1 package org.cacert.gigi.pages.wot;
3 import static org.hamcrest.CoreMatchers.*;
4 import static org.junit.Assert.*;
6 import java.io.IOException;
7 import java.io.UnsupportedEncodingException;
8 import java.net.HttpURLConnection;
9 import java.net.MalformedURLException;
11 import java.net.URLConnection;
12 import java.net.URLEncoder;
13 import java.sql.SQLException;
14 import java.text.SimpleDateFormat;
15 import java.util.Calendar;
16 import java.util.Date;
17 import java.util.regex.Pattern;
19 import org.cacert.gigi.pages.account.MyDetails;
20 import org.cacert.gigi.testUtils.IOUtils;
21 import org.cacert.gigi.testUtils.ManagedTest;
22 import org.junit.Before;
23 import org.junit.Test;
25 public class TestAssurance extends ManagedTest {
27 private String assurerM;
29 private String assureeM;
31 private String cookie;
34 public void setup() throws IOException {
35 assurerM = createUniqueName() + "@cacert-test.org";
36 assureeM = createUniqueName() + "@cacert-test.org";
38 createAssuranceUser("a", "b", assurerM, TEST_PASSWORD);
39 createVerifiedUser("a", "c", assureeM, TEST_PASSWORD);
41 cookie = login(assurerM, TEST_PASSWORD);
45 public void testAssureSearch() throws IOException {
46 String loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=1910");
47 assertTrue(loc, loc.contains("type=\"checkbox\" name=\"CCAAgreed\""));
51 public void testAssureSearchEmail() throws IOException {
52 String loc = search("email=1" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=1910");
53 assertTrue(loc, !loc.contains("type=\"checkbox\" name=\"CCAAgreed\""));
57 public void testAssureSearchDob() throws IOException {
58 String loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=2&month=1&year=1910");
59 assertTrue(loc, !loc.contains("type=\"checkbox\" name=\"CCAAgreed\""));
60 loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=2&year=1910");
61 assertTrue(loc, !loc.contains("type=\"checkbox\" name=\"CCAAgreed\""));
62 loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=1911");
63 assertTrue(loc, !loc.contains("type=\"checkbox\" name=\"CCAAgreed\""));
66 private String search(String query) throws MalformedURLException, IOException, UnsupportedEncodingException {
67 URL u = new URL("https://" + getServerName() + AssurePage.PATH);
68 URLConnection uc = u.openConnection();
70 uc.addRequestProperty("Cookie", cookie);
71 uc.getOutputStream().write(("search&" + query).getBytes("UTF-8"));
72 uc.getOutputStream().flush();
74 return IOUtils.readURL(uc);
78 public void testAssureForm() throws IOException {
79 String error = getError("date=2000-01-01&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10");
84 public void testAssureFormContanisData() throws IOException {
85 URLConnection uc = buildupAssureFormConnection(true);
86 uc.getOutputStream().write(("date=2000-01-01&location=testcase&rules=1&CCAAgreed=1&assertion=1&points=10").getBytes("UTF-8"));
87 uc.getOutputStream().flush();
88 String data = IOUtils.readURL(uc);
89 assertThat(data, containsString("2000-01-01"));
90 assertThat(data, containsString("testcase"));
94 public void testAssureFormNoCSRF() throws IOException {
96 HttpURLConnection uc = (HttpURLConnection) buildupAssureFormConnection(false);
97 uc.getOutputStream().write(("date=2000-01-01&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10").getBytes("UTF-8"));
98 uc.getOutputStream().flush();
99 assertEquals(500, uc.getResponseCode());
103 public void testAssureFormWrongCSRF() throws IOException {
105 HttpURLConnection uc = (HttpURLConnection) buildupAssureFormConnection(false);
106 uc.getOutputStream().write(("date=2000-01-01&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10&csrf=aragc").getBytes("UTF-8"));
107 uc.getOutputStream().flush();
108 assertEquals(500, uc.getResponseCode());
112 public void testAssureFormRaceName() throws IOException, SQLException {
113 testAssureFormRace(true);
117 public void testAssureFormRaceDoB() throws IOException, SQLException {
118 testAssureFormRace(false);
121 public void testAssureFormRace(boolean name) throws IOException, SQLException {
122 URLConnection uc = buildupAssureFormConnection(true);
124 String assureeCookie = login(assureeM, TEST_PASSWORD);
125 String newName = "lname=" + (name ? "c" : "a") + "&fname=a&mname=&suffix=";
126 String newDob = "day=1&month=1&year=" + (name ? 1910 : 1911);
128 assertNull(executeBasicWebInteraction(assureeCookie, MyDetails.PATH, newName + "&" + newDob + "&processDetails", 0));
130 uc.getOutputStream().write(("date=2000-01-01&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10").getBytes("UTF-8"));
131 uc.getOutputStream().flush();
