learn and implement and can be used with other testing tools like Cucumber and Minitest independently. It is extremely powerful for testing states with complicated setup and also helps in tearing down complex code to access the objects required for testing
RSpec semantics encourage agile thinking and practice and it structures the tests in a more intuitive way.

===Functions in answers.rb===

'''Function Name : Compute_scores'''

Compute_scores is a function in model answer.rb which gives the average, maximum and minimum scores obtained in a series a responses/assessments. It has two input parameters: List of assessments and questions. The function iterates over each assessment to get the total score of that assessment. If the response or review is invalid, that assessment won’t be considered in the calculation of the score average. After iterating over all assessments, Max score, and Min scores are calculated along with the average score based on the number of valid assessments. Their scores are returned by the function.

'''Rspec Unit Test : Compute_scores'''

Following scenarios are tested:

* To return scores as nil if the input list of assessments is nil. This is to make sure no Null Pointer exceptions are thrown by the code
*To return a particular score when a single valid assessment is given as an input.
*To return a particular score when multiple valid assessments are given as an input. This is to test the looping functionality of the method.
*To return a particular score when invalid assessments are given as an input. The validity and total scores are returned by a mock and not by the actual functions. This is to make the test cases less rigid so that failure of dependent functions do not disrupt the functionality of interface level tests.
*To return a particular score when invalid flag is nil. Invalid flag can either be 0,1 or nil. Nil situation is tested to prevent NullPointer Exceptions
*To check if the method get_total_score is called with the right parameters.

This unit tes uses a stub and returns a mock value.
<pre>
Answer.stub(:get_total_score)
</pre>
This is to eliminate tight coupling between compute_scores and get_total_scores. Failure in get_total_scores would'nt break the compute_scores test cases.

'''Function Name : Get_total_scores'''

This function is called by the Compute_scores method of the answer.rb model to compute the total score of an assessment. The input consists of assessment for which the total score is being calculated and the list of questions being evaluated in the assessment. The method uses questionnaire id from the questions and response id to obtain a score view questionnaire data. This score view is a read-only record. The questionnaire data mainly consists of q1_max_question_score, sum_of_weights and wieghted_score. Before calculating the score, the function performs two crucial tasks.
*Checks if the answer for a scored question is nil. If it is nil or unanswered, the question will be ignored and not counted towards the score of this response.
* Calls the subsission_valid function by passing the response record to set the @invalid flag based on the validity of the response.
The total score is calculated using the below formula

<pre>
(weighted_score / (sum_of_weights * max_question_score)) * 100
</pre>

Any edge cases would return -1 indicating no score

'''Rspec Unit Test : Get_total_scores'''

Following scenarios are tested:

*To return an anticipated total score of a single response without any edge cases. Since this function will be called only on one response at a time, there is no need to test for multiple responses at the same time.
*To return an anticipated total score of a response where nil answer is for a scored question. This is to check if its weight gets removed from the sum_of_weights.
*To return -1 when the sum of weights becomes 0. This can happen when all the scored questions are unanswered. Return value of -1 is checked at the calling function to ensure if a score is returned or not.
*To return -1 when weighted_score of questionnaireData is nil
* To check if submission_valid is called. This method is called to set invalid flag to indicate whether the response entered is valid or not. The validity criteria is explained in the submission_valid? Function.

This unit test uses two stubs and returns mock results
<pre>
ScoreView.stub(:find_by_sql)
</pre>
<pre>
Answer.stub(:where)
</pre>
This is to reduce the outcome of the test to depend on DB calls. For example, in case the connection to DB fails, this unit test would still pass making it less rigid.

'''Function Name : submission_valid?'''

This purpose of this function is to verify the validity of a review based on a deadline. This function obtains a list of AssignmentDueDate objects in descending order which is then compared against the current time to determine which deadlines are valid and which ones are not. The flag variable is used to represent whether or not a deadline was available in the previous iteration of the loop. If the flag is set to TRUE and the deadline is less than the current date, then latest_review_phase_start_time is set to this deadline. A list of ResubmissionTime objects is also retrieved from the controller. These objects are then compared against the then latest_review_phase_start_time variable to determine a response.

