20ebe100587054e7e02f74d00c6b4559ddc02ff0
[gigi.git] / tests / club / wpia / gigi / pages / wot / TestAssurance.java
1 package club.wpia.gigi.pages.wot;
2
3 import static org.hamcrest.CoreMatchers.*;
4 import static org.junit.Assert.*;
5
6 import java.io.IOException;
7 import java.io.UnsupportedEncodingException;
8 import java.net.HttpURLConnection;
9 import java.net.MalformedURLException;
10 import java.net.URLConnection;
11 import java.net.URLEncoder;
12 import java.sql.SQLException;
13 import java.sql.Timestamp;
14 import java.text.SimpleDateFormat;
15 import java.util.Calendar;
16 import java.util.Date;
17 import java.util.regex.Pattern;
18
19 import org.hamcrest.Matcher;
20 import org.junit.Before;
21 import org.junit.Test;
22
23 import club.wpia.gigi.GigiApiException;
24 import club.wpia.gigi.database.GigiPreparedStatement;
25 import club.wpia.gigi.dbObjects.Country;
26 import club.wpia.gigi.dbObjects.Group;
27 import club.wpia.gigi.dbObjects.User;
28 import club.wpia.gigi.pages.account.MyDetails;
29 import club.wpia.gigi.pages.wot.AssurePage;
30 import club.wpia.gigi.pages.wot.Points;
31 import club.wpia.gigi.testUtils.IOUtils;
32 import club.wpia.gigi.testUtils.ManagedTest;
33 import club.wpia.gigi.testUtils.TestEmailReceiver.TestMail;
34 import club.wpia.gigi.util.DayDate;
35 import club.wpia.gigi.util.Notary;
36
37 public class TestAssurance extends ManagedTest {
38
39     private String assurerM;
40
41     private String assureeM;
42
43     private int assureeName;
44
45     private String cookie;
46
47     @Before
48     public void setup() throws IOException {
49         clearCaches();
50         assurerM = createUniqueName() + "@example.org";
51         assureeM = createUniqueName() + "@example.org";
52
53         createAssuranceUser("a", "b", assurerM, TEST_PASSWORD);
54         int assureeId = createVerifiedUser("a", "c", assureeM, TEST_PASSWORD);
55         assureeName = User.getById(assureeId).getPreferredName().getId();
56
57         cookie = login(assurerM, TEST_PASSWORD);
58     }
59
60     private Matcher<String> isAssuranceForm() {
61         return containsString("<select name=\"assuranceType\">");
62     }
63
64     @Test
65     public void testAssureSearch() throws IOException {
66         String loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=1910");
67         assertThat(loc, isAssuranceForm());
68     }
69
70     @Test
71     public void testAssureSearchEmail() throws IOException {
72         String loc = search("email=1" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=1910");
73         assertThat(loc, not(isAssuranceForm()));
74     }
75
76     @Test
77     public void testAssureSearchDobInvalid() throws IOException {
78         String loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=mal");
79         assertThat(loc, not(isAssuranceForm()));
80     }
81
82     @Test
83     public void testAssureSearchDob() throws IOException {
84         String loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=2&month=1&year=1910");
85         assertThat(loc, not(isAssuranceForm()));
86         loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=2&year=1910");
87         assertThat(loc, not(isAssuranceForm()));
88         loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=1911");
89         assertThat(loc, not(isAssuranceForm()));
90     }
91
92     private String search(String query) throws MalformedURLException, IOException, UnsupportedEncodingException {
93         URLConnection uc = get(cookie, AssurePage.PATH);
94         uc.setDoOutput(true);
95         uc.getOutputStream().write(("search&" + query).getBytes("UTF-8"));
96         uc.getOutputStream().flush();
97
98         return IOUtils.readURL(uc);
99     }
100
101     @Test
102     public void testAssureForm() throws IOException {
103         executeSuccess("date=" + validVerificationDateString() + "&location=testcase&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
104     }
105
106     @Test
107     public void testAssureFormEmpty() throws IOException {
108         URLConnection uc = buildupAssureFormConnection(true);
109         uc.getOutputStream().write(("date=" + validVerificationDateString() + "&location=testcase&countryCode=DE&rules=1&assertion=1&points=10").getBytes("UTF-8"));
110         uc.getOutputStream().flush();
