1 package org.cacert.gigi.pages.account;
3 import static org.junit.Assert.*;
5 import java.io.IOException;
6 import java.io.OutputStream;
7 import java.io.UnsupportedEncodingException;
8 import java.net.MalformedURLException;
10 import java.net.URLConnection;
11 import java.net.URLEncoder;
13 import org.cacert.gigi.GigiApiException;
14 import org.cacert.gigi.User;
15 import org.cacert.gigi.testUtils.IOUtils;
16 import org.cacert.gigi.testUtils.ManagedTest;
17 import org.junit.Test;
19 public class TestChangePassword extends ManagedTest {
20 User u = User.getById(createVerifiedUser("fn", "ln", createUniqueName() + "uni@example.org", TEST_PASSWORD));
23 public TestChangePassword() throws IOException {
24 cookie = login(u.getEmail(), TEST_PASSWORD);
25 assertTrue(isLoggedin(cookie));
29 public void testChangePasswordInternal() throws IOException, GigiApiException {
31 u.changePassword(TEST_PASSWORD + "wrong", TEST_PASSWORD + "v2");
32 fail("Password change must not succeed if old password is wrong.");
33 } catch (GigiApiException e) {
37 assertTrue(isLoggedin(login(u.getEmail(), TEST_PASSWORD)));
38 u.changePassword(TEST_PASSWORD, TEST_PASSWORD + "v2");
39 assertTrue(isLoggedin(login(u.getEmail(), TEST_PASSWORD + "v2")));
43 public void testChangePasswordWeb() throws IOException {
44 String error = executeChangePassword("oldpassword=" + URLEncoder.encode(TEST_PASSWORD, "UTF-8") //
45 + "&pword1=" + URLEncoder.encode(TEST_PASSWORD + "v2", "UTF-8")//
46 + "&pword2=" + URLEncoder.encode(TEST_PASSWORD + "v2", "UTF-8"));
48 assertTrue(isLoggedin(login(u.getEmail(), TEST_PASSWORD + "v2")));
49 assertFalse(isLoggedin(login(u.getEmail(), TEST_PASSWORD)));
54 public void testChangePasswordWebOldWrong() throws IOException {
55 String error = executeChangePassword("oldpassword=a" + URLEncoder.encode(TEST_PASSWORD, "UTF-8") //
56 + "&pword1=" + URLEncoder.encode(TEST_PASSWORD + "v2", "UTF-8")//
57 + "&pword2=" + URLEncoder.encode(TEST_PASSWORD + "v2", "UTF-8"));
59 assertFalse(isLoggedin(login(u.getEmail(), TEST_PASSWORD + "v2")));
60 assertTrue(isLoggedin(login(u.getEmail(), TEST_PASSWORD)));
65 public void testChangePasswordWebNewWrong() throws IOException {
66 String error = executeChangePassword("oldpassword=" + URLEncoder.encode(TEST_PASSWORD, "UTF-8") //
67 + "&pword1=" + URLEncoder.encode(TEST_PASSWORD + "v2", "UTF-8")//
68 + "&pword2=a" + URLEncoder.encode(TEST_PASSWORD + "v2", "UTF-8"));
70 assertFalse(isLoggedin(login(u.getEmail(), TEST_PASSWORD + "v2")));
71 assertTrue(isLoggedin(login(u.getEmail(), TEST_PASSWORD)));
76 public void testChangePasswordWebNewEasy() throws IOException {
77 String error = executeChangePassword("oldpassword=" + URLEncoder.encode(TEST_PASSWORD, "UTF-8") //
78 + "&pword1=a&pword2=a");
80 assertFalse(isLoggedin(login(u.getEmail(), TEST_PASSWORD + "v2")));
81 assertTrue(isLoggedin(login(u.getEmail(), TEST_PASSWORD)));
86 public void testChangePasswordWebMissingFields() throws IOException {
87 String np = URLEncoder.encode(TEST_PASSWORD + "v2", "UTF-8");
88 assertTrue(isLoggedin(login(u.getEmail(), TEST_PASSWORD)));
89 String error = executeChangePassword("oldpassword=" + URLEncoder.encode(TEST_PASSWORD, "UTF-8") //
92 assertFalse(isLoggedin(login(u.getEmail(), TEST_PASSWORD + "v2")));
93 assertTrue(isLoggedin(login(u.getEmail(), TEST_PASSWORD)));
95 error = executeChangePassword("oldpassword=" + URLEncoder.encode(TEST_PASSWORD, "UTF-8") //
98 assertFalse(isLoggedin(login(u.getEmail(), TEST_PASSWORD + "v2")));
99 assertTrue(isLoggedin(login(u.getEmail(), TEST_PASSWORD)));
101 error = executeChangePassword("pword1=" + np + "&pword2=" + np);
102 assertNotNull(error);
103 assertFalse(isLoggedin(login(u.getEmail(), TEST_PASSWORD + "v2")));
104 assertTrue(isLoggedin(login(u.getEmail(), TEST_PASSWORD)));
108 private String executeChangePassword(String query) throws IOException, MalformedURLException,
109 UnsupportedEncodingException {
110 URLConnection uc = new URL("https://" + getServerName() + ChangePasswordPage.PATH).openConnection();
111 uc.addRequestProperty("Cookie", cookie);
112 String csrf = getCSRF(uc);
114 uc = new URL("https://" + getServerName() + ChangePasswordPage.PATH).openConnection();
115 uc.addRequestProperty("Cookie", cookie);
116 uc.setDoOutput(true);
117 OutputStream os = uc.getOutputStream();
118 os.write(("csrf=" + URLEncoder.encode(csrf, "UTF-8") + "&" //
122 String error = fetchStartErrorMessage(IOUtils.readURL(uc));