There is quite a lot of code duplication in the frontend code (mostly down to my greeness with JavaScript). Now that I know a little more I should start fixing this.

Move the authentication code which checks if a user has been logged in from the session storage into a common class and remove the duplicated code.

See the Breaking Changes to see if you need to do anything more than updating package versions.

Related to issue #7 & #4

To refactor the EF code it really needs to be covered in tests first so there is more confidence nothing as broken.

public class StringManipulation
{
    public char GetFirstLetter(string input)
    {
        return input[0];
    }
}

If you replace the original function return type with char, you can make the exercise much easier. Would be better if the signature of the method was enforced by the test runner.

Create a basic homepage for the project to replace the standard one in the skeleton app.

Description

Currently the admin routes for managing exercises, exercise templates and tests take in various locations a Exercise Template ID. As each exercise only has one Exercise Template there is no need to pass the ID as long as the Exercise ID is known. This has two benefits (that I can think of right now):

• Simplifies the routes in the application - no need to pass an extra ID.
• Protects the application. Currently a user could pass a Exercise ID with an unrelated Exercise Template ID and the system would treat them as related. I think when it comes to performing actions against the data this shouldn't matter as the code won't change the relationship (on update for example).

I haven't started on the user facing frontend code yet so going forward there I will only use Exercise ID. This Issue is to remind me to update the admin routes to also only use Exercise ID.

Reproduction Steps

1. Navigate to the update Exercise page in the admin area. But change the Exercise Template ID in the route to a unrelated template.
2. The form loads with the data populated to edit.

Expected Result

The data to edit contains the specified Exercise and the related Exercise Template

Actual Result

The data to edit contains the specified Exercise and a unrelated Exercise Template.

Create UI for managing tests including:

• Tests - related to there assigned Exercise.
• Test Inputs
• Test Output

For initial version app should have Authentication for an admin user to check they can create exercises and tests. The exercises will publicly available without an account.

The EF code is a little slow to get items from the DB to return to the user. I think there are a couple of reasons for this (for example API returning to much / doing too complicated queries by default).

Also it could be an idea to introduce a simple cache like Memcached which loads some common needed data.

For example it could load from the DB a list of Exercises and Exercise Categories when the application first starts then any edits would need to be done in the DB and the cache. If I do this it would also be a good idea to add a rebuild cache button in the admin pages.

Automated tests will need there own SQLite DB to interact with objects in. Create a Test environment within the system which points to a different db file used for testing.

Working with Multiple Environments has more deta

Its not a must have but would be nice to use the Command Query Responsibility Segregation (CQRS) pattern to move my logic from my controllers (which would then only have the responsibility of routing requests) into Commands and Queries. There is a good overview here: CQRS with Mediator and Automapper And also a nice more detailed write up of the hows and whys here: Put Your Controllers on a Diet

The reason for doing all this is my logic would turn into simple classes which will be easier to unit test as I won't need to mock the different parts of the ASP.NET framework I am using.

Code in PR #3 could be refactored to be cleaner:

• Update to use Automaker for model <---> view model conversions
• Update EF code to be more efficient.
  • Don't know exactly how but I am pretty sure my inexperience with EF7 means I have done things in odd ways!

Add the initial API for updating the DB models:

• Exercise
• Exercise Template
• Exercise Category
• Test
• Test Input
• Test Output

Add support for markdown in fields like:

• Exercise Guidance
• Exercise Category Description
• Test Description

http://gooy.github.io/aurelia-markdown/ looks like a promising start which should make this fairly easy to implement.

See comments from brockallen on how to do this:

IdentityServer/IdentityServer3#1684

See also:

https://brockallen.com/2015/06/01/makecert-and-creating-ssl-or-signing-certificates/

Description

If a user enters code with comments in certain areas they will break the core tests. The snippet below will break all the core tests:

public class /* Comment */ Calculator
{
    public int /* Comment */ Add(int a, int b)
    {
        return a + b;
    }

    public /* Comment */ Calculator()
    {

    }
}

This is because of the regular expressions being used by the core tests which don't take into account the comment tokens ( /* */ ) and any valid characters between them.