111         String data = IOUtils.readURL(uc);
112         assertThat(data, hasError());
113     }
114
115     @Test
116     public void testAssureFormContanisData() throws IOException {
117         URLConnection uc = buildupAssureFormConnection(true);
118         uc.getOutputStream().write(("assuredName=" + assureeName + "&date=" + validVerificationDateString() + "&location=testcase&countryCode=DE&rules=1&assertion=1&points=10").getBytes("UTF-8"));
119         uc.getOutputStream().flush();
120         String data = IOUtils.readURL(uc);
121         assertThat(data, containsString(validVerificationDateString()));
122         assertThat(data, containsString("testcase"));
123     }
124
125     @Test
126     public void testAssureFormNoCSRF() throws IOException {
127         // override csrf
128         HttpURLConnection uc = (HttpURLConnection) buildupAssureFormConnection(false);
129         uc.getOutputStream().write(("date=" + validVerificationDateString() + "&location=testcase&countryCode=DE&certify=1&rules=1&assertion=1&points=10").getBytes("UTF-8"));
130         uc.getOutputStream().flush();
131         assertEquals(500, uc.getResponseCode());
132     }
133
134     @Test
135     public void testAssureFormWrongCSRF() throws IOException {
136         // override csrf
137         HttpURLConnection uc = (HttpURLConnection) buildupAssureFormConnection(false);
138         uc.getOutputStream().write(("date=" + validVerificationDateString() + "&location=testcase&countryCode=DE&certify=1&rules=1&assertion=1&points=10&csrf=aragc").getBytes("UTF-8"));
139         uc.getOutputStream().flush();
140         assertEquals(500, uc.getResponseCode());
141     }
142
143     @Test
144     public void testAssureFormRaceDoB() throws IOException, SQLException {
145         testAssureFormRace(false);
146     }
147
148     @Test
149     public void testAssureFormRaceDoBBlind() throws IOException, SQLException {
150         testAssureFormRace(true);
151     }
152
153     public void testAssureFormRace(boolean succeed) throws IOException, SQLException {
154         URLConnection uc = buildupAssureFormConnection(true);
155
156         String assureeCookie = login(assureeM, TEST_PASSWORD);
157         String newDob = "day=1&month=1&year=" + ( !succeed ? 1911 : 1910);
158
159         assertNull(executeBasicWebInteraction(assureeCookie, MyDetails.PATH, newDob + "&action=updateDoB", 0));
160
161         uc.getOutputStream().write(("assuredName=" + assureeName + "&date=" + validVerificationDateString() + "&location=testcase&countryCode=DE&certify=1&rules=1&assertion=1&points=10").getBytes("UTF-8"));
162         uc.getOutputStream().flush();
163         String error = fetchStartErrorMessage(IOUtils.readURL(uc));
164         if (succeed) {
165             assertNull(error);
166         } else {
167             assertTrue(error, !error.startsWith("</div>"));
168             assertThat(error, containsString("changed his personal details"));
169         }
170     }
171
172     @Test
173     public void testAssureFormFuture() throws IOException {
174         SimpleDateFormat sdf = new SimpleDateFormat("yyyy");
175         int year = Integer.parseInt(sdf.format(new Date(System.currentTimeMillis()))) + 2;
176         executeFails("date=" + year + "-01-01&location=testcase&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
177     }
178
179     @Test
180     public void testAssureFormFutureOK() throws IOException {
181         SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd");
182         Calendar c = Calendar.getInstance();
183         c.setTimeInMillis(System.currentTimeMillis());
184         c.add(Calendar.HOUR_OF_DAY, 12);
185
186         executeSuccess("date=" + sdf.format(new Date(c.getTimeInMillis())) + "&location=testcase&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
187     }
188
189     @Test
190     public void testAssureFormPastInRange() throws IOException {
191         executeSuccess("date=" + validVerificationDateString() + "&location=testcase&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
192     }
193
194     @Test
195     public void testAssureFormPastOnLimit() throws IOException {
196         SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd");
197         Calendar c = Calendar.getInstance();
198         c.setTimeInMillis(System.currentTimeMillis());