Observations: The current implementation of the function is bugged. It retrieves a list of sorted AssignmentDueDate objects and proceeds to check if this list is empty. However, instead of exiting if the function if the list is empty, it carries on execution and raises an exception on hitting the for loop.

*Checks if a review is valid or not by comparing its date with a list of deadlines.
*Returns 1 or 0 depending on validity
*Current implementation is bugged. Throws an exception if no AssignmentDueDate objects are passed, returns nil if any objects are passed.

'''Rspec Unit Test : submission_valid?'''

Following scenarios are tested:

*Passing valid AssignmentDueDate objects
*Not passing any AssignmentDueDate objects

When valid AssignmentDueDate objects are passed, stubs are used to create fake AssignmentDueDate Objects and ResubmissionTime objects. These objects are then populated with valid deadline dates and deadline_type values. These values are then supplied when requested by the submission_valid? Function rather than actually calling the function. The current implementation of this test case expects the program to throw an error when it reaches the for loop. Once this bug is fixed, this test case may be re-written to test a more legitimate test case.

In case an empty list of AssignmentDueDate objects is passed back to the submission_valid?() method. This would cause the function to return nil. When this function is fixed, the following test case may be re-written to test for a more legitimate test-case.

This unit test uses two stubs and returns mock results
<pre>
AssignmentDueDate.stub_chain(:where, :order).and_return(due_date1, due_date2)
</pre>
The above stub returns two AssignmentDueDate objects whenever the where() and order() method are chained on AssignmentDueDate.
<pre>
ResubmissionTime.stub_chain(:where, :order).and_return(ResubmissionTime1, ResubmissionTime2)
</pre>
The above stub returns two ResubmissionTime objects whenever the where() and order() method are chained on ResubmissionTime.
<pre>
AssignmentDueDate.stub_chain(:where, :order).and_return(nil)
</pre>
This stub is used in the second test case to return nil objects.

the stub_chain method can be used to create stubs where chained methods are expected.

'''Function Name : answers_by_question, answers_by_question_for_reviewee,answers_by_question_for_reviewee_in_round'''

These three functions are sql queries that hit the DB to get a output record after a series of selections and joins. SQL queries that hit DB often do not have a high priority when it comes to testing, so the project does not regressively test these functions. However, these functions are tested to make sure the queries are able to find the right column names and tables successfully. Any change in the table schema would be detected in these test cases. The functionality of these queries are not tested but instead existence of an output is tested. This ensures that answer.rb is able to make a successful db connection and is sync with the latest db schema. Since the function actually hits the DB, mocks can no longer be used, instead active records were created and saved in test db using FactoryGirl gem from the factories.rb. These records are cleared after every test case.

Following factories were used to create records in the table
*question
*response_record
*response_map
*answer

'''Rspec Unit Test : answers_by_question, answers_by_question_for_reviewee,answers_by_question_for_reviewee_in_round'''
The factories are created such a way that the query would return an output and the tests will pass if the query returns a non nil record.

CSC/ECE 517 Fall 2016/E1670. Unit tests for answers.rb

2016-10-28T05:48:37Z

Vdatla:

==E1670 . Unit tests for answers.rb==

This wiki page is for the description of changes made under E1670 OSS assignment for Fall 2016, CSC/ECE 517.

__TOC__

===Background===

Expertiza is an Open Source web application developed on Ruby On Rails platform. It is a platform which allows students to take assignments posted by the course instructors. Expertiza allows students to select assignment topics, form teams and submit their work. It also allows them to review other students' submissions and improve their work based on this feedback.

===Project Description===

In Expertiza, each questionnaire contains many questions, those question may have different types (e.g. checkbox, criterion, etc). When a user fills in a rubric, the responses for each question will become an answer record. The responses of rubrics are stored in answers table in DB. The answer.rb is the model for the answers table in DB. Answer.rb model does not have any test cases and the aim of the project is to write fast, effective and flexible unit test cases that offer maximum code coverage.

