import java.net.MalformedURLException;
import java.net.URLConnection;
import java.net.URLEncoder;
+import java.security.GeneralSecurityException;
import java.sql.SQLException;
import java.sql.Timestamp;
import java.text.SimpleDateFormat;
import club.wpia.gigi.GigiApiException;
import club.wpia.gigi.database.GigiPreparedStatement;
+import club.wpia.gigi.dbObjects.CATS.CATSType;
import club.wpia.gigi.dbObjects.Country;
import club.wpia.gigi.dbObjects.Group;
import club.wpia.gigi.dbObjects.User;
private int applicantName;
+ private int applicantId;
+
private String cookie;
@Before
- public void setup() throws IOException {
+ public void setup() throws IOException, GeneralSecurityException, GigiApiException, InterruptedException {
clearCaches();
agentM = createUniqueName() + "@example.org";
applicantM = createUniqueName() + "@example.org";
createVerificationUser("a", "b", agentM, TEST_PASSWORD);
- int applicantId = createVerifiedUser("a", "c", applicantM, TEST_PASSWORD);
+ applicantId = createVerifiedUser("a", "c", applicantM, TEST_PASSWORD);
applicantName = User.getById(applicantId).getPreferredName().getId();
- cookie = login(agentM, TEST_PASSWORD);
+ User users[] = User.findByEmail(agentM);
+ cookie = cookieWithCertificateLogin(users[0]);
}
private Matcher<String> isVerificationForm() {
@Test
public void testVerifyForm() throws IOException {
- executeSuccess("date=" + validVerificationDateString() + "&location=testcase&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
+ String body = executeSuccess("date=" + validVerificationDateString() + "&location=testcase&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
+ assertThat(body, containsString("10"));
+ assertThat(body, containsString(applicantM));
+ getMailReceiver().receive(applicantM);
}
@Test
uc.getOutputStream().write(("date=" + validVerificationDateString() + "&location=testcase&countryCode=DE&certify=1&rules=1&assertion=1&points=10").getBytes("UTF-8"));
uc.getOutputStream().flush();
assertEquals(500, uc.getResponseCode());
+ uc.getErrorStream().close();
}
@Test
uc.getOutputStream().write(("date=" + validVerificationDateString() + "&location=testcase&countryCode=DE&certify=1&rules=1&assertion=1&points=10&csrf=aragc").getBytes("UTF-8"));
uc.getOutputStream().flush();
assertEquals(500, uc.getResponseCode());
+ uc.getErrorStream().close();
}
@Test
String applicantCookie = login(applicantM, TEST_PASSWORD);
String newDob = "day=1&month=1&year=" + ( !succeed ? 1911 : 1910);
-
+ loginCertificate = null;
assertNull(executeBasicWebInteraction(applicantCookie, MyDetails.PATH, newDob + "&action=updateDoB", 0));
uc.getOutputStream().write(("verifiedName=" + applicantName + "&date=" + validVerificationDateString() + "&location=testcase&countryCode=DE&certify=1&rules=1&assertion=1&points=10").getBytes("UTF-8"));
String error = fetchStartErrorMessage(IOUtils.readURL(uc));
if (succeed) {
assertNull(error);
+ getMailReceiver().receive(applicantM);
} else {
assertTrue(error, !error.startsWith("</div>"));
assertThat(error, containsString("changed his personal details"));
c.add(Calendar.HOUR_OF_DAY, 12);
executeSuccess("date=" + sdf.format(new Date(c.getTimeInMillis())) + "&location=testcase&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
+ getMailReceiver().receive(applicantM);
}
@Test
public void testVerifyFormPastInRange() throws IOException {
executeSuccess("date=" + validVerificationDateString() + "&location=testcase&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
+ getMailReceiver().receive(applicantM);
}
@Test
c.add(Calendar.DAY_OF_MONTH, 1);
executeSuccess("date=" + sdf.format(new Date(c.getTimeInMillis())) + "&location=testcase&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
+ getMailReceiver().receive(applicantM);
}
@Test
@Test
public void testVerifyListingValid() throws IOException, GigiApiException {
String uniqueLoc = createUniqueName();
- execute("date=" + validVerificationDateString() + "&location=" + uniqueLoc + "&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
+ executeSuccess("date=" + validVerificationDateString() + "&location=" + uniqueLoc + "&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
+ getMailReceiver().receive(applicantM);
String cookie = login(applicantM, TEST_PASSWORD);
+ loginCertificate = null;
URLConnection url = get(cookie, Points.PATH);
String resp = IOUtils.readURL(url);
resp = resp.split(Pattern.quote("</table>"))[1];
public void testAgentListingValid() throws IOException, GigiApiException {
String uniqueLoc = createUniqueName();
executeSuccess("date=" + validVerificationDateString() + "&location=" + uniqueLoc + "&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
+ getMailReceiver().receive(applicantM);
+