199         c.add(Calendar.MONTH, -Notary.LIMIT_MAX_MONTHS_VERIFICATION);
200         c.add(Calendar.DAY_OF_MONTH, 1);
201
202         executeSuccess("date=" + sdf.format(new Date(c.getTimeInMillis())) + "&location=testcase&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
203     }
204
205     @Test
206     public void testAssureFormPastOutOfRange() throws IOException {
207         SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd");
208         Calendar c = Calendar.getInstance();
209         c.setTimeInMillis(System.currentTimeMillis());
210         c.add(Calendar.MONTH, -Notary.LIMIT_MAX_MONTHS_VERIFICATION);
211
212         executeFails("date=" + sdf.format(new Date(c.getTimeInMillis())) + "&location=testcase&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
213     }
214
215     @Test
216     public void testAssureFormNoLoc() throws IOException {
217         executeFails("date=" + validVerificationDateString() + "&location=a&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
218         executeFails("date=" + validVerificationDateString() + "&location=&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
219     }
220
221     @Test
222     public void testAssureFormInvalDate() throws IOException {
223         executeFails("date=20000101&location=testcase&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
224         executeFails("date=&location=testcase&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
225     }
226
227     @Test
228     public void testAssureFormBoxes() throws IOException {
229         executeFails("date=" + validVerificationDateString() + "&location=testcase&countryCode=DE&certify=0&rules=1&assertion=1&points=10");
230         executeFails("date=" + validVerificationDateString() + "&location=testcase&countryCode=DE&certify=1&rules=&assertion=1&points=10");
231         executeFails("date=" + validVerificationDateString() + "&location=testcase&countryCode=DE&certify=1&rules=1&assertion=z&points=10");
232     }
233
234     @Test
235     public void testAssureListingValid() throws IOException, GigiApiException {
236         String uniqueLoc = createUniqueName();
237         execute("date=" + validVerificationDateString() + "&location=" + uniqueLoc + "&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
238
239         String cookie = login(assureeM, TEST_PASSWORD);
240         URLConnection url = get(cookie, Points.PATH);
241         String resp = IOUtils.readURL(url);
242         resp = resp.split(Pattern.quote("</table>"))[1];
243         assertThat(resp, containsString(uniqueLoc));
244         assertThat(resp, containsString(Country.getCountryByCode("DE", Country.CountryCodeType.CODE_2_CHARS).getName()));
245     }
246
247     @Test
248     public void testAssurerListingValid() throws IOException, GigiApiException {
249         String uniqueLoc = createUniqueName();
250         executeSuccess("date=" + validVerificationDateString() + "&location=" + uniqueLoc + "&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
251         String cookie = login(assurerM, TEST_PASSWORD);
252         URLConnection url = get(cookie, Points.PATH);
253         String resp = IOUtils.readURL(url);
254         resp = resp.split(Pattern.quote("</table>"))[2];
255         assertThat(resp, containsString(uniqueLoc));
256         assertThat(resp, containsString(Country.getCountryByCode("DE", Country.CountryCodeType.CODE_2_CHARS).getName()));
257     }
258
259     private void executeFails(String query) throws MalformedURLException, IOException {
260         assertThat(execute(query), hasError());
261
262     }
263
264     private void executeSuccess(String query) throws MalformedURLException, IOException {
265         assertThat(execute(query), hasNoError());
266
267     }
268
269     private String execute(String query) throws MalformedURLException, IOException {
270         URLConnection uc = buildupAssureFormConnection(true);
271         uc.getOutputStream().write(("assuredName=" + assureeName + "&" + query).getBytes("UTF-8"));
272         uc.getOutputStream().flush();
273         return IOUtils.readURL(uc);
274     }
275
276     private URLConnection buildupAssureFormConnection(boolean doCSRF) throws MalformedURLException, IOException {
277         return buildupAssureFormConnection(cookie, assureeM, doCSRF);
278     }
279
