+
+ @Test
+ public void testAssureFormNoCSRF() throws IOException {
+ // override csrf
+ HttpURLConnection uc = (HttpURLConnection) buildupAssureFormConnection(false);
+ uc.getOutputStream().write(
+ ("date=2000-01-01&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10").getBytes());
+ uc.getOutputStream().flush();
+ assertEquals(500, uc.getResponseCode());
+ }
+
+ @Test
+ public void testAssureFormWrongCSRF() throws IOException {
+ // override csrf
+ HttpURLConnection uc = (HttpURLConnection) buildupAssureFormConnection(false);
+ uc.getOutputStream().write(
+ ("date=2000-01-01&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10&csrf=aragc")
+ .getBytes());
+ uc.getOutputStream().flush();
+ assertEquals(500, uc.getResponseCode());
+ }
+
+ @Test
+ public void testAssureFormRace() throws IOException, SQLException {
+ URLConnection uc = buildupAssureFormConnection(true);
+ PreparedStatement ps = DatabaseConnection.getInstance()
+ .prepare("UPDATE `users` SET email='changed' WHERE id=?");
+ ps.setInt(1, assuree);
+ ps.execute();
+ uc.getOutputStream().write(
+ ("date=2000-01-01&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10").getBytes());
+ uc.getOutputStream().flush();
+ String error = fetchStartErrorMessage(IOUtils.readURL(uc));
+ assertTrue(error, !error.startsWith("</div>"));
+ }
+