132 String error = fetchStartErrorMessage(IOUtils.readURL(uc));
133 assertTrue(error, !error.startsWith("</div>"));
137 public void testAssureFormFuture() throws IOException {
138 SimpleDateFormat sdf = new SimpleDateFormat("yyyy");
139 int year = Integer.parseInt(sdf.format(new Date(System.currentTimeMillis()))) + 2;
140 String error = getError("date=" + year + "-01-01&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10");
141 assertTrue(error, !error.startsWith("</div>"));
145 public void testAssureFormFutureOK() throws IOException {
146 SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd");
147 Calendar c = Calendar.getInstance();
148 c.setTimeInMillis(System.currentTimeMillis());
149 c.add(Calendar.HOUR_OF_DAY, 12);
151 String error = getError("date=" + sdf.format(new Date(c.getTimeInMillis())) + "&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10");
156 public void testAssureFormNoLoc() throws IOException {
157 String error = getError("date=2000-01-01&location=a&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10");
158 assertTrue(error, !error.startsWith("</div>"));
159 error = getError("date=2000-01-01&location=&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10");
160 assertTrue(error, !error.startsWith("</div>"));
164 public void testAssureFormInvalDate() throws IOException {
165 String error = getError("date=20000101&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10");
166 assertTrue(error, !error.startsWith("</div>"));
167 error = getError("date=&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10");
168 assertTrue(error, !error.startsWith("</div>"));
172 public void testAssureFormBoxes() throws IOException {
173 String error = getError("date=2000-01-01&location=testcase&certify=0&rules=1&CCAAgreed=1&assertion=1&points=10");
174 assertTrue(error, !error.startsWith("</div>"));
175 error = getError("date=2000-01-01&location=testcase&certify=1&rules=&CCAAgreed=1&assertion=1&points=10");
176 assertTrue(error, !error.startsWith("</div>"));
177 error = getError("date=2000-01-01&location=testcase&certify=1&rules=1&CCAAgreed=a&assertion=1&points=10");
178 assertTrue(error, !error.startsWith("</div>"));
179 error = getError("date=2000-01-01&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=z&points=10");
180 assertTrue(error, !error.startsWith("</div>"));
184 public void testAssureListingValid() throws IOException {
185 String uniqueLoc = createUniqueName();
186 String error = getError("date=2000-01-01&location=" + uniqueLoc + "&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10");
188 String cookie = login(assureeM, TEST_PASSWORD);
189 URLConnection url = new URL("https://" + getServerName() + MyPoints.PATH).openConnection();
190 url.setRequestProperty("Cookie", cookie);
191 String resp = IOUtils.readURL(url);
192 resp = resp.split(Pattern.quote("</table>"))[0];
193 assertThat(resp, containsString(uniqueLoc));
197 public void testAssurerListingValid() throws IOException {
198 String uniqueLoc = createUniqueName();
199 String error = getError("date=2000-01-01&location=" + uniqueLoc + "&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10");
201 String cookie = login(assurerM, TEST_PASSWORD);
202 URLConnection url = new URL("https://" + getServerName() + MyPoints.PATH).openConnection();
203 url.setRequestProperty("Cookie", cookie);
204 String resp = IOUtils.readURL(url);
205 resp = resp.split(Pattern.quote("</table>"))[1];
206 assertThat(resp, containsString(uniqueLoc));
209 private String getError(String query) throws MalformedURLException, IOException {
210 URLConnection uc = buildupAssureFormConnection(true);
211 uc.getOutputStream().write((query).getBytes("UTF-8"));
212 uc.getOutputStream().flush();
213 String error = fetchStartErrorMessage(IOUtils.readURL(uc));
217 private URLConnection buildupAssureFormConnection(boolean doCSRF) throws MalformedURLException, IOException {
218 return buildupAssureFormConnection(cookie, assureeM, doCSRF);
221 public static URLConnection buildupAssureFormConnection(String cookie, String email, boolean doCSRF) throws MalformedURLException, IOException {
222 URL u = new URL("https://" + getServerName() + AssurePage.PATH);
223 URLConnection uc = u.openConnection();
224 uc.addRequestProperty("Cookie", cookie);
225 uc.setDoOutput(true);
226 uc.getOutputStream().write(("email=" + URLEncoder.encode(email, "UTF-8") + "&day=1&month=1&year=1910&search").getBytes("UTF-8"));
228 String csrf = getCSRF(uc);
229 uc = u.openConnection();
230 uc.addRequestProperty("Cookie", cookie);
231 uc.setDoOutput(true);
233 uc.getOutputStream().write(("csrf=" + csrf + "&").getBytes("UTF-8"));