280     public static URLConnection buildupAssureFormConnection(String cookie, String email, boolean doCSRF) throws MalformedURLException, IOException {
281         URLConnection uc = get(cookie, AssurePage.PATH);
282         uc.setDoOutput(true);
283         uc.getOutputStream().write(("email=" + URLEncoder.encode(email, "UTF-8") + "&day=1&month=1&year=1910&search").getBytes("UTF-8"));
284
285         String csrf = getCSRF(uc);
286         uc = get(cookie, AssurePage.PATH);
287         uc.setDoOutput(true);
288         if (doCSRF) {
289             uc.getOutputStream().write(("csrf=" + csrf + "&").getBytes("UTF-8"));
290         }
291         return uc;
292     }
293
294     @Test
295     public void testMultipleAssurance() throws IOException {
296
297         User users[] = User.findByEmail(assurerM);
298         int agentID = users[0].getId();
299
300         users = User.findByEmail(assureeM);
301         int applicantID = users[0].getId();
302
303         // enter first entry 200 days in the past
304         try (GigiPreparedStatement ps = new GigiPreparedStatement("INSERT INTO `notary` SET `from`=?, `to`=?, `points`=?, `location`=?, `date`=?, `when`=? ")) {
305             ps.setInt(1, agentID);
306             ps.setInt(2, applicantID);
307             ps.setInt(3, 10);
308             ps.setString(4, "test-location");
309             ps.setString(5, "2010-01-01");
310             ps.setTimestamp(6, new Timestamp(System.currentTimeMillis() - DayDate.MILLI_DAY * 200));
311             ps.execute();
312         }
313
314         // enter second entry
315         String uniqueLoc = createUniqueName();
316         executeSuccess("date=" + validVerificationDateString() + "&location=" + uniqueLoc + "&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
317
318         // enter third entry on the same day
319         URLConnection uc = get(cookie, AssurePage.PATH);
320         uc.setDoOutput(true);
321         uc.getOutputStream().write(("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=1910&search").getBytes("UTF-8"));
322         assertThat(IOUtils.readURL(uc), hasError());
323
324     }
325
326     @Test
327     public void testAssureFormNoCountry() throws IOException {
328         executeFails("date=" + validVerificationDateString() + "&location=testcase&countryCode=&certify=1&rules=1&assertion=1&points=10");
329     }
330
331     @Test
332     public void testRANotificationSet() throws IOException, GigiApiException {
333         getMailReceiver().clearMails();
334
335         User users[] = User.findByEmail(assurerM);
336         assertTrue("user RA Agent not found", users != null && users.length > 0);
337
338         User u = users[0];
339         u.grantGroup(u, Group.VERIFY_NOTIFICATION);
340         clearCaches();
341         cookie = login(assurerM, TEST_PASSWORD);
342
343         String targetMail = u.getEmail();
344
345         // enter verification
346         String uniqueLoc = createUniqueName();
347         executeSuccess("date=" + validVerificationDateString() + "&location=" + uniqueLoc + "&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
348         TestMail tm;
349
350         do {
351             tm = getMailReceiver().receive();
352         } while ( !tm.getTo().equals(targetMail));
353         assertThat(tm.getMessage(), containsString("You entered a verification for the account with email address " + assureeM));
354
355     }
356
357     @Test
358     public void testRANotificationNotSet() throws IOException, GigiApiException {
359         getMailReceiver().clearMails();
360
361         User users[] = User.findByEmail(assurerM);
362         assertTrue("user RA Agent not found", users != null && users.length > 0);
363
364         User u = users[0];
365         u.revokeGroup(u, Group.VERIFY_NOTIFICATION);
366         clearCaches();
367         cookie = login(assurerM, TEST_PASSWORD);
368
369         // enter verification
370         String uniqueLoc = createUniqueName();
371         executeSuccess("date=" + validVerificationDateString() + "&location=" + uniqueLoc + "&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
372
373         TestMail tm;
374
375         tm = getMailReceiver().receive();
376         assertThat(tm.getMessage(), not(containsString("You entered a verification for the account with email address " + assureeM)));
377
378     }
379 }