Expected Result

Core tests pass regardless of where comments are in the code.

Actual Result

Core tests fail if comments are in certain parts of the code which the core tests check with a regular expression.

The seeding class has a password for the user 'tdshipley' in it. Before actually deploying this anywhere remove the password and put it into asp.net secrets or environment vars!!

public class StringManipulation
{
    public string GetFirstLetter(string input)
    {
        return input[1551].ToString();
    }
}

Contrived example but exceptions will come up once the exercises get more complex. Currently it just shows 'Failed to execute code' - this makes it hard to debug.

Description

Currently if a user submits code which will throw an error at runtime the error is not caught and shown in the UI. Instead a 500 error is shown in the network tab of the web developer tools. This should instead be caught and returned to the user.

Reproduction Steps

1. Open an exercise and submit the code:

public class StringManipulation
{
    public string GetFirstLetter(string input)
    {
        return input[4410].ToString();
    }
}

1. When the exercise is submitted no results or compilation errors are shown. However a 500 is returned from the code execution API.

Expected Result

Error is shown to the user via the UI.

Actual Result

A 500 is thrown by the API. The user gets no feedback.

Description

When updating an exercise there is a multi select box shown to pick which categories the exercise belongs in. The box doesn't show which categories the exercise is currently in - so if an update was posted to the server without updating the multiselect box the exercise would be removed from all categories.

Reproduction Steps

1. Go to the admin exercise list page.
2. Select a exercise to update which has some categories assigned. If not create one.
3. On the update page click the update button.
4. Go to the exercise details page for that exercise.

Expected Result

Categories from before the update are persisted.

Actual Result

Categories are removed from the exercise.

Although the project uses bootstrap it would be good to do some basic customisation of the UI using https://pikock.github.io/bootstrap-magic/ or similar.

I have picked the colour scheme based on a cartoon monkey image that I can use as a logo. The colour scheme is in a secret gist: https://gist.github.com/tdshipley/8550d36344e53d5e1ff8c5b7c9c0c4d7

If you have a really long line, the blinking cursor drifts away from the character it is actually on.

This was in Chrome.

Looking forward to wontfix.

Create UI for managing Exercises including

• Exercise
• Exercise Template
• Exercise Categories

Need to setup HTTP and SSL for the site as it requests login tokens and cookies so should really be encrypted when sending that data around.

Description

The seed method in CodingMonkeyContextSeedData currently seeds a initial user and and some exercises in any environment. This should be updated so exercises are not seeded in Production as the ones in the seed method are really there as test exercises and may not be on the deployed site.

Originally reported by @chreden

Description

The code currently checks for banned types and namespaces and removes them before execution so a user shouldn't have access for example to System.IO or Path. However it is possible to hide the types and namespaces from the replacement process as it only goes through the code once. So code like:

public class StringManipulation
{
    public string GetFirstLetter(string input)
    {
        string[] results = { "M", "d" };
        string v = EnvEnvironmentironment.GetEnvEnvironmentironmentVariable("hank_count");
        int x = v == null ? 0 : Int32.Parse(v);

        string result = results[x++];
        if (x == 2)
        {
            x = 0;
        }

        EnvEnvironmentironment.SSetetEnvEnvironmentironmentVariable("hank_count", x.ToString());
        return result;
    }
}

Will be replaced with:

public class StringManipulation
{
    public string GetFirstLetter(string input)
    {
        string[] results = { "M", "d" };
        string v = Environment.GetEnvironmentVariable("hank_count");
        int x = v == null ? 0 : Int32.Parse(v);

        string result = results[x++];
        if (x == 2)
        {
            x = 0;
        }

        Environment.SetEnvironmentVariable("hank_count", x.ToString());
        return result;
    }
}

The fix here is to do multiple passes of the code until either the sanitiser reports that no replacements have been made or a try limit has been hit. At which point an exception is thrown and displayed to the user.

Expected Result

Code fails to compiler as PreExecutionSecurity removes the banned types and namespaces.

Actual Result

Code compiles and is executed.