String cookie = login(agentM, TEST_PASSWORD);
+ loginCertificate = null;
URLConnection url = get(cookie, Points.PATH);
String resp = IOUtils.readURL(url);
resp = resp.split(Pattern.quote("</table>"))[2];
}
- private void executeSuccess(String query) throws MalformedURLException, IOException {
- assertThat(execute(query), hasNoError());
-
+ private String executeSuccess(String query) throws MalformedURLException, IOException {
+ String response = execute(query);
+ assertThat(response, hasNoError());
+ return response;
}
private String execute(String query) throws MalformedURLException, IOException {
}
@Test
- public void testMultipleVerification() throws IOException {
-
+ public void testMultipleVerification() throws IOException, GeneralSecurityException, GigiApiException, InterruptedException {
User users[] = User.findByEmail(agentM);
int agentID = users[0].getId();
// enter second entry
String uniqueLoc = createUniqueName();
executeSuccess("date=" + validVerificationDateString() + "&location=" + uniqueLoc + "&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
+ getMailReceiver().receive(applicantM);
// enter third entry on the same day
URLConnection uc = get(cookie, VerifyPage.PATH);
}
@Test
- public void testRANotificationSet() throws IOException, GigiApiException {
- getMailReceiver().clearMails();
+ public void testRANotificationSet() throws IOException, GigiApiException, GeneralSecurityException, InterruptedException {
+ getMailReceiver().assertEmpty();
User users[] = User.findByEmail(agentM);
assertTrue("user RA Agent not found", users != null && users.length > 0);
User u = users[0];
u.grantGroup(u, Group.VERIFY_NOTIFICATION);
clearCaches();
- cookie = login(agentM, TEST_PASSWORD);
-
- String targetMail = u.getEmail();
+ cookie = cookieWithCertificateLogin(users[0]);
// enter verification
String uniqueLoc = createUniqueName();
executeSuccess("date=" + validVerificationDateString() + "&location=" + uniqueLoc + "&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
- TestMail tm;
+ getMailReceiver().receive(applicantM);
- do {
- tm = getMailReceiver().receive();
- } while ( !tm.getTo().equals(targetMail));
+ TestMail tm = getMailReceiver().receive(agentM);
assertThat(tm.getMessage(), containsString("You entered a verification for the account with email address " + applicantM));
}
@Test
public void testRANotificationNotSet() throws IOException, GigiApiException {
- getMailReceiver().clearMails();
+ getMailReceiver().assertEmpty();
User users[] = User.findByEmail(agentM);
assertTrue("user RA Agent not found", users != null && users.length > 0);
User u = users[0];
u.revokeGroup(u, Group.VERIFY_NOTIFICATION);
clearCaches();
- cookie = login(agentM, TEST_PASSWORD);
// enter verification
String uniqueLoc = createUniqueName();
executeSuccess("date=" + validVerificationDateString() + "&location=" + uniqueLoc + "&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
- TestMail tm;
-
- tm = getMailReceiver().receive();
+ TestMail tm = getMailReceiver().receive(applicantM);
assertThat(tm.getMessage(), not(containsString("You entered a verification for the account with email address " + applicantM)));
}
+
+ @Test
+ public void testVerifyWithoutCertLogin() throws IOException {
+ cookie = login(agentM, TEST_PASSWORD);
+ loginCertificate = null;
+ assertEquals(403, get(cookie, VerifyPage.PATH).getResponseCode());
+ }
+
+ @Test
+ public void testVerifyWithoutValidChallenge() throws IOException, GigiApiException {
+ cookie = cookieWithCertificateLogin(User.getById(applicantId));
+ add100Points(applicantId);
+ insertRAContract(applicantId);
+ addChallengeInPast(applicantId, CATSType.AGENT_CHALLENGE);
+ assertEquals(403, get(cookie, VerifyPage.PATH).getResponseCode());
+ addChallenge(applicantId, CATSType.AGENT_CHALLENGE);
+ assertEquals(200, get(cookie, VerifyPage.PATH).getResponseCode());
+ }
+
+ @Test
+ public void testVerifyValidTTPChallenge() throws IOException, GigiApiException {
+ grant(User.getByEmail(agentM), Group.TTP_AGENT);
+ grant(User.getById(applicantId), Group.TTP_APPLICANT);
+ cookie = cookieWithCertificateLogin(User.getById(applicantId));
+ cookie = cookieWithCertificateLogin(User.getByEmail(agentM));
+
+ // test without valid challenge
+ String content = search("email=" + URLEncoder.encode(applicantM, "UTF-8") + "&day=1&month=1&year=1910");
+ assertThat(content, containsString("you need to pass the TTP RA Agent Challenge"));
+
+ // test with valid challenge
+ addChallenge(User.getByEmail(agentM).getId(), CATSType.TTP_AGENT_CHALLENGE);
+ content = search("email=" + URLEncoder.encode(applicantM, "UTF-8") + "&day=1&month=1&year=1910");
+ assertThat(content, not(containsString("you need to pass the TTP RA Agent Challenge")));
+ }
}