===Files Created/Modified===
*answer_spec.rb
*factories.rb

===RSpec===
====RSpec Introduction====
RSpec is a testing framework for Ruby for behavior-driven development (BDD) licensed under MIT. It is inspired by JBehave and contains fully integrated JMock based framework which has a very rich and powerful DSL (domain-specific language) which resembles a natural language specification.
Composed of multiple libraries structured to work together, RSpec provides encapsulated testing via the describe block to specify the behavior of the class and the context for the unit test case.

==== Why RSpec? ====
RSpec is easy to learn and implement and can be used with other testing tools like Cucumber and Minitest independently. It is extremely powerful for testing states with complicated setup and also helps in tearing down complex code to access the objects required for testing
RSpec semantics encourage agile thinking and practice and it structures the tests in a more intuitive way.

===Functions in answers.rb===

'''Function Name : Compute_scores'''

Compute_scores is a function in model answer.rb which gives the average, maximum and minimum scores obtained in a series a responses/assessments. It has two input parameters: List of assessments and questions. The function iterates over each assessment to get the total score of that assessment. If the response or review is invalid, that assessment won’t be considered in the calculation of the score average. After iterating over all assessments, Max score, and Min scores are calculated along with the average score based on the number of valid assessments. Their scores are returned by the function.

'''Rspec Unit Test : Compute_scores'''

Following scenarios are tested:

* To return scores as nil if the input list of assessments is nil. This is to make sure no Null Pointer exceptions are thrown by the code
*To return a particular score when a single valid assessment is given as an input.
*To return a particular score when multiple valid assessments are given as an input. This is to test the looping functionality of the method.
*To return a particular score when invalid assessments are given as an input. The validity and total scores are returned by a mock and not by the actual functions. This is to make the test cases less rigid so that failure of dependent functions do not disrupt the functionality of interface level tests.
*To return a particular score when invalid flag is nil. Invalid flag can either be 0,1 or nil. Nil situation is tested to prevent NullPointer Exceptions
*To check if the method get_total_score is called with the right parameters.

This unit tes uses a stub and returns a mock value.
<pre>
Answer.stub(:get_total_score)
</pre>
This is to eliminate tight coupling between compute_scores and get_total_scores. Failure in get_total_scores would'nt break the compute_scores test cases.

'''Function Name : Get_total_scores'''

This function is called by the Compute_scores method of the answer.rb model to compute the total score of an assessment. The input consists of assessment for which the total score is being calculated and the list of questions being evaluated in the assessment. The method uses questionnaire id from the questions and response id to obtain a score view questionnaire data. This score view is a read-only record. The questionnaire data mainly consists of q1_max_question_score, sum_of_weights and wieghted_score. Before calculating the score, the function performs two crucial tasks.
*Checks if the answer for a scored question is nil. If it is nil or unanswered, the question will be ignored and not counted towards the score of this response.
* Calls the subsission_valid function by passing the response record to set the @invalid flag based on the validity of the response.
The total score is calculated using the below formula

<pre>
(weighted_score / (sum_of_weights * max_question_score)) * 100
</pre>

Any edge cases would return -1 indicating no score

'''Rspec Unit Test : Get_total_scores'''

Following scenarios are tested:

*To return an anticipated total score of a single response without any edge cases. Since this function will be called only on one response at a time, there is no need to test for multiple responses at the same time.
*To return an anticipated total score of a response where nil answer is for a scored question. This is to check if its weight gets removed from the sum_of_weights.
*To return -1 when the sum of weights becomes 0. This can happen when all the scored questions are unanswered. Return value of -1 is checked at the calling function to ensure if a score is returned or not.
*To return -1 when weighted_score of questionnaireData is nil
* To check if submission_valid is called. This method is called to set invalid flag to indicate whether the response entered is valid or not. The validity criteria is explained in the submission_valid? Function.

