Merge pull request #1 from cliu585/test-search-service-active

[TEAMMATES#12901] Check if the search service is active in account request search test
cliu585 · Apr 28, 2024 · e33e88b · e33e88b
2 parents e738e25 + a459ffc
commit e33e88b
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 15 deletions.
diff --git a/src/it/java/teammates/it/storage/sqlapi/AccountRequestsDbIT.java b/src/it/java/teammates/it/storage/sqlapi/AccountRequestsDbIT.java
@@ -237,19 +237,4 @@ public void testSqlInjectionInDeleteAccountRequest() throws Exception {
         assertEquals(accountRequest, actual);
     }
 
-    @Test
-    public void testSqlInjectionSearchAccountRequestsInWholeSystem() throws Exception {
-        ______TS("SQL Injection test in searchAccountRequestsInWholeSystem");
-
-        AccountRequest accountRequest =
-                new AccountRequest("[email protected]", "name", "institute", AccountRequestStatus.PENDING, "comments");
-        accountRequestDb.createAccountRequest(accountRequest);
-
-        String searchInjection = "institute'; DROP TABLE account_requests; --";
-        List<AccountRequest> actualInjection = accountRequestDb.searchAccountRequestsInWholeSystem(searchInjection);
-        assertEquals(0, actualInjection.size());
-
-        AccountRequest actual = accountRequestDb.getAccountRequest(accountRequest.getId());
-        assertEquals(accountRequest, actual);
-    }
 }
diff --git a/src/it/java/teammates/it/storage/sqlsearch/AccountRequestSearchIT.java b/src/it/java/teammates/it/storage/sqlsearch/AccountRequestSearchIT.java
@@ -162,6 +162,25 @@ public void testSearchAccountRequest_noSearchService_shouldThrowException() {
                 () -> accountRequestsDb.searchAccountRequestsInWholeSystem("anything"));
     }
 
+    @Test
+    public void testSqlInjectionSearchAccountRequestsInWholeSystem() throws Exception {
+        ______TS("SQL Injection test in searchAccountRequestsInWholeSystem");
+
+        if (!TestProperties.isSearchServiceActive()) {
+            return;
+        }
+
+        AccountRequest accountRequest = new AccountRequest("[email protected]", "name", "institute");
+        accountRequestsDb.createAccountRequest(accountRequest);
+
+        String searchInjection = "institute'; DROP TABLE account_requests; --";
+        List<AccountRequest> actualInjection = accountRequestsDb.searchAccountRequestsInWholeSystem(searchInjection);
+        assertEquals(typicalBundle.accountRequests.size(), actualInjection.size());
+
+        AccountRequest actual = accountRequestsDb.getAccountRequest("[email protected]", "institute");
+        assertEquals(accountRequest, actual);
+    }
+
     /**
      * Verifies that search results match with expected output.
      *