add more moodle api tests, add pipeline for moodle hurl tests

Author: SoraMakes

.github/workflows/playwright.yml

@@ -9,6 +9,34 @@ on:
   workflow_call:
 
 jobs:
+  test-hurl:
+    steps:
+      - uses: actions/checkout@v5
+
+      - name: Remove existing Docker containers and volumes
+        run: docker compose down -v
+
+      - name: Start Docker services
+        run: docker compose up -d --wait --timeout 600 --pull always
+
+      - name: Install hurl
+        run: |
+          curl --location --remote-name https://github.com/Orange-OpenSource/hurl/releases/download/6.0.0/hurl_6.0.0_amd64.deb
+          sudo dpkg -i hurl_6.0.0_amd64.deb
+
+      - name: run hurl tests
+        run: |
+          for file in tests/*.hurl; do 
+            cat setup_test_environment/setup.hurl "$file" | hurl --variables-file envrionments/env_localhost_adler_stack.env --report-html report || exit 1
+          done
+
+      - uses: actions/upload-artifact@v4
+        if: ${{ !cancelled() }}
+        with:
+          name: hurl-report-moodle
+          path: moodle/report/
+          retention-days: 30
+
   test-playwright:
     timeout-minutes: 60
     runs-on: ${{ matrix.runner }}

moodle/setup_test_environment/setup.hurl

@@ -10,6 +10,7 @@
 # - s1_id: User ID for student 1
 # - s2_username: Username for student 2
 # - m1_username: Username for manager 1
+# - m1_category_id: Category ID for manager 1
 # - m2_username: Username for manager 2
 # - moodleM1Token: Token for manager 1
 # - moodleM2Token: Token for manager 2
@@ -18,12 +19,16 @@
 # - course_c1_id: Course ID for course c1 (created by m1)
 # - c1_cm_uuid: UUID of a course module in course c1
 # - c1_cm_id: Course module ID for a learning element in course c1
+# - c1_adaptivity_uuid: UUID of the adaptivity element in c1
+# - c1_adaptivity_id: Course module ID for the adaptivity element in c1
+# - c1_adaptivity_question1_uuid: uuid of the first question of the adaptivity element
 
 # Initialize variables (needs a fake request)
-GET {{host}}
+GET {{host}}/webservice/rest/simpleserver.php
 [Options]
 variable: c1_cm_uuid=f734f354-6b0a-4102-a19d-57ab6f151146
-
+variable: c1_adaptivity_uuid=b228a001-d5a6-4298-9321-56270b476465
+variable: c1_adaptivity_question1_uuid=ac525937-0dd3-45a6-9e31-7e64936db61d
 
 # test login as site admin for adler_admin_service
 POST {{host}}/webservice/rest/simpleserver.php
@@ -98,6 +103,8 @@ elements[1][username]: {{m2_username}}
 elements[1][role]: adler_manager
 
 HTTP 200
+[Captures]
+m1_category_id: jsonpath "$.data[0].category_id"
 
 # {"data":[{"username":"m1-8f3206a5-3969-42a0-94a4-0102779f23f9","role":"adler_manager","category_path":null,"category_id":4},{"username":"m2-d579316a-d1db-4ae8-a03a-189fce37bb78","role":"adler_manager","category_path":null,"category_id":5}]}
 
@@ -174,14 +181,14 @@ Content-Type: application/x-www-form-urlencoded
 wsfunction: enrol_manual_enrol_users
 moodlewsrestformat: json
 wstoken: {{moodleAdminToken}}
-enrolments[0][roleid]: 5  # student role
+enrolments[0][roleid]: 5  # student role, there is no api endpoint to convert role name to id
 enrolments[0][userid]: {{s1_id}}
 enrolments[0][courseid]: {{course_c1_id}}
 HTTP 200
 [Asserts]
 jsonpath "$.exception" not exists
 
-# Get module id of one learning element in course c1
+# Get module id of one learning element and the adaptivity element in course c1
 POST {{host}}/webservice/rest/server.php
 Content-Type: application/x-www-form-urlencoded
 [FormParams]
@@ -191,10 +198,13 @@ wstoken: {{moodleS1Token}}
 elements[0][course_id]: {{course_c1_id}}
 elements[0][element_type]: cm
 elements[0][uuid]: {{c1_cm_uuid}}
+elements[1][course_id]: {{course_c1_id}}
+elements[1][element_type]: cm
+elements[1][uuid]: {{c1_adaptivity_uuid}}
 HTTP 200
 [Captures]
 c1_cm_id: jsonpath "$.data[0].moodle_id"
-
+c1_adaptivity_id: jsonpath "$.data[1].moodle_id"
 