This unit test uses two stubs and returns mock results
<pre>
ScoreView.stub(:find_by_sql)
</pre>
<pre>
Answer.stub(:where)
</pre>
This is to reduce the outcome of the test to depend on DB calls. For example, in case the connection to DB fails, this unit test would still pass making it less rigid.

'''Function Name : submission_valid?'''

This purpose of this function is to verify the validity of a review based on a deadline. This function obtains a list of AssignmentDueDate objects in descending order which is then compared against the current time to determine which deadlines are valid and which ones are not. The flag variable is used to represent whether or not a deadline was available in the previous iteration of the loop. If the flag is set to TRUE and the deadline is less than the current date, then latest_review_phase_start_time is set to this deadline. A list of ResubmissionTime objects is also retrieved from the controller. These objects are then compared against the then latest_review_phase_start_time variable to determine a response.

Observations: The current implementation of the function is bugged. It retrieves a list of sorted AssignmentDueDate objects and proceeds to check if this list is empty. However, instead of exiting if the function if the list is empty, it carries on execution and raises an exception on hitting the for loop.

*Checks if a review is valid or not by comparing its date with a list of deadlines.
*Returns 1 or 0 depending on validity
*Current implementation is bugged. Throws an exception if no AssignmentDueDate objects are passed, returns nil if any objects are passed.

'''Rspec Unit Test : submission_valid?'''

Following scenarios are tested:

*Passing valid AssignmentDueDate objects
*Not passing any AssignmentDueDate objects

When valid AssignmentDueDate objects are passed, stubs are used to create fake AssignmentDueDate Objects and ResubmissionTime objects. These objects are then populated with valid deadline dates and deadline_type values. These values are then supplied when requested by the submission_valid? Function rather than actually calling the function. The current implementation of this test case expects the program to throw an error when it reaches the for loop. Once this bug is fixed, this test case may be re-written to test a more legitimate test case.

In case an empty list of AssignmentDueDate objects is passed back to the submission_valid?() method. This would cause the function to return nil. When this function is fixed, the following test case may be re-written to test for a more legitimate test-case.

This unit test uses two stubs and returns mock results
<pre>
AssignmentDueDate.stub_chain(:where, :order).and_return(due_date1, due_date2)
</pre>
The above stub returns two AssignmentDueDate objects whenever the where() and order() method are chained on AssignmentDueDate.
<pre>
ResubmissionTime.stub_chain(:where, :order).and_return(ResubmissionTime1, ResubmissionTime2)
</pre>
The above stub returns two ResubmissionTime objects whenever the where() and order() method are chained on ResubmissionTime.
<pre>
AssignmentDueDate.stub_chain(:where, :order).and_return(nil)
</pre>
This stub is used in the second test case to return nil objects.

the stub_chain method can be used to create stubs where chained methods are expected.

CSC/ECE 517 Fall 2016/E1670. Unit tests for answers.rb

2016-10-28T05:44:20Z

Vdatla:

==E1670 . Unit tests for answers.rb==

This wiki page is for the description of changes made under E1670 OSS assignment for Fall 2016, CSC/ECE 517.

__TOC__

===Background===

Expertiza is an Open Source web application developed on Ruby On Rails platform. It is a platform which allows students to take assignments posted by the course instructors. Expertiza allows students to select assignment topics, form teams and submit their work. It also allows them to review other students' submissions and improve their work based on this feedback.

===Project Description===

In Expertiza, each questionnaire contains many questions, those question may have different types (e.g. checkbox, criterion, etc). When a user fills in a rubric, the responses for each question will become an answer record. The responses of rubrics are stored in answers table in DB. The answer.rb is the model for the answers table in DB. Answer.rb model does not have any test cases and the aim of the project is to write fast, effective and flexible unit test cases that offer maximum code coverage.

===RSpec===
====RSpec Introduction====
RSpec is a testing framework for Ruby for behavior-driven development (BDD) licensed under MIT. It is inspired by JBehave and contains fully integrated JMock based framework which has a very rich and powerful DSL (domain-specific language) which resembles a natural language specification.
Composed of multiple libraries structured to work together, RSpec provides encapsulated testing via the describe block to specify the behavior of the class and the context for the unit test case.