 # complete learning element as s1 to have progress in the course
 POST {{host}}/webservice/rest/server.php

moodle/tests/local_adler_get_element_ids_by_uuids.hurl

@@ -1,3 +1,25 @@
+##############################################
+# TEST 0: Valid request - S1 queries element from C1 (enrolled)
+# POSITIVE TEST: S1 is enrolled in C1, should successfully get element IDs
+# Expected: HTTP 200 with valid element data, no exception
+##############################################
+POST {{host}}/webservice/rest/server.php
+Content-Type: application/x-www-form-urlencoded
+[FormParams]
+wsfunction: local_adler_get_element_ids_by_uuids
+moodlewsrestformat: json
+wstoken: {{moodleS1Token}}
+elements[0][course_id]: {{course_c1_id}}
+elements[0][element_type]: cm
+elements[0][uuid]: {{c1_cm_uuid}}
+
+HTTP 200
+[Asserts]
+# Should NOT have an exception - this is a valid request
+jsonpath "$.exception" not exists
+# Should return element data
+jsonpath "$.data" count > 0
+
 ##############################################
 # TEST 1: S2 queries element from C1 (not enrolled)
 # Should be BLOCKED - s2 is not enrolled in c1
@@ -8,7 +30,9 @@ Content-Type: application/x-www-form-urlencoded
 wsfunction: local_adler_get_element_ids_by_uuids
 moodlewsrestformat: json
 wstoken: {{moodleS2Token}}
-elements: [{"course_id":"{{course_c1_id}}","element_type":"cm","uuid":"{{c1_cm_uuid}}"}]
+elements[0][course_id]: {{course_c1_id}}
+elements[0][element_type]: cm
+elements[0][uuid]: {{c1_cm_uuid}}
 
 HTTP 200
 [Asserts]
@@ -26,7 +50,9 @@ Content-Type: application/x-www-form-urlencoded
 wsfunction: local_adler_get_element_ids_by_uuids
 moodlewsrestformat: json
 wstoken: {{moodleM2Token}}
-elements: [{"course_id":"{{course_c1_id}}","element_type":"cm","uuid":"{{c1_cm_uuid}}"}]
+elements[0][course_id]: {{course_c1_id}}
+elements[0][element_type]: cm
+elements[0][uuid]: {{c1_cm_uuid}}
 
 HTTP 200
 [Asserts]
@@ -42,7 +68,9 @@ Content-Type: application/x-www-form-urlencoded
 wsfunction: local_adler_get_element_ids_by_uuids
 moodlewsrestformat: json
 wstoken: {{moodleS2Token}}
-elements: [{"course_id":"999999","element_type":"cm","uuid":"{{c1_cm_uuid}}"}]
+elements[0][course_id]: 999999
+elements[0][element_type]: cm
+elements[0][uuid]: {{c1_cm_uuid}}
 
 HTTP 200
 [Asserts]
@@ -58,7 +86,9 @@ Content-Type: application/x-www-form-urlencoded
 wsfunction: local_adler_get_element_ids_by_uuids
 moodlewsrestformat: json
 wstoken: {{moodleS2Token}}
-elements: [{"course_id":"1' OR '1'='1","element_type":"cm","uuid":"{{c1_cm_uuid}}"}]
+elements[0][course_id]: 1' OR '1'='1
+elements[0][element_type]: cm
+elements[0][uuid]: {{c1_cm_uuid}}
 
 HTTP 200
 [Asserts]
@@ -74,7 +104,9 @@ Content-Type: application/x-www-form-urlencoded
 wsfunction: local_adler_get_element_ids_by_uuids
 moodlewsrestformat: json
 wstoken: {{moodleS2Token}}
-elements: [{"course_id":"{{course_c1_id}}","element_type":"cm","uuid":"abc' OR '1'='1"}]
+elements[0][course_id]: {{course_c1_id}}
+elements[0][element_type]: cm
+elements[0][uuid]: abc' OR '1'='1
 
 HTTP 200
 [Asserts]
@@ -90,7 +122,9 @@ Content-Type: application/x-www-form-urlencoded
 wsfunction: local_adler_get_element_ids_by_uuids
 moodlewsrestformat: json
 wstoken: {{moodleS1Token}}
-elements: [{"course_id":"{{course_c1_id}}","element_type":"cm","uuid":""}]
+elements[0][course_id]: {{course_c1_id}}
+elements[0][element_type]: cm
+elements[0][uuid]:
 
 HTTP 200
 [Asserts]
@@ -106,7 +140,9 @@ Content-Type: application/x-www-form-urlencoded
 wsfunction: local_adler_get_element_ids_by_uuids
 moodlewsrestformat: json
 wstoken: {{moodleS1Token}}
-elements: [{"course_id":"{{course_c1_id}}","element_type":"cm","uuid":"*"}]
+elements[0][course_id]: {{course_c1_id}}
+elements[0][element_type]: cm
+elements[0][uuid]: *
 
 HTTP 200
 [Asserts]

moodle/tests/local_adler_score_get_course_scores.hurl

@@ -1,3 +1,24 @@
+##############################################
+# TEST 0: Valid request - S1 gets scores for C1 (enrolled)
+# POSITIVE TEST: S1 is enrolled in C1, should successfully get scores
+# Expected: HTTP 200 with valid course scores data, no exception
+##############################################
+POST {{host}}/webservice/rest/server.php
+Content-Type: application/x-www-form-urlencoded
+[FormParams]
+wsfunction: local_adler_score_get_course_scores
+moodlewsrestformat: json
+wstoken: {{moodleS1Token}}
+course_id: {{course_c1_id}}
+
+HTTP 200
+[Asserts]
+# Should NOT have an exception - this is a valid request
+jsonpath "$.exception" not exists
+# Should return course scores data
+jsonpath "$.data" exists
+jsonpath "$.data" count > 0
+
 ##############################################
 # TEST 1: S2 gets scores for C1 (not enrolled)
 # VULNERABILITY: S2 should NOT access C1 scores