==== Why RSpec? ====
RSpec is easy to learn and implement and can be used with other testing tools like Cucumber and Minitest independently. It is extremely powerful for testing states with complicated setup and also helps in tearing down complex code to access the objects required for testing
RSpec semantics encourage agile thinking and practice and it structures the tests in a more intuitive way.

===Functions in answers.rb===

'''Function Name : Compute_scores'''

Compute_scores is a function in model answer.rb which gives the average, maximum and minimum scores obtained in a series a responses/assessments. It has two input parameters: List of assessments and questions. The function iterates over each assessment to get the total score of that assessment. If the response or review is invalid, that assessment won’t be considered in the calculation of the score average. After iterating over all assessments, Max score, and Min scores are calculated along with the average score based on the number of valid assessments. Their scores are returned by the function.

'''Rspec Unit Test : Compute_scores'''

Following scenarios are tested:

* To return scores as nil if the input list of assessments is nil. This is to make sure no Null Pointer exceptions are thrown by the code
*To return a particular score when a single valid assessment is given as an input.
*To return a particular score when multiple valid assessments are given as an input. This is to test the looping functionality of the method.
*To return a particular score when invalid assessments are given as an input. The validity and total scores are returned by a mock and not by the actual functions. This is to make the test cases less rigid so that failure of dependent functions do not disrupt the functionality of interface level tests.
*To return a particular score when invalid flag is nil. Invalid flag can either be 0,1 or nil. Nil situation is tested to prevent NullPointer Exceptions
*To check if the method get_total_score is called with the right parameters.

This unit tes uses a stub and returns a mock value.
<pre>
Answer.stub(:get_total_score)
</pre>
This is to eliminate tight coupling between compute_scores and get_total_scores. Failure in get_total_scores would'nt break the compute_scores test cases.

'''Function Name : Get_total_scores'''

This function is called by the Compute_scores method of the answer.rb model to compute the total score of an assessment. The input consists of assessment for which the total score is being calculated and the list of questions being evaluated in the assessment. The method uses questionnaire id from the questions and response id to obtain a score view questionnaire data. This score view is a read-only record. The questionnaire data mainly consists of q1_max_question_score, sum_of_weights and wieghted_score. Before calculating the score, the function performs two crucial tasks.
*Checks if the answer for a scored question is nil. If it is nil or unanswered, the question will be ignored and not counted towards the score of this response.
* Calls the subsission_valid function by passing the response record to set the @invalid flag based on the validity of the response.
The total score is calculated using the below formula

<pre>
(weighted_score / (sum_of_weights * max_question_score)) * 100
</pre>

Any edge cases would return -1 indicating no score

'''Rspec Unit Test : Get_total_scores'''

Following scenarios are tested:

*To return an anticipated total score of a single response without any edge cases. Since this function will be called only on one response at a time, there is no need to test for multiple responses at the same time.
*To return an anticipated total score of a response where nil answer is for a scored question. This is to check if its weight gets removed from the sum_of_weights.
*To return -1 when the sum of weights becomes 0. This can happen when all the scored questions are unanswered. Return value of -1 is checked at the calling function to ensure if a score is returned or not.
*To return -1 when weighted_score of questionnaireData is nil
* To check if submission_valid is called. This method is called to set invalid flag to indicate whether the response entered is valid or not. The validity criteria is explained in the submission_valid? Function.

This unit test uses two stubs and returns mock results
<pre>
ScoreView.stub(:find_by_sql)
</pre>
<pre>
Answer.stub(:where)
</pre>
This is to reduce the outcome of the test to depend on DB calls. For example, in case the connection to DB fails, this unit test would still pass making it less rigid.

'''Function Name : submission_valid?'''

This purpose of this function is to verify the validity of a review based on a deadline. This function obtains a list of AssignmentDueDate objects in descending order which is then compared against the current time to determine which deadlines are valid and which ones are not. The flag variable is used to represent whether or not a deadline was available in the previous iteration of the loop. If the flag is set to TRUE and the deadline is less than the current date, then latest_review_phase_start_time is set to this deadline. A list of ResubmissionTime objects is also retrieved from the controller. These objects are then compared against the then latest_review_phase_start_time variable to determine a response.

Observations: The current implementation of the function is bugged. It retrieves a list of sorted AssignmentDueDate objects and proceeds to check if this list is empty. However, instead of exiting if the function if the list is empty, it carries on execution and raises an exception on hitting the for loop.

*Checks if a review is valid or not by comparing its date with a list of deadlines.
*Returns 1 or 0 depending on validity
*Current implementation is bugged. Throws an exception if no AssignmentDueDate objects are passed, returns nil if any objects are passed.

'''Rspec Unit Test : submission_valid?'''

Following scenarios are tested:

*Passing valid AssignmentDueDate objects
*Not passing any AssignmentDueDate objects

When valid AssignmentDueDate objects are passed, stubs are used to create fake AssignmentDueDate Objects and ResubmissionTime objects. These objects are then populated with valid deadline dates and deadline_type values. These values are then supplied when requested by the submission_valid? Function rather than actually calling the function. The current implementation of this test case expects the program to throw an error when it reaches the for loop. Once this bug is fixed, this test case may be re-written to test a more legitimate test case.

In case an empty list of AssignmentDueDate objects is passed back to the submission_valid?() method. This would cause the function to return nil. When this function is fixed, the following test case may be re-written to test for a more legitimate test-case.

This unit test uses two stubs and returns mock results
<pre>
AssignmentDueDate.stub_chain(:where, :order).and_return(due_date1, due_date2)
</pre>
The above stub returns two AssignmentDueDate objects whenever the where() and order() method are chained on AssignmentDueDate.
<pre>
ResubmissionTime.stub_chain(:where, :order).and_return(ResubmissionTime1, ResubmissionTime2)
</pre>
The above stub returns two ResubmissionTime objects whenever the where() and order() method are chained on ResubmissionTime.
<pre>
AssignmentDueDate.stub_chain(:where, :order).and_return(nil)
</pre>
This stub is used in the second test case to return nil objects.

the stub_chain method can be used to create stubs where chained methods are expected.

CSC/ECE 517 Fall 2016/E1670. Unit tests for answers.rb

2016-10-28T05:00:24Z

Vdatla:

CSC/ECE 517 Fall 2016/E1670. Unit tests for answers.rb

2016-10-28T04:59:45Z

Vdatla:

CSC/ECE 517 Fall 2016/E1670. Unit tests for answers.rb

2016-10-28T04:53:09Z

Vdatla:

CSC/ECE 517 Fall 2016/E1670. Unit tests for answers.rb

2016-10-28T04:52:31Z

Vdatla:

CSC/ECE 517 Fall 2016/E1670. Unit tests for answers.rb

2016-10-28T03:48:43Z

Vdatla: /* Functions in answers.rb */

CSC/ECE 517 Fall 2016/E1670. Unit tests for answers.rb

2016-10-28T03:48:02Z

Vdatla:

CSC/ECE 517 Fall 2016/E1670. Unit tests for answers.rb

2016-10-27T17:45:09Z

Vdatla:

CSC/ECE 517 Fall 2016/E1670. Unit tests for answers.rb

2016-10-27T16:55:48Z

Vdatla:

==E1670 . Unit tests for answers.rb==

This wiki page is for the description of changes made under E1670 OSS assignment for Fall 2016, CSC/ECE 517.

CSC/ECE 517 Fall 2016/E1670. Unit tests for answers.rb

2016-10-27T16:54:23Z

Vdatla: This wiki page is for the description of changes made under E1670 OSS assignment for Fall 2016, CSC/ECE 517.

This wiki page is for the description of changes made under E1670 OSS assignment for Fall 2016, CSC/ECE 517.